Risk UK August 2015 by Western Business Media Limited

FrontCover August2015_001 06/08/2015 14:26 Page 1

August 2015

Security and Fire Management

Power, Motion, Drive Risk Management Planning for the Utilities Sector Standard of Behaviour: An Assessment of BS 16000 Markets in Financial Instruments Directive Access Control: Smart Cards and Network Security Sector Spotlight: Counter-Terrorism Solutions

Project1_Layout 1 23/07/2015 17:10 Page 1

Track

Keep persons of interest in view, as they move – even at speed.

Locate

Gives you the ability to pinpoint persons of interest fast and accurately.

Zoom

Gives you the detail you need to make informed decisions.

Our focus is helping you to locate, track and zoom in on details. Bosch motion control cameras oﬀ er you total control of what you choose to see, and the level of zoom you use to identify objects over large distances, regardless of movement. Learn more at Tel: 01895 878095 | Email: security.systems@uk.bosch.com

Contents August2015_riskuk_Dec12 06/08/2015 13:45 Page 1

August 2015

Contents 35 Sector Spotlight: Counter-Terrorism Solutions

BS 16000 2015: Security Management (pp20-21) 5 Editorial Comment 6 News Update Freedom of Information Act review. NPCC changes to 2014 ACPO Security Systems Policy. BSI publishes final draft of ISO 9001

8 News Analysis: Summer Budget 2015 Chancellor George Osborne’s Summer Budget details a National Living Wage and cuts to corporation tax. Brian Sims reports

11 News Special: Biometrics 2015 Conference Brian Sims previews Biometrics 2015, which runs at the QEII Conference Centre in London’s Westminster from 13-15 October

12 Opinion: Employee Engagement for Officers

Counter-Terrorism solutions frame this month’s Risk UK Sector Spotlight. Tim Kempster covers blast-proof glazing systems (p37-38). Kristof Maddelein views thermal imaging cameras (p39) while Brian Sims considers CPNI guidance on CBR threats (p40). Chris Plimley discusses water supply protection (p41) and Lucy Foster concentrates on Critical National Infrastructure (p43)

45 Living Life in the Smart Card Lane The ‘Smart Card’ has certainly made its mark on society and the security world but, asks Tim Northwood, is it here to stay?

48 Unlocking the Potential of Key Control Fernando Pires offers end users timely advice on state-of-the-art key management system selection and operation

50 The Security Institute’s View 52 In the Spotlight: ASIS International UK Chapter 54 FIA Technical Briefing 57 Security Services: Best Practice Casebook

Are security teams fully ‘engaged’ or perhaps taken for granted? Michelle Farrelly assesses current ‘reward’ in the line of duty

60 SOCs: The Cyber Security Dimension

14 Opinion: Security’s VERTEX Voice

62 Training and Career Development

Peter Webster calls for benchmarking data in the security sector

The Security Institute and Study-Security 24/7 are targeting Level 7 learning programmes, as Brian Sims discovers

17 BSIA Briefing James Kelly reviews the key considerations around developing a successful security regime for today’s hotel environments

20 Standard of Behaviour

Tony Marques runs the rule over Security Operations Centres

64 Risk in Action 66 Technology in Focus

Mike Bluestone appraises the content of the newly-published BS 16000 for practising security management professionals

69 Appointments

23 Safety and Security at the Core

71 The Risk UK Directory

All the latest people moves within the security and fire sectors

Risk professionals in the utilities sector face many operational challenges. Andrew Robinson focuses on technological solutions ISSN 1740-3480

27 Power Outages: Security On Site Wayne Kynaston pinpoints security and Health and Safetycentric regimes for planned power outage scenarios

30 MiFID II: An Instrument for Change Will compliance teams have enough time to come to terms with the changes lined up for MiFID? Rainer Landgraf has the detail

32 The Heat Is On Alex Schneider determines whether thermal imaging cameras are ready to become the mainstream choice for security projects

Risk UK is published monthly by Pro-Activ Publications Ltd and specifically aimed at security and risk management, loss prevention, business continuity and fire safety professionals operating within the UK’s largest commercial organisations © Pro-Activ Publications Ltd 2015 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means electronic or mechanical (including photocopying, recording or any information storage and retrieval system) without the prior written permission of the publisher The views expressed in Risk UK are not necessarily those of the publisher Risk UK is currently available for an annual subscription rate of £78.00 (UK only)

Editor Brian Sims BA (Hons) Hon FSyI Tel: 0208 295 8304 Mob: 07500 606013 e-mail: brian.sims@risk-uk.com Design and Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 429 2015 e-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 01322 292295 e-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 01322 292295 e-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton

Risk UK PO Box 332 Dartford DA1 9FF

Chairman Larry O’Leary

Editorial: 0208 295 8304 Advertising: 0208 295 8307

3 www.risk-uk.com

EditorialComment August2015_riskuk_jul14 06/08/2015 14:23 Page 1

Illuminate your life

Illuminate your logo, elevate your brand, deliver the highest quality security The new Odyssey X3 brings innovation and a modern twist to external sounders, providing unparalleled performance and extensive features to benefit installers and end users alike.

Odyssey X3 Key Features: • Custom graphic inserts for professional installer branding • A choice of 6 electronic backplate modules • Illuminated X3 cover options • Wired, wireless & dummy versions • White comfort LEDs • A host of installer-friendly features • Designed to comply with EN50131-4

Your new branding awaits...

Sales enquiries: 01706 220460

Order your custom inserts directly from us: www.illuminatedbellbox.com

EditorialComment August2015_riskuk_jul14 06/08/2015 14:24 Page 2

Create your Odyssey X:

Editorial Comment

In Total Control? obust financial benchmarks play a significant role in the global economy and impact a multitude of monetary instruments and contracts used by companies, Governments and consumers. It’s somewhat worrying, then, that the Financial Conduct Authority’s (FCA) thematic review of oversight and controls around such benchmarks suggests companies still have much to do to identify the full range of their benchmarking activities and improve risk management. The FCA conducted its thorough review between August 2014 and June this year in order to derive an early assessment of the extent to which financial world businesses have learned the lessons from previous failures around benchmark activities and, importantly, taken the appropriate action in response. Apparently, some progress has been made on improving oversight and controls around benchmarks. However, application of the lessons learned from the LIBOR, Forex and Gold cases to other benchmarks is said to be somewhat “uneven” across the financial services sector and “often lacks the urgency required” given the severity of recently-publicised failings in the system. Within its detailed report entitled ‘Financial Benchmarks: Thematic Review of Oversight and Controls’, the FCA outlines that companies are failing to identify a wide enough scope of benchmark activities by dint of interpreting the International Organisation of Securities Commissions’ (IOSCO) definition too narrowly. Also, it appears that some firms simply haven’t made sufficient effort to properly identify the conflicts of interest that could arise from their defined benchmark activities. Tracey McDermott (director of supervision for investment, wholesale and specialists at the FCA) commented: “Companies should have in place systems designed to manage the risks posed by benchmark activities and address those weaknesses that have previously been identified. We fully recognise this is a significant task and that businesses have made some improvements, but the consistency of implementation and speed at which these changes are taking place is disappointing.” Following the review, the FCA has adopted the stance that companies need to continue to strengthen governance and oversight of benchmark activity, identify and manage conflicts of interest, fully pinpoint their benchmark procedures across all business areas, establish oversight and controls for any in-house benchmarks where they’ve not already done so and also implement appropriate training programmes. In response to the FCA’s study, Simon Hunt (PwC’s UK banking and capital markets leader) stated: “Identification of a complete population of benchmarks subject to the IOSCO definition is indeed a significant challenge with which firms have been grappling for some time. Those companies that have introduced centralised governance and an oversight body for these benchmarks have been able to markedly strengthen their control infrastructures and understand and manage the risks that they face as organisations.” Good news, then, but it would seem that the financial services sector does indeed have some way to go in ensuring consistency around the quality of control infrastructures being established.

1. Choose your cover

2. Create your graphic insert

3. Choose your backplate

Brian Sims BA (Hons) Hon FSyI Editor December 2012

www.risk-uk.com

NewsUpdate August2015_riskuk_nov14 06/08/2015 14:32 Page 1

Cabinet Office focuses on Commission to review Freedom of Information Act Lord Bridges, the Parliamentary Secretary for the Cabinet Office, has laid a written statement before Parliament detailing the new Commission formed to evaluate the present Freedom of Information Act 2000 and its fitness for purpose in 2015 and beyond. The new Conservative administration is determined to be the “most transparent Government” in the world. In order to realise that objective, the Cabinet is opening up Government to citizens by making it easier for them to access information and increase the volume of data that’s available. A record 20,000 datasets are now held on data.gov.uk The Conservative Government “fully supports” the Freedom of Information Act but, after more than a decade in operation for this legislation, believes it’s now time that process and procedure is reviewed to make sure the law is working effectively. Prime Minister David Cameron’s independent, cross-party Commission on Freedom of Information will be chaired by Lord Burns and comprise the Rt Hon Jack Straw, Lord Howard of Lympne, Lord Carlile of Berriew (President of The Security Institute and the former Independent Reviewer of Counter-Terrorism Legislation) and Dame Patricia Hodgson as its constituent members. The Commission will report to the Minister for the Cabinet Office and publish its findings by the end of November.

The new Commission’s Terms of Reference are as follows: ‘The Commission will review the Freedom of Information Act 2000 (‘the Act’) to consider whether there is an appropriate public interest balance between transparency, accountability and the need for sensitive information to have robust protection, and whether the operation of the Act adequately recognises the need for a ‘safe space’ for policy development and implementation and frank advice. The Commission may also consider the balance between the need to maintain public access to information and the burden of the Act on public authorities, and whether change is needed to moderate that while maintaining public access to information.’ In response to this news, Information Commissioner Christopher Graham stated: “The Freedom of Information Act has opened up the corridors of power to greater scrutiny. Government at all levels is the better for it. The Act is not without its critics, it must be said, but in providing a largely free and universal right of access to information, subject to legitimate exceptions, we believe the present Freedom of Information regime is indeed fit for purpose.” *The Prime Minister has also confirmed that responsibility for Freedom of Information policy has now transferred from the Ministry of Justice to the Cabinet Office. This change was effected from Friday 17 July 2015

Changes afoot as NPCC looks to amend 2014 ACPO Response Policy The National Police Chiefs’ Council (NPCC) is in the process of issuing a new policy on police response entitled Police Requirements and Response to Security Systems. The all-new NPCC policy is designed to replace the ACPO Security Systems Policy last updated in April 2014. Based on a draft document seen by the National Security Inspectorate, the NPCC’s Police Requirements and Response to Security Systems Policy is said to remain “substantially the same” as the previous ACPO Security Systems Policy. In addition, there are apparently no changes planned in relation to Unique Reference Number – or URN – fees. However, changes to the document are, according to the National Security Inspectorate, understood to include the following elements: *The chief officer of police must be notified within 28 days of all variations to company details including change of inspectorate or change of maintaining company *The electronic transfer of intruder and hold-up alarm activations will be mandatory with effect from 1 April 2020. This relates to an industry project whereby Alarm Receiving Centres transfer intruder and hold-up alarm activations electronically to police Control Rooms rather than by telephone voice communication *Some extra information will be included within Appendix C regarding the conviction check process The new NPCC Police Requirements and Response to Security Systems Policy should be available soon from the Secured By Design website (www.securedbydesign.com). Security and risk managers are urged to refer to this website for further details. Security professionals should note that the new URN application forms are now available to use.

6 www.risk-uk.com

NewsUpdate August2015_riskuk_nov14 06/08/2015 14:33 Page 2

News Update

ISO 9001 Quality Management Systems final draft standard published by BSI ISO 9001 has benefited millions of organisations worldwide with users reporting increased growth and productivity as well as significantly higher customer satisfaction and retention. In September, the 2015 edition of ISO 9001 will publish – the first major revision of the standard since 2000. A final draft of the standard has now been released which incorporates changes made following feedback from users and experts around the world. Terms crucial to understanding ISO 9001 are defined in ISO 9000, which has also been revised and will publish at the same time. Since 2000, the way in which companies do business has changed enormously. All companies have instant access to information and higher expectations of those organisations with which they work while at the same time having to deal with more complex supply chains and a globally competitive economy. ISO 9001:2015 duly takes all of this detail into account. Some of the key changes include: *Greater emphasis on building a management system suited to the particular needs of all organisations

UBM celebrates “another year of innovation, inspiration and industry excellence” for IFSEC International UBM EMEA – the organiser of IFSEC International 2015 – has reported on a “hugely successful year” for Europe’s largest security event. Running from 16-18 June at ExCeL London, IFSEC International welcomed no less than 23,079 visitors through the doors, increasing overall attendance figures by 2% on the 2014 edition. IFSEC International benefited from the colocated events within the Protection and Management Series (among them FIREX International), attracting an additional 4,536 visitors from across the venue as a whole. UBM EMEA explained: “This highlights the power of these shows being located alongside each other and demonstrates that the Protection and Management Series is the goto event for sourcing the latest products and innovations while discovering expertise across the security, fire, facilities management and safety sectors.” IFSEC International continued to attract senior decision-makers from across the security world, with a 14% increase in end

*A requirement that those at the top of a given organisation are involved and accountable, aligning quality with wider business strategy *Risk-based thinking throughout the standard makes the whole management system a preventive tool and encourages continuous improvement *Less prescriptive requirements for documentation: organisations can now decide what documented information they need and their chosen format *Alignment with other key management system standards through the use of a common structure and core text Advanced Access affords end user concerns a unique opportunity to see the final draft this month and automatic delivery of the final standard as soon as it’s available. There will be no technical changes to the standard after July, so organisations taking advantage of Advanced Access will receive a preview of the technical content. Anne Hayes, head of market development for governance and resilience at the BSI, said: “ISO 9001 is the world’s most used management system standard and, as such, all eyes are on this revision. The impact the standard has had in terms of shaping how organisations manage the issue of quality correctly is huge. No organisation can afford to let their standards slip.”

user visitors and a 42% rise in directors and company owners appearing at ExCeL. In terms of solutions, UBM EMEA’s figures show that video surveillance, access control and integrated security remain significant areas of interest, while the ever-burgeoning topics of Safe Cities, IT and cyber security “received more attention than ever before”. As the security sector becomes increasingly globalised, IFSEC International retains its standing as a truly global event. 33% of total attendees emanated from 112 countries, along with exhibitors coming from 45 nations. For the second year running, the UKTI Events Alliance worked with the British Security Industry Association to bring inward missions of Commercial Officers and relevant buyers from target countries to meet with UKbased organisations at IFSEC International. Gerry Dunphy, event director for IFSEC and FIREX International, said: “IFSEC International 2015 exceeded all of our expectations. The atmosphere on the show floor was fantastic throughout the three days with plenty of innovation and industry expertise on display. We’ve received a great response from visitors and exhibitors and we’re already looking forward to returning to London in 2016.”

7 www.risk-uk.com

NewsAnalysisSummerBudget2015andthePrivateSecuritySector August2015_riskuk_mar15 06/08/2015 14:30 Page 1

Chancellor George Osborne’s Summer Budget proves positive for the private security sector In a hugely beneficial move that’s likely to improve the lives of at least 75% of the 385,000 Security Industry Authority-licensed personnel operating within the UK’s regulated private security sector, Chancellor George Osborne is set to introduce the National Living Wage for workers aged 25 and over. Brian Sims reports

s part of the Summer Budget 2015 delivered to an expectant House of Commons on Wednesday 8 July, the Chancellor of the Exchequer provided security companies with welcome news of a proposed cut to corporation tax in tandem with an increase in the employment allowance. Further, George Osborne revealed that smaller firms’ National Insurance (NI) contributions will fall. The £3,000 employment allowance means that smaller security businesses can now hire four members of staff on the National Living Wage rate and pay no NI. Announced towards the end of Osborne’s Budget speech, the National Living Wage rate of £9.00 per hour will be introduced in 2020, but is set to commence at the £7.20 per hour mark from April next year. The National Minimum Wage is set at £6.50 per hour but will rise to £6.70 per hour, as recommended by the Low Pay Commission. “Two and a half million people will receive a direct pay rise,” urged the Chancellor. “Those currently earning the National Minimum Wage will see their pay rise by over a third during this Parliament. That represents a cash increase of over £5,000 per annum for a full-time worker. In total, it’s expected that six million people will see their pay increase as a consequence.”

Response from the security sector Chancellor George Osborne’s Summer Budget has created many discussion points

8 www.risk-uk.com

The security sector has not been slow to respond to the Chancellor’s announcements. Stuart Lodge, CEO at Lodge Service, stated:

“We at Lodge Service welcome the Chancellor’s introduction of the Living Wage. Indeed, we believe that this should be the minimum standard for the security sector. Over many years now, we’ve been fortunate to work in partnership with a number of progressive clients who recognise our position. A higher investment in staff and their wages does in fact help to reduce costs in terms of lower staff churn while at the same time helping to deliver higher levels of commitment and service.” Lodge went on to comment: “I believe this announcement from the Treasury and the embracing of the Living Wage will make security solutions buyers sit up and examine their strategies in terms of why and how they buy more specialised and licensed labour services, not to mention what they receive for their spend with regards to quality and Return on Investment. They will either be forced to buy less but at a higher quality level or procure differently and make better use of technology.” Also welcoming the Chancellor’s Budget statements, Justin Bentley – CEO at the International Professional Security Association – explained: “The Government’s announcement around increasing the National Minimum Wage for 25 year-olds and above to a rate that’s a Living Wage is long overdue. It means that, over the next few years, a great many security officers will no longer have to work abnormally long hours in order to make a living.” That said, Bentley added: “However, it’s disappointing that this move has to be forced through by legislation rather than clients recognising the valuable role undertaken by security officers and voluntarily being determined to pay contract rates that provide proper remuneration for the services provided.”

NewsAnalysisSummerBudget2015andthePrivateSecuritySector August2015_riskuk_mar15 06/08/2015 14:31 Page 2

News Analysis: Summer Budget 2015 and the Private Security Sector

Industry commentator Bobby Logue, publisher of www.infologue.com, said: “There are many important issues that remain to be addressed in the private security sector, among them the much-needed introduction of regulated business licensing, ongoing and severe contract margin erosion, low wages, long hours and generally poor standards of training. These are just some of the major factors contributing towards a security sector licence churn rate that’s currently in excess of 50% on an annual basis.” Logue continued: “The introduction of a National Living Wage is a small step towards the professionalisation of front line security personnel. That said, it’s my belief that the Chancellor has missed a trick in setting the National Living Wage threshold at the age of 25. The security business sector needs an infusion of young blood and this would have encouraged that process.” In conclusion, Logue commented: “There will be challenges for companies operating in the private security sector when it comes to recovering the full wages from their clients. It’s fair to say that ever-decreasing margins have created a certain amount of financial instability within the sector. That being the case, it’s unlikely that security companies can afford to absorb a portion of the National Living Wage.”

Views of the business community The CBI’s director general John Cridland explained: “The CBI supports a higher skilled, higher wage economy, but legislating for a Living Wage doesn’t reflect businesses’ ability to pay. This is taking a big gamble that the labour market can absorb year-on-year increases of an average of 6%.” Mike Kelly, head of Living Wage at KPMG, has also voiced his opinions on the new National Living Wage. “The new compulsory National Living Wage is very welcome news for more than two million of the working poor who will receive a significant pay rise. Enshrining the Living Wage in regulation is a brave move. By 2020, the National Living Wage will reach 60% of median earnings. For those employers who are concerned at whether the increased payroll costs will be fully offset by reduced corporation tax and National Insurance contributions, we can tell them that our experience has seen lower absenteeism, increased productivity and a somewhat more engaged workforce.” Also commenting on the new National Living Wage, John Harding (employment tax partner at PwC) urged: “This is great news for the 1.4 million people currently on the National Minimum Wage. Over the course of a year, they

will broadly see a 10% pay increase as they move to the new Living Wage. Businesses do need to prepare for the significant increase in staff costs, particularly as this will pre-date the reductions in corporation tax by a year. Employers should also be aware of the likelihood of short-term wage inflation among hourly paid workers due to the rises.” Harding added: “Although this increase will only affect the over-25s, they do make up a significant proportion of employees who are either on or just above the current National Minimum Wage. As this will add to costs and make employing extra people less affordable, we will need to wait and see whether these measures will have the impact the Chancellor would like to witness in terms of job creation.”

John Cridland: Director General at the Confederation of British Industry

Living Wage Foundation has its say Rhys Moore, director of the Living Wage Foundation, has also responded in some detail to the Chancellor’s Budget statement. “We’re delighted that the announcement made in the Budget will see over 2.5 million workers receive a much-needed pay rise,” asserted Moore. “This is a massive victory for Citizens UK and those communities, workers and business leaders who’ve campaigned for a Living Wage since 2001. We agree with the Chancellor that work should be the surest way out of poverty.” In parallel, Moore has also suggested that the announcement does raise several important questions demanding to be answered. “Is this really a Living Wage? The Living Wage is calculated according to the cost of living whereas the Low Pay Commission calculates a rate according to what the market can bear. Without a change of remit for the Low Pay Commission, what we’re talking about here is effectively a higher National Minimum Wage and not a Living Wage.” Moore continued: “Second, what about London? We’ve been working with the Mayor of London for seven years now and there’s a London Living Wage rate that recognises the higher costs in the capital. That rate currently stands at £9.15 per hour. These changes will not help the 586,000 people for whom the 2020 rate that has been announced would not be enough to live on even now.” Importantly, Moore mentioned the “two million under-25s who are not covered” by the Chancellor’s plans. “To make sure workers in London and those under 25 do not lose out, we’re now calling on employers to join the group of 1,600 organisations that have already chosen to become voluntary Living Wage employers.”

Justin Bentley: CEO of the International Professional Security Association

9 www.risk-uk.com

Project3_Layout 1 03/07/2015 13:14 Page 1

NewsSpecialBiometrics2015 August2015_riskuk_feb15 06/08/2015 17:42 Page 11

News Special: Biometrics 2015 Conference and Exhibition

Secure Identity Solutions... Now iven that end users now have so many biometric solutions from which to choose, Biometrics 2015 is designed specifically to provide a complete insight as to how they might select the right technology for secure, reliable and convenient authentication within the host organisation. Numerous factors need to be considered when rolling out a biometric solution, of course, and the Biometrics 2015 Conference and Exhibition will offer practical advice and results from new trials and Case Studies. Key issues such as security concerns, technology interoperability and ethics will all be covered. Indeed, many lessons are being learned through a multitude of pilot projects deploying biometric technologies both in the commercial and Government sectors. This must-attend event at the QEII Conference Centre in London will review the latest standards, testing procedures and Government policy and outline what needs to be done to ensure the broader practical implementation of this technology.

Conference Programme Imagine a world without keys, passwords, PINs or passports where you interact seamlessly with technology, personalisation is ubiquitous and devices recognise who you are in order to make life more convenient. It’s all properly implemented with due consideration to privacy. Identity – whether physical or digital – is at the very heart of the debate. The opening session at conference will set the scene for the discussion about identity management and customer authentication and draw a picture of the current environment in which we now find ourselves. Can the responsible use of biometrics provide secure identity solutions at the present moment? Customer behaviour is changing with transactions moving more and more towards the digital world. Fraud and cyber attacks are on the increase which demands that more controls be put in place. If it’s the right time to invest in making the customer journey more seamless, where might biometrics fit in? What consumer applications are evolving? As predicted by the Biometrics Institute’s Industry Survey over the past two years, biometrics in everyday life is the emerging trend. New devices, most notably hose that are wearable, are gaining significant interest while the hot topic remains secure transactions online related to payments and mobile payments.

Organised by Elsevier Global Conferences and Biometrics Technology Today in association with the Biometrics Institute, Biometrics 2015 runs at the QEII Conference Centre in London’s Westminster from 13-15 October. Risk UK is an Official Media Partner for the Conference Programme and co-located BiometricsLive Exhibition, both of which are previewed here by Brian Sims Innovators and disruptors are entering the market who can deliver more secure and more efficient customer services. One of the sessions at conference will include presentations about the role of biometrics in payments with special reference to mobile payments and secure customer transactions. Vulnerability assessments are now being recognised as an important part of biometric implementations and the international standards community is also addressing presentation attacks. With a high demand for smaller and faster scanners for mobile devices, the questions around vulnerabilities take on even more importance. One of the conference sessions will bring together the Biometric Vulnerability Expert Group as well as the Chaos Computer Club to debate the best way forward. On top of all that, the very latest research and innovation in facial recognition and novel approaches to ID emanating from major international biometrics research departments and institutes will all be brought to the fore. Chaired by the Biometrics Institute’s CEO Isabelle Mueller, the conference programme features 75 high level speakers. This year’s presenters include Andrea Servida of the European Commission, Visa Europe UK’s executive director Jonathan Vaux, David Rennie (head of industry engagement at the UK Cabinet Office) and Sarah Stevenage, senior lecturer in psychology at the University of Southampton.

BiometricsLive Exhibition With all of the main players showcasing their latest products and expertise, the BiometricsLive Exhibition at Biometrics 2015 is the one-stop shop for sourcing your identity management needs – whatever they may be. This year’s exhibitors on the show floor include Aware, Cognitec, Daon, Dermalog, HID, Hoyos Labs, Icon UK, Jenetric, MODI, Synaptics, Techshino and Wacom as well as the Biometrics Institute itself.

*For further information and to register as a delegate or a visitor for Biometrics 2015 access the dedicated event website at: www.biometricsandidentity.com

11 www.risk-uk.com

OpinionSecurityPersonnelandEmployeeEngagement August2015_riskuk_apr15 06/08/2015 14:34 Page 1

Are Security Officers Taken for Granted?

With an average current staff turnover rate of approximately 34% across the security sector compared with the national average of 14.6% for all business strands, Michelle Farrelly suggests there needs to be an understanding that perhaps today’s security teams do not always feel ‘engaged’ and maybe perceive they’re being taken for granted

ermit me to put a question to you. If I asked whether or not you – and your organisation – take your security officers for granted, I’m sure you would respond with absolute indignance. However, can it be said that, to a certain extent anyway, we all take our security provisions for granted at some point? According to the McGraw-Hill Dictionary, ‘To take for granted’ is to expect someone or something to be always available to serve in some way without thanks or recognition and/or to value someone or something too lightly. The trouble with providing good security for any host business is that the end result is a continuation of the status quo. There are no incidents to report and a distinct lack of sensational headlines. It’s just day-to-day business as usual. We can become almost oblivious to the threat of potential dangers as they remain firmly hidden under the safety blanket of a quality security provision on site. It’s only when things go wrong, and our peace is disturbed, that we’re suddenly aware of the true value of our security teams. In fact, is it not often the case – and somewhat ironically so – that the mitigation of threats through a quality security provision can lead to the questioning of its very validity?

Cutting back on security provision Decisions around cutting back or scaling down on security provision can often backfire and incur greater costs for the host business in the

www.risk-uk.com

longer term. Sadly, it’s at this very point that the stark realisation of the value realised and perpetuated by the original security regime becomes all-too-evident. The ‘monotony’ of the status quo would be welcomed back with open arms and the solemn promise made of not taking the service for granted ever again. Our aforementioned definition of taking something for granted states that this is to expect availability and service without offering thanks or form of recognition. Surely, then, we do not take security for granted as most companies now praise their people through recognition schemes, reward programmes and even full-scale awards ceremonies? Highlighting the excellent role security teams play raises awareness of the extreme challenges they face on a daily basis. Most awards schemes, though, are specifically formatted to recognise acts of bravery and highlight what’s often a reactive response to an incident. High profile scenarios will of course bring plaudits and raise awareness outside of the normal daily routine. However, if you’re not involved in an outstanding act or otherwise in a position to showcase your response capabilities, is it the case that your diligent efforts as a security officer are then overlooked? With a current staff turnover rate of approximately 34% across the security sector compared with the 14.6% national average for all business sectors, we need to understand that perhaps our security teams do not always feel ‘engaged’ and maybe even perceive that they are indeed taken for granted. How, then, do we go about reversing this feeling and fully engage them?

Benefits of employee engagement There’s no longer any doubt about the benefits of employee engagement. We all know them. The story plays out something like this... Employees enjoy their work more if they feel valued and listened to, knowing full well that they can make a tangible contribution to the success of their own domain and also the business as a whole. For their part, employers derive better performance from the workforce. High levels of engagement mean that employees will impart the extra discretionary effort that results in this improved performance. Customers receive better service. Employees enjoying their work are encouraged to be innovative, leading towards high levels of

OpinionSecurityPersonnelandEmployeeEngagement August2015_riskuk_apr15 06/08/2015 14:34 Page 2

Opinion: Security Personnel and Employee Engagement

performance which results in enhanced service to the customer. We also recognise the consequences of low employee engagement from within a workforce. It certainly results in lessened morale, diminished vigilance and weakened customer service, in turn sometimes leading towards a ‘Why bother?’-style attitude that can come back to haunt even the most conscientious of security company employees. Do members of the public recognise any such lack of engagement? I would respectfully suggest that they do. How often do we witness the grimacing face of a stressed shop worker and then, on leaving the premises, consider quietly to ourselves that a smile costs nothing? Negative public perceptions of a disengaged security officer will only lead to future generations questioning this career choice and looking for alternative occupations. Indeed, there’s much work still to be done if we’re really going to make this business sector a ‘Go To’ option. Rest assured that we all have a part to play in making this happen.

National Minimum Wage Would increased remuneration result in greater employee engagement? The new Conservative Government has announced that, from October, the National Minimum Wage for adults will increase by 20 pence to £6.70 per hour. This represents a wage increase for some in the security sector. Chancellor George Osborne’s announcement in the Summer Budget that the National Living Wage will be set at £9.00 by 2020 has received a mixed response. As a firm believer in raising the profile and perception of our business sector as a career choice, we at Unipart Security Solutions welcome any positive steps taken towards this worthy goal. Turning towards theory for a second, Maslow’s Hierarchy of Needs determines that pay (ie ‘safety’) comes somewhere beneath the individual’s overriding desire for ‘belonging’, ‘esteem’ and ‘self-actualisation’. This suggests that, in truth, increased employee engagement is fostered as a direct result of confidence, achievement, respect of (and by) others, creativity, problem-solving and inspiration. Therefore, it can be said that, in order to increase engagement, we must stop taking our security officers for granted. Instead, we should look to reward them for their efforts with something other than an increased pay packet. Financial reward will always be a ‘positive’, of course, but inviting members of staffs’ contributions and offering them an environment in which they can truly unlock their working

potential and performance will go much further in creating a satisfied and engaged team. Once we’ve arrived at this happy place, it’s fair to say that the true benefits of a wholly engaged workforce will be evident.

What does reward look like? What, then, does or might reward look like? It can come in the form of a shiny award recognising the brilliance of security teams within challenging environments. It can manifest itself by way of a team supporting officers with dedicated training and advice. On a fundamental level, it can be about sitting down and asking officers how their particular site’s security might be improved. In essence, it might be about involving security officers in the decision-making processes around their safety. Let’s not forget, either, that reward can also take the form of a simple ‘Thank You’ for a job well done and recognised as such. Whatever the reward may be, it should recognise every aspect of the security officer’s role and highlight the dedication and expertise that results in the smooth day-to-day running of a well-oiled security machine operated on behalf of the customer’s business. In conclusion, the message is a fairly simple one. Welcome and recognise on a regular basis the sheer hard work behind the achievement of your ‘status quo’. You can then rest assured that the security team members who provide it will never again be taken for granted.

Michelle Farrelly: Head of Human Resources at Unipart Security Solutions

“Employees enjoy their work more if they feel valued and listened to, knowing full well that they can make a tangible contribution to the success of their own domain” 13

www.risk-uk.com

OpinionSecurity'sVERTEXVoice August2015_riskuk_apr15 06/08/2015 17:42 Page 1

A Measure of Accountability If any business sector wants to be taken seriously and not become commoditised, there’s a requirement to provide its customer base with a set of benchmarks by which ongoing effectiveness can be measured. Peter Webster outlines why the lack of independently collated, audited and analysed indices in the security sector must be addressed

nlike the situation pertaining within other business sectors – for example, retail – in the security world we have no clear indication of the ‘State of the Nation’ and any relevant trends that might be developing. While this is unhelpful to service providers like ourselves, that status quo is even more of an issue for end users who may well be reviewing the options open to them within the security guarding market. A set of independently qualified statistics would afford customers a far better idea of performance standards such that more informed procurement decisions could then be made. Gathering the data needed for such sectorwide indices will require the entire security guarding market to be ‘grown up’ and submit truthful information in the absolute knowledge that it will remain anonymous and only be published as part of a consolidated report. This is a tough ask, of course, but it’s an issue that simply must be addressed if we’re to be taken seriously as a business sector. The Security Industry Authority’s (SIA) Approved Contractor Scheme (ACS) audit scores

www.risk-uk.com

– which independently demonstrate Approved Contractors’ performance against the required standards on an annual basis – could also be used as a benchmark data source. At present, I’m not aware of any published summary report which analyses the consolidated data from ACS audits that could be used as important evidence of this business sector’s professionalism and high service levels. Come to think of it, I’m not even aware what percentage of the guarding sector or its constituent employees are presently represented by ACS companies. Basic information on guarding sector employment trends can also be gained from the SIA. Anecdotally, I believe that, each year, the SIA issues new licence cards equivalent to around 20% of the total licenses in circulation, although the overall number of licence cards in use remains roughly the same. This would appear to indicate that a significant percentage of licence holders choose to leave the guarding world each year. If this is true, it brings to the fore the question of how we can retain staff and make the sector a more attractive one in which to build a longer term career. These are the problems, then, but why is nothing being done to address them? This is something about which I would welcome your views because I’ve yet to hear a good reason for not publishing industry statistics.

How about standardising KPIs? At Corps Security, as part of our Customer Charter which is designed to ensure that our Service Level Agreements are met, we’ve developed a system to define a series of Key Performance Indicators (KPIs) that provide a comprehensive set of quantitative and qualitative data. This helps drive service improvement. Data is formatted and presented in a manner reflecting a customer’s business and affords them the information they require. I’m sure that most reliable solutions providers do the same, but why don’t we consider standardising these KPIs to make it easier for clients to understand the comparative performance of their security suppliers? My opinions on this subject have been formed through my own experiences as a former chairman of the Cleaning and Support Services Association and president of the Textile Services Association. During my tenures with these industry trade bodies, I helped introduce a measurement system of cost

OpinionSecurity'sVERTEXVoice August2015_riskuk_apr15 06/08/2015 17:43 Page 14

Opinion: Security’s VERTEX Voice

indices that included all of the published – and, therefore, evidenced in the public domain – cost factors associated with running a business in those respective worlds. Every year, a report would indicate how much industry operating costs had risen, so when we asked customers for a price increase we could use clear, meaningful and independently benchmarked figures to back up our case. This helped to maintain margins and facilitated continued investment into service improvement, not to mention the ongoing development of what every business needs – skilled and trained personnel. This leads me towards my final point on this particular matter. Regular readers of Security’s VERTEX Voice in Risk UK will recognise that I see the need to increase the professionalism of the security sector as being one of the biggest challenges we face. Independent, performancebased statistics would go a long way towards demonstrating that, in the majority of cases, contracts are fulfilled and customers fully satisfied with their security guarding services. It’s very much the case that truthful and accurate data can help improve performance, perception and professionalism. A solid set of statistics would help lend more credibility to what it is we do as a market sector and also assist in restoring confidence in our overall competency.

In the line of duty In late June, the tragic news that a serving officer of ten years-plus had passed away after being attacked outside Blackfriars Crown Court in central London was met with great sadness at the headquarters of Corps Security. Lorraine Barwell, a 54-year old custody officer employed by Serco, was assaulted at lunchtime on Monday 29 June while attempting to escort a prisoner between the Crown Court itself and a waiting prison vehicle. It’s understood that Barwell and other members of the Serco team on duty were preparing to escort the prisoner to a van parked inside the courtyard when the attack occurred. Apparently, the nature of the attack was so severe that London Air Ambulance was called to treat Barwell at the scene. The officer was then flown to an East London hospital in a critical condition. On Friday 3 July, a statement issued by New Scotland Yard outlined that the custody officer had died of her injuries. According to BBC Home Affairs correspondent Danny Shaw, the Ministry of Justice and Serco believe that Barwell is the first prisoner custody officer to have died in the line of duty.

Gary Broad, Corps Security’s major accounts director, has written a wonderful tribute to Lorraine and I would like to share it with you by way of providing some food for thought. “The death of Lorraine Barwell has shocked us all and offers a timely reminder of the vulnerability of each and every person involved within the wider ‘Contract Security Family’. Unfortunately, it’s only following on from such an extremely sad incident that we’re able to extend the genuine concern each of us feels for our own employees and for those who also serve but in uniforms of a different hue and behind a badge of different design. “For those of us who eat, sleep and breathe security on a daily basis, it’s unfortunate that the sad news of such a terrible loss can sometimes be tinged with a feeling of inevitability. There’s a knowledge that, despite all of our best efforts to mitigate such terrible occurrences and protect our colleagues to the fullest, the potential for violent attack always lurks just below the surface for many – if not most – of our front line personnel.”

Peter Webster: Chief Executive of Corps Security

Recognition for the role “How little do those that we strive to protect on a daily basis understand about the risks our colleagues take on their behalf? How little do they appreciate how much ‘Simply being of service’ means to the majority of contract security personnel (be they involved in security guarding, cash collection, prisoner escort or any other protective service)? “I’m sure others within our sector share the uncomfortable feeling that I bear when hearing our colleagues referred to in negative terms by individuals who have neither the aptitude, ability nor courage to undertake the tasks that our staff complete each and every day and who probably wouldn’t climb out of bed in the morning for a salary double that which is presently available to our people.” The commitment of private sector security personnel to their role often places them at risk of physical assault and yet, collectively, it’s fair to say that the major contribution our industry colleagues make to keeping people and property safe isn’t always properly recognised. Our thoughts, prayers and most sincere condolences are very much with the family, friends and colleagues of Lorraine Barwell.

*The author of Risk UK’s regular column Security’s VERTEX Voice is Peter Webster, CEO of Corps Security. This is the space where Peter examines current and often key-critical issues directly affecting the security industry. The thoughts and opinions expressed here are intended to generate debate among practitioners within the professional security and risk management sectors. Whether you agree or disagree with the views outlined, or would like to make comment, do let us know (e-mail: pwebster@corpssecurity.co.uk or brian.sims@risk-uk.com)

“Independent, performance-based statistics would go a long way towards demonstrating that, in the majority of cases, contracts are fulfilled and customers fully satisfied with their security guarding services” 15

www.risk-uk.com

Project4_Layout 1 07/11/2014 16:05 Page 1

Securitas, a true focus on Security The skills of our people, alongside the best in technology produce total integrated solutions that safeguard your business.

0800 716 586 www.securitas.com

BSIABriefing August2015_riskuk_may15 06/08/2015 13:44 Page 2

BSIA Briefing

Security Management in the Hotel Sector lthough taking place far away from UK soil, the tragic murder of 38 tourists – most of them British – at a beach resort in the Tunisian coastal development of Sousse at the end of June brought home the vulnerabilities of tourist destinations and the hotels serving them to potential security breaches. The horrifying attack by student Seifeddine Rezgui, which spilled from the beach into the neighbouring Hotel Riu Imperial Marhaba, saw 36 others injured as a result of indiscriminate firing from a Kalashnikov rifle. At the time, 600 booked residents were guests of the hotel. Rezgui, who was eventually shot dead by police, was found to have links to the Islamic State who subsequently claimed responsibility for this terrorist act by way of social media platforms. Tunisia had been on high alert since March, when Islamist militant gunmen attacked a museum and killed 22 tourists. Terrorism isn’t the most common threat posed to security professionals operating in the tourism sector. On a daily basis, issues such as maintaining access control and the confidentiality of guests’ personal details and possessions can dominate the agenda. To this end, there are a number of definitive measures that security managers tasked with looking after hotels and resorts can take in order to reduce a location’s potential vulnerability to breaches.

Hotels and access control For hotels in particular, the necessity for controlling access within and around the site is one of the most crucial security measures to be addressed. The need for 24/7 access serving a largely transient population of guests, combined with the necessity for late-night and early morning deliveries, means that hotels simply have to remain open – to some extent, at least – around the clock. As such, access control measures are often the first security consideration. Affording the ability to control, monitor and restrict the movement of people, assets or vehicles into, out of and around a site, access control technology can have a range of applications in the hotel setting. Perhaps the most obvious of these is key card access to hotel rooms, conference suites and spa facilities which can prove extremely beneficial in preventing intruders from blending in with guests and regular visitors to gain access to guests’ belongings, confidential information and valuable equipment. Such

While physically securing buildings, their contents and assets by way of access control, CCTV and intruder alarms is a key priority for most hotels and resorts, other elements such as the confidentiality of guests’ personal information must also be taken into account. Here, James Kelly reviews the key considerations around developing a successful security regime for today’s hotel environments measures can be as simple as paper-based logging systems that grant access for temporary visitors through to more advanced cards using radio frequency identification (RFID) chips for proximity reading of card details and subsequent activation of gates, turnstiles and vehicle barriers on the premises. Another conventional application of access control measures in a hotel setting is aligned not with security, but rather Human Resources (HR). Information gathered from access control systems on site may be used to record employee hours, in turn helping hotel managers to meet the European Working Time Directive by providing real-time information for the company’s payroll system.

Security at large-scale resorts A prime example of where access control technology has been deployed on a complex hotel project can be found at the Marina Bay Sands Integrated Resort in Singapore, where CEM Systems – a business division of BSIA member company Tyco Security Products – has provided an access control and security management system for one of the world’s most challenging construction projects

James Kelly: CEO of the British Security Industry Association

www.risk-uk.com

BSIABriefing August2015_riskuk_may15 06/08/2015 13:44 Page 3

BSIA Briefing

designed by Moshe Safdie Architects and engineered by Arup. In fact, at the time of completion in early 2011 this development represented the most expensive stand-alone Integrated Resort property ever built. Encompassing no less than 2,561 rooms, a 120,000 m2 ConventionExhibition Centre, two large-scale theatres and a nightclub, the site also plays host to a Las Vegas-style casino and a museum for showcasing international exhibitions. Consisting of three 55-storey towers, the hotel also boasts a spectacular roof garden complete with an infinity swimming pool. With so many different elements to secure, the hotel’s owner Las Vegas Sands Corporation asked CEM Systems to provide over 500 access control readers, supporting all card technologies with a large graphical LCD screen used to display a range of messages depending on the individual privileges of cardholders. Alongside this solution, the resort also uses over 100 fingerprint readers to control access for those restricted areas – a good example being the entrance to the casino vault – where an additional layer of security is required. The system integrates with the Marina Bay Sands’ CCTV, key management and HR systems to ensure an holistic security and building management solution that has been designed for future upgrade and growth in accordance with the Integrated Resort’s own expansion in the years to come. Closer to home, another BSIA member company – this time Kaba – has provided access control systems for the UK’s largest hotel chain, namely Premier Inn. In 2012, the chain opened its 50,000th room at the largestever Premier Inn. Located at Gatwick Airport, all 650 guest bedrooms have been fitted with Kaba’s contactless locks. The locking systems operate on RFID waves and offer simple installation and maintenance. There’s no requirement for a card reader. “Providing an audit trail of the last 400 transactions, the system offers the hotel’s management team both security and audit features that realise ease of use and peace of mind,” commented Nigel Graham, head of procurement at Whitbread Hotels and Resorts which owns and operates the Premier Inn brand. “The safety and security of our

“Affording the ability to control, monitor and restrict the movement of people, assets or vehicles into, out of and around a site, access control technology can have a range of applications in the hotel setting” 18

www.risk-uk.com

customers is of the utmost importance to us at Premier Inn.”

Solving problems, reducing cost On a smaller scale, Kaba also provided access control solutions for the 18-room Hartnoll Hotel in the picturesque setting of Devon’s Exe Valley. Hotel owner Claire Carter explained her reasons for upgrading the previous system, which consisted of mechanical cylinder locks and brought about additional costs and inconveniences for the hotel. “Guest room keys were being taken away from the property, which was causing us major problems,” explained Carter. “We’d have certain rooms where we didn’t have a key and had to change the barrels, so we needed something that eliminated the need for a physical key.” Carter continued: “Even standard keys for guest rooms are very expensive, so although moving to Kaba’s solution represented a big investment for us, it was a wise and economical move in the longer term. Alleviating the need for keys has significantly reduced labour time and costs and enhanced security.”

Addressing identity fraud Physically securing buildings, their contents and assets is a key priority for most hotels and resorts, but there’s one security risk that can often be overlooked. In 2013, research conducted by accountancy concern KPMG revealed a startling rise in identity fraud, with the value of such criminality more than doubling in value to £26.3 million. With insider fraud to blame for more than 80% of fraud-related financial losses in 2012, it’s clear to see why hotels – which hold a large amount of personal details relating to employees, guests and VIPs – should have a robust data security solution in place. Simply disposing of information via municipal refuse collection or waste paper reprocessing isn’t good enough as neither method generally involves any kind of secure handling. As such, it’s important to choose an information destruction company that meets with certain standards, in turn guaranteeing that the service being provided is wholly secure. One such standard is the key European Standard for Information Destruction, namely EN151713 which outlines a range of requirements that an information destruction company must meet, including having an administration office on site where records and documentation are kept for conducting business. The company’s premises should also be isolated from any other business or activities operating on the same site.

Project1_Layout 1 04/08/2015 15:16 Page 1

MEET WITH THE BIGGEST AND BEST SECURITY SOLUTION PROVIDERS IN THE UK AT THE...

19th - 20th October 2015 - Whittlebury Hall Hotel & Spa, Northamptonshire The Total Security Summit is a highly focussed event that brings together security professionals for one-to-one business meetings, interactive seminars and valuable networking opportunities. These experts offer the latest security solutions to help attendees discuss their plans, generate new ideas and share information in a non-pressured environment.

To book now or for more information, call Nick Stannard on 01992 374100 or email tss@forumevents.co.uk

Media & Industry Partners:

BS160002015SecurityManagementStrategicandOperationalGuidelines August2015_riskuk_sep14 06/08/2015 13:43 Page 1

Standard of Behaviour BS 16000: Security Management – Strategic and Operational Guidelines represents a major milestone in helping organisations of all kinds to enhance the safety of their people, property and assets. Here, Mike Bluestone explains the scope of this newly-published British Standard and outlines why and how it will make a genuine difference to security management provision in the UK nsuring that an organisation presently operating in either the private or public sector is as well protected as it can be in today’s world relies heavily on the identification of potential risks and threats posed to personnel, physical and intellectual property and myriad other assets. Now, the adoption of an holistic approach towards this issue is set to become a somewhat easier task thanks to the publication of British Standard BS 16000: Security Management – Strategic and Operational Guidelines. Nearly three years ago, I was approached by the British Standards Institution (BSI) to lead the SSM1/2 Security Management SubCommittee and, as Committee chairman, it was my task to help create a comprehensive guide that would appeal to – and resonate with – as many security sector professionals as possible. We’re confident that our brief has been met. Indeed, the feedback received so far has been overwhelmingly positive. SSM1/2 comprised an eclectic mix of individuals representing a diverse range of interests and organisations. Industry experts from recognised bodies including ASIS International, the British Security Industry Association, City Security and Resilience

Networks, the Continuity Forum, the National Security Inspectorate, NHS Protect, The Security Institute, the Security Industry Authority, the International Professional Security Association, the Security Systems and Alarms Inspection Board and the UK Cards Association all gave of their valuable time and considerable knowledge.

Generic framework for management While there are many British and European Standards configured to cover specific elements of security provision, such as intruder alarms, CCTV surveillance and personnel screening, BS 16000: Security Management – Strategic and Operational Guidelines is designed to provide a generic framework for security management. Published by the BSI, the document outlines the vocabulary and basic principles of security management as a discipline for anyone involved in security functions within organisations ranging from small to mediumsized enterprises (or SMEs) right through to multinational blue chips. This document ably demonstrates how the security function might be successfully embedded within an organisation and specifically discusses security solutions (among them physical, technical, information, procedural and personnel-focused solutions). The new British Standard encompasses guidance on the development of a security framework, risk assessments, understanding the organisation’s context and implementing (and then monitoring) a security programme. As a high-level British Standard, the document contains a wide range of applications relevant to businesses operating across all sectors. All of the major ISO documents on management systems concerning the environment, business continuity, risk and quality – such as ISO 27001, ISO 14001, ISO 22301, ISO 22313, ISO 31000 and ISO 9001 – include elements of security. BS 16000 complements them but directly addresses security management.

BS 16000: why now? In many respects, BS 16000 is long overdue. It takes security management back to its fundamental principles. The reasons why the security sector has found itself ‘putting the cart before the horse’ for so many years can be attributed to the fact that, traditionally, security professionals have operated in silos and looked

www.risk-uk.com

BS160002015SecurityManagementStrategicandOperationalGuidelines August2015_riskuk_sep14 06/08/2015 13:43 Page 2

BS 16000: Security Management – Strategic and Operational Guidelines

upon the discipline from their own specific sphere of interest. For example, organisations would deploy security personnel or install CCTV/access control systems in isolation without first beginning to understand the wider threat landscape or, indeed, the potential impact on the host business. Often, this realised a fragmented situation whereby security measures were either missing or even duplicated, with the host organisation remaining in a vulnerable position. In recent times, the good news is that the benefits of convergence have been recognised. As a result, there’s now more connectivity between those responsible for physical security and information security. These professionals are working alongside each other as part of a more coherent risk management programme. Put simply, BS 16000 represents the starting point with other relevant British Standards considered on a subsequent basis. Working in tandem with this appreciation of convergence, the role of security management has gained momentum, as has the professionalism of those undertaking this type of work. Today’s security and facilities managers are much better informed and understand that premises and other assets cannot be protected by simply throwing segments of technology at them in isolation. There’s widespread recognition that a more strategic and sustainable approach has to be adopted. BS 16000 mirrors this development and will act as a vital source of guidance, help, advice and support.

Streamlining business operations Security management is now about so much more than simply reacting to threats and risks. BS 16000 will help identify opportunities for streamlining operations and gaining competitive advantage. This British Standard is designed to be interpretive and initiate a pattern of thinking that will identify the risks and threats faced by a given organisation, develop a security strategy and plan and implement subsequent security processes. The document is broken down into nine key sections. These systematically take a security professional through a thought process, starting with gaining an understanding of an organisation’s context with regards to security and then developing a security framework. BS 16000 then moves on to arguably one of the most crucial factors when it comes to security management – the risk assessment. Having the right security solution in place relies upon the understanding that some

business sectors face certain threats. Those operating in the defence, pharmaceutical and banking verticals, for example, must be particularly vigilant to threats posed by antiwar protesters, anti-capitalists, religious extremists and animal rights activists. Organisations located near to any of these operations, transport hubs or major utilities such as power stations could also be in danger. On that basis, it’s crucial to carry out a thorough investigation and probe any potential issues in order to configure an overarching security solution that duly affords the requisite level of protection.

Inclusive approach to risk BS 16000 provides an in-depth overview of how to implement a security programme using disciplines including physical and technical security, guarding, procedural and IT-based solutions. The document also outlines why a collaborative and inclusive approach to dealing with risk requires all departments to work together and create an internal crossdepartmental culture. While this is important, so too is stakeholder buy-in. Processes and training are needed to ensure that all employees are ‘security aware’. Those processes are entirely dependent upon the implementation of policy. Strict adherence is required to mitigate the possibility of a security breach. Here, it’s important to note that observance of policy should extend all the way up the corporate hierarchy. Management of today’s converged approach to security must be championed at the highest level to ensure effective integration, oversight and, last but not least, budget allocation. The final section of BS 16000 stresses the need for continually monitoring a security programme and reassessing its effectiveness. The level and type of threats are constantly evolving so any security system should be reviewed and tested on a regular basis. Further, the process of simulating real-world attacks and assessing the performance of security apparatus to determine its strengths and weaknesses is a key platform of organisational preparedness. It actively fosters a company’s preoccupation with ‘What if?’ scenarios and, importantly, how to deal with them on an effective and efficient footing.

BS 16000: Security Management – Strategic and Operational Guidelines (ISBN 978 0 580 83490 5) runs to 30 pages. Copies are available in PDF format and priced at £152 (£76 for BSI members). Access: www.bsigroup.com

Mike Bluestone MA CSyP FSyI: Director of Corps Security’s Corps Consult Division and Committee Chairman for British Standard BS 16000

“BS 16000 provides an in-depth overview of how to implement a security programme using disciplines including physical and technical security, guarding, procedural and IT-based solutions” 21

www.risk-uk.com

Project1_Layout 1 06/08/2015 16:02 Page 1

UtilitiesSectorSecurityIntelligenceLedStrategies August2015_riskuk_apr15 06/08/2015 15:45 Page 2

Utilities Sector Security: Intelligence-Led Strategies

Safety and Security at the Core W ith the UK currently at a heightened state of security alert, the energy and power utilities may be seen to be particularly vulnerable as their operational sites are often located within large and remote locations. Damage to – or the destruction of – these Critical National Infrastructure facilities has the potential to not only severely disrupt our daily existence, but also threaten public health and, worse still, result in the loss of life. Terrorism, sabotage, theft and site vandalism are just some of the threats faced by companies operating in the utilities sector. On that basis, the overriding requirement from a security perspective is the realisation of high level protection for power facilities, power stations, substations and the distribution network, all or any of which may be operating in harsh environments and hazardous areas. Typically, the defence project scope initiated by the security or risk manager and their partner organisations might encompass secure networks, Command and Control solutions, secure process management, wide area surveillance, perimeter and site intrusion protection, access control for staff, contractors and vehicles, intruder alarm management, fire detection and extinguishing, phased evacuation systems and asset tracking. By automating routine security and fire safety tasks, members of staff are able to concentrate on core business activities. Facilities and the distribution network can be safeguarded by high performance risk management systems based on the latest safety and security technologies available.

Focusing on layered solutions One approach is to implement layers of security, starting at the perimeter to enable full control of the site and with one eye firmly fixed on monitoring sensitive and hazardous areas. An advanced security management software platform will integrate CCTV, video analytics, electrified fencing and card access as well as multiple devices. IP-based dual redundant networks ensure high level integration. For high security locations, electrified fence detection may be employed across zones with associated surveillance cameras achieving ‘cause and effect’-based visual verification. Such advanced technology differentiates between alerts from birds, weather conditions and wildlife and a genuine breach. The system monitors and controls the ‘health’ of the fence

Risk professionals in the utilities sector face many operational challenges that can be alleviated through the adoption of an integrated, technology-based approach combined with an intelligence-led security strategy. As Andrew Robinson points out, it’s crucial they harness the knowledge of solution partners who fully understand the specific requirements of this key vertical market

at all times, checking that it’s live and operating at the correct voltages. CCTV cameras with stainless steel housings and pan and tilt heads deliver added protection in difficult environmental conditions. Thermal imaging cameras can offer consistent imagery in all light scenarios and weather variations. Video analytics detect unusual activity. They have a varying detection profile to address day/night conditions and fully complete the electronic ‘ring fence’ of detection across the site. Secondary cameras may be installed in order to respond to perimeter activity or otherwise monitor sensitive area access. Internal site control is established by way of a card access system. Access control starts at the site entry points, controlling motorised gates to create secure vehicle locks. Intercom systems are required at all key access points as well as secondary control positions. Public Address and Voice-over-IP enables immediate communication with Control Room personnel. Secure pedestrian access is usually via turnstiles which then enables accurate information for a site evacuation roll call.

Dr Andrew Robinson: UK Managing Director at Siemens Building Technologies

www.risk-uk.com

UtilitiesSectorSecurityIntelligenceLedStrategies August2015_riskuk_apr15 06/08/2015 15:46 Page 3

Utilities Sector Security: Intelligence-Led Strategies

use in December. The remainder are expected to be fully developed by 2020 (at which point the facility will be deemed 100% operational). The solution for this location is being designed to ensure that security risks are kept to a minimum while the safety of employees and visitors alike is fully supported at all times. Site protection is maintained via CCTV, perimeter intrusion detection, access control, telephony, mobile communications and intercom services located at strategic points.

Renewable energy security

Typically, key access points are controlled by readers with a mixture of ‘card only’ and ‘card and PIN’ access across the site. Long range readers can be useful as they actively increase the flow of end users. This is important in an emergency evacuation situation to speed up egress from the site.

Adopting an integrated approach The UK’s natural gas market is the largest in Europe and, with imports of natural gas set to increase as North Sea production declines, a flexible and secure supply of gas able to meet the nation’s ongoing needs is set to be supported by an actively enhanced national gas storage capability. We’ve been working on an integrated security and communications solution for a new underground natural gas storage facility located in Cheshire. The Stublach Gas Storage Project’s site is being constructed for Storengy UK – a GDF SUEZ Group company – as part of a strategy to expand its presence in this growing UK market. By 2020, the Stublach location will serve as the UK’s largest underground gas storage project. The £350 million site is being designed to hold over 400 million cubic metres of gas underground and should be operational for at least 25 years. The project includes the creation of 20 salt caverns at a depth of 600 metres. Two of the caverns were officially opened last November by (then) Treasury minister Lord Paul Deighton KBE, and a further three were put into

“For high security locations, electrified fence detection may be employed across zones with associated surveillance cameras achieving ‘cause and effect’-based visual verification” 24

www.risk-uk.com

Changing direction for a moment, Siemens also protects a number of the UK’s largest offshore wind power plants, among them the 500 W Greater Gabbard Offshore Wind Farm which is located 25 km from the Suffolk coast. Here, a £1.6 billion investment has delivered 140 turbines capable of providing enough renewable energy to supply around 530,000 homes every year. To assist in the safe running of the farm – the £1.5 million operations and maintenance base for which resides in Lowestoft – Siemens has delivered life-critical telecoms, CCTV (including a virtual video network) and integrated alarm monitoring across a fully-integrated, IP-based monitoring network which includes Voice-overIP operating out at sea. In order too enable continual viewing of the video data from the UK and Europe, the video alarm and monitoring systems have been deliberately integrated with a SCADA platform and the client’s own IP network. The primary purpose for surveillance of the offshore wind farm is to evaluate conditions on the remote site, safeguard personnel and monitor the operation offshore. Gathered video information is also used for logistics purposes, planning and for potential incident evaluation. One of the key considerations for the design team was the remote location of the turbines. The 140 turbines are mounted on steel monopiles and transition pieces in water depths between 24 and 34 metres. The most important aspect of the solution is that the system has high availability with reliable, proven components. By way of additional back-up, remote diagnostics are present within the IP platform to facilitate any remote repair scenarios that might arise. Fire detection and extinguishing with voice evacuation systems on the transformer platform adopt advanced ASA technology. This distinguishes between real and deceptive fire phenomena (eg steam), thus eliminating the risk of false alarms and potentially costly – and disruptive – evacuation.

Project1_Layout 1 05/02/2014 17:39 Page 1

Have you tried Integriti yet?

Sophistication is not about size The Integriti Security Management System is an IP connected access control and intruder security system that oﬀers sophisticated centralised management for both small systems on a single site, or large systems distributed across the country or across the globe.

With a growing list of new installations take a moment to think of what you’re missing! The Integriti system oﬀers an advanced suite of software, hardware and integrated solutions to deliver complete management of your entire integrated system.

Inner Range Europe Limited Units 10-11 Theale Lakes Business Park Moulden Way, Sulhampstead Reading, Berkshire RG74GB UNITED KINGDOM

integriti@innerrange.co.uk a4 integriti 0ne page UK.indd 1

+44 (0) 845 470 5000 www.innerrange.com 4/12/2013 8:40 am

Project1_Layout 1 06/08/2015 16:08 Page 1

UtilitiesSectorSecurityPowerOutagesandAssetManagement August2015_riskuk_feb15 06/08/2015 17:07 Page 2

Utilities Sector Security: Outages and Asset Management

Power Outages: Security On Site ower stations across the UK shut down once a year for planned routine maintenance. These scheduled outages can last for up to 90 days, during which time anywhere between 600 and 800 contractors might be working on site to conduct maintenance, repairs and refurbishment tasks. This work often runs on a ‘24 hours per day, seven days per week’ schedule. Those contractors working at power stations during outage scenarios have access to hazardous areas, not to mention a large number of tools, specialist machinery, test equipment, radios and crane controllers. Such items might easily be lost and/or damaged, in some cases accounting for replacement costs that could amount to somewhere in the region of six figures or more. As a result, many sites have installed key and asset management systems with a view towards facilitating better management of equipment in a bid to reduce these extra costs, improve Health and Safety and enhance overall levels of accountability. Using a dedicated key management system, contractors can be pre-registered on a central database and issued with an access control card or enrolled by way of their biometric fingerprint. Only then are they able to remove keys that allow them access to restricted areas and/or company assets. Managers will have a full audit trail of all key movements, including who has taken a key, when it has been returned and by whom. This increases user accountability. On that basis, there’s far more onus on the contractor to return a key before the end of his or her shift. A key management system also has the ability to link keys together to enforce procedures that are used for ‘Lock Out, Tag Out’ – otherwise known as LOTO – applications.

Fiddlers Ferry Power Station That’s the theory, then, but what does it look like in the real world? Located on the North Bank of the River Mersey between Widnes and Warrington, Fiddlers Ferry Power Station is a recent adopter of electronic key management solutions, deploying cabinets capable of holding up to 180 keys in each. The electronic key management and database logging system at the coal-fired site operates on a 24/7 basis, 365 days per year. The access limits are set on the database to allow group or individual access to equipment

or machinery based upon individual requirements, course competence and ability. Access has been integrated to work with the existing personnel identity swipe cards and everything is tested on a six-monthly cycle. A lock-out facility is employed when that testing procedure is due. If an individual requests a specific piece of equipment it’s easy to find. The current ‘owner’ is located swiftly. The same is true when it comes to keys for specific vehicles and rooms. End users know they are both accountable and traceable and, as such, keys are returned without any delay. Steve Cash, the outage co-ordinator at Fiddlers Ferry Power Station in Cuerdley which is operated by Scottish and Southern Energy plc, explained: “We used to rely on an honesty system which wasn’t totally controlled and open to abuse. Keys were being taken and held by users. It was often the case that we couldn’t gain access to equipment and tools.” Now, Cash can issue keys 24/7 with full audit control and complete tracking against user license validity and end users’ competencies.

Asset management solutions

During planned outages at power stations designed to accommodate maintenance schedules, it’s vital that any contractors on site only have access to those areas in which they’re authorised to work. There’s also a need for keeping track of what equipment is being deployed. Wayne Kynaston pinpoints security and Health and Safetycentric solutions for today’s practising risk professionals

The average cost of an outage episode at power stations varies according to the size of a given site and the length of time taken to carry out repairs and maintenance. An estimate would be somewhere between £60-£80 million. As stated, any lost and damaged items following an outage can add to this figure. As a

www.risk-uk.com

UtilitiesSectorSecurityPowerOutagesandAssetManagement August2015_riskuk_feb15 06/08/2015 17:08 Page 3

Utilities Sector Security: Outages and Asset Management

“Making end users accountable for specialist equipment ensures that devices are returned immediately after use and that any damage is reported promptly”

Wayne Kynaston: Vertical Sector Manager for the Utilities at Traka UK

result, many sites are installing intelligent lockers in a bid to control the use of tools and machinery and protect their assets. Managing this process with paper-based systems not only increases administration effort, but also leaves room for human error and potential breaches of Health and Safety. Today’s lockers can be used to control and manage different types of assets such as radios, toxic gas monitors, test equipment and many other devices and check that the same device is returned after each use. If equipment isn’t available due to loss, damage or simply not being returned then members of staff cannot work, particularly so if they require, for example, a toxic gas monitor to enter a specific area. Inevitably, that would lead to lost productivity and increase the length of the outage, in turn costing the business yet more money.

Programmed to sound an alarm Software is now designed to hold information about who last used a given device, bringing about a greater sense of user accountability and responsibility. If an end user discovers that a radio is already damaged, faulty or missing, it follows that there’s a much greater onus on them to report it. Once reported, the system will not release the faulty or damaged item to the next user and will send an alert to the system administrator to say that the item needs to be repaired before it’s issued again. Lockers may be programmed to sound an alarm when items are not returned within a specified time limit. Making end users accountable for specialist equipment ensures that devices are returned immediately after use and that any damage is reported promptly. This type of detailed auditing makes each user accountable for the equipment they have taken as any damage caused can easily be traced back to a named individual. That level of responsibility encourages users to take greater care of equipment, saving money and promoting better working practice.

Health and Safety concerns Health and Safety within most vertical sectors is paramount, and notably so across Britain’s myriad utilities operations. The majority of sites tend to employ the same specialist contractors

www.risk-uk.com

as they’re trained to a high standard. They carry the appropriate certificates, have undergone risk assessments and method statements and, importantly, are security cleared. Electronic key management systems provide for a more robust Health and Safety culture, ensuring that only appropriate users have access while also providing a complete audit trail for the management team. Keys to sensitive areas may be assigned with a specific curfew to coincide with the end user’s shift pattern. A senior member of staff will be duly alerted if the key isn’t returned within the parameters of that curfew. This is a useful tool in terms of Health and Safety and efficiency monitoring as a manager is able to check whether or not the contractor is in any difficulty or if the job is taking a little longer than expected. If a curfew is breached, the system alerts members of the security team and could mean that a contractor has left the site with keys still in their possession. Security will then contact the end user and insist that they immediately return those keys. Another benefit of installing a key management system is that contractors can be restricted from accessing certain areas of the site, for example a hazardous area where there may be equipment that some contractors are not authorised to use or where lone working situations are forbidden, or in areas of high security where staff have to work alongside managers or supervisors.

Enforcing end user accountability With effective key and asset management systems in place, power stations are able to meet time commitments both pre- and postoutage while also ensuring high quality work, in turn maximising all the opportunities the outage episode presents while safeguarding all of the individuals involved. Intelligent lockers offer an effective solution for controlling valuable equipment and allow managers to monitor the use of radios and other major assets. The ability to manage, protect and report upon such assets more effectively can significantly reduce operating costs, enforce user accountability, improve efficiencies and increase productivity. Importantly, an effective key management system ensures that Health and Safety laws are rigidly observed, contractors are held accountable and that management has the audit trail to hand ultimately necessary for maintaining a regulated and properly controlled working environment. In today’s business world, that simply has to be the main priority.

Project2_Layout 1 03/07/2015 16:28 Page 1

MarketsinFinancialInstrumentsDirectiveEnergyTrading August2015_riskuk_apr15 06/08/2015 14:29 Page 1

MiFID II: An Instrument for Change

The fact that the final draft submission deadline for MiFID II has been pushed back to next month shouldn’t alter the proposed 3 January 2017 implementation date for the regulations, but will compliance teams have enough time to come to terms with the changes and thus avoid unnecessary risk exposure? Rainer Landgraf appraises the present situation

www.risk-uk.com

he Markets in Financial Instruments Directive (MiFID) is the framework of European Union (EU) law for investment intermediaries providing services to clients in relation to shares, bonds, units in collective investment schemes and derivatives (collectively known as ‘financial instruments’) and the organised trading of those instruments. In essence, the legislation provides harmonised regulation for investment services across the 31 Member States of the European Economic Area (ie the 28 EU Member States in addition to Iceland, Norway and Liechtenstein). The MiFID’s main objectives are to increase competition and consumer protection in the world of investment services. The MiFID was applied in the UK from 1 November 2007 – at which point it replaced the Investment Services Directive – but is now being comprehensively revised with a view towards improving the functioning of financial markets in light of the financial crisis and to strengthen investor protection. However, the European Securities and Markets Authority (ESMA) recently delayed its review of the MiFID’s technical standards from July to September 2015, in turn allowing the European Commission to flag any concerns relating to MiFID II’s legal documents before their final adoption rather than after. As if the MiFID were not already complex enough, this delay will certainly have a knockon effect for commodity traders in terms of them not being able to view the drafts for some time to come. MiFID II threatens to add to the compliance burden already placed upon the shoulders of these traders while also making it

more difficult for businesses to operate under a hedging strategy. Given the size of the market, a key concern surrounding MiFID II is the potential loss of the exemptions from financial services rules currently enjoyed by energy trading firms. There’s a real worry that, without these exemptions, those firms could end up being treated as de facto financial institutions with the practical effect of this being a recategorisation that misrepresents the nature of their business activities. If the energy trading arm of a large manufacturer were, for example, to be regulated in the same way as a bank, that could mean having to abide by rules such as minimum capital requirements. On paper, at least, there’s an MiFID II exemption for firms that provide investment services for commodity derivatives, emissions allowances or emissions derivatives to customers or suppliers of their main business. That said, in order to qualify for the exemption these activities must be considered ‘ancillary’ to that company’s core business. The risk, then, is that companies seen to be providing investment services, acting as a market-maker in commodity derivatives or otherwise making use of algorithmic or high frequency trading might not qualify. Companies trading on their own account to optimise physical energy assets ‘should’ qualify.

Overlap with the EU’s EMIR regime In theory, MiFID II will create a hedging exemption that ensures the trading arms of manufacturers and energy companies remain exempt but this is a case where the size of the business counts for something. The larger a group’s overall ancillary trading operations, the harder it could be for them to benefit from these narrowed exemptions. A further worry for companies that might find themselves re-categorised under MiFID II is potential overlap with the EU’s still-new European Market Infrastructure Regulation (EMIR) regime enforced as of August 2012 and designed to increase the stability of the overthe-counter (OTC) derivative markets throughout the EU Member States. In practice, it could mean that these companies would be treated as financial counterparties under EMIR, in turn subjecting them to more rigorous standards in areas such as clearing, reporting and risk mitigation for OTC trading.

MarketsinFinancialInstrumentsDirectiveEnergyTrading August2015_riskuk_apr15 06/08/2015 14:30 Page 2

Markets in Financial Instruments Directive: Energy Trading

The issue of reporting trades to a trade repository under EMIR has already compelled energy market participants across the board to increase their IT investments pretty significantly. More generally, EMIR compliance has caused no end of managerial headaches, not least around the number of re-thinks and changes to definitions and timelines that have plagued its roll-out. There’s also a question mark over MiFID II’s treatment of physical energy forwards which could see them defined as OTC derivatives. Should that scenario arise, they would also be subject to EMIR’s trading thresholds which, in certain cases, require clearing and margining.

Limit on net positions Under MiFID II, all energy market participants will be required to comply with position limits which effectively means that there’ll be ceilings placed on the net position firms can hold in commodity derivatives across the EU. This also means that exchange and OTC commodity derivatives trades would be limited to prevent the creation of market-distorting positions. The hedging exemption referred to earlier could, on current guidance, apply to position limits as well so long as a company is a nonfinancial entity taking positions deemed to be reducing the risk of commercial activities. However, the way in which the exemptions and limits will work in practice is still subject to a lengthy industry consultation that began back in May last year. ESMA, which administers both the MiFID and EMIR regimes, released a consultation document and a discussion paper that laid out its current thinking on MiFID II implementation and asked for input from industry. The two publications encompass a substantial 864 pages. You’ll not be surprised to learn that plenty of questions still remain to be answered around how the new regime will eventually work in practice. As mentioned, MiFID II applies across the whole of the EU and must be implemented by each EU Member State. To prepare for final MiFID II readiness by early 2017, there are three questions that must be answered. First, is there clarity over how a market participant’s positions will be aggregated and netted? The issue of economically equivalent contracts and how the characteristics of an individual commodity will factor into the calculation is vitally important. Second, will physical forwards actually be treated as OTC derivatives? Third, what is the exact definition of hedging? This will clearly be extremely important for those companies hoping to make use of the ‘hedging exemption’.

Put simply, derivative and energy traders need to look ahead to late 2016 and early 2017 and build increased regulatory risk into their trading decisions. A good place to start would be to consider how changes in the regulatory interpretation of different transactions could affect a given portfolio. Hedging and risk management strategies will have to be reviewed and adapted as the final form of MiFID II becomes incrementally clearer. Although it’s too soon to action major changes, there are moves that can be made now to mitigate exposure to regulatory risk. One way may be to trade on proprietary portfolios via a regulated market. They’re established and fully regulated. Regulated markets could well provide a degree of certainty about the classification and treatment of transactions. Technology investments can also help mitigate regulatory risk by surfacing exposures and providing swift assurances that trades and related activities are compliant. This has already been shown through EMIR and REMIT, which compelled many companies to revisit their Commodity Trading and Risk Management systems or to otherwise invest in one.

Rainer Landgraf: Product Manager (EMEA) at Allegro Development

Due diligence procedures While it’s too soon to make firm energy trading and risk management recommendations, beginning the due diligence process with trusted vendors should happen now. A regulatory solution for commodity trading and corporate financial compliance is generally not a stand-alone application. Contract data, hedge accounting and revenue allocation in line with new regulatory reporting requirements do not happen in a vacuum. The market wasn’t ready when the first EMIR trade reporting deadline landed in February 2014. After months of delay and changes by EU regulators during EMIR’s roll-out, many companies found themselves playing catch up, hurriedly – and expensively – attempting to understand how they might meet the new regime’s requirements and restrictions. To avoid any repetition of that experience, managers should start preparing for MiFID II readiness. Employing processes and systems that can make an evolving roll-out possible will be absolutely crucial for risk mitigation.

“Under MiFID II, all energy market participants will be required to comply with position limits which effectively means that there’ll be ceilings placed on the net position firms can hold in commodity derivatives across the EU” 31

www.risk-uk.com

SurveillanceSolutionsforEndUsersThermalImaging August2015_riskuk_apr15 06/08/2015 15:40 Page 1

The Heat Is On

Does the steep price decline that these surveillance options have witnessed in recent times mean that the thermal imaging camera is now fully ready to become the mainstream choice for security installations in place of the visible CCTV camera? Alex Schneider recounts his considered views on the matter

Alex Schneider: Business Development Manager at Acal BFi

www.risk-uk.com

hermal imaging is a sophisticated technology with many industrial and engineering applications that, in recent years, has also been deployed in specialist security installations for the purposes of intruder detection. The capability of thermal imaging has always been attractive to security professionals: the infrared (IR) signature of a human being is extremely hard to mask, so thermal cameras provide for the highly reliable detection of intruders both in the day and at night. Nevertheless, for many years the sheer unit cost of a thermal imaging camera – which can run to several multiples of that associated with a conventional, visible CCTV camera – has rendered thermal imaging an unaffordable choice for mainstream security installations. Technology, though, never stands still. The same technical and economic forces which mean that a pin-sharp Full HD television is the same price now as an equivalent low resolution analogue screen would have been a decade ago also apply to thermal imaging cameras. Today, a thermal security camera with pan, tilt and electronic zoom (PTZ) capabilities may cost the buyer as little as £1,500. That represents a sharp decline from the £10,000plus price tag slapped on the same technology soon after its introduction. At this point, a $64,000 question arises. Does the steep price decline mean that the thermal imaging camera is now ready to become the mainstream choice for security installations in place of the visible CCTV camera?

Integration with video analytics Surprisingly, perhaps the biggest factor influencing the answer to this question is not

the fall in the unit price, important though that is. In fact, the widespread adoption of sophisticated video analytics supporting a more effective and efficient use of trained and licensed security personnel has had a stronger effect on the ‘Thermal versus CCTV’ choice made by end users. This is primarily because thermal imaging offers both performance and cost benefits over CCTV cameras in any installation using analytics. The performance benefits arise from the basic operational characteristics of a thermal camera. The thermal camera detects the IR emissions of everything within its field of view. It’s a narrowband device insensitive to other types of electromagnetic radiation apart from IR. It is, for instance, blind to the light that a sighted human can see. Interestingly, this means that the thermal camera ‘sees’ better than a visible camera while suffering from less distortion and interference. It captures the outline of a potential intruder far better because its view is not obscured by phenomena that blind a visible camera: the thermal camera ‘sees’ through any density of fog, smoke, rain or haze. Also, its view isn’t obscured by objects such as leaves on trees that break up the outline of an intruder when viewed by a visible camera. Of course, it can ‘see’ in the dark as well. For the same reason, the camera’s image is stable and consistent at all times of the day and night and in all weather conditions, whereas the image rendered by a visible camera shows dramatic variations depending on whether the scene is bathed in bright sunlight, for instance, or affected by thick, dark banks of cloud cover.

Taking value and cost into account For video analytics software, the consistency of the image captured by a thermal camera is crucial. This intelligent software relies on the ability to detect outlines that may be recognised as a potential intruder. If the nature of the image is consistent at all times of day and night and in all weather conditions, the software’s detection algorithms operate far more effectively. Naturally, this has a beneficial effect on the performance of the security system: it ensures that a greater proportion of potential intrusion events are detected. They should also be detected earlier, because of the ability of the thermal camera to ‘see’ through obscurants such as leaves or smoke which an intruder might use as cover. A thermal imaging camera, then, enables a more prompt and effective response by security personnel on the ground.

SurveillanceSolutionsforEndUsersThermalImaging August2015_riskuk_apr15 06/08/2015 15:41 Page 2

Surveillance Solutions for End Users: Thermal Imaging

A thermal camera system also reduces operating expenses. Video analytics using thermal images will tend to produce fewer false alarms than the same software employing visible images. Potentially, an installation can therefore be secured with a smaller squad of security personnel or with fewer wasted – and expensive – call-outs. The adoption of video security analytics, then, has fundamentally changed the terms of the cost-benefit analysis of thermal and video cameras. The improved performance that analytics offer when supported by thermal cameras shows that the choice of visible or thermal cameras is not a simple mathematical exercise involving comparisons of the cost of one type of installation versus another. Superior camera performance – and the value of this to the end user – also comes into the equation. Every end user now needs to decide the value to them of the additional and quicker detection of intruders that a thermal camera can provide. To put it another way, users must determine how much they can afford to lose from an intrusion event taking place under a visible camera system that might have been prevented had they deployed thermal cameras. Nevertheless, the unit cost of a thermal camera still makes up a considerable proportion of the total installation cost. New thermal imagers benefit from the latest technology and from advanced manufacturing techniques, resulting in record low prices starting at around £1,500 for a fully-functional PTZ model with a resolution of 384 x 288 pixels. For comparison, an equivalent visible CCTV camera would have a typical unit price of around £300. The comparison of interest to potential users, however, is not the unit price comparison of different camera types, but rather the total cost over the lifetime of the installation. A thermal system’s costs are quite different from those of a system based on visible cameras. There are two main reasons for this. First, a thermal camera typically has a longer range than a visible camera. Any given surveillance footprint may be covered by fewer thermal cameras than visible models. This results in lower material and installation expense. Second, a visible camera system requires floodlighting if it’s to ably support night-time surveillance. This carries an added unit and installation cost, but it also adds operating costs over the whole lifetime of the installation: not only electricity costs, but also maintenance costs for the replacement of failed lamps. It’s also important to note here the potential cost of the downtime in the interval between

“Full lifetime calculations often reveal that a thermal camera-based system is in fact similar in terms of cost to a visible camera solution while at the same time offering superior effectiveness and value for money” the failure of a lamp and its replacement. The dark space created by a failed lamp will be a haven for potential intruders. Full lifetime calculations often reveal that a thermal camera-based system is in fact similar in terms of cost to a visible camera solution while at the same time offering superior effectiveness and value for money.

Into the mainstream? Overall, the assumption that thermal imaging is an ‘exotic’ technology somewhat beyond the reach of ordinary installations because of the perceived high unit price of thermal cameras is not borne out by a detailed cost-benefit analysis procedure. Thermal cameras are effective as part of a security monitoring and intruder detection system. A thermal camera cannot provide identification of an intruder, while the picture of an intruder’s face captured by a visible CCTV camera may be used for identification. If identification is required, end user specifiers might consider the use of a special dual thermal/visible camera. For each and every new security installation where CCTV is going to be part of the final mix, consideration should be given by the risk manager as to whether or not a thermal camera system could deliver both better performance and lower system cost over its lifetime.

33 www.risk-uk.com

Project1_Layout 1 04/08/2015 15:15 Page 1

Product door not shown in image Fingerprint reade r optional

Store, manage and control keys, cards and small assets more securely and efficiently with KeyWatcher® Touch. Access is limited to authorized users, and all transactions are recorded with detailed reports available. The system will even automatically email transactional information to any user – at any time. And KeyWatcher’s convenient touchscreen makes removing and returning keys easier than ever. With our modular design and full scalability, it’s easy to see how we keep making key management better. That’s Morse Watchmans’ outside the box thinking – right inside the box.

morsewatchmans.com • 0115-967-1567

CounterTerrorismSolutionsFrontCover August2015_001 06/08/2015 13:52 Page 1

August 2015

Security and Fire Management

In Defence of the Nation Counter-Terrorism Solutions for Risk Scenarios Heart of Glass: Specialist Glazing Systems Examined Living Life on the Edge: Perimeter Protection Regimes Liquid Asset: Water Sector Businesses and AMP6 Sudden Impact: Physical Security in the CNI Arena

Project1_Layout 1 02/06/2015 13:39 Page 1

Introducing the future of perimeter protection from Hill & Smith

Bristorm Zero is the latest High Performance Anti Ram crash rated security fence from Hill & Smith Ltd. Its fully tested and rated to ASTM F2656-07 M50 P1 and offers Zero penetration by the attacking vehicle. Designed, developed and manufactured in the UK its quality and high performance can be relied upon to protect your valuable site and asset.

For more information please visit www.bristormzero.com or call 01902 499400 and speak to a member of our sales team

New Rope mounting bracket technology

Zero penetration

No tensioning requirements â&#x20AC;&#x201C; Ideal for extreme temperature environments

ASTM F2656-07 M50 P1 tested and rated

Scan for more information or visit

www.bristormzero.com

Tested in soft ground

Simple installation, allowing for installation worldwide

The total solution in barrier systems

CounterTerrorismSolutionsGlazingSystemstoMitigateBombBlasts August2015_riskuk_apr15 06/08/2015 13:53 Page 2

Counter-Terrorism Solutions: Specialist Glazing Systems

Heart of Glass

The increasing scope of terrorist activity on the global stage in the wake of 9/11 has focused the minds of owners, architects, engineers, technologists and security professionals alike when it comes to building design. As part of that scenario, Tim Kempster assesses some of the main issues involving the introduction of blast-proof glazing systems

he Security Service currently deems the threat level from terrorism in the UK to be ‘Severe’, meaning that an attack is highly likely. Only one level – a designation of ‘Critical’, denoting that an attack is expected imminently – sits above this assessment. “The majority of terrorist attack plots in this country have been planned by British residents,” states MI5. “At present, there are several thousand individuals in the UK who support violent extremism or are engaged in Islamist extremist activity.” Since the 7/7 attacks in London ten years ago, there have been more than 40 plots targeting the UK. Upwards of 750 arrests have been made and over 200 individuals charged, with 150 successful prosecutions the subsequent end result. Recently, a 15-year-old boy from Blackburn pleaded guilty to a terrorism-related offence, underlining how even the very young can pose a threat to us all. Most of those plots have involved individuals or small groups planning relatively low-key attacks. However, with bomb-making information freely available on the Internet, it’s now alarmingly easy to build and detonate a device. Likely targets could either be sensitive buildings – for example, police stations or military bases – or anywhere that people congregate in large numbers. For example, last year the Home Affairs Select Committee said that the police should contact every shopping centre with guidance from the British Council of Shopping Centres (BCSC), including a requirement for retail outlets to have a security plan in place and test the same on a regular basis. The BCSC produced guide in partnership with the National Counter Terrorism Security Office.

pieced together with a hugely unnecessary level of structural safety. In contrast, two generations later both the North and South Towers of the World Trade Centre suffered from a progressive structural collapse that occurred relatively quickly after the aeroplanes struck. Ironically, it was on that fateful day in 2001 that the Empire State Building once more became New York’s tallest structure. The point to be reconciled here is that what made for good building security yesterday may well be inadequate in today’s environment.

11 September 2001 revisited

New array of risks

For many, the defining images of global terrorism remain the two aeroplanes flying into the World Trade Centre on 9/11. The potency of those images is simple: cameras were there to record the death of innocence and innocents. Where were you when the first aeroplane crashed through New York’s iconic skyline? Chances are you were not even born when, on a fog-filled morning way back in July 1945, a Mitchell B-25 bomber flew into the Empire State Building at about 200 mph killing 14 people. However, such was the structural overkill of the building that it sustained only relatively minor damage. Designed in a precomputer age, the Empire State Building was

The terrorist threat has inevitably focused the minds of building owners, architects, engineers, technologists and security professionals towards better-designed structures that can withstand a different array of risks. There are new assessments afoot around how existing buildings might be reengineered to cope with 21st Century threats. The process has led to design teams taking a multi-disciplinary approach towards the assessment of potential hazards – from power failures to cyber attacks, from civil disorder to fire and explosives detonation – and arriving at risk assessments that, hopefully, illuminate how a given building should be designed,

Tim Kempster: Managing Director at Wrightstyle

www.risk-uk.com

CounterTerrorismSolutionsGlazingSystemstoMitigateBombBlasts August2015_riskuk_apr15 06/08/2015 13:54 Page 3

Counter-Terrorism Solutions: Specialist Glazing Systems

“Assessment methodologies are available to understand the potential threats, identify the assets to be protected and how best to mitigate against those pinpointed risks” constructed and, thereafter, securely managed. Designing-in safety is nothing new, of course. It’s a process that begins with actively assessing the possible risks against that building’s occupants, structure, resources and continuity of operations. Assessment methodologies are available to understand the potential threats, identify the assets to be protected and how best to mitigate against those pinpointed risks. That assessment then guides the design and security team in determining acceptable risks and the cost-effectiveness of any measures that may be put forward for deliberation.

Assessing terrorist threats However, there’s an issue at play. As yet, there’s no accepted methodology for assessing terrorist threats or how to guard against them. Partly, that’s been about the fluid nature of the threat. Following on from this, it’s also true to say that the technologies involved in containing such identified risks have changed considerably over the past few years. In the glass sector, what we’re still seeing are designers, architects and security managers fully capable of assessing risk, but somewhat unaware of the huge advances that we, and others, have made in strengthening the fabric of buildings against attack episodes. In fighting the threat it is, of course, a first objective of Governments worldwide to remove explosives from the terrorists’ arsenal. However, given the ease with which an improvised explosive device can be made using readily-available ingredients, this is unlikely to happen anytime soon. That said, it would be wrong to assume that high explosives alone are the main cause of death and injury. In urban areas, it’s a point of fact that between 80%-85% of all secondary blast injuries are caused by flying glass.

Focusing the collective mind To understand how glass and glazing technology has changed, you have to go back to the attack some 20 years ago on the Federal Building in Oklahoma City. That atrocity really focused minds both in Governments and the glass and glazing sector. Amid the carnage, 200 victims suffered from glass-induced injuries. When a bomb detonates, it produces gases at very high temperatures. In turn, this leads to a rapid expansion of air and the creation of a

www.risk-uk.com

shock wave travelling at supersonic speeds. The shock wave lasts only a few milliseconds and is then followed by an equally sudden but longer-lasting drop in pressure. It’s the enormous impact of the shock wave and the subsequent suction that shatters the glass and physically distorts the framing. The day after the Oklahoma City bombing, the US President instructed the Department of Justice (DoJ) to see what conclusions could be drawn in terms of protecting Federal buildings. One of the DoJ’s key findings was “to provide for [the] application of shatter-resistant material to protect personnel and citizens from the hazards of flying glass.” This very much echoes the findings of the Applied Research Association Inc: “Historically, the major contributor to injuries due to terrorist explosion in urban environments is the glass fragment hazard generated by the breakage of windows.” In Oklahoma, glass fragments were found six miles from the detonation. In New York, 15,500 windows were damaged within a mile of Ground Zero, and nearly 9,000 of them within half that distance. In the wake of Oklahoma City, researchers from the Glass Research and Testing Laboratory at Texas Tech University reached a significant conclusion. They found that damage to property and person could have been reduced if laminated glass, at the very least, had been used in the structures that surrounded the Federal building. It’s a lesson that was learned across the globe as architects and designers struggled to balance form and function with the new requirement of additional security. For example, after Oklahoma City, the US State Department started to make windows in several Embassy projects both smaller and less numerous. All well and good, but none of us want to live and work in windowless environments while architects are not that keen on designing buildings where form and function are severely imbalanced. So it was in the US, and the State Department experiment was duly dropped on aesthetic grounds. Since then, specialist glazing companies have carried out much R&D coupled with high pressure blast-resistant testing. The new systems now being brought to market offer enormous advantages over their older cousins while affording some peace of mind for building occupants where such systems are fitted. The only caveat to air here is that anybody specifying a glazing system with a view to mitigating the effects of blast must ensure that both the glass and its framing system have been tested together.

CounterTerrorismSolutionsPerimeterProtection August2015_riskuk_apr15 06/08/2015 13:57 Page 2

Counter-Terrorism Solutions: Perimeter Protection

Based in Bulgaria, Lukoil Neftochim Burgas processes 9.5 million tonnes of crude oil per year. Lukoil’s oil production sites are vital to the Bulgarian economy, but also present a risk management challenge. Kristof Maddelein reports ntil recently, Lukoil Neftochim Burgas had used two independent systems for perimeter security: two fences with sensor cable systems separated from each other by around five metres. While the fencing delivered quality results, the installation was quite expensive involving digging, cabling and visible cameras – as well as lighting – for the visual verification of any detected targets. To make sure the critical infrastructure sites are fully protected against unwanted intruders, the company opted for a perimeter security solution based on thermal imaging cameras. Lyubomir Dimov, project manager at Lukoil Bulgaria’s dedicated security agency Lukom-A, stated: “We decided to try thermal cameras. They allow us to control the entire territory with a relatively small number of cameras. With a

Territorial Advantage sensor cable-based system you require cables, lighting along the perimeter and a video camera at 60-metre intervals. All of this is more difficult to implement and more expensive. With thermal cameras, we always see directly what happens, regardless of lighting conditions or if it’s daytime or night-time.” Dimov continued: “We performed tests with a thermal imaging camera. Even during the day, with a normal colour camera it’s the case that intruders may be ‘lost’ in the greenery. In contrast, thermal cameras can still follow them when they hide behind bushes.” Ivan Ilchev, systems technician at specialist integration company Telelink EAD, added: “The sensor cable system that Lukoil has been using has its merits, but the false alarm rate is relatively high. Also, a visual CCTV camera system has its drawbacks. If you consider that the Lukoil site has a very big perimeter for surveillance – more than 22 km, in fact – then you would need more than 400 standard CCTV cameras. However, one thermal imaging camera can replace six or seven visual CCTV cameras.”

Kristof Maddelein is Content Manager at FLIR Systems

CounterTerrorismSolutionsBuildingThreatIntelligenceonCBR August2015_riskuk_apr15 06/08/2015 13:46 Page 1

Counter-Terrorism Solutions: Building CBR Threat Intelligence

Chemical, Biological, Radiological necessary. Restrict access to water tanks and other key utilities and continually review the security of your food and drink supply chains. Consider whether you need to make special arrangements for mail or parcels (eg a separate Post Room, possibly with dedicated airhandling, or even a specialist off-site facility).

Awareness of threats and hazards

Since the early 1990s, concern that terrorists might use chemical, biological and radiological (CBR) materials as weapons has increased at a fairly steady rate. With Al-Qaeda and related groups having expressed a serious interest in deploying such materials, Brian Sims highlights some timely security guidance notes prepared by the Centre for the Protection of National Infrastructure

www.risk-uk.com

uch of the CBR-related activity seen to date has either been criminal or involved hoaxes and false alarms. To date, there have only been a few examples of attacks using CBR materials. The most notable were the 1995 sarin gas episode on the Tokyo subway, which ended up killing 12 people, and the 2001 anthrax letters in the US realising five deaths. The likelihood of a CBR attack remains low, largely due to the difficulty of obtaining the materials and the complexity of using them effectively. Where terrorists have attempted to carry out CBR-based attacks, they’ve generally been small-scale incidents employing relatively simple materials. As is the case with other forms of terrorist attack, there may well be no prior warning of a CBR-related incident. Moreover, the exact nature of an incident may not be immediately obvious, particularly with an attack involving radiological or biological materials. First indicators could be the sudden appearance of powders, liquids or strange smells within the building, with or without an immediate effect on its occupants. According to the Centre for the Protection of National Infrastructure (CPNI), good general physical and personnel security measures will contribute towards resilience against CBR incidents. Appropriate personnel security standards should be applied in relation to contractors and visitors, and notably so for those with frequent access to the location. Review the design and physical security of your air-handling systems, such as access to intakes and outlets. Improve air filters or upgrade your air-handling systems as

The CPNI states that a basic awareness of CBR threats and hazards, combined with general protective security measures (such as screening visitors, the CCTV monitoring of perimeter and entrance areas and always being alert to suspicious letters and/or packages) should offer a good level of resilience. The precise nature of a CBR incident may not be readily apparent. Keep your response plans general and wait for expert help from the Emergency Services to arrive on scene. Review plans for protecting staff in the event of a terrorist threat or attack. Remember that evacuation may not be the best solution. You’ll need to be guided by the Emergency Services should an incident occur. As stated, an attack involving radiological and biological material may not be immediately apparent and might only be recognised when larger numbers of staff report in with sickness. In terms of the building, plan for the shutdown of systems that may contribute to the movement of airborne hazards (eg computer equipment containing fans). Ensure that doors can be closed quickly if required. If your external windows are not permanently sealed shut, it’s advisable to develop plans for closing them in response to a warning or incident.

Moving to a safe location Examine the feasibility of emergency shutdown for air-handling systems and ensure that any such plans are well rehearsed. Where a hazard can be isolated by leaving the immediate area, do so as quickly as possible, closing doors and windows as you go. Move those directly affected by an incident to a safe location as close as possible to the scene of the incident so as to minimise any potential spread of contamination. Separate those affected by an incident from those not involved. This will minimise the risk of inadvertent cross-contamination. It’s worth remembering that there’s no need to make special arrangements beyond normal First Aid provision. The Emergency Services will move to treat any casualties.

CounterTerrorismSolutionsWaterSectorSecurityandAMP6 August2015_riskuk_apr15 06/08/2015 14:21 Page 2

Counter-Terrorism Solutions: Water Sector Security and AMP6

Without water, there is no life – which makes our national water supply one of the most obvious assets to protect. Chris Plimley discusses why enhanced security is going to be a major focus for UK water companies in years to come ater companies are under increased pressure to improve their relative efficiency while also looking to improve waste water effluent quality in the next five-year Asset Management Programme (AMP6). They’re facing key strategic questions, such as totex and asset management, the need for frameworks and alliances, managing the supply chain and whether to recruit technical capability in-house or to outsource/co-source. With the AMP6, water regulator Ofwat is confirming its move away from the ‘ticking regulatory boxes’-style approach of previous AMPs towards focusing on customer value for money. This will see water companies trying to eke out the most from existing assets and find ways of minimising operational cost. This shift in emphasis is leading to these companies looking for different skill sets from their supply chains. The focus on long-term

Liquid Asset thinking is also being reflected in the way that some water companies are seeking to procure the solutions partners that will deliver work during AMP6, with many opting for alliances or frameworks that run beyond the traditional fiveyear AMP period. Thames Water is the most advanced of the water companies in terms of its procurement for AMP6. There’s a “complete transformation” of the way in which it delivers capital investment, with the company announcing a full two years ago the list of businesses within its ‘Super Alliance’. They include MWH Global as programme manager. Indeed, work has already begun on some parts of the programme. Thames Water has allocated £1.4 billion for security and general asset upgrades, with £200 million alone set aside for security. This will bring the estate up to current Defra standards and ensure full preparedness for any security eventuality (including terrorist attack). In essence, that means the company’s desire is for full turnkey security solutions including integrated perimeter fencing, CCTV and access control. It’s an obviously thorough approach.

Chris Plimley: Sales Manager for High Security Products at Zaun

Project1_Layout 1 06/08/2015 16:20 Page 1

solutions for a safer world

ARE YOU READY IF THE POWER FAILS? POWER QUALITY ASSURANCE FOR UPS AND GENERATORS - PREVENTATIVE MAINTENANCE - ONE-OFF HEALTH INSPECTIONS - LOAD BANK TESTING - THERMAL IMAGING - REMOTE MONITORING

TEL: 01488 680500 WWW.UPSSYSTEMS.CO.UK

CounterTerrorismSolutionsPhysicalSecurity August2015_riskuk_apr15 06/08/2015 14:11 Page 2

Counter-Terrorism Solutions: Physical Security

The need to protect Critical National Infrastructure from accidental damage seems to be every bit as fundamental an issue as safeguarding it against an intentional terrorist attack, as Lucy Foster explains orking with both clients and distributors who operate across the international security business sector, it’s plain to see that a new requirement for impact-tested products and solutions has emerged. Over the last couple of years, multiple accidents have occurred at Critical National Infrastructure sites. One such was a bus collision just outside a major London Underground station. The bus could have ploughed into a large crowd of pedestrians, possibly killing or seriously injuring innocent bystanders. The outcome was very different due to a line of high security, impact-tested bollards installed to protect the station’s perimeter. Another commonly identified accidental impact threat is the collision of push-back tugs and airside columns supporting passenger walkway tunnels within international airports. These 70tonne vehicles have the potential to cause

Sudden Impact serious damage should a collision occur with substantial consequences to passengers and the day-to-day running of an airport. This problem has been identified mainly throughout airports in South East Asia. Whether the threat is from an out-of-control bus or push-back tug, there’s a very real need to protect pedestrians in highly populated urban areas from vehicle impact. It’s clear that steel tubes (ie non-impact tested bollards) traditionally used to segregate pedestrian and vehicle areas are not strong enough to diffuse an out-of-control vehicle. Recent accidental impact events are causing urban security planners to rethink designs once focused on individual buildings within an inner city area. Now, those planners must ponder on urban areas in the holistic sense with the safety of pedestrians and visitors of great importance. Intuitive measures ought to be installed, in turn making solutions both cost-effective and shrewd in nature. Certainly, the original UK Government initiative entitled ‘Protecting Crowded Places’ now seems more relevant than ever in light of this recent market development.

Lucy Foster: Marketing Manager at ATG Access

Project1_Layout 1 04/08/2015 15:15 Page 1

Stop safety being a lottery with Traka LOTO

Staff and contractor safety and security L-Touch

are paramount and an intelligent key management system from Traka can enforce procedures as part of your robust Lock-out/ Tag-out (LOTO) application. In addition staff and contractors take greater responsibility for keys and

S-Touch

equipment which saves organisations time and money.

M-Touch

To find out more how Traka could help your organisation contact our vertical specialists: wayne.kynaston@traka.com ben.farrar@traka.com or call +44 (0) 1234 712345

traka.com

ASSA ABLOY, the global leader in door opening solutions

AccessControlTheEvolutionofSmartCards August2015_riskuk_apr15 06/08/2015 17:40 Page 43

Access Control: The Evolution of Smart Cards

Living Life in the Smart Card Lane S mart cards were first introduced in the late 1960s. Originally a simple but revolutionary chip card, the technology has since evolved to offer advanced capabilities, among them the contactless functionality that so many of us have come to know and love. The contactless smart card allows activities such as payments and admittance to happen on a fast and effortless basis without the card and card reader making any physical contact. Within an office environment, contactless smart cards enable members of staff to navigate from floorto-floor or through departments with relative ease, eliminating the obstacle of having to stop and swipe a card to gain authorised entry. That’s good news for the host business, then. Being able to move faster between points A and B can help to reduce time wastage, thus increasing the productivity of employees during office hours. Today, we do expect a fast and efficient service for everyday tasks and the contactless smart card certainly delivers on that desire. Sturdy in design, the card fits safely in your wallet or can be easily connected to a lanyard. Both options are ideal for a working environment where staff will undoubtedly need to use their card on multiple occasions throughout the day. With the additional benefit of being able to encrypt data between the card and reader, smart card technology also offers protection against information security breaches. This is of particular importance for organisations within the public sector, the financial services environment, the legal sector and for those corporates wishing to use smart cards for consumer-related purposes.

Improving administration tasks Issuing ID cards also becomes a smoother and faster process for authorised administration staff. Credentials can be instantly logged into the security and building management system, in turn immediately creating a user card for new employees and visitors based on their defined privileges. If staff or users accidentally misplace their card, the lost item can be automatically rendered inactive. This minimises the risk of unauthorised entry or spend if the card can be employed for transaction purposes. Furthermore, smart cards offer added value services such as the ability to track and record the whereabouts of users at any given time.

Offering convenience, durability and cost savings, smart cards have become commonplace across our society. Whether you’re on the London Underground, purchasing refreshments in a canteen, stacking up loyalty points in your favourite store or gaining access to the office, the smart card has certainly made its mark but, questions Tim Northwood, is it here to stay? Tracking data can benefit organisations in a number of ways, including time and attendance records, safeguarding solutions or for invaluable evidence to be used in employment disputes or tribunals. Smart card technology has already transformed the capabilities of access control and facilities management systems, but we’re now experiencing smart card functionality being transferred to a smart phone environment. That’s a real step forward. Consolidating the smart card and smart phone makes sense on many levels. Companies who currently supply both a smart card and smart phone to staff can enjoy the financial savings of removing the smart card element. End users will benefit from having one ‘smart’ device containing all of their ‘smart card’ identities for both work and leisure. Transferring smart card technology for use with a smart phone has other benefits. With the majority of employees now owning a smart phone, companies can look to reduce the costs of a physical smart card that has a higher likelihood of being misplaced. Advances in Bluetooth low energy also mean that battery life should become less of a stumbling block for any type of smart phone technology.

Tim Northwood: General Manager at Inner Range Europe

www.risk-uk.com

AccessControlTheEvolutionofSmartCards August2015_riskuk_apr15 06/08/2015 17:41 Page 44

Access Control: The Evolution of Smart Cards

All that said, at present there’s still some scepticism surrounding the security of Bluetooth and Near Field Communication (NFC) technology and, for certain industry sectors at least, these concerns may be a significant sticking point when it comes to dispensing with the smart card in the interim. Furthermore, companies who also use their smart cards as a corporate visual identifier (containing staff member name and photograph) may be slower to adopt the advancing smart phone technology. Traditional smart ID cards offer an organisation’s security team an instant way in which to challenge the identity of a user rather than having to waste time logging into the security system to compare that end user with a visual image. Managing visitor access can also realise issues for many organisations, most notably the larger institutions and corporates who welcome hundreds of individuals to their premises every day. On the one hand, the host organisation needs to protect its property, staff and assets while, on the other, there’s a requirement for delivering a consistent, professional and friendly welcome for all visitors to the location. Even when smart cards are used, a receptionist still needs to physically create a visitor badge. This takes time and effort as well as incurring a physical material cost. Visitor credentials may hold the key for companies looking to improve their visitor access procedures. The process begins when a member of staff gives prior notice to the security team that they’re expecting a visitor on a specific date and time. After receiving the notification, a member of the security team will send a message to the visitor’s smart phone. The message can contain details about the

“Smart card technology has already transformed the capabilities of access control and facilities management systems, but we’re now experiencing smart card functionality being transferred to a smart phone environment” 46

www.risk-uk.com

meeting, of course, but will also include a barcode or QR code that will be recognised by the host company’s internal access control and building management system for the date and time of the visit. Consequently, when the visitor arrives on site the registration process is near enough complete. Armed with their smart phone, visitors simply point the barcode displayed on their smart phone screen at security terminals to access authorised lifts or doors. When the meeting date and time expires, the barcode will automatically be rendered inactive. Visitor privileges may also be set to limit access to specific areas of the site. For example, access granted to Lift 2 and opening at Floor 7 only.

Visitor credential applications One of the latest technology trends is visitor credential applications. Ticketing services have been quick to adopt this type of technology in order to speed up their service and save costs. Tickets for travel, hotels and entertainment are now typically sent via an e-mail with a barcode that will be scanned on entry to the venue. We’re confident the market will see expansion across a wider range of industries in the very near future if it’s not already being planned in many R&D Departments. As technology development proceeds and at a faster rate than ever before, even the visitor credential application could be superceded sooner than we anticipate. Biometrics may hold the key to the progression of the smart card. Integrating smart card technology with cuttingedge facial and fingerprint recognition systems and physical devices such as smart cards and smart phones could become virtually redundant for areas such as access control, ticketing, time and attendance and vending. Using advanced visitor credential-style applications, information about end users will be stored against recognition credentials. When an end user’s fingerprint or face is scanned, the system will identify that individual and provide a service based on specific system criteria. If a given system has the built-in intelligence to recognise someone’s face then the power of smart card technology may well be taken one step further. Security systems could be developed to automatically report and send alerts to security administrators if particular ‘faces’ are spotted. The technology involved here would need to adhere to Government legislation and the law. Is the smart card here to stay? We should see a shift towards the ‘virtual smart card’ through greater use of smart phones and biometrics. Evolution is happening. Watch this space.

Project1_Layout 1 04/08/2015 15:13 Page 1

WORLD

Conference and Exhibition

10% OFF using promotional code

MP10

AccessControlKeyManagementandNetworkedSecuritySystems August2015_riskuk_apr15 06/08/2015 13:27 Page 1

Unlocking the Potential of Key Control ost or missing keys, unauthorised duplicate sets of keys, manual log books that are inaccurate and often illegible or not knowing who might have keys when they should not be in possession of them all have the potential to undermine even the most sophisticated and wellintentioned of corporate security initiatives. State-of-the-art key management systems can resolve these issues while at the same time optimising access control solutions through system integration. Today, the most advanced key management solutions may be integrated with networked security systems. For their part, open protocols enable connectivity to access control and other systems provided by a range of integration partners for multiple levels of security and management. Integration of multiple locations with the common usage of databases and programming, real-time information, local and remote access, computerised reporting, specialised alert notifications and ease of use all have the potential to elevate key management and access control to the next level.

As part of the requirement for the safety and security of people, assets and facilities, the management of keys is a fundamental tactic in controlling access. In fact, key management is a prerequisite for any access control strategy because of unavoidable vulnerabilities when humans are involved. Here, Fernando Pires offers end users salient advice on both system selection and operation 48

www.risk-uk.com

Provision of real-time information When network-connected, advanced key management systems can provide real-time information to authorised personnel for monitoring key usage activity. Systems are designed so that every time a key cabinet is accessed to either remove or return a key, that activity is automatically recorded. The time, date and identity of the individual accessing the cabinet are all automatically logged and the data available by way of management software. Additional information – including when a key is scheduled to be returned or the location of a stored key (ie which key cabinet in the system) – is also available. Such knowledge could prove to be critical in an emergency.

For example, if company vehicles must be moved out of an area because of potential flooding or fire, doing so quickly and efficiently can depend on how swiftly each of the vehicle keys may be located. Immediate confirmation of where the keys are – or identification of who has possession of them – can make the difference in saving an organisation’s assets.

Integrating mobile devices It’s not always the case that today’s workforce is resident in an office the whole time or found behind a desk. More often than not the office is wherever the individual happens to be. Mobile apps have been developed that allow users to extend their productivity beyond a physical location or what might be deemed a ‘regular’ working environment. By integrating mobile devices with key control and asset management systems, security personnel or other authorised users may view a wide range of live information and can interact remotely with the solution. Management is able to maintain optimum control of building keys at any time of the day or night or when away from the primary place of business. For example, while off site at a seminar or convention, a manager can remotely release a key to a contractor called in to temporarily replace an employee who has reported sick. Alternatively, they can schedule a report to be generated on their return to the office showing all activity during their absence. Critical real-time information such as keys in use, overdue keys, alarms and system status that’s easily accessed on a smart phone or mobile device ultimately provides for a safer, more secure business environment. In an information-laden world it’s easy to miss relevant or important signals. Networkintegrated key management systems can deliver the right information at the right time to the right people on their choice of devices.

Additional security actions Critical information about key control that’s communicated across multiple systems enables additional security actions to be taken. With a turnstile-type access control solution networked to the key control system, for example, the end user who has taken a specific key can be denied egress from the facility until such time that the key is returned. With a networked system, selected management may be alerted via e-mail if a high security key has been accessed or not returned

AccessControlKeyManagementandNetworkedSecuritySystems August2015_riskuk_apr15 06/08/2015 13:34 Page 2

Access Control: Key Management and Networked Security Systems

on time. As far as integrated, network-enabled key management systems are concerned, authorisation codes can be changed remotely to help prevent access being granted to an individual whose employment contract with the host company has recently been terminated. The latter action may be accomplished by way of a global list and all settings automatically synchronised across the system. For added security and efficiencies, the integrated key management system can be seamlessly administered by the card access solution. Through that solution, the key management system may then be configured for access, storage and tracking purposes.

Generation of Summary Reports In addition to monitoring the activity on a live basis, networked systems enable data to be collected from the various key cabinets and Summary Reports generated. Key usage data provides a wide range of business intelligence and programmed reports are the easiest and most effective method of assembling and viewing the information generated. Authorised personnel can generate practical management reports which trace key movements by time, date and user code as well as audit reports that track keys in use and overdue keys, inconsistent key usage and so on. For easier reading, the reports may be generated in portrait or landscape mode with colour interspaced lines. In addition, built-in schedulers may be programmed to automatically download all data to a secure PC as required by the user, including online as transactions occur, periodically, daily (at a specified time), weekly (with specified day and time) or monthly (once again with specified day and time). The e-mail delivery of customised or standard reports can be scheduled for any frequency or specific time or they can be accessed using a smart phone app. With this capability, security managers can better sort and analyse information in order to maintain the maximum control over access and security issues. In the event of an incident, management can query the system for specific details such as listing all transactions between certain times and, when conducting a follow-up investigation, request a report for the hour preceding the incident. Immediately following an incident, a report can be generated showing which keys are back in the system as well as those still outstanding (and who last accessed them). Together with the audit data from an access control solution, a key control system’s reporting structure provides a strong evidence

trail. Regardless of the number of key cabinets in the system, their location or configuration type, the procedure for accessing the cabinet is always the same. Keys stored in the cabinet can be accessed only by authorised individuals with an approved user code, an access identification card or a pre-registered biometric fingerprint. If the criteria entered matches the information stored in the system database, the key cabinet will unlock and the necessary key can then be removed or returned. The other keys will remain locked into place and the activity is automatically recorded. Different solutions for key security, key control and key management can be tailored to the various needs of the end user, including the flexibility to have different levels of security (ie dual or triple authentication) in designated areas of the premises. Cabinet doors may be solid steel or seethrough polycarbonate material. Choices for modules to fill the cabinets may include a selection of mechanical key storage modules, key card modules, lockers of various sizes or simply blank modules deliberately designed to be filled at a later time and date. The point is that the combination of modules is entirely up to the end user who’s able to customise and also change the system to meet specific business requirements.

Fernando Pires: Vice-President of Sales and Marketing at Morse Watchmans

Looking to find specified keys Other system conveniences may include large touchscreens on the front panel with buttons and an easy-to-use interface with step-by-step instructions. Keys available for access may be called up on the touchscreen by the security manager along with specific information concerning the location of a specified key, what keys have not been returned and when the key(s) will become overdue. In addition, messages may be created that will pop up when a particular key is requested (for example, a message reminder that sterile suits must be worn when personnel are entering a research laboratory). In today’s highly security conscious environment, then, the networking capability of advanced key control systems adds tremendous value to key management systems and allows Best of Breed solutions to be implemented without costly upgrades or overhauls for the host organisation.

“By integrating mobile devices with key control and asset management systems, security personnel or other authorised users may view a wide range of live information” 49

www.risk-uk.com

TheSecurityInstitute'sView August2015_riskuk_apr15 06/08/2015 15:42 Page 1

The SeMS Framework and Aviation Security

or many business and leisure travellers, visible change in aviation security provision is centred on the introduction of new screening technologies or about alterations to the rules governing how much liquid material – in the form of shampoo or shaving gel – they’re permitted to take on board an aircraft. Indeed, it’s fair to state that upgrades in technology and procedure are continually being made. When it comes to the security professionals looking after those passengers, one of the biggest changes facing them in terms of philosophy and governance around aviation security may well be just around the corner. The introduction of Security Management Systems (SeMS) has been promoted by the International Civil Aviation Organisation (ICAO) (‘Reaching for the Sky’, Risk UK, February 2015, pp54-55) and we’re gradually beginning to witness airports and carriers adopting its principles. What we don’t know at this stage is how it will affect aviation security in general and, specifically, whether it serves as a vehicle for achieving a more risk-based approach. In the aviation safety arena, the adoption of a Safety Management System (SMS) has shaped the way in which safety risk is managed. The idea behind the SMS is to have a set-up that allows the organisation to pinpoint hazards, collect and analyse safety data and take risk management decisions based on those hazards identified across the business. The structure of a modern SMS also allows the measurement of

www.risk-uk.com

Security Management Systems – or SeMS – enable the identification and management of security risks in a consistent and proactive way, but how are they impacting the aviation sector? Chris Barratt presents an overview safety performance as well as continuous improvement of the safety risk process itself. Some years ago, we would always reference ‘flight’ safety. Flight safety tended to look at those areas close to the operation of aircraft such as piloting, maintenance and the aerodrome space. On reflection, this was something of a myopic approach. Thanks to studies and analyses conducted by academics, accident investigators and Government research organisations – among them NASA and the Royal Aircraft Establishment – it was realised that causal factors for safety incidents could actually be quite distant from the event. The SMS approach sought to encompass the safety risks from the wider operation such as commercial decisions and, arguably, has been successful in doing so. Security incidents can work in a similar way. For example, any decision taken to reduce the size of the property maintenance team at an airfield may outwardly have little influence on security. However, if such a decision means there’s no longer the resource available to service the padlocks on the airfield’s perimeter zone it may well be that, after a period of time, there’s a risk of compromised physical security. The SeMS approach should provide a similar framework as the SMS in identifying the risk such that it can be assessed in a timely manner. There’s no reason to believe that SeMS cannot repeat the success of SMS when applied in the aviation sector but there are issues to be resolved – some of them small, others large – before that stage can be reached.

Security in a traditional structure For many years, the traditional structure of aviation security was based around compliance with the rules set by the regulator of the specific country in which a given aircraft was registered. Given the threats posed by hijack, sabotage and overt attacks on airports, regulators tended to concentrate on the carriers and infrastructure within their own boundaries as they had little control over the security measures in other jurisdictions. Where intelligence was available to suggest that security measures in another country were

TheSecurityInstitute'sView August2015_riskuk_apr15 06/08/2015 15:43 Page 2

The Security Institute’s View

of a standard considered so poor that the safety of those travelling could not be guaranteed, restrictions on flights to these affected nations could be imposed. That included a blanket ban on flights. This approach best served the aviation sector at a time when it was common for state airlines to be Government-owned. However, as the industry grew and routes multiplied, the problems associated with this system became visible. Pleasingly, across the past two decades we’ve witnessed something of an evolution towards a more encompassing, technical and considered approach. Greater engagement overseas has seen the UK recruitment of regional aviation security officers attached to Embassies. While they cannot determine security policies of other countries, they work towards providing vital assistance and advice and, in so doing, improve the security of inbound flights to the UK. SeMS have been promoted by the ICAO, some airlines and other stakeholders such as catering companies, airport suppliers, cargo and freight organisations as well as ground handlers. In the UK Civil Aviation Authority’s publication CAP1223 (CAA 2014): Framework for Security Management Systems, it’s evident that some of the SMS principles are very similar to those within SeMS. Both systems require a commitment from the head of the organisation to resource them and provide a management environment wherein staff are encouraged to report security incidents and concerns without any fear of negative actions being instigated.

Thorough and accurate analyses Information and intelligence is of limited use if subsequent analyses are not thorough and accurate. Airlines and airports need to acquire the necessary skills either by recruiting experienced analysts – which may prove challenging – or training staff and building the experience in-house. The latter course of action will take time. They’ll also need to develop evaluation tools that account for the nature of what is a complex global business. In addition, the procurement of intelligence and information is not without its own challenges. Take, for example, an airline with a global network. It may use its local infrastructure if it has one, but information might be limited to an airport’s organisational or physical conditions that could end up having an influence on security. The Government may share threat information but, due to the nature of it, detail is likely to be scarce either to protect sources or not risk disclosing capabilities. This may or

may not leave enough room for making accurate risk judgements. Procuring information from the private sector can be costly. Many carriers have small margins so there’s the potential that the better resourced airlines will have a different quality and scope of information and data available to them than a smaller and somewhat less resourced carrier. If different providers are used, again there may be a variance between carriers of the information and, subsequently, within the assessment. That could well explain why, last summer when Malaysia Airlines Flight MH17 was allegedly shot down by a surface-to-air missile over a conflict zone in the Ukraine, some airlines were still flying in the region while others had taken the decision not to prior to this horrific incident occurring. In the past, aviation security has been accused of operating in a silo and not communicating with other parts of the aviation sector. That situation has been changing over the years, but SeMS will have to complement and integrate with other management systems if they’re to reach their true potential. SeMS are not just about predicting hazards and risk-assessing them. The data collected will also allow performance and quality to be monitored in airports, across carriers and other aviation entities. Modern security technologies can feed performance data into the system giving as near a real-time assessment as is practical and which directly supports the National Aviation Security Programme. One of the strengths of the process is that each system is developed to fit the needs and structure of the organisation. For example, a small and non-complex operation may have a simple and small SeMS whereas a global carrier would likely have a far more detailed and larger system. This adaptive nature will enable it to be applied to all aspects of the aviation sector. No claims are being made here that SeMS would have prevented the tragedy referred to above. Potentially, though, SeMS could form the backbone of a risk-based approach to aviation security while also realising a detailed monitoring tool for security professionals.

Chris Barratt MSc MSyI: Managing Director of Avsec Global

“There’s no reason to believe that SeMS cannot repeat the success of SMS when applied in the aviation sector but there are issues to be resolved” 51

www.risk-uk.com

InTheSpotlightASISInternational August2015_riskuk_apr15 06/08/2015 14:27 Page 60

Risk and Brand Management: Strategies for the Hotel Sector We soon realise the true picture and set about the disengagement process of our teams from the faceless and latest ‘VIP client’. Wherever possible, we’ll notify third parties whom we can see are engaged either as participants, sponsors or providers of some kind of service to support the event. Alerts are then cascaded throughout our sector as a prevention and warning to others. In truth, the scenario outlined here is a frequent occurrence. It’s often the case that vast sums of money are paid to third party agents for flights, accommodation and tickets for events that simply don’t exist. The hotel venue is contacted and arrangements discussed purely to make it appear legitimate. Indeed, attempts at defrauding individuals or marketing a fraud wrapped in the confidence of a well-known and respected major hotel brand are not new. To be blunt, this kind of nefarious practice has history.

Fraudulent events, privacy breaches, attempts at circumventing secure physical access, brand and reputational damage, cyber crime, acts of terrorism and political unrest. These are but some of the risks facing security professionals operating in the hotel sector. How might such threats be effectively managed? Darren Carter adopts a strategic approach

www.risk-uk.com

icture the scene. The latest proposal from an event organiser arrives at the top of my Inbox. ‘For Your Perusal’ is the subject line of the message. There’s a conference programme on the horizon put together with a view to discussing matters pertaining to global warming. Attendees are set to be the world’s leading authorities on the subject. The event is scheduled to run across three days. The basic requirement is for fully-serviced conferencing facilities and accommodation to suit 180 delegates. Make no mistake that this appears to be a highly attractive piece of business for our company. Very profitable. It also fits in nicely with our Corporate Social Responsibility agenda and so on. Of course, it’s all very well to be dialled into the business, keep track of the commercial activities and help in maintaining a sharpened edge to our offer, but what we’re really talking about with cases such as this is risk reduction. As we peel back the gloss we begin to see the murky reality of what lies beneath. In fact, it’s an elaborate scam which has already successfully captured and reeled in academics, Government agencies and private sector professionals from around the world. Papers have been submitted, flights are prebooked and hotel rooms secured. There’s a tangible buzz around the event which is still ten months away.

Constantly evolving scenario The security of hotels, the role of security teams within them and the day-to-day work of the head of security function across a group of hotels – or, indeed, a large iconic hotel – continues to evolve at pace. Fraud – or attempts to commission it – emerges in many forms. As much as 70% of fraud perpetrated across the hotel and travel sector will have originated online. That said, not all forms of fraud have taken great leaps of advancement. Counterfeit currency and payment cards offered in retail bar and restaurant spaces are not uncommon. It follows that we must invest time in training and educating our personnel teams to both detect this type of fraudulent activity and ensure that they respond both effectively and efficiently. Now, though, my focus turns towards preparing for a product development meeting. Advanced plans are on the table for a significant new ‘urban resort’ hotel in central London. Although it’s still a few years away from the official opening of this development, our minds necessarily leap into the future in a bid to determine the needs of our customers and staff members alike. Remaining attuned to the latest guest service experiences and innovations in our sector is an absolute necessity. The development of

InTheSpotlightASISInternational August2015_riskuk_apr15 06/08/2015 14:28 Page 61

In the Spotlight: ASIS International UK Chapter

electronic and physical security solutions is rapid, of course, and it can be tempting for hotel security professionals to capture systems and duly propel them into service in order to maximise their appeal and capitalise on what’s deemed to be a ‘brand differentiator’. Such a strategy may work for a few months before complications emerge. System reliability becomes a problem. Things fall apart. We’ve all seen the procurement disasters of some high profile public sector projects of late. It’s fair to say that the private sector wouldn’t have been nearly so absorbent. Taking advice from trusted partners, seeking evidence and endorsement is all part of the process. There’s also a fundamental principle at play which is always worthy of note. Do not try to be clever or cutting-edge for the sake of being seen as ultra-modern and innovative. If the proposed solution doesn’t work it could end up being extremely costly and deeply damaging.

Preserving reputation and brand Like many others, the hotel industry makes huge investments in creating, building and maintaining an image. A brand identity. A formula that’s immediately attractive and affordable for customers but equally sustainable – and profitable – for the business as a whole. Preserving the reputation of a brand is the mission of an entire workforce, of course, but the role of the hotel security manager in all of this is critical. Not normally an expert marketing guru or a media-savvy sensation, he or she will spend much of their time managing activities that could significantly harm the reputation and profitability of the brand if not dealt with effectively. Hotels are crowded places. For their part, city centre hotels are attractive prospects for petty criminals and bag snatchers. Deep understanding of how spaces are used and who populates them helps to determine how best to manage the risks presented. Allowing low level crime to flourish or even exist is likely to have a potentially damaging and long-lasting impact on the brand. What’s not unique but is very much key to our industry is the need for us to preserve the reputation and image not only of our own businesses but also that of our clients’ companies. Whether you’re talking about a private individual leisure guest or the members of a large international corporation, their stay should never be seen as simply a transaction. Those who choose to spend time with a particular hotel do so on the basis that they

have full confidence in that business to meet their service needs. The product offering and facilities fit their specific requirements and, more importantly, they place their trust in the hotel business to fulfil their expectations. This being so, it’s not surprising that, in today’s environment, the safety and security needs of a potential client play an everincreasing role. What about the corporate guest identifying conference space for a series of small, commercially sensitive meetings? Then there’s the company looking to host a largescale AGM or product launch.

Addressing ‘The Privacy Agenda’ Full service hotels in the UK can all demonstrate extremely advanced and sophisticated fire, life safety and security systems. This is a minimum expectation, and rightly so. Also of paramount importance to a hotel guest is their privacy. This doesn’t suddenly stop at the door to their bedroom, and the physical environment in hotels has been developed over many years to ensure absolute minimum interference with a positive guest experience. Attempts at accessing personal information have certainly increased over recent years. We recognise this at a very basic level with ongoing attempts to obtain payment card information via voice calls to various business departments. More sophisticated efforts arise in the form of embedded links within e-mails that contain malware. We’re also familiar with phishing emails masquerading as having been sent by well-known High Street banks. There have been various Denial of Servicestyle attacks on communication systems and attempted diversion to criminal groups again seeking to harvest payment card data. Even if it’s reasonably small in scale, any data breach might endanger a hotel group’s relationship with multiple clients and pose significant risks to future commercial opportunities. Key to any risk reduction programme will be communication and the thorough training and education of staff across all business departments and at all levels. Cyber-focused criminality, for example, is an area that requires intimate and expert knowledge on the part of systems and network managers while also demanding end user awareness via detailed mandatory training.

Darren Carter MSyI: Head of Security at the Edwardian Group and Hotel Sector Lead for ASIS International’s UK Chapter

“Allowing low level crime to flourish or even exist is likely to have a potentially damaging and long-lasting impact on the brand” 53

www.risk-uk.com

FIATechnicalBriefing August2015_riskuk_mar15 06/08/2015 14:25 Page 1

Chemicals for Firefighting: Potential Changes in the UK Market Robert Thilthorpe provides an overview of the changes being made to the European Union’s (EU) chemical regulations and what they could mean for the UK’s firefighting sector. The first of these is the EU Chemical Labelling and Packaging Regulation, while there’s also due consideration of proposed alterations to the REACH Regulation

www.risk-uk.com

ommonly referred to as the CLP Regulation or simply ‘CLP’, Regulation (EC) No 1272/2008 is the EU’s legislation on the Classification, Labelling and Packaging of Substances and Mixtures. This legislation came into force on 20 January 2009 and is directly applicable to those suppliers who manufacture, import, use or distribute chemical substances and mixtures. The Regulation replaces the provisions of the Dangerous Substances Directive 67/548/EEC and the Dangerous Preparations Directive 1999/45/EC in a ‘stepwise’ approach. The final step, in fact, occurred not so long ago when the latter documents were repealed on 1 June 2015. Put simply, the aim of the legislation is to identify the hazards of a given chemical using a standardised set of classification criteria, package that chemical safely and then communicate information about hazards to end user customers through labels and other documents (such as safety data sheets). The onus for correct labelling falls on the supplier who places the product (chemical) on the market. As a result, this can cascade down the supply chain. Right now, you might well be thinking: ‘What does all this have to do with fire protection?’ Well, in very simple terms what we use to fight fires are mixtures of chemicals. Even water (H2O) is a chemical, and we must package those chemicals. By way of example, as far as the CLP Regulation is concerned a fire extinguisher is effectively a packaging system for chemicals. Of course, they’re much more than that in real terms. The CLP Regulation, then, affects the producers of chemicals: the manufacturers of firefighting foams and other extinguishing agents. It also impacts the importers of

chemicals (ie the importers of firefighting equipment as well as the end users of chemicals). For example, the formulator of mixtures (ie the end user of substances and mixtures supplied for the formulation of other products placed on the market such as fire extinguisher manufacturers using foam or powder media) and a re-filler who’s transferring substances or mixtures supplied to them from one container of packaging into another. Here, you’d be looking at fire extinguisher servicing companies or distributers. Already, you’ll have begun to see the new labelling on your washing powder and household cleaning products. It’s very similar to those labels you’re accustomed to, but now the EU’s CLP Regulation has made the labels uniform right across Europe.

Identifying the main hazards As the aim is to identify the hazards, the first step in the process is to determine whether or not the chemical concerned is hazardous in the concentrations contained within the packaging. If it is then the package should be labelled. Article 31(1) of the CLP Regulation requires labels to be firmly affixed to one or more surfaces of the packaging immediately containing the substance or mixture and that they shall be readable horizontally when the package is set down normally. However, if the packaging contains the information then a separate label is not required. Here, Article 31(5) comes into play. What should the label look like? The CLP Regulation gives very clear guidance on this in Article 17, which states that the label should contain the following information: *Name, address and telephone number of the supplier(s) *The nominal quantity of the substance or mixture in the package where this is being made available to the general public (unless this quantity is specified elsewhere on the package) *Product identifiers *Hazard pictograms (where applicable) *The relevant signal word (where applicable) *Hazard statements (where applicable) *Precautionary statements (where applicable) *A section for supplemental information (where applicable) Potentially, then, it’s a good deal of information. The CLP Regulation also prescribes the size of the label which is based on the size of the packaging. The attached label must be easy to read. Also, depending upon where the packaged chemical is placed on the market, the label has

FIATechnicalBriefing August2015_riskuk_mar15 06/08/2015 14:25 Page 2

FIA Technical Briefing

to be delivered in the language of all applicable EU Member States. The hazards are split between physical, health and environmental in nature. Physical hazards would be corrosive, explosive, flammable, oxidising or gas under pressure. Health hazards are defined as acute toxicity, acute toxicity in terms of being an eye or skin irritant and, finally, the respiratory or carcinogenic risk. Environmental hazards are those elements deemed to be toxic to the aquatic environment. Labels should have a minimum size depending on the capacity of the package. For example, if the package is less than 3 litres the label should be at least 52 x 74 mm. Between 3 and 500 litres, the label must be 74 x 105 mm.

Producers and suppliers The composition of the firefighting agent should be checked based on the safety data sheet and the appropriate labelling applied depending upon the hazards identified. If you’re the manufacturer of the original agent then this is part of the REACH Regulation’s requirements. If you’re not the manufacturer of, for example, the foam concentrate but, in order to achieve a specific fire rating in a fire extinguisher, mix two different concentrates in the extinguisher then you need to update the SDS and assess whether a CLP label is needed. Manufacturers and suppliers of foams, powder and gaseous agents are ahead of the curve and have been amending their labelling to comply with the CLP Regulation’s requirements. It’s evident on their products. For the portable fire extinguisher market it’s slightly newer information. To assist members and others, the Fire Industry Association (FIA) has drafted guidance (FIA Fact File 74) on the CLP Regulation and its impact on this industry segment. Specific contents of that guidance will be agreed with the Health and Safety Executive and published in the near future. Depending upon what’s in the extinguisher (ie based on the safety data sheets provided), the situation is not as bad as it may have first appeared. The FIA’s guidance looks at fire extinguishers based on media and the refills used by the service companies. It states whether or not a CLP label is required and, in addition, renders example labels.

Restriction of PFOA The other area that’s generating much interest in the firefighting sector is a European Chemical Agency (ECHA) consultation on the possible restriction of perfluorooctanoic acid (PFOA). PFOA is related to perfluorooctane sulfonate

“Manufacturers and suppliers of foams, powder and gaseous agents are ahead of the curve and have been amending their labelling to comply with the CLP Regulation’s requirements. It’s evident on their products” (PFOS), a chemical that used to be employed within firefighting foam but is now banned across Europe. In point of fact, PFOS has not been a constituent of firefirefighting foams for many years now. In small amounts, PFOA can be present in fluorinated firefighting foams (AFFF). There are a number of voluntary agreements in place to change the chemistry of firefighting foams in order to reduce their environmental impact, but at the same time maintain the high level of firefighting capability exhibited by these important chemicals. Along with our European colleagues in Eurofeu (the European Committee of the Manufacturers of Fire Protection Equipment and Fire Fighting Vehicles), the FIA was made aware of the aforementioned ECHA consultation, carried out with a view to amending the REACH Regulation by adding a restriction on PFOA. Among other things, such a restriction would place a limit on PFOA in products and mixtures of 2 parts per billion (ppb). On the face of it, this doesn’t seem that bad. Lots of chemicals are limited wherever they’re considered to be hazardous. However, when you look closely the impact on the firefighting market would be considerable. It’s not just the fire sector that would be affected, either. Any equipment containing – or having contained – the fluorinated chemical at a level greater than 2 ppb would effectively be banned. This would include equipment used to make foam, firefighting foam monitors designed to protect airfields and petrochemical facilities and foam-based portable fire extinguishers. If this change goes ahead, the most drastic vision is that every foam fire extinguisher in Europe would have to be replaced along with any other bit of kit that contains foam. In turn, this would impact every industry that currently makes good use of fluorinated chemicals. The FIA, Eurofeu and Eurofeu’s Member Associations have responded to the ECHA consultation along with other interested parties, duly pointing out the potential damage to the European economy of such a move and providing alternative solutions. One option is to set the limit at 1 ppm which is the limit for PFOS, a more environmentally damaging chemical. At this level a straight swap of contents would be possible.

Robert Thilthorpe: Technical Manager at the Fire Industry Association

553

www.risk-uk.com

Project1_Layout 1 04/08/2015 16:04 Page 1

CALL FOR PRESENTATIONS www.asisonline.org /london

LONDON, UK | 6–8 APRIL 2016

ASIS 15 TH EUROPEAN SECURITY CONFERENCE & EXHIBITION

Be a speaker at ASIS Europe 2016! ASIS International, the world’s premier association for security professionals, is inviting articulate subject matter experts to share practical knowledge (case studies, best practices) and strategies at the ASIS 15th European Security Conference & Exhibition in 2016 in London. Abstracts on all security related topics are welcome. Submit your abstract through www.asisonline.org/london before 15 September.

Sponsor or exhibit at ASIS Europe 2016! Sponsor or exhibit at this important security event to gain exposure of your brand, products, or services among the top of the European security profession. KEY FEATURES

More than 600 senior security practitioners from all over Europe and beyond Meet decision-makers and end-users High level speakers 3 plenary sessions with top-level keynote speakers 40 high quality educational sessions Chief Security Officer Roundtable Summit 30–40 exhibitors 20+ case studies in the Technology and Solutions Theatre Networking events: Welcome Party, President’s Reception, business lunches, networking breaks Professional visits to see security in practice at key organisations in and around London

For more information visit: www.asisonline.org/london, email: europe@asisonline.org, or call: +32 2 645 26 74

ASIS International EMEA Bureau 300 Avenue de Tervueren, 1150 Brussels, Belgium

europe@asisonline.org Tel: +32 2 645 26 74 Fax: +32 2 645 26 71

SecurityServicesBestPracticeCasebook August2015_riskuk_apr15 06/08/2015 15:39 Page 2

Security Services: Best Practice Casebook

BSIA Security Personnel Awards 2015 N ow in their seventeenth year and sponsored once again by Camberford Law plc, the BSIA’s prestigious Security Personnel Awards serve to acknowledge the commendable and limitless contributions that security personnel make to the security business sector – and, indeed, the wider community – on a daily basis. Further, the Security Personnel Awards embody the very standards of professionalism that are central to maintaining the sector’s image among buying customers and members of the public alike. Indeed, the obvious talent, bravery and skill levels demonstrated by this year’s regional and national winners are attributes upon which the security business sector models itself. Speaking at the London Hilton Hotel following the BSIA’s Annual General Meeting, James Kelly – the Trade Association’s CEO – told Risk UK: “Security continues to play a vital role in safeguarding our nation and individuals like this year’s Security Personnel Awards winners help to maintain the industry’s favourable reputation. At the BSIA, we pride ourselves on representing the very best in the security sector. The outstanding contributions made by our award winners serve to illustrate this.” David Ottewill, managing director of Camberford Law plc (the company that has diligently sponsored this yearly event since its inception, in fact) added: “We’re very proud to be associated with the BSIA’s Security Personnel Awards and would like to congratulate all of this year’s nominees and winners. It’s important to recognise and reward the hard work and efforts of these dedicated professionals within the security sector.”

Chairman of the Judges Professor Martin Gill FSyI (Director, PRCI) Judges Brian Sims BA (Hons) Hon FSyI (Editor, Risk UK) David Ottewill (Managing Director, Camberford Law plc) Dave Humphries (Director of Compliance, Intelligence and Communication, SIA) David Wilkinson (Director of Technical Services, BSIA) Graham Bassett (Director, GBR UK) Trevor Elliott (Director of Manpower and Membership Services, BSIA) Fay Gillott (CEO, 7BR) Terri Jones (Director General, Skills for Security)

In mid-July, the British Security Industry Association announced the national winners of this year’s Security Personnel Awards at the Trade Association’s Annual Luncheon. Brian Sims was among the invited guests at the Hilton Hotel on London’s Park Lane paying tribute to the fantastic efforts of security officers operating across the UK

The Security Personnel Awards duly recognise exceptional performances within the industry across five different categories: Service to the Customer, Outstanding Act, Best Newcomer, Best Use of Technology and Best Team. Let’s take a look at the 2015 national winners in each of those categories.

Service to the Customer Mohammed Amal El-Hajji Mohammed Amal El-Hajji of Mitie Total Security Management boasts a sterling track record of delivering exceptional customer service. Over the course of a ten-year contract at the Ministry of Justice, Mohammed has regularly received praise from ambassadors, Government ministers and senior state VIPs. Donald Murray VSG’s Donald Murray, who’s a security supervisor, is commended for his excellent service while working on a contract at the Cambridge Grand Arcade Shopping Centre. An ability to forge excellent relationships and empower his team members has assisted in realising the attainment of consistently high Service Level Agreement scores. Richard Farley Richard Farley of The Westgrove Group is

www.risk-uk.com

SecurityServicesBestPracticeCasebook August2015_riskuk_apr15 06/08/2015 15:39 Page 3

Security Services: Best Practice Casebook

praised for his commitment to the client, a proactive approach and his willingness to go above and beyond the ‘Call of Duty’. In fact, Farley has been described by the client as ‘the jewel in the crown’ of The Westgrove Group’s security service.

Outstanding Act Aberafan Shopping Centre Team Three members of OCS Group UK’s Aberafan Shopping Centre Team were presented with an award for saving a man’s life when he suffered a massive heart attack. Their quick thinking, composure and skill was undoubtedly a contributing factor towards the man’s eventual survival and recovery.

*The BSIA would like to thank Camberford Law plc for its ongoing support of the Security Personnel Awards **Nominations are now open for the 2016 Security Personnel Awards. BSIA members can view the entry criteria by accessing the Association’s website: www.bsia.co.uk/bsia-awards

Chris Fielding Chris Fielding of Securitas Security Services UK has been working on the company’s security contract at Chesterfield Royal Hospital for over four years. Recently, Fielding showed vigilance, professionalism and initiative in saving a male from trying to take his own life. This young security officer has also been praised for the compassion he offers patients at all times.

Best Newcomer Clarence Hyman Security officer Clarence Hyman, who works for Corps Security, is rightly praised for his high standards and a natural willingness to go above and beyond the basic outline of his duties. Already, Hyman has demonstrated customer service skills of the highest level. Paul Wilson Securitas Security Services UK’s Paul Wilson is

a member of the Emergency Medical Team working for BAE Systems Submarine Solutions. During a routine medical check, Wilson identified a patient with a serious condition and thus potentially saved the individual’s life. The patient concerned was rushed to hospital and underwent emergency surgery. Had it not been for Wilson’s observations and actions, this patient could well have suffered a major stroke. Robert Love Robert Love of Sight & Sound Security Solutions is a security officer who’s quickly rising through the ranks. Securing two promotions within as many years, Love is now working as an operations supervisor directly responsible for the management of over 150 officers. He’s a highly valued member of the team who continually motivates and positively influences those around him.

Best Use of Technology Marcin Bereza An intelligence analyst working at VSG, Marcin Bereza single-handedly designed and implemented an electronic Security Operations Dashboard. The software, which enables managers to plan a much more effective security regime, took considerable time and effort to devise. Bereza was the sole driver of the concept and managed to fit the development process around his normal work streams without needing additional resources.

Best Team Centrale Shopping Centre Team VSG’s Centrale Shopping Centre Team in Croydon consists of 33 dedicated security officers committed to providing a service for the client which is second to none. Constituent members continually improve their skills by taking part in comprehensive training. Indeed, 20 members of the 33-strong team are First Aid and defibrillator trained. They relentlessly seek to add value to the contract by going above and beyond what’s expected of them. ITV Security Team Wilson James’ ITV Security Team has been presented with a national award for ‘going the extra mile’. The team of 23 dedicated security professionals has fully embraced the culture and values of ITV and become an integral element of the broadcaster’s operations. Team members often cover additional duties, in turn showing their commitment to adding value on the contract. Customer care is a core focus and there are regular commendations offered for the security officers’ ‘can do’ attitude.

www.risk-uk.com

paper ad_Layout 1 04/06/2015 17:59 Page 1

thepaper

Pro-Activ Publications is embarking on a revolutionary launch: a FORTNIGHTLY NEWSPAPER dedicated to the latest financial and business information for professionals operating in the security sector

Business News for Security Professionals

The Paper will bring subscribers (including CEOs, managing directors and finance directors within the UKâ&#x20AC;&#x2122;s major security businesses) all the latest company and sector financials, details of business re-brands, market research and trends and M&A activity

FOR FURTHER INFORMATION ON THE PAPER CONTACT: Brian Sims BA (Hons) Hon FSyI (Editor, The Paper and Risk UK) Telephone: 020 8295 8304 e-mail: brian.sims@risk-uk.com www.thepaper.uk.com

SecurityOperationsCentresTheCyberSecurityDimension August2015_riskuk_apr15 06/08/2015 14:44 Page 1

The importance of a Security Operations Centre that can detect, respond to and contain breaches early on in the ‘cyber kill chain’ cannot be overstated. As Tony Marques states, these capabilities must keep pace with evolving Advanced Persistent Threat-based cyber attacks as conventional network and endpoint signature-centric SIEM monitoring alone will not be sufficient

Security Operations Centres: The Cyber Security Dimension oday’s Security Operations Centre (SOC) should – as a bare minimum – be an intelligence-driven facility incorporating network and endpoint data analytics that will detect signatureless cyber kill chain behaviours. Combined with a forensics capability, the next generation SOC will undoubtedly serve as a business-critical component within any cyber defence regime. The concept of Managed Security Services (MSS)-delivered SOC Service Towers is now very much to the fore, but what do they look like in terms of being able to deliver efficient and effective cyber breach detect, respond and contain capabilities, and particularly so for a multiple vendor-delivered IT estate? Here, multiple vendor can also be taken to mean an increased attack surface. Put simply, the MSS-delivered SOC needs to operate seamlessly across all IT Service Towers in order to address that increased cyber attack surface. Make no mistake that this is a challenge for the SOC. Today’s businesses are very much moving targets characterised by ongoing changes and growth in terms of people, process, organisation, location, data, applications and technology. Arguably, the importance and capabilities of the SOC have now evolved to the point where it

should exist as a distinct logical and contractual entity (ie a Service Tower in its own right). There’s no doubt that the specialist technology and skills needed to operate an inhouse next generation SOC represent a big and expensive step forward for the end user.

Integrating multiple Service Towers Service Integration and Management (SIAM) is an ITIL-aligned approach designed to engage and manage multiple vendors (or Towers) providing an end-to-end IT service. It’s both accountable and responsible for integrating operational delivery into a single, co-ordinated, end-to-end IT service for an end user customer. This is achieved by partitioning the IT estate into discrete functional ‘Towers’ – applications, end user compute, networks and cloud/hosting – collectively representing an end-to-end IT environment. SIAM manages, orchestrates and governs cross-Tower integration. The Service Tower model is fast becoming a de facto procurement approach for the UK’s public sector and is increasingly employed for procuring ‘on premise’ or managed solutions across the private sector. Further, many IT system integrators now apply the Service Tower model internally when pricing outsourced deals using Tower-aligned delivery teams. Each Service Tower delivers an orchestrated functional IT solution aligned with a set of Service Level Agreements (SLA) and backed-up by Operational Level Agreements concluded between other supporting and dependent Towers. Having clearly defined roles and responsibilities between Service Towers underpinned by the SLA structure is challenging due to the inherent complexity of different vendor cultures, technologies, practices and approaches. Certainly, it’s fair to suggest that the Service Tower model’s success is heavily dependent upon co-ordinated collaboration between Tower vendors.

Complexity of operation There’s an increased complexity when it comes to implementing and operating a Service Towerbased IT solution encompassing multiple vendors. Each Service Tower represents a discrete set of people, processes and technologies driving a range of security controls largely focused on perimeter defence.

www.risk-uk.com

SecurityOperationsCentresTheCyberSecurityDimension August2015_riskuk_apr15 06/08/2015 14:44 Page 2

Security Operations Centres: The Cyber Security Dimension

Each Service Tower also presents a discrete attack surface, collectively representing a far larger attack surface than would be the case if a lone vendor were to deliver a single homogeneous solution. This increased attack surface represents an extra complexity in the context of applying consistent and joined-up breach detection, response and containment capabilities across all of the Towers employed. The SOC must address this complexity to deliver effective and efficient early warning capability. Otherwise, it merely reverts to a basic log management and monitoring function issuing alerts that cannot be adequately correlated across Service Towers and end up creating noise, uncertainty and elevated risk. In today’s cyber threat landscape, the most potent danger is the Advanced Persistent Threat (APT). An APT is characterised by a highly motivated threat source and/or threat actor(s) strategically targeting a business, constructing TTPs in order to bypass perimeter and network security and covertly exploit network and endpoint trust relationships. APT-based attackers will plan and mercilessly execute an effective cyber kill chain, gliding past the perimeter as if it didn’t exist. Such attackers focus on trust relationship discovery and exploitation. An APT actor conducts reconnaissance missions, building detailed corporate, digital and technology footprints to identify the best attack method and exploit vectors for establishing a foothold before pivoting towards other endpoints. Business assets are compromised by the ensuing breach which will often persist undetected for several months. The SOC must be capable of detecting early breach activity and containing it.

Elevated cyber attack risk level The increased attack surface inherent in the Service Tower model combined with clear and present APT dangers create an elevated risk level for the business/end customer. A larger attack surface exposes multiple breach points. Detecting breaches involves piecing together anomalous activity across Service Towers and correlating that information to assess whether, collectively, the activity represents any phase of the cyber kill chain. Applying effective early breach detection across multiple Service Towers with a moving IT environment baseline is a major challenge for any SOC. It’s also true to state that generating actionable alerts early on in the cyber kill chain is absolutely vital when it comes to mitigating potential damage to the business.

“Each Service Tower delivers an orchestrated functional IT solution aligned with a set of Service Level Agreements and backed-up by Operational Level Agreements concluded between other supporting and dependent Towers” In order to adequately address the increased attack surface of the Service Tower model within the context of today’s cyber threat landscape, a SOCs capability should deliver the following features: *Single view of operations across all Towers *IT environment baseline change monitoring *Cyber threat assessment modelling across all Service Towers *Intelligence-driven rule violation assessment *Signatureless breach behaviour detection *Cross-Tower incident/event response orchestration The above attributes are not the facets of a conventional – or traditional – SOC. Detecting signatureless behaviour patterns in the context of the cyber kill chain across Service Towers will require a large team operating on a 24/7 basis. This team must be dedicated to analysing against a baseline. Many different network flows, endpoint behaviours and Internet communication logs will have to be analysed against any phase of the cyber kill chain.

Big Data Analytics explained Alternatively, a Big Data Analytics (BDA)focused solution might be a smarter choice. BDA effectively needs to spot statistical ‘dots’ outside of the baseline, join them up and then correlate with other sets of joined-up dots to identify breach activity or Indicators of Compromise (in other words, signatureless breach detection). The capabilities described above represent next generation features combining Security Information and Event Management, cyber security intelligence and BDA into a seamless, integrated SOC platform delivering effective detection, response and containment across multiple vendor environments. To be properly harnessed and calibrated for the delivery of cross-Tower detect, respond and contain functionality, these capabilities may be logically and contractually delivered as a Service Tower. As is the case with other Towers, the SOC Tower will employ its own set of operational roles and responsibilities. However, the SOC will operate across all Towers to deliver timely, consistent, correlated and effective breach detect, respond and contain capabilities.

Tony Marques: Cyber Security Consultant at Encode UK

www.risk-uk.com

TrainingandCareerDevelopment August2015_riskuk_apr15 06/08/2015 17:44 Page 1

Taking Security Management to Level 7 Conducting Research and Projects For the final module, learners study how research projects are written (including the presentation of findings). Learners will then undertake a security research-based project and submit their completed research report as the final course assessment.

In conjunction with its established learning development partner Perpetuity Training, The Security Institute is now set to introduce a Level 7 Advanced Diploma in Security Management via the distance learning route. In parallel, Study-Security 24/7 has launched its own Level 7 accredited Security Management Programme. Brian Sims reports

he Level 7 Advanced Diploma in Security Management is delivered by the distance learning method and takes around nine months to complete. Assessment is conducted by way of three written assignments, the third of which is focused solely on a security management topic of the learner’s choice. This arrangement allows the learner to produce a high level body of work that’s of direct relevance to their own organisation. It’s a move that will be of tremendous value to employers. The new Diploma is targeted at Master’s Degree level and specifically designed to benefit those wishing to take their professional development to the highest strata within both The Security Institute and, indeed, the security sector in general. The written assignments are completed as part of three modules (as follows):

Critical Thinking and Critical Writing Skills In the first module, learners will study critical thinking and writing skills. The assignment will be based on conducting a critical analysis and review of a security, policing or crime-related report. This particular assessment element runs to 1,500 words. Research Methods and Project Proposals Here, learners will study security research methods and project proposals. The assignment is based on creating and submitting a project proposal. This forms the basis of the work undertaken in the next module. The assessment is set at 1,500 words.

www.risk-uk.com

Commenting on this educational development, David Thorp – managing director at The Security Institute – told Risk UK: “Perpetuity Training has been our training partner since 2007 and, across the last eight years, has excelled in providing training to large numbers of security professionals. This has resulted in those professionals achieving a BTEC Level 3 Certificate and/or a BTEC Level 5 Diploma in Security Management.” Thorp added: “I’m confident that this new Level 7 Advanced Diploma will prove to be hugely popular. Undoubtedly, it takes The Security Institute’s qualifications to the next level and meets a definite demand exhibited by higher stratas of the security profession.” Ken Livingstone, managing director of Perpetuity Training, added: “We appreciate that security professionals have to carefully plan how they spend their precious time, which is exactly why we’re offering the Level 7 Advanced Diploma in Security Management as a distance learning course. The Diploma affords learners the advantage of being able to study from anywhere in the world and acquire a significant career-enhancing qualification.” Course entrants must hold a Security Institute Diploma and have seven years’ experience of working in security management or a related management field or hold a security-related BA/BSc degree and have seven years’ experience of working in security management or a related field or hold a BA/BSc degree that’s non-security related and have a decade of experience spent working in security management or a related field *Full details of the course content and eligibility to participate can be obtained by e-mailing: training@perpetuitytraining.com

Security Management at Level 7 Study-Security 24/7 has just launched a Level 7 accredited Security Management Programme. Originally taught as a post-graduate certificate and latterly available as a distance learning Master’s Degree from a leading UK university,

TrainingandCareerDevelopment August2015_riskuk_apr15 06/08/2015 17:44 Page 2

Training and Career Development

the qualification is now the first QCF distance learning Level 7 Security Management Programme to be accredited by awarding organisation Industry Qualifications. The overall Security Management Programme is described by Study-Security 24/7 as “contemporary and industry-relevant”, boasting an alumni of approximately 4,000 students emanating from over 70 countries. The majority of the students are drawn from international Armed Forces, various law enforcement agencies and professional corporate security backgrounds. Indeed, with professional alumni in every time zone and operating in every hostile environment, the graduates are considered to be the ‘Who’s who?’ of global corporate security management. Level 7 is a post-graduate programme positioned between BA (Hons) and Master’s Degree level. Credits from the programme may be used towards further study at Master’s Degree level. The Security Programme offers three routes: *Security Risk Management and Physical Security *Security Risk Management and Information/Cyber Security *Security Risk Management and Crime Investigation Management The programme has been designed to meet the requirements of individuals currently employed in a security or related field in either the public or private sector and who have a first or second-class Honours degree (or an acceptable professional qualification). However, strong consideration is also being given to those applicants without formal academic qualifications who can demonstrate relevant experience within the discipline of professional security. Study-Security 24-7’s academic director Danie Adendorff told Risk UK: “There’s international industry support and recognition for this study programme. Our aim and vision is to contribute to the professionalism of the international security sphere by providing cutting-edge, contemporary and relevant security management training. Our commitment to quality education and training is evident in the programme’s development to date.”

Academic validation process Substantial investment combined with triple academic validation provided by Danie Adendorff MSc, Peter Camilletti MA (Cantab) and James Willison MA, together with a modular delivery, ensures the study programme remains a “world class, industry-defining

“The new Diploma is targeted at Master’s Degree level and specifically designed to benefit those wishing to take their professional development to the highest strata within both The Security Institute and the security sector in general” qualification” which, according to StudySecurity 24/7, surpasses the recognised ‘Triple AAA’ test. In other words, it’s ‘Affordable, Attainable and Advantageous’. Prior to founding Study-Security 24/7, Adendorff served as director of security programmes at Loughborough University’s School of Business and Economics where he was responsible for post-graduate studies in Security Management (Distance Learning), the post-graduate Certificate in Security Management, the post-graduate Diploma and the MSc, also both in Security Management. Peter Camilletti is the holder of two Master’s degrees: an MA in Law from Cambridge and an MA in Security Management from Loughborough University. Between 1968 and 2001, Camilletti served as a Metropolitan Police Officer and retired in the rank of Detective Superintendent. Experience gained in this period included the management of specialist investigations involving murder and organised gangland crime (via Operation Trident). Camilletti introduced Criminal Justice Units into the Metropolitan Police Service’s divisional structures. While serving with the police, Camilletti was awarded five commendations for outstanding leadership and investigative ability. In 2011, James Willison was awarded the prestigious Imbert Prize by the Association of Security Consultants for his diligent work on the topic of security convergence with ASIS Europe and the information security community in general. He’s currently vice-chairman of the ASIS European Convergence/ESRM Committee. From an academic perspective, Willison holds a BA in Theology from Durham University, a post-graduate Certificate in Education from the University of London and an MA in Security Management gained at Loughborough University (where he’s presently serving as an associate senior lecturer on the popular postgraduate Security Management Programme). Willison has over 20 years’ experience in the field of physical and information security management. He’s the co-author of StudySecurity 24/7’s learning module on Information Security and Cyber Crime. *Further information on the Level 7 Security Management Programme is available by e-mailing: info@study-security247.com

www.risk-uk.com

RiskinAction August2015_riskuk_aug15 06/08/2015 14:36 Page 1

Risk in Action Kentec’s in great shape with The Gym Group following fire alarm control panel project for multiple Fitness Centres A major expansion by one of the UK’s leading gym operators has seen new fire safety systems using Kentec fire alarm control panels installed within Fitness Centre premises in order to protect both users and members of staff. Just six years after the business first opened its doors, The Gym Group now boasts in excess of 500,000 members. Those members pay monthly fees with no contract commitments. The Gym Group plans to have opened 80, 24-hour gyms across the UK by the end of this year. The fire safety systems at 21 of The Gym Group’s latest locations have been engineered and installed by independent system specialist Southern Fire Alarms using Kentec Syncro AS fire control panels in tandem with Hochiki’s open communications protocol. Customer requirements for 24-hour member access mean that gyms are not always staffed. On that basis, consideration had to be given to the positioning and accessibility of the fire control panels. Kentec’s tamper-resistant windows were selected in order to protect the fire alarm panels from unauthorised tampering while at the same time permitting access to the LED display and specific zonal indicators. To allow for the needs of gym members, staff and visitors alike, some of whom may be hard of hearing or users of MP3 music players, fire alarm indicators have been designed into each system to provide visual naming of alarm activation. Kentec’s flagship ‘open protocol’ Syncro Series is recognised as one of the most powerful systems of its type on the market today, guaranteeing the very highest standards of performance, safety and reliability for purchasing end users.

Chubb Security helps boost operational efficiencies at Hales Sawmills Timber product manufacturer and supplier Hales Sawmills has opted for a sophisticated IP-based video security system from Chubb Fire & Security to protect both people and sophisticated machinery housed at the company’s all-new, £5 million state-of-theart manufacturing facility located in the West Midlands county of Shropshire. Providing wholesale and retail services, Hales Sawmills combines the latest production technologies with traditional craftsmanship, offering high quality products to an ever-expanding customer base which presently includes premier timber merchants and local councils as well as members of the general public.

www.risk-uk.com

Sir William Perkins’s School has just the right Profile thanks to Tyco Sir William Perkins’s School plays host to 600 female pupils aged from eleven to eighteen. Founded in 1725, the educational concern moved to its present site on the Guildford Road in Chertsey, Surrey back in 1819. This summer, construction work has begun to fashion a new classroom block specifically designed to house a drama studio, music practice rooms and a Career Development/Sixth Form area as well as an atrium café. Following a system demonstration, members of the facilities management team at Sir William Perkins’s School were so impressed with Zettler Profile’s functionality and ease of use that the bespoke solution was immediately specified to serve the new classroom block. Andy Sivyer, estates and facilities manager at Sir William Perkins’s School, told Risk UK: “We can access any part of the Zettler Profile system menu in just three steps. We have a large, modern touchscreen with which we can manage and program the fire detection system.” Built on the latest generation of digital fire detection technology, the Zettler Profile affords the very highest levels of fire safety. Designed, installed and monitored by Chubb Fire & Security, the surveillance system on site comprises IP CCTV day/night cameras located along the facility’s perimeter zone. The use of intelligent video analytics helps to reduce false alarms often generated by small animals and moving vegetation while at the same time increasing the likelihood of detecting a genuine intruder. Should an alarm event occur, security personnel based at Chubb Fire & Security’s remote monitoring operation assess the images rendered and then determine the appropriate action(s) to be taken. “We now have 24/7 protection at the site and that gives us tremendous peace of mind,” enthused Julian Parton, chairman of Hales Sawmills. “We can also use the dome cameras throughout the day, not just for security purposes but also to monitor stock levels and general yard activity.”

RiskinAction August2015_riskuk_aug15 06/08/2015 14:43 Page 2

Risk in Action

UNION tackles unauthorised key duplication in healthcare facilities with keyULTRA solution UNION – part of ASSA Abloy Security Solutions (a division of ASSA Abloy UK) – is on a mission to prevent unauthorised key duplication in healthcare facilities with its keyULTRA master key system. Last year alone, NHS departments reported 498 data breaches to the Information Commissioner’s Office, in turn showing how data protection has become an increasing concern for hospital managers. Facilities and security professionals operating in healthcare establishments need to safeguard confidential information and expensive medical equipment. On that basis, managing security and access control requirements is critical. The keyULTRA master key cylinders possess one of the longest patents in the market. When in use, DuraPIN technology actively protects both the key and cylinder assembly from illegal duplication and permits access solely to authorised personnel. Craig Birch, category manager for cylinders at ASSA Abloy UK, said: “Unauthorised copies of keys and an unknown number of keys distributed to individuals can be common problems for those hospitals with large numbers of personnel and a high staff turnover. A copied or a lost key is an immediate security threat that could lead to data breaches and costly civil monetary penalties. keyULTRA ensures that facilities and security managers are fully aware of everyone with access to each area of a given building. This helps to eliminate the costly problems that could occur from compromised security.” Not due to expire until 2028, as stated the keyULTRA master key cylinders possess one of the longest patents present in the market. To date, this system has been successfully installed at a number of healthcare facilities including Arnold Lodge, a medium secure psychiatric unit located in Leicester, and at the Good Hope Hospital in Birmingham.

NG Bailey’s IT Services Division secures intelligent building contract for London’s South Bank Tower NG Bailey’s IT Services Division – which specialises in the design, supply, installation, management and maintenance of voice, data and structured cabling solutions to contracting, enterprise and public sector clients – has secured a 12-month contract to design, install, integrate and commission South Bank Tower’s electronic security, telephony and ICT systems within a single, centrally-managed IP backbone. The contract was awarded to NG Bailey by main contractor Mace, which has been working on the extensive redevelopment project at the site since 2013. Built in 1972, South Bank Tower was formerly home to IPC Media and widely depicted in the publisher’s flagship science fiction comic 2000AD as the ‘nerve centre’ of Tharg the Mighty, the title’s fictional alien editor. NG Bailey is now proceeding to implement a consolidated network design which integrates Best of Breed elements from four separate systems to create an entirely bespoke solution for the premises. The building’s landlord ICT system and landlord and tenant electronic security system will both be integrated within a central LAN supported by Cisco Power-over-Ethernet (PoE) switches. This will enable each of the network’s end devices – including door locks, intercom systems, CCTV cameras, IP phones and Wi-Fi access points – to draw power directly over the cabling system, in turn reducing overall consumption and eliminating the need for installing myriad power sockets around the building.

Axis Security awarded three-year contract to safeguard London’s 10 Finsbury Square Commercial real estate agent Cushman and Wakefield has awarded leading security services supplier Axis Security a three-year contract to protect 10 Finsbury Square, an impressive new office development in central London. Awarded to Axis following a competitive tender process involving three other security providers, the contract realises eight high-calibre security officers delivering security guarding, CCTV monitoring and loading bay services. Furthermore, the Security Industry Authority-licensed officers have extensive training in a range of disciplines, among them Project Griffin (the police service initiative designed to protect cities against the ongoing threat of terrorism). Phillip Potts, 10 Finsbury Square’s building manager, was specifically looking for a security company experienced in mobilising new office buildings. “Axis Security has proven to be extremely versatile in terms of communications, training and Health and Safety,” explained Potts. “In addition, the company’s staff benefits and bonus proposals emphasise the positive relationship created between employer and employee.”

www.risk-uk.com

TechnologyinFocus August2015_riskuk_aug15 06/08/2015 15:41 Page 1

Technology in Focus CEM Systems releases OSDP v2 compliant door controller to support HID Global’s iCLASS SE reader range

CEM Systems – part of the Security Products business unit of Tyco – has issued the Open Supervised Device Protocol (OSDP) v2 compliant eDCM 350. This is a two-door intelligent IP controller designed to interface with OSDP-compliant smart card readers and provide a secure, encrypted communication channel between those readers and door controllers. With added Secure Channel Protocol specification, the end user-focused solution provides bi-directional communications and advanced security features for connecting to OSDP-compliant card readers. With the CEM eDCM (Door Control Module) 350 intelligent internal database, cards can be validated even while offline, in turn ensuring the highest levels of system uptime and reliability. The eDCM 350 may be configured to support two OSDP-compliant readers on two separate doors with optional exit push buttons, or alternatively two OSDP-compliant readers on a single door for entry/exit control. www.cemsys.com

Samsung Techwin introduces value-engineered NVRs with built-in PoE+

Samsung Techwin has introduced a series of competitively-priced NVRs equipped with a built-in PoE+ switch. This news follows on from the launch of the WiseNet Lite security cameras. Collectively, the cameras and NVRs provide a wide range of options that will meet both the budget limitations and any functionality requirements stipulated by end users around forthcoming video surveillance projects. The 4, 8 and 16-channel NVRs offer the opportunity to significantly reduce installation costs by negating any requirement for separate power supplies and switches. Built-in Power-over-Ethernet (PoE+) functionality means that all three of the new NVR models can provide sufficient power for any ONVIF-compliant PoE+ camera (including speed domes and dome cameras with heaters). “Our new NVRs offer a safe method of supplying power to cameras and other devices over standard Ethernet data cables, with the added advantage that organisations can use PoE anywhere without having to take into account any variations in local power standards,” explained Tim Biddulph, head of product and marketing for Samsung Techwin Europe. The three NVRs offer 8 Megapixel camera support which means that they’re able to record extremely high quality images. Samsung Techwin’s new models are designated as follows: *SRN-473S: 4 camera channel NVR with 4 PoE+ ports, 32 Mbps network bandwith recording, one internal HDDs and e-SATA support *SRN-873S: 8 camera channel NVR with 8 PoE+ ports, 64 Mbps network bandwith recording, two internal HDDs and e-SATA support *SRN-1673S: 16 camera channel NVR with 16 PoE+ ports, 80 Mbps network bandwidth recording, four Internal HDDs and e-SATA support All three models support H.264 and MJPEG compression while at the same time offering the option to multi-stream video at different resolutions to smart phones and tablets as well as any PC on the network. www.samsungsecurity.co.uk

KAC extends solutions range for end users with development of M8 Triple Pole Call Point Specialist evacuation device developer the KAC Alarm Company has extended its security range with a new Triple Pole Call Point designed to provide greater functionality for the access control market. The M8 device is for use with internal security-controlled locking systems and adds to KAC’s double and single pole variants. The third pole provides additional flexibility to activate a local alarm or sounder or connect to a building’s security system. Activating a combined evacuation response from a single device supports today’s growing demand among senior managers and owners/developers for building system integration. www.kac.co.uk

TouchControl remote control terminal from Advanced really sets the standard

Advanced has launched TouchControl, a bespoke touchscreen fire system repeater and remote control terminal. TouchControl uses its ten-inch HD touchscreen to deliver all the panel and network control and monitoring features end users would expect in addition to dynamic graphics and zone plans called Active Maps. Multiple views allow end users to interrogate the status of zones in a site from different angles or scales while Advanced’s Map App software permits the addition of map images and association with a specific zone. www.advancedco.com

66 www.risk-uk.com

TechnologyinFocus August2015_riskuk_aug15 06/08/2015 15:41 Page 2

Technology in Focus

FireVu attains FM Approval certification from FM Global

FireVu has announced that its Visual Smoke and Flame Detection System has obtained FM Approval, an internationally-recognised testing standard. This latest achievement follows more than ten years of success for FireVu, an awardwinning solution which provides early fire detection for high-value assets and is used at more than 200 sites worldwide. FM Approval is issued by FM Global, a worldwide company which provides comprehensive global commercial and industrial property insurance. As a globally respected testing standard for certifying products that prevent property loss in industrial or commercial applications, FM Approval is stipulated by many international companies within their invitations to tender. FireVu’s attainment of this approval means that these applications will benefit from its diversity and sophistication. Also recognised in Europe, FM Approval ensures that products comply with its highest standards. FireVu’s proven video smoke detection technology detects, identifies and analyses smoke and flame at the beginning of a fire. www.firevu.com

360 Vision launches Predator Radar for wide area surveillance

CCTV design and manufacturing company 360 Vision Technology has launched a “revolutionary” Radar version of its Predator HD ruggedised PTZ camera. This is an integrated radar-controlled, auto tracking and following camera with the power to automatically detect and continually track targets. Designed for short-to-medium range applications where the detection of objects or individuals is of paramount importance – such as within fenced and unfenced site perimeters and sterile zones at prisons, borders, airports or military applications – Predator Radar is able to track up to 40 targets simultaneously to a range of 400 metres radius. Intelligent Time Share alarm handling also ensures that multi-object alarms may be handled according to priority. The Predator Radar scans 360 degrees twice every second to detect and track objects while alarms are overlaid on screen. The unit’s radar detection is unaffected by external conditions so detection and alarm functionality continues even in adverse weather like heavy rain, fog or snow. Predator Radar is available with 30x zoom lens in 1080P HD 0.013 lux scene illumination, HD Night Vision 720P 0.008 lux and HD Night Vision Ultra 1080P 0.008 lux variants. 128 Gb or 256 Gb of on-board storage space is available for end users. www.360visiontechnology.com

Commercial Series Motion Detectors from Bosch raise the bar for intrusion detection Models in Bosch Security Systems’ new Commercial Series Motion Detectors expand the company’s portfolio of wall-mount motion detectors which already includes the Professional Series designed for applications in medium-sized through to large-scale commercial environments. Commercial Series units detect intruders from wall-to-wall thanks to a broad coverage range of 15 x 15 metres. First Step Processing delivers an instant response to the first step of an intruder while dynamic temperature compensation ensures detection at virtually any temperature, providing optimal performance for end users. The Active Infrared Anti-Mask capability detects materials being placed in front of – or

sprayed on to – the detectors. In addition, stringent testing ensures catch performance exceeds the regulations of any single country to make certain of compliance with standards throughout the world. Further, when tested against common false alarm triggers under regulatory protocols, the Commercial Series models from Bosch are proven to reduce false alarms by more than 35% when compared with other detectors. Microwave Noise Adaptive Processing adjusts to background disturbances – such as a ceiling fan or hanging sign – such that the detectors can easily differentiate humans from false alarm sources. For its part, the sealed optical chamber prevents drafts and insects from affecting the detectors. Designed to eliminate service calls and reduce false alarms, the new integrated endof-line resistors simplify wiring requirements. www.boschsecurity.com

www.risk-uk.com

Project3_Layout 1 03/07/2015 13:19 Page 1

Gartner Security & Risk Management Summit 2015 14 â&#x20AC;&#x201C; 15 September | London, UK | gartner.com/eu/security

-ANAGEĂĽ2ISKĂĽANDĂĽ$ELIVERĂĽ3ECURITYĂĽ INĂĽAĂĽ$IGITALĂĽ7ORLDĂĽ

Five Programs sĂĽ #HIEFĂĽ)NFORMATIONĂĽ3ECURITYĂĽ/FlĂĽCERĂĽ #)3/ ĂĽ sĂĽ 2ISKĂĽ-ANAGEMENTĂĽANDĂĽ#OMPLIANCE sĂĽ 3ECURITYĂĽ-ANAGERĂĽ0ROGRAM ĂĽ4ECHNOLOGY ĂĽ4RENDSĂĽANDĂĽ/PERATIONS sĂĽ "USINESSĂĽ#ONTINUITYĂĽ-ANAGEMENT sĂĽ )NTERNETĂĽOFĂĽ4HINGSĂĽ3ECURITY

GARTNER PREDICTS:

By 2017, 30% of threat intelligence services will include vertical-market security intelligence information from the Internet of Things.

ÂĽĂĽ ĂĽ'ARTNER ĂĽ)NC ĂĽAND ORĂĽITSĂĽAFlĂĽLIATES ĂĽ!LLĂĽRIGHTSĂĽRESERVED ĂĽ'ARTNERĂĽISĂĽAĂĽREGISTEREDĂĽTRADEMARKĂĽOFĂĽ 'ARTNER ĂĽ)NC ĂĽORĂĽITSĂĽAFlĂĽLIATES ĂĽ&ORĂĽMOREĂĽINFORMATION ĂĽEMAILĂĽINFO GARTNER COMĂĽORĂĽVISITĂĽGARTNER COM ĂĽ

Appointments August2015_riskuk_jul15 06/08/2015 13:42 Page 1

Appointments

Dr Stephen Page

The British Standards Institution (BSI) has announced the appointment of Dr Stephen Page as a non-executive director of the organisation with effect from Tuesday 1 September 2015. Having spent three decades working on digital innovations, Page has amassed a wealth of expertise in the fields of IT transformation and corporate risk encompassing cyber security and counterterrorism solutions. While at Accenture, he held a variety of European and global leadership roles including managing director with responsibility for strategic IT effectiveness. For the last ten years, Page has been involved with a portfolio of Board and senior advisory roles. He’s currently a non-executive director of the National Crime Agency and the British Library while at the same time advising a number of companies facing the risks and opportunities presented by The Digital Age. Sir David Brown – the chairman of BSI – commented: “I’m delighted that Stephen will be joining the Board of the BSI. He’s a leading expert in managing innovation, value and risk in The Digital Age. His knowledge of the capabilities around digital technology combined with his senior Board-level experience will be of immense value to the BSI.” Speaking about his new role with the BSI, Dr Page explained: “Standards are vital for the British economy, as is shown by the recent report from the Centre for Economics and Business Research. They enable efficient manufacturing and good business practices. Importantly, the BSI also assists organisations the world over in making ‘Excellence’ a habit.”

Tony Walsh Power management company Eaton has announced the appointment of Tony Walsh as the new business leader for its security products operation. Walsh joined Eaton four years ago as vice-president of engineering within the company’s Life Safety Division. In the business leader role, Walsh is tasked with overseeing new product development activities for the division’s portfolio of fire detection systems, emergency lighting products, intruder alarm solutions and dedicated mass notification systems. Specialising in technology management and product development, Walsh’s career to date has seen him successfully build, realign and

Appointments Risk UK keeps you up-to-date with all the latest people moves in the security, fire, IT and Government sectors Magnus Ahlqvist

Magnus Ahlqvist has been appointed divisional president of Security Services Europe at Securitas and is also set to become a member of the Securitas Group’s senior management team. The 41 year-old professional is scheduled to begin his new role with the company on Tuesday 1 September. Ahlqvist is making the move to the security world from Motorola Mobility, the American mobile device subsidiary of the Chinese multinational computer technology company Lenovo. Motorola Mobility once sat under the Google umbrella before being acquired by Lenovo and is famed for manufacturing smart phones using the Android operating system. Since August 2013, Ahlqvist has served as corporate vice-president and general manager at Motorola with direct responsibility for the EMEA and Asia Pacific regions. Prior to this, he spent 12 years with the Sony Ericsson business, taking in numerous roles along the way. Between October 2001 and September 2003, Ahlqvist was senior manager for Sony Ericsson looking after business control and planning. He then took on the role of director for the commercial finance and supply chain in the Global Customer Team focused on Vodafone. During 2006 and 2007, Ahlqvist studied with the Harvard Business School where he focused on Leadership Development. Upon joining Securitas, Ahlqvist will be based at Securitas’ UK office in central London. optimise the technical functions within a wide variety of different-sized organisations that has assisted all of them in enhancing their commercial potential. Prior to joining Eaton, Walsh held director-level positions at Siemens, Invensys Rail and Marconi. He boasts a BSc in Electrical and Electronic Engineering gained by studying at Bristol University, an MSc from Liverpool University and a Master of Business Administration courtesy of the Warwick Business School. With an eye towards the future, Walsh is determined to expand upon the success of Eaton’s widely-respected Scantronic and Menvier security products, the latter of which is spending 2015 celebrating 40 years of protecting people and properties alike.

www.risk-uk.com

Appointments August2015_riskuk_jul15 06/08/2015 13:42 Page 2

Appointments

Daniel Earwicker

Charles Penning

Charles Penning takes on the role of technical specialist at IDIS Europe to support the company’s growing number of customers and partners. A specific focus for this experienced professional will be on the flagship DirectIP plug-and-play, Full HD surveillance offering. Based out of IDIS’ European headquarters in London, Penning will strengthen the UK technical team to provide technical knowledge and training across the UK and Ireland, in turn underpinning an already robust training programme hosted at the IDIS Demonstration and Training Centre in Brentford. Penning will also work closely with the Research and Development operation to drive product enhancements. Commenting on his appointment, Penning stated: “It’s an exciting time to join IDIS. There has been a period of huge growth with the establishment of IDIS in the Middle East and the Americas. Launched at IFSEC International in June, our Total Surveillance Solution enables us to meet the security surveillance requirements for a wide range of customers.” Penning brings with him over ten years’ security sector experience. Most recently, he spent four successful years in technical roles with Samsung Techwin following tenures at Bosch and Forward Vision CCTV.

Steve Poton

Farsight Security Services is investing in future growth thanks to the recent appointment of Steve Poton as business development manager. Bringing ten years’ experience in the security sector to one of the UK’s leading providers of remote monitoring services, Poton told Risk UK: “My career has spanned several installation engineer roles across both the public and private sectors. 15 months ago I ‘retired from the tools’ and moved to commercial sales at ADT. In making the move to Farsight, I’m looking forward to a relationship-building approach with the innovative outlook displayed by the company making it a really exciting environment in which to work.” Rob Moore, managing director at Farsight, added: “We’re delighted to have Steve on board. His expert knowledge of the industry and its products is going to prove invaluable for security installers and end users. Additionally, Steve’s forward-thinking approach and knowledge of our services will help maintain Farsight’s position at the cutting edge of the security business sector as we continue to expand our portfolio and client base.” Farsight Security Services is an Alarm Receiving Centre business dedicated to eventdriven remote video, fire and intruder alarm systems management. Established in 1996, the company grew to become the largest monitoring station in Europe and a pioneer in remote security solutions provision.

www.risk-uk.com

CNL Software – the specialist in developing Physical Security Information Management (PSIM)-centred solutions for end users – has announced the appointment of Daniel Earwicker as chief software architect. Earwicker will be responsible for identifying the architectural direction of CNL’s IPSecurityCenter PSIM solution as well as the day-to-day management and support of the company’s dedicated development team. A full-stack developer with more than 20 years’ commercial experience under his belt, Earwicker is an accomplished architect and builder of complete software products across Windows and UNIX, native C/C++, Java, .NET, databases and the modern Web platform. A common theme during his career to date has been Earwicker’s innate ability to adapt to new technologies as they emerge and fully exploit them to enhance product capabilities, whether by retrofitting into existing products or by developing completely new solutions.

Will Murray and Ben Hawkins

The Send For Help Group – Europe’s largest lone worker protection provider – has been granted two Committee Memberships of the BSIA’s Lone Worker Section, representing one for each of its subsidiary companies. Marketing director Will Murray (pictured above) has been re-elected as representative for Guardian24 while Ben Hawkins, who leads the company’s Incident Management Centre, has been newly appointed to represent Skyguard. The Committee’s role is to set the Section’s strategy and vote on key decisions on behalf of the wider Section membership. Committee Members can also play an important role in the development and revision of industry standards as part of British Standards Institution (BSI) review panels. This is the case with the Send for Help Group’s two Committee Members who sit on the BSI panel which is currently redrafting BS 8484 for Lone Worker Device Services. This is due for publication in 2016.

july15 dir_000_RiskUK_jan14 06/07/2015 12:07 Page 1

Best Value Security Products from Insight Security www.insight-security.com Tel: +44 (0)1273 475500 ...and lots more Computer Security

Anti-Climb Paints & Barriers

Metal Detectors (inc. Walkthru)

Security, Search & Safety Mirrors

ACCESS CONTROL

Security Screws & Padlocks, Hasps Fastenings & Security Chains

Key Safes & Key Control Products

Traffic Flow & Management

see our website

ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERS

FRONTIER PITTS Crompton House, Crompton Way, Manor Royal Industrial Estate, Crawley, West Sussex RH10 9QZ Tel: 01293 548301 Fax: 01293 560650 Email: sales@frontierpitts.com Web: www.frontierpitts.com

ACCESS CONTROL

ACT ACT – Ireland, Unit C1, South City Business Centre Tallaght, Dublin 24 Tel: +353 (0)1 4662570 ACT - United Kingdom, 2C Beehive Mill Jersey Street, Manchester M4 6JG +44 (0)161 236 3820 sales@act.eu www.act.eu

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES

UKB INTERNATIONAL LTD ACCESS CONTROL

APT SECURITY SYSTEMS The Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NY Tel: 020 8421 2411 Email: info@aptcontrols.co.uk www.aptcontrols-group.co.uk

Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com

B a r r i e r s , B l o c k e r s , B o l l a r d s , PA S 6 8

ACCESS CONTROL, CCTV & INTRUSION DETECTION SPECIALISTS

SIEMENS SECURITY PRODUCTS ACCESS CONTROL

KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk

Suite 7, Castlegate Business Park Caldicot, South Wales NP26 5AD UK Main: +44 (0) 1291 437920 Fax: +44 (0) 1291 437943 email: securityproducts.sbt.uk@siemens.com web: www.siemens.co.uk/securityproducts

ACCESS CONTROL & DOOR HARDWARE

ALPRO ARCHITECTURAL HARDWARE

ACCESS CONTROL

COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68

Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com

Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk

ACCESS CONTROL – SPEED GATES, BI-FOLD GATES ACCESS CONTROL MANUFACTURER

NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com

HTC PARKING AND SECURITY LIMITED 4th Floor, 33 Cavendish Square, London, W1G 0PW T: 0845 8622 080 M: 07969 650 394 F: 0845 8622 090 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk

ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERS

ACCESS CONTROL

HEALD LTD

INTEGRATED DESIGN LIMITED

HVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface Mount Solutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards, Security Barriers, Traffic Flow Management, Access Control Systems

Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com

Tel: 01964 535858 Email: sales@heald.uk.com Web: www.heald.uk.com

www.insight-security.com Tel: +44 (0)1273 475500

july15 dir_000_RiskUK_jan14 06/07/2015 12:07 Page 2

CCTV

ACCESS CONTROL

SECURE ACCESS TECHNOLOGY LIMITED Authorised Dealer Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS

ALTRON COMMUNICATIONS EQUIPMENT LTD Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: cctvsales@altron.co.uk Web: www.altron.co.uk

AUTOMATIC VEHICLE IDENTIFICATION

NEDAP AVI PO Box 103, 7140 AC Groenlo, The Netherlands Tel: +31 544 471 666 Fax: +31 544 464 255 E-mail: info-avi@nedap.com www.nedapavi.com

CCTV

G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk

ACCESS CONTROL â&#x20AC;&#x201C; BARRIERS, GATES, CCTV

CCTV/IP SOLUTIONS

ABSOLUTE ACCESS

DALLMEIER UK LTD

Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV

BUSINESS CONTINUITY

3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com

CCTV & IP SECURITY SOLUTIONS

PANASONIC SYSTEM NETWORKS EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: system.solutions@eu.panasonic.com Web: www.panasonic.co.uk/cctv

BUSINESS CONTINUITY MANAGEMENT

CONTINUITY FORUM Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org

COMMUNICATIONS & TRANSMISSION EQUIPMENT

KBC NETWORKS LTD. Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com

PHYSICAL IT SECURITY

RITTAL LTD

DIGITAL IP CCTV

Tel: 020 8344 4716 Email: information@rittal.co.uk www.rittal.co.uk

SESYS LTD High resolution ATEX certified cameras, rapid deployment cameras and fixed IP CCTV surveillance solutions available with wired or wireless communications.

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk

INFRA-RED, WHITE-LIGHT AND NETWORK CCTV LIGHTING

RAYTEC

TO ADVERTISE HERE CONTACT: Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk

Unit 3 Wansbeck Business Park, Rotary Parkway, Ashington, Northumberland. NE638QW Tel: 01670 520 055 Email: sales@rayteccctv.com Web: www.rayteccctv.com

CCTV SPECIALISTS

PLETTAC SECURITY LTD Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 01788 567811 Fax: 01788 544 549 Email: jackie@plettac.co.uk www.plettac.co.uk

www.insight-security.com Tel: +44 (0)1273 475500

july15 dir_000_RiskUK_jan14 06/07/2015 12:07 Page 3

TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR

COP SECURITY Leading European Supplier of CCTV equipment all backed up by an industry leading service and support package called Advantage Plus. COP Security, a division of Weststone Ltd, has been designing, manufacturing and distributing CCTV products for over 17 years. COP Security is the sole UK distributor for IRLAB products and the highly successful Inspire DVR range. More than just a distributor.

TO ADVERTISE HERE CONTACT: Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk

COP Security, Delph New Road, Dobcross, OL3 5BG Tel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 201 sales@cop-eu.com www.cop-eu.com

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.

MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ

Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com

CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOS FRAUD DETECTION

AMERICAN VIDEO EQUIPMENT Endeavour House, Coopers End Road, Stansted, Essex CM24 1SJ Tel : +44 (0)845 600 9323 Fax : +44 (0)845 600 9363 E-mail: avesales@ave-uk.com

CONTROL ROOM & MONITORING SERVICES

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS

NORBAIN SD LTD ADVANCED MONITORING SERVICES

EUROTECH MONITORING SERVICES LTD.

Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.net Web: www.eurotechmonitoring.net

DISTRIBUTORS

210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com

EMPLOYMENT

FIRE AND SECURITY INDUSTRY RECRUITMENT

SECURITY VACANCIES www.securityvacancies.com Telephone: 01420 525260

EMPLOYEE SCREENING SERVICES

THE SECURITY WATCHDOG Cross and Pillory House, Cross and Pillory Lane, Alton, Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.uk Telephone: 01420593830

sales@onlinesecurityproducts.co.uk www.onlinesecurityproducts.co.uk

IDENTIFICATION

ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PRODUCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.

ADI GLOBAL DISTRIBUTION Chatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RN Tel: 0161 767 2900 Fax: 0161 767 2909 Email: info@adiglobal.com

www.insight-security.com Tel: +44 (0)1273 475500

july15 dir_000_RiskUK_jan14 06/07/2015 12:07 Page 4

COMPLETE SOLUTIONS FOR IDENTIFICATION

PERIMETER PROTECTION

DATABAC GROUP LIMITED

GPS PERIMETER SYSTEMS LTD

1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com

14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk

INDUSTRY ORGANISATIONS

PHYSICAL CONTROL PRODUCTS, ESP. ANTI-CLIMB

INSIGHT SECURITY TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY

BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk

Unit 2, Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com

POWER THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY

SSAIB

POWER SUPPLIES – DC SWITCH MODE AND AC

7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org

DYCON LTD Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471 060 Fax: 01443 479 374 Email: marketing@dyconsecurity.com www.dyconsecurity.com The Power to Control; the Power to Communicate

INTEGRATED SECURITY SOLUTIONS STANDBY POWER SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

UPS SYSTEMS PLC

HONEYWELL SECURITY GROUP

Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk

Honeywell Security Group provides innovative intrusion detection, video surveillance and access control products and solutions that monitor and protect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology with traditional analogue components enabling users to better control operational costs and maximise existing investments in security and surveillance equipment. Honeywell – your partner of choice in security. Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com Web: www.honeywell.com/security/uk

UPS - UNINTERRUPTIBLE POWER SUPPLIES

ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk

INTEGRATED SECURITY SOLUTIONS

INNER RANGE EUROPE LTD Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com

UPS - UNINTERRUPTIBLE POWER SUPPLIES

UNINTERRUPTIBLE POWER SUPPLIES LTD Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk

SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

TYCO SECURITY PRODUCTS Heathrow Boulevard 3, 282 Bath Road, Sipson, West Drayton. UB7 0DQ / UK Tel: +44 (0)20 8750 5660 www.tycosecurityproducts.com

TO ADVERTISE HERE CONTACT: PERIMETER PROTECTION ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS

Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk

GJD MANUFACTURING LTD Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk

www.insight-security.com Tel: +44 (0)1273 475500

july15 dir_000_RiskUK_jan14 06/07/2015 12:07 Page 5

SECURITY

INTRUDER ALARMS – DUAL SIGNALLING

WEBWAYONE LTD CASH & VALUABLES IN TRANSIT

CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk

11 Kingfisher Court, Hambridge Road, Newbury Berkshire, RG14 5SJ Tel: 01635 231500 Email: sales@webwayone.co.uk www.webwayone.co.uk www.twitter.com/webwayoneltd www.linkedin.com/company/webwayone

LIFE SAFETY EQUIPMENT

C-TEC QUALITY SECURITY AND SUPPORT SERVICES

CONSTANT SECURITY SERVICES Cliff Street, Rotherham, South Yorkshire S64 9HU Tel: 0845 330 4400 Email: contact@constant-services.com www.constant-services.com

Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: http://www.c-tec.co.uk

PERIMETER SECURITY

TAKEX EUROPE LTD FENCING SPECIALISTS

J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk

Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takex.com Web: www.takex.com

SECURITY EQUIPMENT INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com

PYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMS INTRUDER AND FIRE PRODUCTS

CQR SECURITY 125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk

BOSCH SECURITY SYSTEMS LTD PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 01895 878088 Fax: 01895 878089 E-mail: uk.securitysystems@bosch.com Web: www.boschsecurity.co.uk

SECURITY EQUIPMENT INTRUDER ALARMS – DUAL SIGNALLING

CSL DUALCOM LTD Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 F: +44 (0)1895 474 440 www.csldual.com

CASTLE Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042 www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity

www.twitter.com/castlesecurity

INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS

SECURITY SYSTEMS

RISCO GROUP

VICON INDUSTRIES LTD.

Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk

Brunel Way, Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com

ONLINE SECURITY SUPERMARKET

EBUYELECTRICAL.COM Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com

TO ADVERTISE HERE CONTACT: Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk

www.insight-security.com Tel: +44 (0)1273 475500

Project1_Layout 1 04/08/2015 15:14 Page 1

3-day conference | 75 speakers Hear from an incredible line-up of speakers including: Pierre Antonio, Natural Security Alliance, France Giovanni Buttarelli, European Data Protection Supervisor, Belgium Samsung Electronics, UK Matt Smallman, Lloyds Banking Group, UK Starbug, Chaos Computer Club, Germany Jonathan Vaux, Visa Europe, UK

Conference topics include: ID management in the digital world Mobile biometric authentication Fraud prevention in payments Data protection and privacy Law enforcement and forensics New biometric technology and applications

FREE EXHIBITION

“Professionally very relevant and topical; really good speakers who know their subject” Biometrics 2014 delegate

biometrics Live View the technologies and meet with the suppliers and integrators of biometric solutions for identity management, authentication and security 14-15 OCTOBER 2015 FREE VISITOR REGISTRATION NOW OPEN

ORGANISED BY:

IN PARTNERSHIP WITH: