FrontCover December2014_001 09/12/2014 11:55 Page 1
December 2014
Security and Fire Management
Making The Right Move ‘A Manifesto for Professional Security’ Rewriting The Script: Software Piracy Risk Removal Security Risk Assessments, Surveys and Audits Training and Career Development: Corporate Transitions Business Sector Focus: Security Guarding Solutions
Project1_Layout 1 05/02/2014 17:39 Page 1
Have you tried Integriti yet?
Sophistication is not about size The Integriti Security Management System is an IP connected access control and intruder security system that offers sophisticated centralised management for both small systems on a single site, or large systems distributed across the country or across the globe.
With a growing list of new installations take a moment to think of what you’re missing! The Integriti system offers an advanced suite of software, hardware and integrated solutions to deliver complete management of your entire integrated system.
Inner Range Europe Limited Units 10-11 Theale Lakes Business Park Moulden Way, Sulhampstead Reading, Berkshire RG74GB UNITED KINGDOM
integriti@innerrange.co.uk
a4 integriti 0ne page UK.indd 1
+44 (0) 845 470 5000 www.innerrange.com 4/12/2013 8:40 am
Contents December2014_riskuk_Dec12 09/12/2014 12:21 Page 3
December 2014
Contents 33 Security Guarding Solutions
Protecting Britain’s Lone Workers (pp16-17)
Security Guarding is the theme of this month’s Risk UK Business Sector Focus. Jason Towse talks about sectorisation (p35). Peter Webster concentrates on business licensing (p36). Technology is Andrew Melvin’s subject (p38). David Ward tackles added value (p40), Carl Palmer evaluates risk management (p41) and Brian Sims reports on the SIA’s latest consultation paper (p43)
44 On Parade 5 Editorial Comment 6 News Update
Managing security for a special event at an iconic venue in London demands much planning, as Brian Sims discovers
Global Retail Theft Barometer. Reference checking failures. BSI survey of IT decision-makers. Crackdown on serious criminals
45 Bridging The Gap
8 News Analysis: Counter-Terrorism Bill
46 The Security Institute’s View
Home Secretary Theresa May has brought before Parliament the “urgently needed” Counter-Terrorism and Security Bill
48 In the Spotlight: ASIS International UK Chapter
11 News Special: HMIC Report on Crime Recording
51 FIA Technical Briefing
Brian Sims appraises the contents of ‘Crime Recording: Making the Victim Count’, the latest report to be issued by HMIC
54 Security Services: Best Practice Casebook
12 Opinion: ‘A Manifesto for Professional Security’
56 Security’s second chance
Chairman Emma Shaw outlines The Security Institute’s vision for making professional security more effective in times ahead
16 BSIA Briefing James Kelly explores what end users should be looking for when procuring the services of lone worker security solutions providers
19 Best laid plans Fire detection and alarm system manufacturers are crucial in terms of effective safety planning. Paul Pope has the detail
23 Surveillance: The Commercial Imperative Businesses are still not using CCTV to its greatest effect. Jeremy Simpson considers how the latest HD solutions can offer the greatest degree of protection for both people and property
26 Security Risk Assessments, Surveys and Audits Charlie Swanson defines security risk assessments, surveys and audits and how they differ in nature and scope
28 Rewriting The Script Copyright infringement (or ‘piracy’) of software is an everincreasing problem for the UK’s software community. Jamie Longmuir assesses a form of criminality that’s hard to trace
30 Remote control Nicholas Banks focuses on the key areas to be addressed by IT and Security Departments when it comes to remote working
Ian Moore on Power Supply Units for security and fire systems
Terry Greer-King examines a security model that combines big data architecture with a continuous approach to provide protection and visibility along the full cyber attack continuum
58 Training and Career Development Jeff Little talks transition training for Armed Forces personnel
60 Risk in Action 62 Technology in Focus 65 Appointments The latest people moves in the security and fire business sectors
67 The Risk UK Directory ISSN 1740-3480 Risk UK is published monthly by Pro-Activ Publications Ltd and specifically aimed at security and risk management, loss prevention, business continuity and fire safety professionals operating within the UK’s largest commercial organisations © Pro-Activ Publications Ltd 2014 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means electronic or mechanical (including photocopying, recording or any information storage and retrieval system) without the prior written permission of the publisher The views expressed in Risk UK are not necessarily those of the publisher Risk UK is currently available for an annual subscription rate of £78.00 (UK only)
Editor Brian Sims BA (Hons) Hon FSyI Tel: 0208 295 8304 Mob: 07500 606013 e-mail: brian.sims@risk-uk.com Design and Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 429 2015 e-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 01322 292295 e-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 01322 292295 e-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton
Risk UK PO Box 332 Dartford DA1 9FF
Chairman Larry O’Leary
Editorial: 0208 295 8304 Advertising: 0208 295 8307
3 www.risk-uk.com
EditorialComment December2014_riskuk_jul14 09/12/2014 11:49 Page 4
Audible & Visual Signalling
Klaxon Signals are specialists in the design and manufacture of world-class signalling equipment. Through innovation and technical expertise, Klaxon Signals produce state-of-the-art audible and visual signaling equipment, protecting and informing millions of people around the world. Klaxon Signal’s audible and visual signalling equipment are primarily used in Fire Evacuation, Industrial 6LJQDOOLQJ DQG 0DVV 1RWLÀFDWLRQ DSSOLFDWLRQV
Tel: +44 (0)1706 233879 www.klaxonsignals.com
EditorialComment December2014_riskuk_jul14 09/12/2014 11:49 Page 5
Editorial Comment
Fire Evacuation
RIPA in the dock he Regulation of Investigatory Powers Act (RIPA) 2000 – the legislation governing communications data – “needs a complete overhaul”. That’s the somewhat damning conclusion of the latest Home Affairs Select Committee report. Chaired by Keith Vaz MP, the Committee acknowledges the operational need for secrecy both during and after investigations such that investigative techniques in the broader sense are not disclosed. However, there “has to be proper oversight and scrutiny” and the Committee recommends the Home Office uses its current review of the RIPA Code to “ensure that law enforcement agencies discharge their RIPA powers properly”. The Rt Hon Sir Paul Kennedy – the Interception of Communications Commissioner – launched an inquiry back in October to determine whether the acquisition of communications data had been used to identify journalistic sources. Sir Paul wrote to all chief constables and directed them, under Section 58(1) of RIPA, to provide him with details of every investigation that had employed powers under Chapter 2 of RIPA (Part One) to acquire such data. The Communications Data Code of Practice was drafted eight years ago and contains no advice on dealing with professions that handle privileged information nor any guidelines on the use of confidential Helplines. “RIPA is not fit for purpose,” suggests Keith Vaz. “We [the Home Affairs Select Committee] were astonished that law enforcement agencies have failed to routinely record the professions of individuals who’ve had their communications data accessed under the legislation. Using RIPA to access the telephone records of journalists is wrong. This practice must cease. It deters whistle-blowers from coming forward.” As far as Vaz and his Committee colleagues are concerned, the recording of information under RIPA is “lamentably poor” with the whole process appearing “secretive and disorganised” and bereft of studious monitoring in terms of what data is being destroyed and what’s actually being retained. When a senior Parliamentary Committee states that the current RIPA legislation is not fit for purpose it’s an observation that simply cannot be ignored. The law is seemingly out of date, oversight appears to be weak and the recording of ways in which the powers enshrined in RIPA are used is – as Big Brother Watch director Emma Carr asserts – “patchy” at best. Indeed, Carr continues: “The conclusion of the Committee that the level of secrecy surrounding the use of these powers is permitting investigations deemed ‘unacceptable in a democracy’ should make the defenders of those same powers sit up and take notice. At present, the inadequacy and inconsistency of the records being kept by public authorities regarding the use of these powers is woefully inadequate.” Similarly, Isabella Sankey – director of policy at Liberty – believes that we need urgent safeguards in place to prevent valuable data from being accessed without judicial warrant. Alongside RIPA, one wonders if the new Counter-Terrorism and Security Bill (News Analysis, pp8-9) will be seen as a ‘Snoopers’ Charter’? Let’s hope not. It’s legislation that’s much needed.
T
ZZZ NOD[RQVLJQDOV FRP ÀUH
Industrial Signalling
www.klaxonsignals.com/industrial&WAS
0DVV 1RWLÀFDWLRQ
ZZZ NOD[RQVLJQDOV FRP PDVVQRWLÀFDWLRQ
Brian Sims BA (Hons) Hon FSyI Editor
Visit the Klaxon website: www.klaxonsignals.com
December 2012
5
www.risk-uk.com
NewsUpdate December2014_riskuk_dec14 09/12/2014 13:20 Page 6
Retailers lose £2.7 billion to shoplifting, employee theft, internal fraud and administrative errors in last 12 months According to the latest Global Retail Theft Barometer, shrink – comprised of shoplifting, employee theft, vendor or supplier fraud and administrative errors – has cost the retail industry more than £81 billion worldwide in 2013 and £2.7 billion in the UK. This represents 0.97% of all UK retailer sales on average. Underwritten by an independent grant from Checkpoint Systems, the research was carried out in 2014 by The Smart Cube and Ernie Deyle, a retail loss prevention analyst. The results are based on phone and written survey interviews conducted in 24 countries among 222 retailers responsible for £475 billion in sales. The average cost of retail crime per person (based on dishonest employees, shoplifters, fraudulent suppliers and the cost of loss prevention) across the 24 countries surveyed range from £46 to £338. The annual cost of retail crime to UK shoppers, as passed on from retailers, averages £80.00 per person. Shrink appears to be down slightly in most countries. The lowest shrink rates were recorded in Norway (.83% of retail sales) followed by Japan and the UK (.97%). The US came in at 1.48% of retail sales, a fall from 1.50% last year. The highest rates were recorded in Mexico (1.70%) and China (1.53%). Russell Holland, vice-president of sales for the UK and EMEA distributors at Checkpoint
Systems, commented: “Over the last year, retailers in the UK have made substantial investments in the fight against retail crime. Many reported that improved security methods have helped them to keep losses under control. We’re also seeing retailers invest in their employees’ education and understanding around loss prevention. There’s no doubt this marks an encouraging step forward in the fight against retail crime on home shores.” While shoplifting remains the biggest cause of all retail shrink in 16 of those countries surveyed, here in the UK both administrative and non-crime losses ranked first (at 36.5%) with shoplifting next on the list (25.3%). The most-stolen items across Europe are those products that are easy to conceal and harbour a good resale value, among them fashion accessories, wines and spirits. Other frequently stolen items include power tools, mobile accessories and make-up products. Survey respondents state that source tagging – the application of EAS or RFID labels on goods prior to their arrival at retail stores – has increased around the globe. 80% of UK retailers are source-tagging up to 10% of products. A further 20% are now sourcetagging over 20% of all merchandise. Access the Global Retail Theft Barometer at: http://www.GlobalRetailTheftBarometer.com
UK companies failing to check employee references ahead of start dates
Steve Girdler: Managing Director (EMEA) at HireRight
6 www.risk-uk.com
Research carried out by HireRight – the global due diligence organisation – suggests that most UK companies are failing to check references before new employees start in their roles and are struggling to respond to other companies’ reference requests. The Point of Reference research suggests that two-thirds (66%) of new employees begin work before their reference checks are complete. Two-in-five (39%) of Human Resources (HR) function leaders believe this is normal practice within their industry. However, such pre-checks are absolutely vital. The HireRight study reveals that more than half (58%) of successful applications contain errors*. In tandem, one third (36%) of HR leaders admit they need a clearer way of identifying those job candidates with malicious intent on their minds. Steve Girdler, managing director (EMEA) at HireRight, explained: “References reveal important details about an individual’s history and help employers ensure they can trust the people they allow to work with their customers, clients and colleagues. By failing to carry out due diligence before people start work, companies risk hiring individuals unable to fulfil the duties of their respective roles and who may commit fraud or theft or even damage customer relationships.” Girdler added: “A great deal of damage can be done between the moment an employee starts at a new company and when referencing requests are completed.” HireRight’s Point of Reference research results are based on the perspectives of senior HR leaders in some of the UK’s biggest companies. The findings also highlight that reference checking is seen as an ‘administrative burden’ for many HR Departments at a time when they’re already struggling to find enough hours in the day for important strategic work. *The inaccuracies figure quoted is based on the analysis of data from candidate due diligence programmes, with this quarter’s findings focused on 121,000 checks of almost 34,000 applications submitted between July and September 2014
NewsUpdate December2014_riskuk_dec14 09/12/2014 13:21 Page 7
News Update
BSI: ‘Businesses at risk of “sleepwalking” into reputational time bomb’ UK businesses are at risk of “sleepwalking” into a reputational time bomb due to a lack of awareness on how to protect their data assets. As cyber hackers become more complex and sophisticated in their methods, organisations are being urged to strengthen their security systems to protect both themselves and consumers. The BSI’s survey of IT decision-makers* finds that cyber security is a growing concern, with over half (56%) of UK businesses being more worried about this issue than was reported to be the case 12 months ago. Seven-in-10 (70%) attribute this to hackers becoming more skilled and better at targeting businesses. However, while the majority (98%) of organisations have taken steps to minimise risks to their information security, only 12% are extremely confident about the security measures they have in place to defend against these attacks. Worryingly, IT directors appear to have accepted the risks posed to their information security, with nine-in-10 (91%) admitting their organisation has been the victim of a cyber attack at some point. Around half have experienced an attempted hack and/or suffered from malware (49% in both instances). Despite confidence in the security measures they have in place, three-in-five (60%) of those organisations surveyed have not provided staff with information security training. More than one third (37%) haven’t installed anti-virus software and only just under half (49%) monitor their users’ access to applications, computers and software. Conversely, organisations that have implemented ISO 27001 – the international Information Security Management System Standard – are more conscious about potential cyber attacks than those who haven’t (56% versus 12%). 52% of organisations with ISO 27001 implemented are extremely confident about their level of resilience against the latest methods of cyber hacking. There appears to be a level of acceptance that nothing online will ever be wholly safe, leading to a false sense of security that: ‘This will not happen to me’ among those who have not suffered from a cyber attack/crime. Speaking about the research, Maureen Sumner Smith – UK managing director at BSI – explained: “Best Practice security frameworks, such as ISO 27001, and easily recognisable consumer icons like the BSI Kitemark for Secure Digital Transactions can help organisations benefit from increased sales, fewer security breaches and protected reputations. Our research shows that the onus is very much on businesses to wake up and take responsibility if they want to continue to be profitable and protect their brand reputations.” *Vanson Bourne conducted interviews with 200 IT decision-makers in UK businesses employing between 250 and 1,000 members of staff. Interviews were carried out in October 2014
Government minister urges crackdown on ‘free movement of serious criminals’ Karen Bradley – the Government Minister for Modern Slavery and Organised Crime – has urged that more information on serious criminals must be shared across Europe in order to protect members of the public. Bradley has also called for action to stop those responsible for crimes including murder from being able to cross national borders to escape justice or prey on new victims. Speaking to delegates at a conference in The Hague, the UK MP explained: “We must all face up to the fact that, while free movement is seen by many in Europe as having only positive impacts, there are some very clear negatives – not least of which is the ability for criminals to exploit this freedom of movement and further their own illegal activities across national borders.”
Maureen Sumner Smith: UK Managing Director at BSI
Bradley continued: “If we’re to tackle this problem then the free movement of information needed to combat criminality must work as effectively – and, ideally, more effectively – than that of criminals.” The minister told the final meeting of the UK-led Serious Offending by Mobile European Criminals (SOMEC) Project that great improvements had already been made on the sharing of information but more must be done. Bradley stressed the importance of the UK remaining part of a number of crime and policing measures that Parliament will vote on and which have enhanced our ability to find out about foreign offenders moving to the UK. “Public protection must not be lost in a wider debate about the UK’s place in Europe,” stated Bradley. “More must be done to prevent offenders from exploiting free movement rights to slip unnoticed into another nation where they can then target unsuspecting victims.”
7 www.risk-uk.com
NewsAnalysis December2014_riskuk_dec14 09/12/2014 12:07 Page 8
Home Secretary Theresa May introduces “urgently needed” Counter-Terrorism and Security Bill Home Secretary Theresa May has brought to Parliament what has been described as “urgently needed” legislation which will afford the UK some of the toughest powers in the world specifically designed to tackle the increasing threat posed by international terrorism. Brian Sims evaluates the detail ccording to the Home Office, the all-new Counter-Terrorism and Security Bill will bolster the UK’s already considerable armoury of powers to disrupt the ability of people to travel abroad and fight, reduce the risks they pose on their return to home shores and combat the underlying ideology that feeds, supports and sanctions terrorism. The collapse of Syria, the emergence of ISIL and ongoing instability in Iraq present significant dangers not just in the Middle East but also to Britain and across the West. Many of the estimated 500 British citizens who’ve travelled to Syria and Iraq have joined terrorist organisations alongside foreign fighters from Europe and further afield. The Bill – which is to be enacted “at the earliest opportunity” – will disrupt those intending to travel by: • Providing the police with a temporary power to seize a passport at the border from individuals of concern • Creating a Temporary Exclusion Order that will control the return to the UK of a British citizen suspected of involvement in terrorist activity abroad • Enhancing the UK’s border security as a result of toughening transport security
A
Home Secretary Theresa May: determined to disrupt the activities of would-be terrorists
*The UK Government’s Counter-Terrorism and Security Bill is the seventh major counter-terrorism law introduced in Britain since 9/11
arrangements around passenger data, ‘No fly’ lists and screening measures • Enhancing the UK’s existing terrorism prevention measures To deal with those returning to – or already in – the UK, the Government is: • Enhancing existing terrorism prevention and investigation measures, including the introduction of stronger locational constraints and a power requiring individuals to attend meetings with the authorities as part of their ongoing management To support those at risk of succumbing to radicalisation, the Government is: • Creating a general duty on a range of bodies to prevent people from being drawn into acts of terrorism • Putting Channel – the voluntary programme designed for people at risk of radicalisation – on a statutory basis To help disrupt the wider activities of terrorist organisations, the Bill is: • Enhancing vital investigative powers by requiring communications service providers to retain additional information in order to attribute an Internet Protocol address to a specific individual • Amending existing law to ensure that UKbased insurance firms cannot reimburse the payment of terrorist ransoms Use of these powers – which are consistent with all of the UK’s existing international legal obligations – will be subject to stringent safeguards. These include appropriate legal thresholds, judicial oversight of certain measures and a power to create a Privacy and Civil Liberties Board designed to support the work of David Anderson QC, the current Independent Reviewer of Terrorism Legislation.
Removing terrorism-related material The Bill will sit alongside the existing range of tools used to combat the terrorist threat, including powers to withdraw the passports of British citizens, bar foreign nationals from reentering the UK and strip British citizenship from those who have dual nationality. The Government is also working with the Internet industry to remove terrorist material hosted in the UK or overseas. Since February
8 www.risk-uk.com
NewsAnalysis December2014_riskuk_dec14 09/12/2014 13:20 Page 8
News Analysis: Counter-Terrorism and Security Bill
2010, the Counter-Terrorism Internet Referral Unit has taken down more than 65,000 pieces of unlawful terrorist-related content. Speaking about the new Bill, Home Secretary Theresa May said: “We’re in the middle of a generational struggle against a deadly terrorist ideology. These powers [outlined in the Counter-Terrorism and Security Bill] are essential to keep up with the very serious and rapidly changing threats we face. In an open and free society we can never entirely eliminate the threat from terrorism, but we must do everything possible in line with our shared values to reduce risks posed by our enemies.” The Home Secretary added: “This Bill includes a considered and targeted set of proposals that will help to keep us safe at a time of very significant danger by ensuring we have the powers we need to defend ourselves.” Responding to the Home Secretary’s announcement that the Counter-Terrorism and Security Bill will oblige Internet Service Providers (ISPs) to retain information linking IP addresses with individual users, Liberty’s director Shami Chakrabarti commented: “There’s no problem with the targeted investigation of terrorist suspects, including where required the linking of apparently anonymous communications to a particular person. However, every Government proposal of the last so many years has been about blanket surveillance of the entire population. Forgive us if we look for the devil in the detail.” Big Brother Watch director Emma Carr added: “There are key issues to be addressed with these IP-based proposals. For example, there are questions over whether or not this will be technically feasible. Proper safeguards must be introduced to ensure that these techniques are used transparently, that there’s a proper level of authorisation and that the oversight and redress mechanisms can function effectively.” Carr added: “If such a measure is introduced, time should then be allowed to ensure that its effectiveness in relation to law enforcement investigations can be evaluated with due care and transparency.”
Disruption of terrorist attacks The National Policing Lead for CounterTerrorism is Assistant Commissioner Mark Rowley of the Metropolitan Police Service. As far as Rowley’s concerned, countering terrorism has for too long been thought of as the sole preserve of the police service, the security agencies and the Government. Rowley is now calling on citizens and businesses to be prepared to play their part in keeping the country safe. “The danger posed
by violent extremists has evolved,” he said. “They are no longer a problem solely stemming from countries like Iraq and Afghanistan, far away in the minds of the public. Now, they are home-grown in our communities, radicalised by images and messages they read on social media and prepared to kill for their cause. The tragic murder of Lee Rigby last year was a stark warning to us all about how real and local the threat is at this time.” Rowley continued: “Police officers and our partners are continuing to work 24 hours a day, seven days a week to protect the UK from a terrorist attack. So far this year we’ve disrupted several attack plots and made 271 arrests following counter-terrorism investigations, but the eyes and ears of law enforcement and other agencies alone cannot combat the threat.”
Metropolitan Police Service Assistant Commissioner Mark Rowley: National Policing Lead for Counter-Terrorism
Pursue, Prevent, Protect, Prepare The UK’s counter-terrorism strategy CONTEST focuses on four key areas: Pursue, Prevent, Protect and Prepare. Most of the publicity around terrorism is based on Pursue and Prevent, as these involve arrests, the disrupting of actual attack plots and turning people away from extremism. AC Rowley is keen to stress that everyone can be doing more to Protect and Prepare, ensuring security in crowded places, the monitoring of our borders and being ready to respond to a terrorist attack. “We don’t want to scare people, but we do want them to understand the threat and be vigilant to things that are out of place or suspicious and report it to the police service. We need businesses to check that their security measures are effective and train their members of staff to detect potential threats and, if necessary, respond to an attack.” AC Rowley also stated: “Experience shows us that terrorists target busy, well-populated places to ensure that their attacks have a maximum impact. Businesses, particularly those in crowded places, have an invaluable role to play in our fight against terrorists, violent extremists and other criminals. Their members of staff are often the first people to spot signs that something is wrong.” Since the UK terror threat level increased on 29 August, reports of suspicious behaviour have nearly doubled. This is a direct result of reporting by members of the public, and every one of those reports is investigated. However, AC Rowley wants more members of the public to have confidence in reporting their suspicions. “Please tell us if you know or suspect something,” he urged. “Your information could save lives.”
The UK’s counter-terrorism strategy CONTEST focuses on four key areas: Pursue, Prevent, Protect and Prepare
9 www.risk-uk.com
Project1_Layout 1 03/02/2014 12:30 Page 1
NewsSpecialHMICReport December2014_riskuk_DEC14 09/12/2014 13:17 Page 11
News Special: HMIC Report on Crime Recording Statistics
“Victims let down by poor crime recording” states HMIC report he inspection was designed to review the integrity of police-recorded crime data (it was not an inspection or inquiry into the integrity of the police service). In examining over 8,000 reports of crime incidents detailed to the police, HMIC found the national average of the under-recording of crime to be 19% (ie over 800,000 crimes each year). During the audit period November 2012October 2013, the police were found to be less likely to record violent offences as crimes than they were other crime types. The inspection also found that, on the national average, over a third of violent crimes reported to the police each year are not being recorded as crime. Every force was inspected, and the results from each have been used to build a statistically representative figure on a national basis. HMIC emphasises that the picture at a local level is mixed. Not every force is the same. In a few forces, crime recording is very good and highlights the fact that this procedure can be carried out extremely well and the statistics trusted. In some other forces, though, HMIC suggests the process is “unacceptably bad”.
T
In its latest publication entitled ‘Crime Recording: Making the Victim Count’, which encompasses the results of what is the most extensive inspection and analysis of crime recording carried out to date, Her Majesty’s Inspectorate of Constabulary finds that the national average rate of underrecording of crime is almost one-in-five. Brian Sims reports
Recording rate is “inexcusably poor” Commenting on the report’s contents, Her Majesty’s Chief Inspector of Constabulary Tom Winsor said: “A national crime recording rate of 81% is inexcusably poor. Failure to properly record crime is indefensible. This is not about numbers and dry statistics. It’s about victims and the protection of members of the public.” Winsor also stated: “The police should immediately institutionalise the presumption that the victim is to be believed. If evidence later comes to light which shows that no crime occurred then the record should be corrected. That’s how the system is supposed to work.” Importantly, Winsor explained: “Victims need – and are entitled to – support and assistance. They – and their communities – are also entitled to justice. Failures in crime recording can also increase the risks to victims and the community of the denial of justice. The police need to take this subject very seriously.” One-in-five of the 3,246 reviewed decisions made to cancel a crime record were incorrect. The police should inform victims of these decisions, states HMIC, but in over 800 of the 3,246 decisions reviewed for this inspection there was no record of the victim having been told. This means that victims may be under the impression their crimes are being investigated when in truth they’re not.
The inspection also found that, once recorded, decisions on the classification of crimes were correct in 96% of cases.
Undue pressure on police officers? Relatively little firm evidence was found of undue pressure being placed on police officers to manipulate figures, despite allegations and assertions to that effect. However, in a survey of over 17,000 police officers and staff, 39% of the 8,600 individuals who said they had responsibility for making crime recording decisions reported that performance and other pressures were distorting those decisions. When presented with this picture, several forces admitted it. That said, the inspection also found that forces are making considerable efforts to change the culture in which such practices have been permitted in the past. Adam Pemberton – assistant CEO of Victim Support – stated: “The sheer number of crimes that have been dismissed by the police is alarming. It’s equally astonishing that so many victims are not told if the police service later decides that no crime took place. The victims of crime rely on the police service to believe them and to investigate crime properly. They should be able to trust them to do just that.”
Tom Winsor: Her Majesty’s Chief Inspector of Constabulary
11 www.risk-uk.com
ManifestoforProfessionalSecurity December2014_riskuk_dec14 09/12/2014 12:05 Page 12
‘A Manifesto for Professional Security’: The Security Institute’s Vision of The Future On Tuesday 18 November at The Churchill War Rooms in London, The Security Institute launched ‘A Manifesto for Professional Security’. Emma Shaw outlines the organisation’s vision for making professional security more effective: a profession that’s recognised and respected for the immense value it delivers to society, to organisations in the public and private sectors and, indeed, individual members of the public verything The Security Institute has done over the first 15 years of its existence has been building up to this point. We would like to think that our new document entitled ‘Recognised, Respected and Professional: A Manifesto for Professional Security’ carries on the traditions of The Security Institute’s founding members. Back in 1999, those founding members were willing to seek change and courageous enough to do their utmost in a bold bid to realise that change. This is the point at which I feel our professional body comes of age. The point at which we are mature enough to profess that we can only achieve our ambitions for this profession not by pursuing our own agenda or through acting as a member association with a narrow focus on our own members’ interests but instead by recognising that the first duty of a professional body is to serve the profession itself in the most inclusive sense in addition to all of its many and varied stakeholders. We understand that, across the sector, there are valuable relationships currently being used for narrow benefit that could be developed to serve the greater good. First and foremost, this new Manifesto is about collaboration. It sets out a vision and a series of initiatives that encourage working together to achieve key outcomes. In working to bring about those defined outcomes, all organisations within the sector would maintain full autonomy and retain their own individual identity
E
12
www.risk-uk.com
and traditions while at the same time striving to achieve for the good of all.
Background to the Manifesto Undoubtedly, these are times of immense and rapid change for the security profession and all of its practitioners. The nature of the security threat is evolving. Accessible information technologies, global networks, diversification of threats and disruptive technologies will all create risks for the public, for society and for businesses in equal measure. These complex threats require complex solutions and, in turn, this will demand far greater collaboration and co-operation from – and between – those responsible for the security of assets as well as the host organisations representing them. We also need to remember that it’s not only security professionals who are our stakeholders. Ultimately, the primary end user of all our services is the general public and The Security Institute feels that not enough has been done to include that cohort in our thinking as a profession. There’s a need for greater understanding of what the public perceives as threats, which tend towards the local and short term rather than the international and longer term focus of the UK Government’s own National Security Strategy. Through its professional bodies, the security profession must strive to build bridges with the public it seeks to protect. Following on from this, security must also engage more actively with end user stakeholders in a bid to demystify its practices and make its own case for wider recognition as a force for good in society. On an individual level, security must strive to promote a clear understanding and appreciation of the things the security profession does on a daily basis to maintain stakeholder well-being. At a time when security is becoming ever more ubiquitous and might be perceived by some as overbearing, we absolutely cannot afford to let the public lose faith in the professionals who work tirelessly to manage and mitigate the risks we all face and, in so doing, keep members of the public safe. In the pursuit of greater degrees of security, it must be said that a fine line exists between protecting members of the public and infringing their civil liberties. Here, the security profession has the opportunity to be a
ManifestoforProfessionalSecurity December2014_riskuk_dec14 09/12/2014 12:06 Page 13
Opinion: ‘A Manifesto for Professional Security’
reassuring and independent presence between the public and the legislature. We can offer a reliable information channel. Taking this argument a stage further, the security profession has to encourage an ongoing debate around the moral basis of security. It’s also fair to say that ethical challenges will frequently arise as technology empowers the profession to gather, analyse and use data about citizens.
Security profession must evolve The Institute feels strongly that the security profession must evolve in line with the changing nature of risks and threats and equip practitioners to cope with those risks such that they can meet the challenges facing society. Technology is one of the key drivers of change, and the security profession – and its cohort – needs to demonstrate the technical and intellectual skills that enable effective working within this environment. New tools can help transform the sector. For example, big data analytics might be made into working tools, enabling complex data to be turned into smart data and allowing data analysis on a massive scale that quickly provides deeper insights while creating new types of services for host organisations. We should also consider the make-up of the security profession. Security is still widely viewed as a second career for those coming out of the military or the police service. We need to encourage young people to enter the security world as a first-choice profession after leaving school or university. What, then, are the reasons why things we would all agree need to be done are not being done? First, it’s apparent to many of us that ‘Security’ simply doesn’t speak the language of business or the public effectively and so doesn’t participate in the conversations that frequently set the agenda. Second, one of the strengths of the security sector is the engagement of its members and the vibrant groups, associations and institutes they establish – but this is also its weakness. The security sector is fragmented and lacking in clear leadership. We also believe that the nature of the relationship between the profession and the public should change. ‘Security’ needs to develop a relationship with the public whereby the users are the ones demanding the services
rather than having services they haven’t asked for imposed upon them. Returning once more to the key theme of collaboration and cooperation, The Security Institute feels there’s an overriding need for a true and sustaining partnership between the security profession, businesses and institutions and the general public. The Manifesto asks a number of things of various stakeholders within this profession and those who have influence over it. However diverse, large or small, we call upon all of the professional bodies in this industry to set aside any parochial interests and join with us in working independently and in parallel for the benefit of our profession, our industry and our society. We call on educational and awarding bodies to join with the professional bodies and examine the future development of structured learning programmes designed to up-skill the security workforce. We call upon key commercial organisations to work with the professional bodies and provide the funding and support that some of these initiatives will entail. In addition, we call upon Parliament and its many agencies to establish an enabling, meaningful and ongoing dialogue with the profession to ensure it develops in a manner that’s entirely consistent with the needs of Government and society.
Dynamic collaboration in the future The Manifesto proposes a number of initiatives that we – the professional bodies and member associations in the security sector – can establish through working together. We encourage thoughtful and dynamic collaboration between groups, businesses and individuals. We believe we should establish a Security Commonwealth wherein all organisations come together on an equal basis, retaining their full individual autonomy while working collectively on the development of common approaches to joint challenges. We propose that we should work collaboratively with all willing groups and
Emma Shaw CSyP FSyl MBA FCMI: Chairman of The Security Institute
“First and foremost, this new Manifesto is about collaboration. It sets out a vision and a series of initiatives that encourage working together to achieve key outcomes” 13
www.risk-uk.com
ManifestoforProfessionalSecurity December2014_riskuk_dec14 09/12/2014 13:16 Page 14
Opinion: ‘A Manifesto for Professional Security’
individuals within the industry to set up a Security Information Service. This will afford the public general advice via a website – ideally sponsored by the industry and, possibly, Government – focused on all aspects of personal, domestic, travel and cyber security. This can be used to steer public opinion in a favourable direction. The Security Information Service will share information on how professional security succeeds at major events as well as on a dayto-day basis in peoples’ lives, for instance when they’re at the shops or using public transport. We will celebrate the achievements of those working for the public and support measures to address the abuse and misuse of security. We wish to work together to improve and heighten the profile of the sector. The Security Institute encourages collaboration with universities and education providers, schools and university careers services and employers. We want to establish clear career paths that demonstrate progress from first entering the profession to roles in the top strata via specialist and generalist positions, technical and business roles. Put simply, we need to show security to be the challenging, intellectually stimulating, exciting and public-serving discipline that it most certainly is. We can do this through the medium of a Security Careers Advisory Service.
Position on professionalism We want to work together on developing and sharing a common position on professionalism within our industry. Our joint aim should be the UK becoming the exemplar model that the world can copy. We can create a Working Group, entitled Security Outreach, and target this outreach to opinion formers, politicians and management organisations such as the CBI and the Institute of Directors. We can increase awareness through the Human Resources profession, the purchasing and supply function and Facilities Management, all of which are key enablers in our area. We act together to promote ‘The Gold Standard’ created by The Worshipful Company of Security Professionals, that of the Chartered Security Professional. We act in unison with other industry bodies to create a common point of view and voice that we will use to approach Government with clearly thought-out
“The Institute feels strongly that the security profession must evolve in line with the changing nature of risks and threats and equip practitioners to cope with those risks” 14
www.risk-uk.com
suggestions designed to encourage and influence the development of a Government White Paper on the future of the security profession. Security Outreach will play a key role in this process. To ensure that our voice is heard we propose the creation of a Joint Security Associations’ Lobbying Group that would speak on behalf of all the associations – and through them – when representing the profession and its members. Let’s recognise that we have a great deal in common and that, first and foremost, all bodies in the sector were established to support the members of this profession. There’s much we can and will continue to offer as individual associations, but let’s be brave enough to recognise that there will be many occasions when, if we are to be truly effective, the fact of the matter is that we are better together, speaking with one voice. We recognise that our ambition for the development of the profession is beyond the ability and resources of any one group, organisation or professional association within the sector. We realise that there are many perspectives on the future of the security profession and the broader sector, and that there are informed voices outside of our organisation who can claim thought leadership.
Strong contribution to the sector We have no wish to necessarily lead these initiatives but undertake to work tirelessly to get them off the ground and to give them our full and continuing support as a willing participant in the way forward. Indeed, so determined are we to make them a reality that we’re ready to contemplate a future in which The Security Institute itself may cease to exist in its present form and would possibly be subsumed within a larger, more representative grouping that carries greater authority through its universality. As a professional body, The Security Institute is rightly proud of its journey over the past 15 years. The organisation has made a strong contribution to the sector. However, if this Manifesto meets with an enthusiastic response from other organisations, and we’re able to use its contents in bringing greater cohesion to the profession at large, then this will be our finest achievement to date. Winston Churchill once famously stated: “I never worry about action, but only inaction.” Together, we have an opportunity before us to start something that’s truly great. Let’s not allow that opportunity to be brought to a halt through inaction. Work with The Security Institute to make it so.
Project2_Layout 1 09/12/2014 14:02 Page 1
OxyReduct® fire prevention
REMOVING THE T H R E AT O F F I R E .
The new Library of Birmingham has chosen OxyReduct® to protect its valuable archives, the same as over 700 other businesses and organisations around Europe. No matter how good your fire detection, extinguishing or suppression system is, a fire has to start for it to work – so some damage is inevitable. In mission critical applications where any business interruption is unacceptable or where warehouse stock or archives are invaluable, a different approach to fire prevention is needed. OxyReduct® employs innovative technology that continuously reduces the oxygen level in a room by adding nitrogen to the air. The oxygen is reduced to a level in which combustibles do not inflame and an open fire is impossible. Importantly, people can enter the area of risk. Visit our in-house demonstration facility and experience a fire-free environment at first hand.
www.wagner-uk.com
BSIABriefing December2014_riskuk_dec14 09/12/2014 11:43 Page 16
Britain’s Lone Workers: Protecting them from harm For many British companies, changes in technology and working practices have led more employees to work either in isolation or without direct supervision. Given such developments place these ‘lone workers’ at potential risk, demand for security and safety mechanisms has skyrocketed. James Kelly explores the market for lone worker protection and explains what end users should be looking for when sourcing a quality solutions provider
rom community healthcare employees through to shopkeepers, museum curators and service station employees, a growing number of Britain’s workers spanning a range of industry sectors are now required to work or travel alone, either regularly or on an occasional basis. Almost by definition, socalled ‘lone working’ can be intimidating and, at times, dangerous, with employees exposed to a number of risks from trips and falls through to verbal and/or physical abuse. Employers have a Duty of Care to look after all of their employees and to ensure that the appropriate safeguards are in place that will protect them while working in isolation. An increased awareness of employers’ legal responsibilities was highlighted in research released only last year. This detailed analysis revealed the growing importance of robust Health and Safety measures to protect staff and businesses from potential corporate manslaughter claims arising on those occasions when deaths are caused by management failures deemed to constitute a gross breach in relation to Duty of Care.
F
16
www.risk-uk.com
Figures published in 2013 by law firm Pinsent Masons LLP show that the number of corporate manslaughter cases rose to 63 in 2012 compared with 45 in 2011 (representing an increase of 40%). The firm also warns of an increased focus by the Crown Prosecution Service on corporate manslaughter claims, asserting that momentum is growing around enforcement of the 2007 Corporate Manslaughter and Corporate Homicide Act. In fact, the first prosecution under that Act related to a lone worker, illustrating the important emphasis that employers must place upon taking care of such employees. Protecting lone workers involves a two-fold approach designed to provide safeguards but also offer reassurances to the individuals involved. For many, this means providing employees with the means to call for help should they find themselves in a challenging situation. Here, technology comes to the fore. Working with the police service and end users, the private security industry has developed a combination of practice, technology and standards capable of providing an effective – and affordable – solution to risk in the form of personal alarms capable of establishing direct links with Alarm Receiving Centres (ARCs) and the Emergency Services. Having developed rapidly over the past decade, the market for lone worker security has led to the creation of myriad protection devices equipped with mobile phone technology that connects employees quickly and discreetly with an emergency response system that has direct links to the police service. As such, lone workers are now able to assess the risks they might be facing in the knowledge that they possess the means both to summon aid in an emergency and collect information that, if necessary, can be used in evidence. As the lone worker market ‘comes of age’, a number of lone worker products are now commercially available, including miniature devices that resemble ID holders in addition to specialist smart phone apps. With such a wide range of choice before them, it can be the case that end users are simply unsure of where to start when it comes to sourcing quality lone worker solutions.
BS 8484: setting the standard Considering the core requirement of a lone worker system and how it addresses the end user’s needs, the ability to summon help – and rely upon police attendance – is crucial.
BSIABriefing December2014_riskuk_dec14 09/12/2014 11:44 Page 17
BSIA Briefing
British Standard BS 8484 is employed by all BSIA members in this field and forms the basis for police response to lone worker systems. Indeed, BS 8484 is an ideal place to start when sourcing a lone worker system. As such, the BSIA recommends the use of devices or smart phone apps certified to BS 8484 and monitored by ARCs certificated to BS 8484 (Part 6) as well as BS 5979 (Category 2). Choosing a solution that’s compliant to BS 8484 through audit ensures that ‘at risk’ employees are provided with the best and most cost-effective level of protection if they should find themselves in difficulty, at the same time affording employers the best level of protection against litigation. BS 8484 contains three main elements: • Part 4: The company providing the service must be stable, properly financed, insured, have effective information security and be competent to provide lone worker services • Part 5: All devices used as personal safety alarms must meet the functional requirements of the standard. This enables an operator to verify an alarm as genuine, establish the situation and the location before passing the relevant information to the appropriate response service in a timely and efficient manner • Part 6: Refers to the ARC which is where the alarm is received, verified and a response request sent to the appropriate service – usually the Emergency Services. As stated, ARCs must meet BS 5979 Category 2 standards as well as BS 8484 Part 6
Ensuring police response Implementation has ensured that requests for police response are properly verified, originate with approved ARCs and contain the right information. The result is a minimum of false alarms which justifies the commitment made by the police service to provide an ‘immediate’ response where possible. The police manage alarms and approval for ‘immediate’ response through the ACPO Security Systems Policy by issuing a Unique Reference Number (or URN). For lone worker alarms, the ACPO Policy demands that all links in the chain are complete before a URN is issued to an ARC (ie the provider, the device and the ARC must all be accredited to the appropriate part of the standard). Implementation of the standard benefits the police. More importantly, perhaps, it also provides less tangible benefits for vulnerable employees and their employers around staff attitudes. It has been shown that employers who show proper concern for their ‘at risk’
members of staff can reduce employee absence through sickness and stress while also improving staff retention levels. Due to the fact they feel safer with adequate precautions and training in place, employees are more effective in implementing company policy in difficult situations. Such services have been shown to allow staff to work alone where in the past ‘double manning’ has been required.
Expert guidance at hand The BSIA has published three associated guides affording employers and lone workers themselves with some easy-to-follow advice. ‘Lone Workers: An Employer’s Guide’ informs employers about what to look for when sourcing a lone worker safety and security solutions provider. The guide covers an employers’ responsibilities to its lone workers, as well as specific criteria for selecting technology and monitoring services and providers (including the possession of quality management systems such as ISO 9001 and the delivery of appropriate training). ‘Lone Workers: An Employer’s Guide’ can be downloaded free by visiting http://www.bsia.co.uk/publications and searching for Form 288. For employees whose role requires them to work alone, the BSIA has issued a separate guide entitled: ‘Lone Workers: An Employee’s Guide’. This too is available as a free download. Visit http://www.bsia.co.uk/publications and locate Form 284. Furthermore, the Association has produced an end users’ guide to help users of lone worker devices or smart phone apps understand exactly when they should summon help using their device. The new guide, entitled: ‘Use of a Lone Worker Device or App’ is available free from the same Internet address. In this instance, look for Form 256.
James Kelly: Chief Executive of the British Security Industry Association
17
www.risk-uk.com
Project2_Layout 1 08/12/2014 17:10 Page 1
The best chance to attend face-to-face meetings with top suppliers of security products and services. As a delegate your attendance is FREE and we match-make delegates with suppliers based on shared preferences to ensure all meetings are of the highest quality. Delegates benefit from: • Pre-agreed 25-minute meetings with suppliers pre-selected by you • Complimentary seminars • Overnight accommodation at a luxurious venue • Buffet lunch and evening gala dinner with entertainment • An event where you are in charge
Suppliers benefit from: • 1-2-1 meetings with delegates • Professional but relaxed networking environment • Overnight accommodation at a luxurious venue • Dedicated stand for meetings with Wifi, lighting and electrics
16th & 17th March 2015, Radisson Blu, London Stansted
BOOK NOW Contact Nick Stannard on 01992 374092 or email n.stannard@forumevents.co.uk Media and Industry Partners
FireSafetyPlanning December2014_riskuk_dec14 09/12/2014 11:51 Page 19
Fire Safety Planning: The Role of System Manufacturers
Best laid plans When it comes to effective fire safety planning, the expertise and input of fire detection and alarm system manufacturers is often underestimated and, arguably, underused. Paul Pope explains how solutions developers are crucial to the success of any fire detection regime deployed for end users he development of an effective fire safety strategy allowing early warning of a fire condition and the safe exit of occupants from a building or a given area/zone is a complex process. It’s one requiring the input of experienced specialists who can tackle everything from the initial consultation and design stage through to commissioning, installation and ongoing building management. The fire detection system manufacturer is very definitely one of those specialists. Fire detection and alarm systems provide one method for the early warning and evacuation strategy to begin. Taking a step back, though, much work has to be undertaken in first developing the specialist products, communication protocols and system strategies that will ensure all elements come together and afford building occupants the best possible chance to exit the premises both safely and quickly should a number of unforeseen scenarios arise. From Apollo’s perspective, the majority of our solutions begin life in the company’s Sales, Marketing and Research & Development Departments where ideas are formed, products justified and development procedures managed from concept through to end of life. It’s vitally important that the business is experienced in understanding the complex markets, international standards and technicalities involved with the fire detection and alarm industry in order to identify where new product and system enhancement opportunities exist. Any new idea begins its journey on the production line as a ‘development map’ and, once this blueprint is deemed viable, moves on to the Technical Department (a nearly 40-strong workforce consisting of electronic software designers, mechanical design specialists, researchers and PhD-level engineers). Here, the product ideas are extensively researched and concepts drawn up. At this point a concept is selected and progresses through a stringent new product introduction process where the potential
T
solution is designed and detailed using advanced ComputerAided Engineering and simulation software operated by experienced engineering teams. “We’re rigorous with our development approach,” commented Apollo’s technical director Chris Moore. “It’s essential that a fitfor-purpose product is created with ‘right first time’ principles and that it’s suitable for use in the highly regulated life safety market.” At the end of the design process, a product will move towards the most crucial stage of all: the testing and validation procedure. Our site includes five test laboratories. Every piece of equipment is put through its paces not only as part of new product development but also for ongoing quality control. The combination of these five laboratories results in a highly stringent testing and validation process whereby products are not only tested to meet UK regulations, but also the approval certification requirements of every country to which we supply our solutions. Once the testing and validation phase is complete, a product will then proceed to the third party testing stage for the appropriate certification (for example, EN54) before heading for manufacture. The whole testing and certification process can take anything from three months to two years to complete.
Shaping fire planning strategies Fire detection system manufacturers and their products play an integral role in shaping not only effective fire planning strategies but also how the Fire Service operates on the front line.
Paul Pope: Business Innovation Manager at Apollo Fire Detectors
19
www.risk-uk.com
FireSafetyPlanning December2014_riskuk_dec14 09/12/2014 11:53 Page 34
“Fire detection system manufacturers and their products play an integral role in shaping not only effective fire planning strategies but also how the Fire Service operates on the front line” “One of the biggest issues in fire protection at the moment is false alarms,” explained Adair Lewis, technical manager at the Fire Protection Association (FPA). “Last year, the Emergency Services responded to over 400,000 cases of false alarms. Not only is this clearly a waste of resources which diverts help away from potential incidents of real need, but it also influences the fire policies of different fire brigades throughout the country.” Lewis continued: “An example of this can be seen in the deployment of fire advisors on motorcycles in areas where fire brigades have experienced high numbers of false alarms. Whereas this clearly cuts down on the resources needed to attend an incident and, it must be said, allows for the immediate assessment of a situation, the downside is undoubtedly that these advisors have limited capabilities when it comes to being able to tackle a genuine fire situation.” Lewis and his colleagues at the FPA openly welcome the development by manufacturers of more multi-sensor fire, smoke and heat detectors which can yield a wider picture of a potential situation and therefore reduce false alarms and unnecessary brigade call-outs. “Fire safety planners need to be working with manufacturers to ensure that they’re recommending detectors to their clients which are fit-for-purpose,” added Lewis. “Each installation can be subject to different environmental conditions. For example, there may be a factory environment where excessive heat and steam is produced. The manufacturer is a crucial point of reference for clarification of the best type of detector to use.”
20
www.risk-uk.com
Adair’s final point is one that’s crucial to any effective fire detection system and is an area where the expertise of a manufacturer should be used as extensively as possible to yield sound advice and guidance. It’s vital that all areas of a given building are assessed to ensure the appropriate type of detection is used for differing fire risks. Understanding the type of fire risk, the materials present, the fire load, the environment, sensor technology and the best detector locations is critical for early and reliable fire detection. It’s also imperative for protecting life that any fire detection system operates and monitors the fire protection measures correctly according to a building’s fire evacuation strategy. Examples would include simultaneous or phased evacuation, closing fire containment doors, grounding lifts to a safe area relative to the fire and fire and smoke damper control. In addition, occupants may be unfamiliar with their surroundings, possibly orientated to a different time zone and understand only different languages. All of these issues need to be accounted for in the event of a fire scenario.
Future proofing the system As well as advising on the most appropriate fire detection equipment to use, manufacturers can also play a key role in recommending how their products might best be implemented within a strategy and design to accommodate any potential future works or changes at a site. An example can be seen in our work at the iconic Tower Bridge in London. Installed by Firetecnics Systems, the fire detection system features an Apollo fire detection and alarm system with five Kentec open protocol panels, two graphics panels and three voice racks. In addition, field detection equipment encompasses 100 Manual Call Points, 350 Discovery units, 50 XPander units and 12 beam detectors. These detectors are supported by 120 visual indicators, 50 interfaces and 200 DNH speakers.
FireSafetyPlanning December2014_riskuk_dec14 09/12/2014 11:53 Page 35
Fire Safety Planning: The Role of System Manufacturers
Fire Safety Engineering Solutions at The Kia Oval
Planned future works at Tower Bridge led to flexibility being key to the success of the system’s installation. We provided guidance and technical support to Firetecnics Systems on how to deal with a number of issues, including the planned relocation of the central security area (which will be moved temporarily for a refurbishment and then possibly relocated following further planning work). To facilitate this, the network has been reconfigured so that the security area is provided with a repeater panel which can be relocated without actually having to break into the network, thereby allowing simpler construction in the future. Additionally, around 50 wired devices have been replaced by wireless units that can be simply taken down for the period during which a room or suite is being decorated and refurbished and then re-installed and commissioned when replaced. This minimises downtime but, crucially, still allows project completion with a view to future works. There’s a vast array of legislation and standards that govern the protection of buildings and their occupants. The consequences of not bringing all these together and ensuring the highest levels of fire detection, safety and evacuation can have tragic results. Those involved in the fire safety planning process should not be afraid to draw upon the knowledge and expertise of reputable fire system manufacturers to help them assess what products are best suited to their planned design and how the use of these solutions might be maximised well into the future.
The Kia Oval in South London is home to Surrey County Cricket Club and, traditionally, plays host to England’s final Test Match of the season in front of a 23,000 capacity crowd, writes Brian Sims. Having previously designed and installed fire detection systems – among them Discovery call points and detectors – in both The Lock and Laker Stands at the Pavilion End (which also houses the exclusive Kennington Club Committee Rooms and Museum) some 18 months earlier, TVF (UK) now required an open protocol system that could protect the famous Vauxhall End – one of the most distinctive stands in international cricket – in the wake of its redevelopment. TVF (UK) duly selected Apollo as its manufacturer of choice. The installation comprises a hybrid of the Discovery hard-wired and XPander radio ranges working in conjunction with an Advanced control panel in each stand. With 20 zones for each stand, over 200 optical detectors have been installed along with 30 call points and over 30 loop interfaces/XPander radio devices. John Baker – systems director at TVF (UK) – outlined some of the challenges behind the installation. “Any venue hosting a variety of large-scale events needs a robust and accurate fire detection system. As such, we installed a system with double-knock detectors – in other words the alarms are only sounded if two detectors are activated, helping to minimise false alarms – and one that links to other gates in the ground. In addition, there are lamp buzzers in key areas allowing for operational match day crowd management to ensure a controlled evacuation should one ever be needed.” The view of the fire safety engineer is, of course, all-important. Nicole Hoffmann is director of Kingfell and an independent Chartered Fire Engineer. “Safety is integral to the planning and management of any stadium event,” explained Hoffman, “as outlined within the Guide to Safety at Sports Grounds.” Also known as the ‘Green Guide’, this document has been revised down the years and is now required reading for anyone involved in the initial design of stadiums through to their day-to-day operation. Within the document, there’s differentiation between normal egress of a stadium at the end of an event and during an emergency evacuation. For both, there’s guidance on the time taken for spectators to leave the viewing accommodation and – under normal conditions – enter the free-flowing exit system or, in an emergency scenario, to reach a place of safety. “Considering the potentially large number of people involved who may be generally unfamiliar with the venue they’re attending,” continued Hoffmann, “the fire safety strategy design challenge is that the evacuation time to a place of safety has to be two-and-a-half, six or eight minutes. That timing is dependent on the fire risk associated with, for example, stand construction, routing of escape routes or the provision of fire suppression systems.” This indicates that fire safety is a system of components, their design and their interaction with each other. It also highlights that there’s more than one way to achieve the level of safety required by the ‘Green Guide’. Underlying this is that all the components are known, managed and maintained. “The ‘Green Guide’ recommends the zoning of a stadium and its activities,” said Hoffmann, “whereby the core is the activity area that spectators have come to see while the viewing area is the secondary zone. This concept also assists in the development of the emergency evacuation strategy.”
21
www.risk-uk.com
Project2_Layout 1 09/12/2014 14:00 Page 1
CCTVProtectingBusinesses December2014_riskuk_dec14 09/12/2014 11:45 Page 23
CCTV: Protecting Businesses, People and Reputation
Surveillance: The Commercial Imperative hen it comes to effective security there’s little doubt that CCTV has a fundamental role to play across both the private and public sectors, yet there’s still a concerning number of UK businesses not using modern surveillance systems to their best effect. Many organisations will only invest in CCTV if they’ve experienced a crime on site – an unfortunate but common situation. In addition, many end users remain sceptical about the technology, believing that cameras will only produce blurred images and not actually capture the right data for their purposes. Surveillance technology has advanced at a particularly rapid pace, and more and more businesses are beginning to wake up to the numerous benefits afforded by today’s High Definition (HD) CCTV solutions. The days of watching grainy, distorted images should now be a thing of the past. Within the last few years there has been a significant improvement in image quality and, it’s fair to say, the capabilities of CCTV are now greater than ever. At ADT, we created a demonstration video allowing customers to view the same recorded scene in both analogue and HD technology formats. The difference in the picture quality (as shown, right) is striking. Customers are immediately able to see the benefits. If businesses adopt HD CCTV technology, this could have a positive impact on crime figures as the pictures produced and the level of detail captured is so superior that it makes the job of identification much easier. In addition, CCTV cameras allow business owners to monitor and identify high risk areas and help protect any members of staff attributed to lone worker assignments. Higher resolution megapixel cameras mean that larger areas can be covered without compromising picture quality. Business owners are able to monitor and pinpoint specific areas (such as car parks and secluded entrances and/or exits) where capturing significant detail is crucial.
W
Despite research showing that such systems can act as a deterrent to would-be thieves and reduce crime by as much as 28%, it’s apparent that businesses are still not using CCTV to its greatest effect. Jeremy Simpson considers how the latest High Definition surveillance solutions can offer the greatest degree of protection for both people and property
The same scene in a retail outlet when viewed by an analogue camera (above) and (below) using today’s HD surveillance
Upgrading for greater functionality One of the main differences between analogue technology and HD is the type of cabling and network that’s adopted. Instead of running cameras on an analogue coaxial cable, an Internet Protocol (IP) network is created for HD cameras. This provides greater functionality, in turn enabling PCs, mobile phones and tablets to be connected to the network. In addition,
23
www.risk-uk.com
CCTVProtectingBusinesses December2014_riskuk_dec14 09/12/2014 11:46 Page 24
CCTV: Protecting Businesses, People and Reputation
“Surveillance technology has advanced at a rapid pace, and more and more businesses are beginning to wake up to the numerous benefits afforded by today’s HD CCTV solutions”
Jeremy Simpson: Head of Channel Marketing at ADT Fire & Security
such a set-up ensures that when a business owner is off-site remote viewing is possible for additional peace of mind. CCTV using HD technology begets a faster transition time between the image being taken and the image appearing on screen, thus allowing for real-time footage. That assists in reducing the time taken to act upon a potential incident. Furthermore, given that only one cable is required to power an HD camera and video (unlike an analogue camera which requires two cables), costs are reduced and the installation process is made that much faster. It’s also possible to easily upgrade an existing analogue CCTV system with the more efficient HD technology. In some cases, existing cabling may be re-used so as to reduce costs, although new transmission devices, the cameras and recorder must be installed.
HD cameras: compact and durable The latest HD cameras are smaller, more robust and more aesthetically pleasing than their analogue predecessors. There are two main types: the mini dome and the increasingly popular bullet camera. The latter is about half the size of the traditional analogue camera with no requirement to add an additional external camera housing. The lens, method of illumination and bracket are integrated as one complete end user solution. New cameras can also run a variety of innovative software applications. An example of this would be if paint were to be sprayed over the lens by a vandal. An algorithm built into the software detects the lens has been covered and sends a message to the user indicating picture loss, allowing the issue to be swiftly rectified.
24
www.risk-uk.com
Cameras are also becoming standalone devices employing valuable additional features. For example, a standard SD card can be inserted into an HD camera allowing it to record directly onto the card without the need for a separate recorder. The key advantage of the SD card is that the camera can still record vital information in the event of the main recorder failing or malfunctioning. Another key development featured in the newer HD cameras is that the aspect ratio is much wider. The aspect ratio refers to the height and width of the picture generated. Put simply, a wider ratio enables the camera to capture more of an image. Instead of two car parking spaces that may be captured on a standard analogue CCTV image, the modern HD CCTV camera can pick up four. The main advantage of this innovation is that larger areas can be covered by fewer cameras.
Night-time security requirements An important consideration that many businesses often overlook when specifying CCTV cameras and surveillance equipment is illumination. Although CCTV cameras work very well during the day, when light levels drop the cameras might become less sensitive and the image quality may deteriorate. Again, this is an issue that can be addressed by HD CCTV cameras which may be specified with infrared illuminators built into them. When evening approaches the infrared illuminator switches on, producing a clearer picture. However, the cameras are only sensitive to infrared illumination and will only produce monochrome pictures. If colour is important for identification purposes then end users ought to employ additional lighting which produces white light illumination. The lighting element uses energy-efficient LEDs. Motion sensors can be fitted to the cameras and lights so that the latter only switch on when there’s movement. This is an important energy-saving consideration for the host business. An increase in orders for HD CCTV systems emanating notably from small and mediumsized businesses demonstrates that confidence in the technology has greatly improved. As HD technology continues to embed itself within businesses, so the detection level of criminality will also continue to rise. Ultimately, though, it’s the security industry’s responsibility to educate today’s business owners when it comes to their perceptions of CCTV and HD cameras. At the end of the day it’s this community that will benefit markedly from the technology.
dycon psi november_Layout 1 27/10/2014 16:28 Page 1
D23X6 SERIES Radio Signal Analysers Designed and manufactured in the UK
NEW 4G Version NOW Available
•
Find the optimum antenna/device installation location
•
Detect and measure local 3G and GSM base stations
•
Lock to any network by inserting their SIM card
•
Detect all available networks by not inserting a SIM card
•
Detect and notify the operator of the presence of white noise jamming when it occurs (subject to signal strength)
•
D2386-r model is a Quad-band GSM analyser, including the EU-wide GSM-r frequency band for railway applications
For more information call:
+44 (0) 1443 471 060 info@dyconsecurity.com www.dyconsecurity.com
Dycon POWER SOLUTIONS
SecurityRiskAssessments December2014_riskuk_dec14 09/12/2014 12:36 Page 26
Security Risk Assessments, Surveys and Audits: What’s the difference? Today’s in-house security manager must understand the risks posed to the host business, what systems are in place to prevent (or otherwise mitigate) these risks and to what levels of conformance those same systems must operate. With this in mind, Charlie Swanson looks to define security risk assessments, surveys and audits and how they differ in nature and scope rom my own perspective I’ve been carrying out security surveys and teaching on that same subject for more years than I’m keen to remember. Generally speaking, at the kickoff meeting with the client – or Day One of the training course – there’s a need for me to explain what a security survey is all about. It’s not a risk assessment and it’s not an audit. It’s a survey, but what’s the difference? One of the first lessons to be taught to my aspiring security surveyors is to ensure that they totally understand the scope of the work in which they’re about to participate. However – and worryingly so – on too many occasions when it has been asked of the client to explain the scope of the work needed, you’re left with a blank stare normally followed by: “I don’t know. You’re the security expert” (whatever that is). Despite Home Office statistics attempting alchemy – that’s to say there’s an apparent belief in Westminster we can cut spending on the police service and somehow reduce crime – commerce and industry on home shores still faces a growing threat from organised criminals and, perhaps more importantly, terrorist organisations such as Islamic State. The private security sector encompassing
F
26
www.risk-uk.com
guarding and systems has grown exponentially, with security officers taking on more and more duties once carried out by the police service while electronic security systems are becoming commonplace in most industrial and commercial environments. It’s still taken for granted that the primary role of the in-house security manager is to protect the assets of the organisation while at the same time reducing crime against the business, but more is now expected from that manager. He or she has to understand the risks posed to the host business, what systems are in place to prevent or otherwise mitigate these risks and to what levels of conformance those same systems must operate.
The Security Risk Assessment The security risk assessment is arguably the most difficult process within the overall programme. Not only is risk at times misunderstood in the security industry, but those with a working knowledge of the subject have their own views on risk and how it is – or should be – measured. Risk assessments are, of course, very subjective. In practical terms, it’s generally agreed that the security risk assessment has a number of components attached to it that, once considered and examined, will allow for a risk valuation. Those components are assets, threats, vulnerabilities, impact, control measures and likelihood (or probability). Assets are best defined as anything of value that requires protection (for instance people, property and business or brand reputation, etc). Threats to the organisation can derive from a number of sources and may be natural or man-made, internal or external. Vulnerabilities are seen as a weakness in the system that allows the criminal or terrorist to exploit what may be ineffective defence measures. The impact is a measurement of the damage caused by a successful attack against an asset (for example the 4,000 or so people killed as a result of the attacks on 9/11). Control measures are designed to either prevent or mitigate an attack, and likelihood is when a decision is made about whether the attack will take place or not. The final process is by far the most difficult to carry out. Here, the analyst is expected to foresee the future. The one thing that’s certain about risk is that
SecurityRiskAssessments December2014_riskuk_dec14 09/12/2014 12:36 Page 27
Security Risk Assessments, Security Surveys and Security Audits
it’s uncertain. We simply do not know. Referencing 9/11 once again, given all of the advanced defensive systems in place in the USA who could have foreseen such an atrocity?
The Security Survey Are the systems in place fit for purpose? Prior to carrying out any form of site examination, the security surveyor needs to arm him or herself with sufficient information and data about the location under scrutiny. Defence or protection in depth is a method which is quite common, and this requires an examination of the layered defences identified in and around the survey location. During the risk assessment, the surveyor will have identified those critical assets that require protection. The defence in depth process will allow him or her to understand – through robust research – what defensive mechanisms are in place, from the environment surrounding the survey location through to the perimeter and building fabric and on again to the area(s) where the critical assets are to be found. It’s at this juncture, readers of Risk UK, when the fashionable description ‘Boots on the Ground’ really comes into its own. This part of the process is not an audit. The surveyor should not be looking for conformities. Rather, he or she is examining the systems in place in order to decide if they’re sufficiently robust and effective enough to either prevent or mitigate the impact of an attack. The surveyor needs to be able to think like a criminal, physically examining systems and processes on site to decide whether those systems can be circumvented or defeated. They must ask themselves questions. How effective is the CCTV system? Might the access-controlled main door be tailgated? Are there any ‘black spots’ in the lighting system? Can the security officers on duty be evaded in any way? It’s imperative that, at the earliest possible opportunity, the surveyor strikes an accord with the person who commissioned the survey because co-operation on site during the course of the survey is critical. The recipient of the survey must be comfortable with the fact that the surveyor is there to help and not achieve some form of professional conviction where blame is the end product. There should also be a de-brief at the end of the survey because the client will naturally be anxious. This is the ideal opportunity to discuss
any ‘quick fixes’ that may have been observed during the survey. It should be explained that the survey report will include a number of observations and recommendations in accordance with either the organisation’s own standards, perhaps British Standards or ISO equivalents. The next time the site is visited, the surveyor will be auditing those systems to see if they’re in conformance with the standards agreed during the survey.
The Security Audit The proof of the pudding, as they say, is in the eating. The effectiveness of the security survey can be measured during a follow-up audit. This is the time to examine the robustness of the survey and to ascertain whether the client has considered and bought into the recommendations made during the survey. If the security survey report is examined, and it’s clear that the customer has taken the necessary actions advised in the survey document (and, further, those recommendations were correct in terms of prevention and mitigation) then the security auditor should be content. However, if the client has declined to accept and apply the recommendations made during the survey it’s only right that questions must be asked – beginning with: ‘Why?’ It may be the case that, on consideration of the recommendations made, there just aren’t sufficient funds available to pay for the work required or the systems that need to be procured. The client could be waiting for a highlevel decision from, say, the Executive Board. Or it may be the case that the client harbours an agenda the detail of which is not to be shared with those external to the organisation. Unless the recommendations are related to some form of legislative or regulative requirement, the auditor has to accept the decision of the client.
Charlie Swanson MSc CSyP FSyI SIRM: Security and Risk Management Consultant
“Not only is risk at times misunderstood in the security industry, but those with a working knowledge of the subject have their own views on risk and how it is – or should be – measured” 27
www.risk-uk.com
SoftwarePiracy December2014_riskuk_dec14 09/12/2014 12:38 Page 28
Rewriting The Script Copyright infringement of software – also known as software piracy – is an ever-increasing problem for the UK’s software community. As Jamie Longmuir states, this form of criminality is difficult to trace, can be even harder to prevent and, if truth be told, is almost impossible to negate esearch at SafeNet has shown that just over 40% of software producers believe lost revenue due to software piracy has wrought a major impact on their business. Not only can piracy stunt revenue potential, but it can also negatively impact on paying customers who bear the cost of illegal product use as it limits the software community’s ability to be competitive, in turn leading to more expensive but less advanced products. The problem can affect a wide range of industries, from software vendors and retail companies through to the online gaming crowd. Earlier this year, for example, popular online game Grand Theft Auto fell victim to a software hack that caused a huge disruption to Rockstar Games and its customer base. Software piracy is facilitated by the abundance of reverse-engineering information now found online which provides easily available tools and knowledge to anyone who wants to find it. In today’s computing environment, software publishers must learn how to prevent the unauthorised use of their software without creating unnecessary obstacles for customers who wish
R
Jamie Longmuir: Software Monetisation Expert at SafeNet
28
www.risk-uk.com
to legitimately purchase and use it for their own purposes. It’s a well-known fact that most countries have copyright laws in place directly applicable to software. However, the degree of enforcement and compliance varies which makes some countries more ‘fertile’ in terms of infringement practices. Software vendors who proactively protect their software are on the right track, of course, but may not be fully protected against the evergrowing hacking attempts that can compromise their given application’s security.
Misconceptions about piracy Though software piracy is a well-discussed topic, there are some misconceptions around who it affects and how the issue should be treated. For example, some practitioners believe that software piracy is a ‘victimless’ crime. That assertion couldn’t be further from the truth. According to industry statistics, illegal software use costs developers worldwide over $50 billion every year in lost revenues. In Europe, an average of 66% of the software in use is illegal. In some Asia Pacific and Eastern European markets, meanwhile, over 90% of software remains unlicensed. Other commentators on this subject are also under the false impression that inexpensive software isn’t copied. There’s an argument to suggest that software protection isn’t necessary because making software cheaper would reduce the chance of it being copied and pirated. Like life, it’s not that simple. Developing a software product requires a huge investment of time and money which must be continuous. To succeed in tomorrow’s market, developers must invest today. The argument that people don’t actively copy inexpensive software is evidently false. If you were to check some computers around you today, you’d probably find that most copied programmes are actually the cheaper ones. When it comes to software protection, there’s a school of thought that this somehow ‘gets in the way’ of the legitimate user. In reality, the new and more sophisticated types of software copy protection actually benefit legitimate end users. Protection works to safeguard the integrity of the software, reassuring the end user that the software cannot be tampered with in any way. Often, it’s the end users themselves who request the software to be protected so as to
SoftwarePiracy December2014_riskuk_dec14 09/12/2014 12:38 Page 29
Software Piracy: Removing the Risk
ensure that it will not be used illegally in a working environment (an occurrence which could harm their organisation). One final myth to clear up is that any protection system can be cracked and, as such, software copy protection is useless. Indeed, the first part of that belief is true: any software protection system may be cracked, just as any lock can be picked or any door might be smashed. However, the aim of software copy protection is to provide protection for a reasonable period of time. Software cannot be protected forever, but it can be protected long enough (ie until a new version of the product is released). This new version should be protected again with a system that was also improved in parallel, thus assuring a long and profitable sales life for the safeguarded application.
Challenge for software vendors As software pirates continue their attacks, companies are forced to spend additional time cycles and effort patching and plugging their products to defend against those that might steal them. With every cycle that passes, software pirates become more sophisticated and their vectors of attack harder to spot and defend against, especially with the skills required to do so becoming ever-more specialised and scarce. Software vendors are feeling the pressure from all sides. Customers demand everincreasing levels of capability from the products they deliver. As budgets strain, they rightly demand more compelling reasons to upgrade or switch from platforms they’re already using. At the same time, the advent of Software-asa-Service (SaaS) and the drive towards delivering software in a ‘Pay as you Consume’ format demands that vendors re-evaluate their delivery mechanisms and business models. For many vendors, this means expanding the time it takes to re-engineer their code in order to enable the provision of the product. This has to happen not only in a reliable and scalable manner in the cloud, but also in a fashion which fully enables them to monetise the capabilities that the software product offers. As you can imagine, this is no small task. As packaged and downloadable software makes way for cloud-based software delivery, what will the counterfeiters do? In what is an underground industry now estimated to be
worth around $63 billion (in terms of the value of commercial software), it seems unlikely they will pack up and move on. Rather, the counterfeiters’ pirating techniques will simply keep on evolving.
Can we prevent software piracy? In order to stop software piracy, we need to look towards software licensing. The problem is many software vendors shy away from software copy protection due to fears that it makes that software more expensive. In truth, this cost is negligible when compared to the losses incurred by developers through software piracy. By protecting their software – and thereby increasing their revenues – developers can afford to supply better software at competitive prices. For those software vendors who do proactively protect their software, this doesn’t mean they are fully protected against the evergrowing hacking attempts that can compromise their application’s security. A common misconception is that once a certain application is protected and distributed, it’s then completely ‘bullet-proof’ against software piracy and Intellectual Property (IP) theft. It’s crucial that software vendors work with the licensing vendor and/or a copy protection vendor to constantly update and improve levels of security. Simply incorporating innovative protection and security measures as part of the product lifecycle can greatly contribute towards vendors being steps ahead of potential threats.
“As software pirates continue their attacks, companies are forced to spend additional time cycles and effort patching and plugging their products to defend against those who might steal them” 29
www.risk-uk.com
SecuringTheMobileWorkforce December2014_riskuk_dec14 09/12/2014 12:11 Page 30
Remote control The challenge of providing secure remote access to corporate networks and data is becoming a far tougher process for companies to manage. In reviewing the results of research into mobile working practices, Nicholas Banks also focuses on the key areas to be addressed by IT and Security Departments if fines and reputational damage are to be avoided or many of us, working away from the office isn’t a new phenomenon. However, recently published research into mobile working shows that companies are still struggling to equip employees with the flexibility needed to take their work away from the office without jeopardising data security. New and disruptive technology developments as well as the evolving and sophisticated nature of cyber attacks mean that new vulnerabilities are ever present. As employees take more and more data outside of the enterprise, it’s fair to say these risks are only set to escalate. That being the case, the challenge of providing secure and remote access to corporate networks and data is becoming a far tougher process for companies to manage. Indeed, the results of our cross-industry research1 highlight the alarming extent to which employees are taking unsecured business data away from the office, often without their employer’s knowledge, and then losing that data in public places.
F
Nicholas Banks: Vice-President of Sales (EMEA and APAC) for Imation Security’s IronKey Solutions
Data not adequately protected It seems that there are still not enough hours in the day, with over one third of respondents working remotely in order to manage their heavy workload. The majority of these individuals are using their own personal devices, such as laptops (46%) and smart phones (34%) rather than company devices when working on confidential business files and e-mails away from the office.
30
www.risk-uk.com
Even though employees are using their own devices for work purposes, with one-in-five providing their own security measures, only a relatively small proportion (19%) see themselves as ultimately being responsible for keeping work data secure. Organisations really need to be in the driving seat when it comes to protecting their networks from the additional risks brought about by an increasing use of personal devices in the workplace. Although as many as three quarters of respondents to the survey take digital files out of the office, a large proportion of this data isn’t protected from unauthorised access using standard security measures such as encryption, password protection or remote wiping. Almost half of the interviewees suggested that data taken outside of the office is never encrypted and three out of ten don’t use password protection. This leaves organisations as sitting targets for cyber criminals and potentially vulnerable to security breaches. So strong is the need – or desire – to take work away from the office environment that some employees find themselves breaking remote working policies in the process, with over a quarter of respondents admitting to breaching corporate policy at some point. Having said this, the majority do so unknowingly, suggesting that employers are simply not doing enough to explain these critical policies to their employees. It’s perhaps unsurprising that so many companies are blind to data loss, and therefore aren’t taking the necessary steps to minimise the damage that could result from a potential data breach. This apparent lack of focus on security could explain why such a significant proportion (one third) of respondents have lost or had a device stolen in a public place. Thankfully, most respondents (61%) would tell their boss if this happens. However, a significant number of employees would do nothing, suggesting they could be worried about disciplinary action or feel that losing company data isn’t really that important. Either way, this group poses a
SecuringTheMobileWorkforce December2014_riskuk_dec14 09/12/2014 12:12 Page 31
Securing the Mobile Workforce
significant risk and needs urgent training, as well as being provisioned with the necessary security tools.
Working in public spaces Although the most popular place for working remotely is at home, public areas such as pubs, cafes and restaurants (22%) and on public transport (29%) have also become commonplace environments for working on company e-mails and electronic documents. Where employees work in these shared spaces, they’re far more likely to be vulnerable to data and device loss when compared to those occasions when they’re present on company premises. The survey shows that three quarters of lost or stolen devices – such as laptops, mobile phones and USB sticks – contain confidential e-mails (37%), files (34%) and customer data (21%), with a significant number of employees also losing financial data or login and password information (potentially exposing even more intellectual property to the risk of a data breach). However, many employees seem unconcerned about losing this confidential business data, with only one-in-16 worrying about it.
An issue of responsibility Although employees acknowledge they’re accountable for keeping company data secure when working remotely (with one-in-five providing their own security), few respondents to the survey seem fully mindful of the risks and implications when they don’t. This lack of awareness and responsibility highlights an urgent need for company IT Departments to take better control of the situation by equipping employees with the right tools and processes to work away from the office. A significant number (18%) of respondents place the burden of responsibility entirely on their employer, but most (around half of respondents) feel that securing company information has to be a shared responsibility between employees and their employer. As many as 41% of employees claim they either don’t have the right tools to work remotely or feel that those available could be improved. Only a relatively small proportion (less than six out of ten) reported that their company even has a remote working policy in place, which is concerning when so many employees are working on company e-mails
and documents in cafes, at the park, on aeroplanes or at the gym. Even when a policy exists, it seems these aren’t being effectively communicated or enforced. From the moment employees join the organisation, the IT Department should ensure that they are given ongoing and comprehensive training about working procedures while away from the office. IT Departments need to provide fullyencrypted and password-protected devices that can be used outside of the office. Whether data’s in transit or at rest, encryption is vital in terms of safeguarding that all-important confidential company information. Encrypted devices need to be closely managed and tracked to ensure that, if data integrity has been compromised in any way, this compromise can be identified and the device remotely wiped. With so many personal devices being used to take company files out of the office, the dividing line between work and personal environments is becoming increasingly blurred, leaving employees more susceptible to a security breach and also increasing the risk of them losing their own private files and data. For their part, employees must be given a means of separating work and personal data to minimise the risks involved.
Reference 11,000 online interviews were carried out during summer 2014 by Vanson Bourne (an independent specialist in market research for the technology sector) involving office workers in businesses playing host to at least 250 employees. 500 of the respondents work in the UK and 500 in Germany. 80% of interviewees had to be working remotely for at least part of their working week. Respondents to this research survey came from a range of industry sectors
“Organisations must be providing a comprehensive framework for employees to work securely away from the office, with the right tools, security policies and training in place to ensure that data cannot be compromised if it should ever fall into the wrong hands” 31
www.risk-uk.com
Project2_Layout 1 08/12/2014 17:10 Page 1
innovation through experience
Innovative Intelligent Detection Apollo Fire Detectors Discovery range, offers total reassurance each time, every time. • Five approved levels of detection sensitivity • Approved to EN54 standards • Ideally suited to large public premises
For more information visit www.apollo-fire.co.uk/discovery
SecurityGuardingSolutionsFrontCover December2014_001 09/12/2014 12:35 Page 33
December 2014
Security and Fire Management
Security Guarding Solutions Business Sector Focus sponsored by Sectorisation: Understanding and Confronting Risk Business Licensing and the Next Steps for Regulation Added Value: What Can Security Realise for the Customer? Responding to Today’s Threats: Smarter Use of Technology
Project5_Layout 1 03/06/2014 11:20 Page 1
SecurityGuardingSectorisation December2014_riskuk_dec14 09/12/2014 12:30 Page 35
Security Guarding: Sectorisation
Sectorisation: Confronting clients’ risks head on ne of the underlying reasons managers or businesses fail to embrace Best Practice in sector segmentation is their inability to manage the transition from how target markets in an organisation are currently categorised to how they might look when based on customer characteristics, needs, purchasing behaviour and decision-making. Essentially, there has to be a target market strategy that’s integral to developing an effective business strategy and delivery model. Now I might be stating the obvious here but true sectorisation is easier said than done. You need to mirror structures, have the right subject matter expertise and deliver a tailored solution based on risk as a minimum. In attempting this you have to know where to start. Risk is an interesting area. In addition to the obvious day-to-day challenges we face in our industry, the term ‘Risk’ could be seen as somewhat different to five years ago and will likely be different again in another five years. Today, reputational risk sits high on the agenda for the C-Suite. A reputation crisis only truly occurs when stakeholders change their expectations and behaviours: customers stop buying, employees leave, vendors lose interest in servicing and regulators/litigators pile into the fray. Adding insult to injury, culpability and public opprobrium land on directors and chief officers. For them, the stain of a reputational crisis can be both personal and permanent. Understanding how to help manage expectations is all about governance, the approach to operations and risk management demonstrating that employing sector experts results in higher quality service delivery and stronger relationships with individuals taking a greater ownership. All of this results in a more professional industry which will attract and retain a more appropriate and skilled talent benefiting us all in the longer term while also cultivating a better-regarded career path.
O
Convergence: IT and Physical Another major risk topic is convergence – IT and physical. At Mitie Total Security Management we’ve remained vocal around the future and how data capture should be used in identifying trends which will help shape security strategy and resilience measures. Without a trusted sector specialist close to the organisation understanding the intricacies and idiosyncrasies and having gained the trust of more than one stakeholder in that company,
Sectorisation is a commonly used term in the security industry, but is it just a badge of convenience for some or an absolute belief? As Jason Towse outlines, understanding sectors is all about understanding different facets of risk as well as the various stakeholders, structures and languages in play it’s fair to say that physical and cyber security cannot be integrated. Similarly with counter-terrorism intelligence, communicating this effectively so it’s fed through to the right people and threat and impact is understood needs a specialist to be the conduit towards providing a meaningful inference to the mass of information available. Sectorisation means an investment in specialists who understand the specific environments of our clients and their consumers. This comes back to having the flexibility of service offering that meets clients’ risks – all identified through data driven by technology and which allows for integration. This will establish the UK’s security industry as a sustainable and forward-thinking sector. A straightforward process can be derived and applied, enabling organisations to practice market segmentation in an evolutionary manner and facilitate the transition towards customer-led requirements. This process also ensures commitment from the managers responsible for implementing the eventual bespoke delivery model.
Jason Towse: Managing Director of People Services at Mitie Total Security Management
35
www.risk-uk.com
SecurityGuardingBusinessLicensing December2014_riskuk_dec14 09/12/2014 12:14 Page 36
Security Guarding: Business Licensing and Regulation
Business licensing: “We need the facts” Peter Webster believes there’s a lack of hard facts regarding the supposed need for business licensing and that widespread ignorance about its financial implications could be disastrous for security companies
Peter Webster: CEO of Corps Security
36
www.risk-uk.com
n 30 June 2014, Lord Taylor of Holbeach stated that the Government expects the introduction of the statutory licensing of private security businesses to come into force in 2015. With a number of industry professionals sceptical about the benefits of this move, the pro-business licensing brigade – including the Security Industry Authority (SIA) – has been economical with the facts about why it’s necessary and what it will really cost. It’s claimed that business licensing and regulation will support those organisations that have been through relevant checks and due diligence, and can demonstrate that they are ‘fit and proper’ to supply security industry services. To qualify for an SIA business licence, an organisation must comply with issues surrounding identity, criminality, financial probity, integrity and conformance with relevant British Standards. The Regulator states that this licensing will give businesses more responsibility for the individuals they employ while achieving a reduction in the regulatory cost and burden on the private security industry as a whole. Having crunched the numbers, we estimate that business licensing will cost Corps Security around £50,000 a year. We’ve had no indication of the corresponding reduction in the individual licensing costs. Corps Security currently pays around £150,000 a year in licensing fees, so the individual licence reduction must be at least 33% in order for us to be cost neutral. For those companies, unlike us, that don't currently pay their employees’ SIA licence fees, the costs will come as a huge shock. Furthermore, the additional bureaucracy, time, inconvenience and uncertainty business licensing will cause realises a cost that, like other organisations in our industry, we may have to try and pass on to our customers. Not
O
surprisingly, they will be highly resistant to increased charges for security services, so it could mean that those who demonstrate continual improvement via the Approved Contractor Scheme (ACS) might decide to withdraw from it in order to save money.
Motives behind the move It’s important to carefully examine the motives of the bodies helping to push this legislation through and who claim to be doing so in the best interests of the security industry. Up until now, the SIA has been good at making sure that only those who should work in the security sector do so, yet its Strategic Consultation Group which has worked to introduce business licensing only has 31 members – less than 20% of whom actually operate security companies – while 26% are SIA officials. Therefore, that Group cannot really be considered representative of the industry and those working on the ‘front line’. Even so, the new SIA chairman Elizabeth France CBE has vowed to be ‘audacious’ and is determined to push regulation as far as possible. This means the SIA will do everything it can within the statute to move forwards in the direction that it believes the industry and ministers wish it to travel. How, though, does the SIA chairman know in which direction the industry wants to travel? From the Strategic Consultation Group alone? At a recent event, Elizabeth France said: “The SIA should be working with you to ensure that, between us, we take responsibility for raising standards, but maybe the balance between us, as the industry becomes more mature and we understand our role as a Regulator better, is that more of it is done by the industry with the regulator helping and supporting.” This provides a clear indication of an intention to increase the administrative and compliance burden on the industry. What we need are hard facts and until we have them our industry representatives should not be giving any support to these poorly communicated proposals. The needless introduction of two layers of licensing will simply mean the loss of the ACS scheme that adds value on purely cost grounds for one that has no impact on improving security services whatsoever. As a result the industry will suffer. It’s time for the industry to make its voice heard about keeping the existing licensing scheme. Who’s with me on this matter?
Project2_Layout 1 08/12/2014 17:11 Page 1
SecurityGuardingSocietyandSecurity December2014_riskuk_dec14 09/12/2014 12:32 Page 38
Security Guarding: Responding to Margin Erosion
What does society want from the security industry? At a time when policing numbers are falling, threats posed to our safety are increasing and margins for security companies remain low, how should solutions providers react? Andrew Melvin believes it’s time for the smarter use of technology and a greater focus on specialisation
Andrew Melvin: Business Development Director (UK) at Pilgrims Group
38
www.risk-uk.com
e’re living in a period of increasing threats to our security and safety, with a clearly identified move in the UK threat level from ‘Substantial’ to ‘Severe’ meaning that a terrorist attack is now highly likely. The stance adopted by the Government is further supported in briefings by the Home Secretary, Theresa May, who states that while many attacks have been prevented, the threat is still clear and extremely serious. Indeed, Prime Minister David Cameron has said that we now face the “greatest and deepest threat” in the nation’s history. With decreasing numbers of police officers and enhanced levels of fraud and cyber crime – which is ranked as a major threat to our National Security Strategy – businesses and individuals face uncertain dangers. Many simply ‘bury their heads in the sand’, perhaps through a lack of knowledge. For others, it’s simply a case of not having the time to deal with all of the potential risks. Most people should have an expectation of living a normal life and are rarely exposed to the horrors of terrorism, fraud and cyber crime. However, with the daily media concentration on bad news, members of the public face everincreasing anxieties about these threats regardless of their own personal experiences. Over the last decade, our industry has witnessed eroding margins, seemingly accelerated since the financial crisis of 2008. The unintended consequence of this can be seen in the general reluctance towards – and reduced opportunities for – investment in security personnel or client partnerships. The reducing margins that suppliers are having to
W
contend with in highly competitive tendering procedures coupled with the limited profitability of many security businesses ensures a ‘perfect storm’ of very low profits, minimal investment and, in the case of some companies over the last few years, a struggle to even continue trading. The really damaging effect of low margins is a lack of investment in personnel, little or no training, reduced morale and, ultimately, a reduction in performance – and, therefore, an increase in risks. Other than for client-specific training requirements, it’s extremely difficult to provide ongoing security-related instruction and education as removing personnel from their work environment is prohibitively expensive unless paid for by the client. Given the downward spiral of margins in contract procurement, this latter scenario seems unlikely in most instances.
Responding to margin erosion In the best case situation, margins within the security industry will stabilise but further margin erosion is the more likely outcome. How should the private security industry react? Achievements could be realised through reducing overheads, the smarter use of technology and/or working more efficiently along with specialisation in a wider range of security services. This broader range of security services could provide a platform for continued security specialisation with the advantages that stem from a co-ordinated protection of assets and people derived by a single source of security expertise working closely in support of the police service and offering a complete package of risk management with a variety of highly specialised employees operating at an international level. For other security companies, the way forward may involve offering a wider range of FM services, either through taking on additional non-security related services or being acquired by larger organisations, be they FM or securityfocused in nature. Looking to the future, it’s inevitable that the private security industry is likely to witness the growing use of technology, including the miniaturisation of drone and surveillance equipment along with the smarter use of increasingly capable software which is likely to see the numbers of security personnel reduced or, at the very least, not increasing.
Project2_Layout 1 08/12/2014 17:18 Page 1
What security feels like. For over 150 years, Corps has been a byword for discipline, integrity and reliability. Today, Corps Security helps ensure the safety and well-being of many of the City of London’s leading businesses and the people who work in and visit them. Clients value the dedication that Corps Security’s officers bring to the job. They also rely on its state-of-the-art remote monitoring service, and appreciate the hands-on approach of its managers. Above all, clients prize the expertise that comes only through specialisation. Leaving them free to concentrate on their business - knowing that their people and property are safe.
Tel: 0800 0286 303 www.corpssecurity.co.uk 85 Cowcross Street, London, EC1M 6PF
Corps |kôr| noun ( pl. corps |kôrz|) ‡ VSHFLDOLVW SURYLGHU RI VHFXULW\ HPSOR\LQJ LWV H[SHUWLVH IRU WKH EHQHILWV RI OHDGLQJ RUJDQVDWLRQV DFURVV WKH &LW\ RI /RQGRQ ‡ HQVXULQJ WKH VHFXULW\ VDIHW\ DQG ZHOO EHLQJ RI FXVWRPHUVœ SHRSOH DQG SURSHUW\
&RUSV WKH GHILQLWLRQ RI VHFXULW\ Tel: 0800 0286 303 www.corpssecurity.co.uk 85 Cowcross Street, London, EC1M 6PF
SecurityGuardingAddedValue December2014_riskuk_dec14 09/12/2014 12:14 Page 40
Security Guarding: The Concept of Added Value
What can ‘Security’ bring to the party? The modern approach to security provision has evolved to such a degree that, as David Ward states, even when security has not been built-in to an estate and is applied retrospectively, specialist companies can still help their clients to better plan and ensure that assets are used to their maximum effect
David Ward: Managing Director of Ward Security
40
www.risk-uk.com
n all things, an holistic approach is the correct one to adopt when addressing a challenge or project. Having a complete view on a situation and making planning decisions accordingly will ensure the final outcome is ‘fit for purpose’ and future-proofed. There’s another big benefit to an holistic approach – value. Only through a complete view of a situation or challenge can you truly plan for efficiencies and extract the maximum value from your investments and assets. This way of thinking applies as much to security as it does to anything else. The historic shortfall of security is that it has traditionally been applied in a ‘piecemeal’ fashion. For too long it has been a ‘bolt-on’, employed where and when necessary and often fitting around the premises, organisation or situation. The exact same can be said of other areas such as energy efficiency, whereby energy efficient measures have been retrospectively applied. In all honesty it’s not a failure of security, but more a failure of previous generations to understand the importance of future-proofing and holistic planning. Modern buildings and estates are being designed and built to incorporate key functions such as energy efficiency, IT, communications and security. Today, architects are designing structures with these functions in mind, so while the necessary infrastructure is discreet, it’s also easy to access and effective. For instance, wiring is where it needs to be while communal areas are designed with clear lines of sight for monitoring – and all the while without impacting negatively on aesthetics or
I
other functions. For older buildings and estates, though, bolt-on will remain an inconvenient necessity.
Using assets to maximum effect The security offer itself has broadened to encompass additional tasks and services. Through a more comprehensive and technologically advanced service, security has become holistic in nature. Technology itself has been a key enabler in this security evolution. The latest security measures have become so advanced that they can overcome many, if not most of the obstacles presented by older and more complex estates. Again, planning is the key to effectiveness. The correct technologies need to be applied in the correct way and with a global view towards the overall security stance. People and service complete the picture. Today’s security companies deliver more than merely security. They become an integral part of the organisation and offer more than site monitoring or reaction to unforeseen situations. The modern security service exhibits more of a managerial approach to the discipline whereby security staff act as ambassadors for the client company, welcoming visitors and trades and helping to ensure that they know where they’re going and are subtly ‘managed’ during their visit. Here, security has a better view of who’s going where and this, of course, helps to ensure fewer unexpected incidents. Owners of property portfolios should be thinking of security as more of a broad service offer instead of simply security. The days of a man in a peaked cap and uniform standing at a Gate House are gone. Today’s security professional is more of a complete package and, importantly, an asset to the business or premises he or she is attending. Similarly, clients should be thinking about how security integrates in a fuller sense to the property or business. The aesthetic of a building, as well as the culture, is vitally important, especially when that building is client-facing. Security is no longer an unwelcome addition. It’s now the first thing that visitors experience. That being so, it needs to be welcoming, accommodating and helpful. Meanwhile, the physical assets of security technology need to integrate and not spoil the lines or interrupt the aesthetic. By careful planning and the correct application of technologies this can be achieved with ease.
SecurityGuardingRiskManagement December2014_riskuk_dec14 09/12/2014 12:20 Page 41
Security Guarding: Risk Management and Forward Planning
Festive Frenzies – Securing the Spirit of Christmas hristmas was different when I was a child” is a phrase we’ve been hearing from our parents for years, but when it comes to Christmas shopping, everyone agrees that things really have changed. Take a look at the scenes in many retail stores on ‘Black Friday’ which saw retail security staff outnumbered to an alarming degree by a frenzied swarm of shoppers, many of whom displayed characteristics akin to the behaviour of a herd of hungry animals. With the evolution of online behaviours and social media, it has been possible for retailers to create and spread the word about more and more shopping ‘events’ taking place both online and in stores. Further, huge numbers of individuals have now accepted a Christmas tradition of having all of their festive shopping – including their Christmas party wardrobe and contingency outfits – delivered to their places of work. This change in behaviour means that security and reception staff may see thousands more packages come through the doors in the run-up to the Christmas holiday period, with many of those items being high value electronic gifts –
C
in turn making the office space a heightened target for thieves. Many building managers enforce a zero tolerance policy, refusing to accept personal deliveries or accepting them only in the event that the recipient can immediately collect them from the delivery area. A number of office workers will simply pile items under their desks until the coast is clear to bring them home for wrapping on Christmas Eve, making the packages a target for thieves and increasing opportunities for the ‘planting’ of suspect packages. It’s essential that security companies are ‘season savvy’ and approach their clients well in advance. Risks can then be fully assessed by security providers, in turn allowing for robust crisis management procedures to be realised. Carl Palmer is Executive Chairman of CIS Security
CERTIFYING
‘Black Friday’ and ‘Cyber Monday’ are just two examples of the way in which Christmas shopping is changing and, as Carl Palmer states, placing new demands on security teams
SECURITY
The leading certification body for Guarding Services. Appointed Security Industry Authority (SIA) Approved Contractor Scheme (ACS) Assessing Body. ISO 9001 and Product Certification for Key Holding and Response Services, Door Supervisors, Static Site Guarding and Mobile Patrol Services, Event Stewarding, Crowd Safety, Security Wardens, Cash and Valuables in Transit, Close Protection Services and Security Dogs. Contact us for a free no obligation quote.
Telephone : 0191 296 3242 www.ssaib.org
SSAIB
Project1_Layout 1 06/08/2013 12:13 Page 1
Security solutions for today’s challenging times
Consultancy Operational Consultancy Manned Guarding Training Information and Intelligence Communications Support Technical Systems Equipment
Global economic pressures are forcing organisations to review expenditure across the board. But, the security issues remain the same. So, do you cut your security? Pilgrims offers a complete and complementary range of security, communications and support services, backed by an unmatched commitment to the highest level of quality, efficiency and client care, to reduce costs not cover. Our expertise and global experience allow us to deliver robust, practical solutions for today’s challenging financial climate.
For more than ten years, Pilgrims has been supporting clients across the globe, protecting and enabling their businesses to continue in spite of threats from terrorism, serious organised crime and natural disasters. Our personnel are handpicked for their experience, skills, training and personality to match the requirements of our clients. This, combined with our continual exposure to the world’s hot spots and difficult regions, makes Pilgrims the ideal choice for advice and support. Pilgrims provides a global service, with local knowledge through our employment of local personnel, quality control, continual ongoing training and our relationships with specialists and local partners.
We can help you find the right solution. Call Pilgrims on: +44 (0)1483 228 786 www.pilgrimsgroup.com
SecurityGuardingSecurityIndustryAuthorityConsultation December2014_riskuk_dec14 09/12/2014 12:31 Page 43
Security Guarding: Security Industry Authority Consultation
Mission, Vision… and Strategy The Security Industry Authority is holding a consultation to gauge the views of stakeholders on its draft Business Plan for 2015-2016 and the Corporate Plan for 2015-2018. Brian Sims reports he consultation sets out the Security Industry Authority’s (SIA) high-level draft plans and describes the Regulator’s proposed mission, vision and strategic goals. At the SIA Stakeholder Conference held in October, the Regulator’s chairman Elizabeth France CBE set out progress that the SIA had made in working closely with stakeholders to develop proposals for a new regulatory regime focused on businesses. France emphasised that the SIA is ready to take forward mandatory business licensing if and when the Government confirms its intentions and that the Regulator will not allow that question to distract it from using its existing powers in an audacious way to support continued progress towards a better, quicker and lower cost approach to regulation framed by greater business engagement. “We want to ensure that the next phase of our work reflects the views and priorities of those who buy, supply and rely on private
T
security,” explained France. “We shall consider any feedback you give us and take that feedback into account before publishing our final plan early in 2015.” Read the consultation document online at: www.sia.homeoffice.gov.uk/Pages/about-planconsultation.aspx *The consultation period runs from 4 December 2014 to 30 January 2015
New SIA-approved training courses From 1 January 2015, new courses and qualifications will be introduced for Security Industry Authority licence applicants. The new training courses have been designed in association with the security industry and stem from an earlier public consultation. Sectors covered are security guarding, door supervision, Public Space Surveillance, close protection, Cash-in-Transit and vehicle immobilisation (Northern Ireland only).
The new SIA security guarding course will contain more content on patrolling and maintaining contact and how to deal with commonly encountered incidents. There will also be a requirement for the practical delivery of searching and conflict management and the inclusion of an awareness of initiatives to fight crime. The qualification awarding bodies are now working with training providers to ensure standard packages will be ready for January 2015
SecurityforSpecialEvents December2014_riskuk_dec14 09/12/2014 12:13 Page 44
Security for Special Events
Managing security for an iconic central London venue allows no room for error. Integrated Security Consultants recently provided support for a lavish private event held at Horse Guards Parade. Brian Sims tracks the service delivery as well as the lessons learned
44 www.risk-uk.com
On Parade estination and corporate event management specialist Spectra DMC approached ISC back in March regarding its plans for a gala dinner at the London meeting of the American College of Trial Lawyers (ACTL). This was to be a highly prestigious and unique event on a grand scale, with a giant marquee erected at Horse Guards Parade and plans for 1,000 covers. Guests were to be welcomed by a choir and the troopers and horses from the Household Cavalry would form a guard of honour. Crucially, although the event was private, it would be taking place in a highly sensitive area, out in the open and right next to a major central London public road. The right security was vital in order to keep the site safe during the build-up to and during the event, but also to enhance the guest experience and ensure everything would run smoothly. The event took place on 13 September, but chosen security provider Integrated Security Consultants (ISC) was on-site 24 hours a day controlling access to the site from four days prior for the build phase until the site was clear and returned to its ‘blank canvas’ state two days later. “We had to work closely with the many different parties involved, all of whom had their own needs and expectations,” said ISC’s business development manager Paul Griffiths. “These parties included not just our client Spectra DMC but also the Royal Parks, the Metropolitan Police Service, the various event contractors and, of course, members of the public.”
D
As well as managing the security of the site itself, ISC provided corporate security staff to welcome guests, manage public interest and handle both traffic ingress and egress.
Planning and familiarisation process “This event was 18 months in the planning,” stated Griffiths, “and, naturally, both Spectra DMC and the ACTL had high expectations for the day. Every aspect of the event had to be perfect, from the catering and entertainment through to the security team. We spent six months planning and familiarising ourselves with the expectations of our client and ensuring full risk assessments were carried out.” Griffiths explained: “We attended planning meetings with the Royal Parks so we understood how the site operated and what to expect, advising on security requirements. The Met Police and Royal Parks wanted to ensure that all Health and Safety requirements were in place and that the site was secure at all times. We liaised with them and brought security cover forward by 24 hours to ensure that the very earliest stages of the build were covered.” On the evening itself, all access points were secured and a large crowd of onlookers had to be kept back so that all guests could be admitted during a short 30-minute window, transferring from coaches within seconds. Everything went smoothly, but there were some challenges to overcome. “These were mostly logistical,” continued Griffiths, “such as some contractor vehicles turning up without pre-registration. Another challenge was that the site is usually easily accessible to pedestrians from Horse Guards Road. Rather than just station officers along the 160-metre perimeter, we were permitted the use of crowd barriers for additional defence.” Griffiths added: “Unsurprisingly, holding such a glamorous event in a public place attracted a great deal of attention from passersby, in particular when the Band of the Coldstream Guards arrived and played several numbers. The event also coincided with the nearby Proms in the Park, which resulted in large numbers milling around in the vicinity, but this didn’t pose any problems for our team.” ISC’s success in securing this event is the result of a long history of working on other high profile events, often in spectacular venues, and a culture of listening carefully to clients’ requirements to build a bespoke service. Mark Wareing, account director at Spectra DMC, concluded: “Everyone on the ISC team was really helpful and great to work with. The security manager was totally flexible and we could just leave the team to their own devices.”
PowerSupplyContinuity December2014_riskuk_dec14 09/12/2014 13:15 Page 45
Power Supply Continuity: Bridging the Performance Gap
reater attention needs to be paid to the quality and performance of Power Supply Units for both security and fire systems. That being so, we’ve decided to highlight five key elements that purchasers/end users should be focused on to ensure the solutions they adopt are actually fit-for-purpose. While much attention is often lavished on the specification of more visible solution elements – such as CCTV cameras, DVRs and intruder/fire detection and alarm systems – the same cannot always be said for mission-critical Power Supply Units (or PSUs). In fact, PSUs are often left out in the cold as the poor relations, thrown into the mix at the very end of the installation process. This makes little sense given that security and fire systems are only as good as their weakest link.
G
Combating brownouts Leading the way in our five-point ‘Best Practice Guide’ as part of a push-back against substandard PSU specifications is that end users ought to check the solution chosen is tolerant of mains input voltage fluctuations which, if left unchecked, can result in problematic ‘brownouts’. You really want power supply units that can handle variable inputs and still maintain a standard output. Solutions are now available that can work comfortably anywhere between 90 V and 260 V.
Optimising efficiencies The efficiency of PSUs is becoming an increasingly pivotal consideration as many of today’s businesses have set themselves power reduction targets. To achieve better operational efficiencies, switch-mode technology is in a different league from the more traditional linear PSUs. Switch-mode units offer a significantly higher level of efficiency (typically 80%-87%) and, correspondingly, lower energy bills and a reduced carbon footprint for the end user.
Smaller footprint Where the end user is seeking to place a PSU unit into a confined area, they should be focusing on the type of PSU that’s more compact. Switch-mode models also score highly here as the latest versions are, typically, significantly smaller and a tenth of the weight of the older linear-style (copper-based) units.
Healthy temperature Another factor on the PSU front around which it’s worth quizzing potential solutions providers centres on the temperature at which the unit is going to operate. It should be remembered that
Bridging The Gap Ian Moore recounts some essential tips for those end users looking to bridge security and fire system power supply performance gaps
switch-mode power supplies run significantly cooler than established designs. This is underlined by the reality that older linear units are hot to the touch and, as a result, more susceptible to failure. We estimate that end users can lose half of the power that goes into a linear PSU simply due to the heat which is being radiated.
Standard of support It’s vital to confirm that any PSU selected is compliant with recognised local codes. All units should carry the CE mark and conform to standards such as EN60950-1, EN50131-6 and EN6100-6-3 when appropriate. In addition, it makes good sense for end users to ask about the level of technical support provided by the vendor and the quality of the latter’s own internal processes. Are they accredited to BS EN 9001:2008 for their quality management systems, or ISO 14001:2004 for environmental management?
No power, no system For all prospective purchasers of PSUs it makes absolute sense to take time out and complete thorough checks on the suitability of a specific Power Supply Unit. Simply throwing something in, crossing your fingers and hoping it will work is nothing other than foolhardy. There’s no doubt that the right solution can make a concrete difference to the operational efficiency and reliability of your security and fire safety solutions. By the same token, the wrong choice can lead to the prospect of unexpected downtime with no power for CCTV cameras or recording devices – and thus serious gaps in capability.
Ian Moore: Managing Director at Elmdene International
“It’s vital to confirm that any PSU selected is compliant with recognised local codes. All units should carry the CE mark” 45
www.risk-uk.com
TheSecurityInstitute'sView December2014_riskuk_dec14 09/12/2014 12:40 Page 46
Fraud and Security Risk: The Future of Convergence Who’s responsible for security risk management in your organisation? Is there a relatively simple answer? The likelihood is probably not. How do you then decide who’s actually responsible for collective security risk management? Alan Day outlines the business case for convergence imply defining what ‘Security’ is has never been easy. Security often means different things to different people and companies. Indeed, there’s often disagreement within organisations on this very subject. Traditionally, ‘Security’ is viewed as physical security and information security, but even the latter description can be somewhat confusing. Many organisations have Chief Information Security Officers (CISO) in situ who are, in the main, in charge of information security, but what about ‘non-IT’ information such as that held in the form of paper records? Yes, paper records do still exist – confidential contract information or intellectual property (which in itself is information) are but two examples. Is your CISO responsible for this type of information?
S
Encouragement of convergence For a number of years now, security professionals have been seeking to encourage convergence between the various security disciplines. Convergence of security risks is a broad
concept which covers the many facets and interrelationships of a variety of security risks confronting today’s businesses. In essence, convergence requires a ‘bringing together’ of all those with a security responsibility in an organisation to assess collective corporate risks. Proponents of security risk convergence have quite rightly identified the truism that, if you manage risks in isolation, then the probability of those risks materialising increases. However, there can be an overlap between the traditional security disciplines (such as that with information security mentioned previously). To date, this convergence agenda has tended to focus primarily on physical and information security. In truth, there are other ‘security’ risks that need to be considered. More of them anon. The move towards convergence has also recognised that risks are continually evolving, all the while increasing interdependency on processes. This is well illustrated if we take a look at ‘Cyber’. The term ‘Cyber’ is used many times as a catch-all for the threat posed to our computer and communication systems. In the real world it’s about much more than this. Cyber security addresses not just ‘things’ but also processes. For example, ‘Cyber’ includes personnel security to ensure that the wrong people do not have access to the essential parts of a given business system. To prevent such access we need employee screening to be in place. While the employee screening process is part of the cyber security function, the physical process is normally the responsibility of the Human Resources Department and yet cyber security is most likely under the remit of your CISO. Confusing, isn’t it?
Fraud risk management The situation becomes even more complex when you throw fraud risks into the mix. Fraud risk management and counter-fraud activity in an organisation is frequently separate to other security risk management procedures. Inhouse fraud teams are often part of the Finance Department or sit within internal audit teams but are not part of a security team. Ultimately, it can be argued that the commonality between fraud and security risks is such that any security risk convergence agenda should also include fraud risks. Let’s take one example – people. What are the biggest risks posed by employees to a business in the overall security arena? Some would say fraudulent activity and theft. The
46
www.risk-uk.com
TheSecurityInstitute'sView December2014_riskuk_dec14 09/12/2014 12:40 Page 47
The Security Institute’s View
world is littered with companies both large and small who’ve demonstrably failed due to fraud perpetrated directly or indirectly by employees. Employees may also collude with suppliers, falsify financial records or submit fraudulent claims. How, though, do you categorise this risk posed by members of staff? Is it just fraud? Maybe that’s too simplistic. The risks actually emanate from people. Thus a company requires robust pre-employment screening and continuing due diligence procedures to be operational on a constant basis. The situation may also involve IT security. Frequently, insiders use the IT system to carry out their fraudulent activity alongside general information such as contract documentation. Here, then, are two distinct ‘Security’ disciplines – personnel and information security – that have a direct relationship to the risk of fraud. As is the case with cyber, fraud risk management tends to be more process driven. Fraud often takes place where there may be few physical barriers that can be used to prevent such activity from occurring. For example, firewalls are essential if the fraudster is outside but tend to be ineffective if the person conducting the fraud is already on the inside of the company’s four walls.
Identifying the threats First, it’s about identifying the threats. Of course, that process can be rendered all the more difficult if your fraud and security risk management functions are conducted in isolation from each other. Let’s stay with firewalls as an example. Your IT Security Department (under the leadership of the CISO) may have excellent and highly effective firewalls in place. Its constituents may be able to report that there have been no breaches and that all’s well, but can they tell you how many attacks there have been and where these came from? Such detail is crucial. What if there has been a succession of attacks over recent weeks that then abruptly stop? Have the criminals simply given up or found another way into or around your IT systems? How would you know if you do not monitor attacks? In this example, the security of your system is sound, but vital information and intelligence is being lost and, subsequently, you may not be fully aware of the risks. This could enhance the risk posed by fraudsters.
A converged approach to risk encompassing all aspects of security (and including fraud) can help in the overall assessment of risk in terms of actual and potential threats involving the physical side of the equation, the people and the processes. Such an approach may also assist in providing a more focused view of the risks facing your organisation. In addition, this more focused approach helps to better mitigate risks by dint of using all-round knowledge of the organisation, its processes and mitigations. Having a complete overview of all security-related risks including fraud – and how they relate to the company’s operations – is essential in a world wherein the criminal makes no such distinction.
Single point of ownership
Alan Day FSyI: Fellow of The Security Institute and a Director of AKD Services
Those organisations that have implemented a single point of ownership for every aspect of the business’ security have realised the benefits very quickly. That single point of ownership may well be the CISO but, whomever it is, they must take ownership and full responsibility for the physical elements and processes in an increasingly complex environment. This will help to build confidence among senior staff, employees and stakeholders that all security risks are taken seriously and provide the authority to empower management, ensuring that all security risks are identified and managed correctly. It will also act as a deterrent to any potential criminal – be they inside or outside of the company’s walls – if they’re fully aware that there’s a joined-up approach to any risk they might wish to pose to your organisation. Importantly, the single point of ownership must have direct access to the CEO and the Chief Operating Officer. They should have a ‘Hotline’ through to the auditing function in order that they might influence the company’s internal audit plan, reviewing areas of concern and ensuring that risks are raised at the highest level (ie with the Audit Committee and the Board of Directors). We’ve been too slow to recognise that there’s an urgent need for re-thinking fraud and security risks. They do need to be converged, but not simply in terms of ‘Security’. Rather, they must be converged in line with overall business risk management and the host organisation’s overarching strategy.
“Ultimately, it can be argued that the commonality between fraud and security risks is such that any security risk convergence agenda should also include fraud risks” 47
www.risk-uk.com
InTheSpotlightASISInternational December2014_riskuk_dec14 09/12/2014 12:04 Page 48
When Diligence Is Due Whether your company is looking to carry out background checks on prospective business partners or potential future employees, there are certain rules, regulations, standards and procedures in place that must be strictly observed. Chris Brogan plots a course through what can be a legal minefield ue diligence may be defined as: ‘The diligence reasonably expected from, and ordinarily exercised by, a person who seeks to satisfy a legal requirement or to discharge an obligation’ (also termed ‘Reasonable diligence’). In terms of Corporations and Securities, we might say: ‘A prospective buyer’s (or broker’s) investigation and analysis of a target company’. If you wanted a legal definition of the term then look no further than that which resides in Black’s Law Dictionary (Seventh Edition): ‘A failure to exercise due diligence may sometimes result in liability, as when a broker recommends a security without first investigating it adequately.’ Why a legal definition? The definitions that I’ve recounted all reference checks to be made before entering into a contract. They also reference Duty of Care and, as a contract involves civil law, it’s not too great a step to consider a Legal Duty of Care. If there’s a breach of this Legal Duty of Care involving negligence or recklessness then the individuals involved could find themselves in the criminal domain. Hence the requirement for a legal definition. In criminal law, due diligence can be a defence in strict liability cases where the prosecution only has to prove the ‘Actus Reus’ (Guilty Act) and not the ‘Mens Rea’ (Guilty Mind). If the accused can demonstrate that they took all reasonable steps to prevent criminal
D
48
www.risk-uk.com
activity then this is considered to be a defence in law. The reasonable steps are not necessarily the standard of care of a particular industry, but I would suggest that standards promoted by the security industry – such as those devised by the British Standards Institution and the Centre for the Protection of National Infrastructure (CPNI) – may go some way towards convincing the Judge that reasonable steps were taken. In civil law there’s a responsibility on both parties towards an action that reasonable enquiries have been made to establish the facts that may be subject to dispute.
Running the rule over a business If dealing with a business, it seems sensible to check that it exists, resides at the address(es) provided and that you have the correct name. If you’re about to do business with ABC you should clearly establish if it is ABC Limited, ABC (London) Limited or ABC (Manchester) Limited. They are separate legal entities and not necessarily legally responsible for one another. You may want to know how long the business has been in existence and its financial details (if available). If the business is a registered company then such information can be obtained directly from Companies House (www.companieshouse.gov.uk). The process of conducting such checks is rendered a little more difficult if the target business isn’t a company. However, there are numerous commercial databases available which can provide you with information on businesses. Equifax (www.equifax.co.uk) and Experian (www.experian.co.uk) are but two of them. They can also offer details of any litigation against a given company. Other good sources for litigation are the Registry Trust (www.trustonline.org.uk) and the Ministry of Justice (www.justice.gov.uk). The British and Irish Legal Information Institute (www.bailli.org) is an excellent source for court cases considered to be ‘in the public interest’ and which may have set legal precedents. LexisNexis (www.lexisnexis.co.uk) not only provides access to legal cases but also newspaper articles from sources that often cannot be found on the Internet. These databases are fee paying but your company is likely to already have accounts with them. Unless you have the correct legal company name before you, you could well be performing your due diligence on the wrong concern which could result in erroneous conclusions. You’ll garner the correct name from Companies House and the legal databases mentioned.
InTheSpotlightASISInternational December2014_riskuk_dec14 09/12/2014 12:04 Page 49
In the Spotlight: ASIS International UK Chapter
Remember... When it comes to information sourced from the Internet and/or newspaper articles, you cannot be absolutely sure that the name has been accurately recorded.
Checks you may not have considered Are you aware that businesses providing an investigation service for you are required by the Information Commissioner, Christopher Graham, to notify his office that they’re providing such a service? If they don’t notify then they’re likely to be committing a criminal offence under Section 17 of the Data Protection Act 1998. This rule would also apply to that former colleague of yours to whom you may wish to sub-contract the occasional investigation. Checking is an easy procedure. Simply visit www.ico.gov.uk and click on the Notification Register. If you sub-contract any work that involves the processing of personal data it’s your organisation’s responsibility to ensure that the sub-contractor is appropriately qualified and trained to do so. This requirement is contained within Principle 7 of the Data Protection Act. Make no mistake here. You are liable for any breaches committed by your sub-contractor. Your defence could be that you did carry out sufficient due diligence. Make sure that you include this procedure as a requirement in your contract in line with the seventh principle of the Data Protection Act. In May 2011, the Organisation for Economic Co-operation and Development (OECD) issued guidelines to the EU’s Member States that corporations in those countries should investigate any partners with whom they do business to ensure that they don’t abuse people’s Human Rights. Those guidelines may be found at: www.oecd.org/datacoed/43/29/ 48004323.pdf Guidelines for this type of due diligence checking may be obtained from the Business and Human Rights Resource Centre (www.business-humanrights.org). It’s suggested that if you’ve not conducted such checks then you may be jointly liable for any breaches that might occur.
Pre-employment screening The sources listed can also be used for preemployment screening of potential employees. However, where individuals are concerned you will be processing personal data so compliance with ‘The Privacy Laws’ (‘The Security Industry and The Privacy Laws’, Risk UK, September 2014, pp26-27) is of paramount importance. Although useful, BS 7858 2012 and the CPNI guidelines on pre-employment screening don’t
carry the same weight in an employment tribunal or a Court of Law as the free guidelines provided by the Information Commissioner’s Office entitled: ‘Use of Personnel’s Personal Data’. If you sub-contract this process you must ensure that your sub-contractor has more than a passing acquaintance with ‘The Privacy Laws’. Again, you’re going to be held responsible for any breaches that might occur. Consider what’s required on a normal job application form… ‘Please list any CCJs or bankruptcy events that you’ve had in the past five years’. Now what’s the relevance of that information for my application as a security officer with your company? Is it an integrity check? I can find no evidence – either legal or academic in nature – indicating that a County Court Judgement or bankruptcy event places into question a given person’s integrity. As relevance is a major factor in ‘The Privacy Laws’ (reference Article 8 of the Human Rights Act and the third principle of the Data Protection Act 1998), unless you can demonstrate the relevance of that question and any question in your application form to the position applied for you could be in breach of the law and so face the subsequent penalties. Be aware that ‘consent’ of the individual concerned is not going to be your ‘Get Out of Jail’ card. Consent is a most unreliable condition upon which to rely. This matter will become particularly relevant when the future Data Protection Regulations are passed in Europe. 2015 is the proposed date (‘Preparing to meet the EU’s Data Privacy Act’, Risk UK, September 2014, pp28-29).
Chris Brogan MA LLM MIBA FSyI: Partner at B&G Associates
Thoughts around relevance Let me outline some thoughts around relevance. Assume that I apply for a new job in your Finance Department. You want to know my financial history because you consider that if I’m experiencing personal financial problems then I may find your organisation’s financial issues simply too complex to deal with them. It’s worth noting that just because you want to know that certain something about me this doesn’t necessarily mean you’re entitled to know that certain something about me. The fact is your current or future employees’ rights do not suddenly stop when they enter the factory gates in the morning or push open the front door of the corporate headquarters. Make sure you don’t breach those employees’ rights because, as many companies have found to their cost, it can be an extremely expensive mistake to make – and that’s before taking into due consideration any corporate governance implications.
49
www.risk-uk.com
Project2_Layout 1 09/12/2014 13:30 Page 1
riscogroup.com/uk
VUpoint Live Video VeriďŹ cation Available Now! LIGHTSYS 2 TM
AS VOTED BY
SECURITY INSTALLERS
Utilising RISCO IP cameras and cloud connectivity, y,, our highly cost effective VUpoint solution is designed for use with our award winning LightSYS™2 and Agility™3 intruder alarms. Live video upon event and on demand Multiple triggers from detectors, events, safety, panic and more Simple plug & play installation with no specialised training required To watch our short video about VUpoint
TEXT VUPOINT to 60777*
RISCO Group would like to wish our customers and colleagues a very...
đ ą Z a đ f V _ ; R _ 1 U _ \bđ ą[Q ą ]_
\Ä‘]R_
<RdGRÄ&#x2026;_
riscogroup.com/uk RISCO Group UK | Tel: 0161 655 5555 | Fax: 0161 655 5501 | E-mail: marketing@riscogroup.co.uk *
Texts charged at standard network rate
@riscogroupuk
riscouk
FIATechnicalBriefing December2014_riskuk_dec14 09/12/2014 11:50 Page 51
FIA Technical Briefing
ire scenarios in healthcare facilities can prove to be varied and challenging situations. Typically, they’ll involve furnishings giving off quantities of heat and, particularly, smoke (which is the primary cause of death from fires). Of course, fire detection systems are a standard requirement but, in terms of healthcare facilities, may be of somewhat limited value. The patients/residents often have little or no ability to respond to such warning systems. They may either be physically (through injury or infirmity) or mentally (by dint of age or dementia) incapacitated. The problem is further compounded due to the limited capacity of staff to be able to evacuate all those unable to do so themselves. Staffing levels are rarely high enough to carry out such arduous tasks. For a full evacuation, healthcare workers would have to rely on the arrival of the Fire and Rescue Service. That said, the time taken for a fire crew to arrive may vary as current and projected cutbacks in resources begin to bite. One of the most effective ways in which to safeguard the vulnerable members of our society is to install an automatic fixed fire protection system which would react to incipient fire and suppress it at source. The solution may be in the form of a watermist fire protection system. As the name implies, watermist systems employ water broken up into very small droplets. Although a common commodity, water holds unique properties with regard to fire-fighting. First, it absorbs a relatively large amount of heat to raise its temperature. Second, once water reaches a temperature of 100°C it converts to steam and absorbs a very large amount of heat. Third, in converting to steam water expands to 1,620 times its volume.
F
Penetrating the fire plume The characteristics described can only be exploited if and when the water is delivered in the form of small droplets with sufficient momentum to penetrate the fire plume. For example, an automatic sprinkler produces droplets of around 1 mm in diameter, with one litre of water boasting a surface area of 2 m2. In contrast, a watermist nozzle delivering droplets at around 100 microns produces a surface area of 200 m2 from one litre of water. This greatly increased surface area of the water droplets means a similarly increased ability to absorb heat and cool the surroundings, in turn significantly improving the survivability chances of those threatened by fire. This increased water droplet surface area
Watermist Fire Protection Systems: Contributing to Fire Safety also enables the droplets to capture soot particles in the ‘killer’ smoke, thus improving visibility into the bargain. The small water droplets have relatively small mass and thus remain airborne for longer, enabling them to continue to absorb heat and, at the same time, flow with the thermal air currents such that water is drawn into the seat of the fire even when the outbreak of flames may be shielded from the direct discharge of the watermist nozzles. As a result, watermist extracts heat, cools combustion gases and blocks the radiant heat transfer, in turn preventing the spread of fire. Exploiting the unique properties of water by way of its delivery via small droplets, fire suppression (and fire extinguishment where flammable liquids are involved) can be achieved with significantly reduced quantities of water when compared with other waterbased fire suppression systems. The benefit is realised in reduced water damage and less time and effort to restore a given premises for re-occupation when there has been a fire event. It also follows that the watermist system pipework is smaller and less obtrusive while the size and space requirement for general water supplies is similarly reduced.
One of the most effective ways in which to safeguard vulnerable members of our society is to install an automatic fixed fire protection system which would react to incipient fire and suppress it at source. Bob Whiteley reviews the adoption of watermist fire protection systems in healthcare facilities
System basics and benefits For healthcare facilities where ordinary combustibles are present, installed watermist systems use automatic nozzles fitted with quick response frangible elements. Each nozzle will respond independently to the heat from a fire in its incipient stages. Watermist is only discharged to the seat of the fire. In practice, the flow of water activates the water supplies and signals a ‘fire’ alarm. Nozzles are fitted into small bore pipework which is hydraulically designed to ensure the reduced water flows are delivered at the required flow and pressure to any given fire area. The pipework is connected – via a control valve – to dedicated water supplies usually comprising one or more small pumps and a water storage tank. In essence, the benefits of a watermist fire suppression system are as follows: • Provides effective fire suppression • Discharges small quantities of water • Renders conditions in the vicinity of the fire survivable for longer through cooling of the fire and the surrounding environment
Bob Whiteley: Chairman of the Fire Industry Association/British Automatic Fire Sprinkler Association Watermist Group
51
www.risk-uk.com
FIATechnicalBriefing December2014_riskuk_dec14 09/12/2014 11:50 Page 52
FIA Technical Briefing
• Soot particles from the smoke are entrained, thereby improving visibility • Safe for people and the environment • Minimal contamination • No harmful residues
How easily can watermist be fitted? One of the key issues for protecting existing premises is the practicality of installing watermist (or, indeed, any other fire protection system), including the feasibility of doing so without disruption or displacement of the residents. This is critical for those healthcare facilities where the elderly and/or infirm reside. During the 2011-2012 retrofit of watermist systems in the Katriina Hospital in Vantaa, Finland, eight patient wards – as well as daytime operating theatres, the geriatric outpatient facility and neighborhood Health Centre – were well protected without affecting the 24/7 operations of the hospital. In 2008, the 15,000 m2 Pikonlinna Hospital (this time in Kangasala, Finland) was refurbished and fitted with automatic watermist fire protection covering four wings, each of them six stories high and providing senior care and a nursing home. Mist systems are also recognised by major insurance companies. Factory Mutual, for example, has dedicated a specific section of its standards to the engineering of watermist systems as well as setting out representative fire test protocols to establish the design basis for mist systems. Other international bodies such as the Loss Prevention Council here in the UK and Germany’s VdS have established test and approval protocols.
Standards to be observed While the marine industry was first to the table with IMO design and test protocols, the National Fire Protection Association (NFPA) in the States then created NFPA750. For its part, Europe has a Technical Specification (TS14972). The British Standards Institution has issued the DD8489 Series: ‘Guidance Documents for Commercial and Industrial Fixed Watermist Firefighting Systems’. These are now in their final stages of being updated and converted to full British Standards. Once published, the standards will increase the recognition and acceptance of fixed
“Prospective buyers and/or specifiers are entitled to view test reports in order to substantiate the viability of any watermist protection proposal designed to cover their facilities” 52
www.risk-uk.com
watermist fire protection systems for the protection of life and property. All of these standards and approval bodies have a common basis for the design of watermist systems – the need for representative fire tests carried out by independent laboratories. Each watermist manufacturer must have both their nozzles and proposed design layout performance verified by way of fire testing before they can be translated into a validated project design manual for that specific application. Prospective buyers and/or specifiers are entitled to view test reports in order to substantiate the viability of any watermist protection proposal designed to cover their facilities. A typical case in point is the Isala Clinics in Zwolle, Holland. These comprise 104,000 m2 of offices, research laboratories, treatment rooms and nursing wards spread over four buildings. They’re all fully-fire protected thanks to automatic watermist systems that meet the Dutch regulations. Finding companies with the necessary experience and expertise in engineering watermist fire-fighting systems is easy as they will be members of major fire industry Trade Associations such as the Fire Industry Association and the British Automatic Fire Sprinkler Association. These associations require their members to hold BS ISO 9000 quality assurance schemes with independent third party auditing of all design and installation procedures.
Valuable contribution to fire safety Successfully tested for the protection of various zones within healthcare facilities, watermist systems would operate automatically in the event of a fire scenario with one or more nozzles in the immediate vicinity of the flames operating by means of a heat-sensitive, quick response bulb located in each nozzle. While these bulbs are similar to those found in automatic sprinklers, the water quantities delivered and the fire suppression mechanisms deployed are different. Watermist systems are not sprinkler systems, then, but they do provide a valuable addition to the ‘armoury’ of fire and safety professionals serving the healthcare sector. Fire risk assessments for healthcare facilities are likely to identify that staffing levels – most notably at night – may be too low to carry out evacuations of all those at risk in the event of fire breakout. One of the most effective means of ensuring the safety of staff, patients and the attending fire service personnel is to fit (or indeed retrofit) a fixed watermist system.
Project2_Layout 1 09/12/2014 13:58 Page 1
Available Now!! SA66 & DA66 Two new revolutionary electric locks that solve all the issues with transom fitting and Side loading on both single and double action doors. Issues with shear locks, and solenoid bolts are problems of the past. • • • • • • • • • •
Releases under side loads in excess of 100kg (PRen13637) Holding force of 1000kg 10mm thick solid stainless steel bolt 13mm bolt projection Pulls door closed if misaligned by up to +/- 8mm Fail safe/fail secure Bolt stays retracted until door is closed to eliminate bolt noise Door and bolt position monitors Surface housings available for both timber and glass mounting Fire rated BS.476.Part 22-1987
www.secure-access.co.uk Tel: 0845 1 300 855 info@secure-access.co.uk
SecurityServicesBestPracticeCasebook December2014_riskuk_dec14 09/12/2014 12:36 Page 54
Secure transition to civilian life With 2014 marking the centenary of the outbreak of World War I, the long-term impact of war and conflict on those fighting at the front line has once more become part of the nation’s collective consciousness. Trevor Elliott discusses the career challenges often faced by those leaving the Armed Forces and the opportunities presented to them by the UK’s private security industry ore than 20,000 skilled and experienced individuals exit the Armed Forces every year and, for many among this cohort, leaving behind the unique structure of forces life can be a challenge, particularly when it comes to making the move towards a new career on Civvy Street. The presently challenging job market and specific requirements set out by employers and recruitment agencies can make the transition to civilian life both difficult and stressful. While figures from the MoD show that 96% of ex-Armed Forces employees are re-employed within six months, some former services personnel fail to land the job they want because they find it difficult to demonstrate to potential employers exactly how their military experience is relevant to a civilian role. Careers within the private security industry have long been a popular choice for ex-Armed Forces personnel, as many roles within the industry enable service leavers to transfer particular skills they’ve gained in the military – among them responsibility, diligence, conflict management and communication – into their
M
new career. Many leavers – such as trained engineers and technicians – are highly capable individuals with sound experience of cuttingedge technologies.
Suitability for security In 2013, the British Security Industry Association (BSIA) conducted extensive research into the private security industry’s perceptions of ex-Armed Forces personnel and their suitability for security roles. That study revealed some positive results. In fact, 88% of respondents reported that they either currently employ ex-Armed Forces personnel or have done so in the past. Our research showed that 92.6% of BSIA members considered ex-Armed Forces personnel to be suitable candidates for security roles, with self-discipline, motivation, an awareness of security challenges and an ability to deal with conflict situations cited among the key reasons as to why. 100% of interviewees also felt that such candidates would transition well into a supervisory role, while 95.7% agreed that managerial roles would also suit individuals with a military background. The BSIA itself employs its fair share of exArmed Forces personnel who work in a range of roles across both technical and manpower sides of the industry. From my own perspective, I served in the Scots Guards for a decade and saw active service in the Falklands War. When I left the Army in 1987 there was a career choice to make. What did I want to do? Following a lot of soul searching, a career in the security industry seemed like the logical choice for me given the wide variety of opportunities available. Very quickly, it became obvious to me that, by working hard, approaching tasks in a disciplined manner and making sure that there was a willingness to learn new skill sets, I was able to progress and develop that successful second career in Civvy Street. For me, one of the main attractions of the industry is the constantly evolving face of security. There’s always a buzz and a level of anticipation which keeps me interested and looking for the next challenge.
Supporting the transition For some, transitioning into a career in the security industry can be a difficult adjustment. However, there are organisations available to provide transitional support or training and ensure that individuals are completely ready for their new roles.
54
www.risk-uk.com
SecurityServicesBestPracticeCasebook December2014_riskuk_dec14 09/12/2014 12:37 Page 7
Security Services: Best Practice Casebook
The Career Transition Partnership (CTP) is the official provider of resettlement support for Armed Forces leavers. Discussing opportunities within the security industry, David Duffy (managing director at the CTP) explained: “Careers within the security industry are suitable for service leavers who wish to build on the experience gained throughout their military careers and move to a sector that offers opportunities matching their transferable skills and employment aspirations.” Duffy went on to state: “The CTP offers a wide range of security courses at all levels while a number of accredited training providers on the CTP Preferred Supplier list run industryrelated courses. Feedback from the organisations within the security industry who use the no-cost recruitment solution the CTP provides suggests that the skills people gain in the military, along with those personal qualities service leavers have in abundance, make them a natural fit for the various career paths on offer in the security sector.”
Expert guidance on training For those about to leave the Armed Forces, members of the BSIA’s dedicated Training Providers Section can offer expert guidance on the basic training requirements for those wishing to work in security. Indeed, they can be a great source of advice for both security companies and individuals who are looking to procure training for their roles. Courses can be taken in areas such as CCTV, intruder alarms, access control, door supervision, Control Room operations and management training. There’s a comprehensive range of state-of-the-art equipment on which individuals can learn, not to mention the sage advice of professionally qualified tutors with real world experience of the industry. Counter-terrorism training is, of course, increasingly important within the security industry, and training providers are actively involved in educating members of the British Armed Forces through a programme of apprenticeships and various courses.
Apprenticeship in Security This Apprenticeship in Security Programme has enabled individual infantry soldiers to achieve recognised and relevant qualifications which not only meet the stringent requirements of the
National Qualifications and Credits Framework but also the Security Industry Authority. Due to the fact that certification is not required to perform counter-terrorist tasks during operations, the British Technology Education Council Certificate and complementary National Vocational Qualification are designed, developed and delivered by civilian trainers/assessors possessing significant experience both from the perspective of military operations and commercial security appointments. As part of the programme, all infantry apprentices are required to demonstrate mastery of the following core knowledge-based units: ‘Working in the Private Security Industry’, ‘Working as a Private Security Officer’ and ‘Communication and Conflict Management’, in turn ably demonstrating the relevance that private security sector experience can have in the much wider context of both defence and national security roles. Qualifications like these can help to ensure that Armed Forces personnel are well-equipped and prepared for a career in the private security world once they’ve made the transition to civilian life.
Trevor Elliott: Director of Manpower and Membership Services at the British Security Industry Association
Individual learning plans Many companies operating within the security industry offer their own in-house support to assist ex-Armed Forces personnel make the transition to a role in security. From tailored inductions through to individual learning plans and mentoring, it’s clear to see that employers in the security sector are taking their role seriously in terms of helping new employees cope with life in the corporate world. Among the BSIA members questioned in the Association’s survey, employers cited the fact that ex-Armed Forces personnel can be effective when employed in a number of roles, most notably in close protection or as security officers, but also in a range of technologybased roles such as security installers, CCTV operators and in Research and Development. Thankfully, those involved in conflict in the modern age have access to a wide range of opportunities on leaving their active service. We’re extremely pleased that the private security industry is playing its part in facilitating the transition to civilian life for many of our country’s brave servicemen and women.
*To find out more about the courses offered by members of the BSIA’s Training Providers Section visit: www.bsia.co.uk/trainingproviders **Further information concerning the Career Transition Partnership can be found at: https://www.ctp.org.uk/
“Our research showed that 92.6% of BSIA members considered ex-Armed Forces personnel to be suitable candidates for security roles, with self-discipline, motivation, an awareness of security challenges and an ability to deal with conflict situations cited among the key reasons as to why” 55 www.risk-uk.com
RetrospectionFilesCommunicationProcess December2014_riskuk_dec14 09/12/2014 13:13 Page 56
Security’s second chance Cyber attacks have evolved markedly to the point where it’s now far from a good idea for security professionals to rely exclusively on point-in-time defences. Terry Greer-King examines a security model that combines big data architecture with a continuous approach to provide protection and visibility along the full attack continuum hen an individual stands before members of the Jury in a Court of Law, the presiding Judge has only one chance to determine the verdict. Double jeopardy prevents anyone from being tried twice for the same crime and so, no matter what information may come to light at a later stage, there are no second chances. Even if that individual is guilty, if not deemed to be so by the Jury they’ve escaped punishment. ‘Security Courts’ used to abide by the same rule, relying on a conviction paradigm that provided a single point in time to make sure a conviction was right. Blocking and prevention technologies and policy-based controls gave security professionals just one opportunity to pass judgment on files and identify them as being either safe or malicious. During an era when threats were less sophisticated and stealthy than is the case today, these defences were mostly acceptable. However, cyber attacks have evolved markedly to the point where relying exclusively on pointin-time defences is now far from a good idea. Modern cyber attackers have honed their strategies, frequently using tools developed specifically to circumvent the target’s chosen security infrastructure. They go to great lengths to remain undetected, using technologies and methods that result in almost undetectable indicators of compromise. Once advanced malware, zero-day attacks and advanced persistent threats enter a network, most security professionals have no way of continuing to monitor these files and take action when the files later exhibit some form of malicious behaviour. In order to be effective, our ‘Security Courts’ must evolve such that security professionals can
W
56
www.risk-uk.com
continue to gather evidence and retry files after the initial acquittal. This requires a security model that combines big data architecture with a continuous approach to provide protection and visibility along the full attack continuum – from point of entry, through propagation and on towards post-infection remediation. One of the innovations this model enables is called retrospection and it provides the ability to continuously monitor files, communication and process activity against the latest intelligence and advanced algorithms over an extended period of time, not just at an initial point in time. Retrospection offers significant advantages over event-driven data collection or scheduled scans for new data. It captures attacks as they happen. Unknown, suspicious and once deemed ‘innocent’ files can be tried again.
How does retrospection work? After initial detection analysis, retrospection continues to interrogate files over an extended period of time with the latest detection capabilities and collective threat intelligence, allowing for an updated disposition to be rendered and further analysis beyond the initial point-in-time the files were first seen. Communication retrospection continuously captures communication to and from an endpoint and the associated application and process that initiated or received the communication for added contextual data. Similar to file retrospection, process retrospection continuously captures and analyses system process input-output over an extended period of time. File, communication and process data is continuously woven together to create a lineage of activity and gain unprecedented insights into an attack as it happens. With this information to hand, security professionals can quickly pivot from detection to a full understanding of the scope of the outbreak and take action to head off wider compromises. Protections can be automatically updated so that security professionals are able to make the right verdict up front and prevent similar attacks from occurring in the future. Despite its long history in the criminal courts, double jeopardy has no place in the ‘Security Courts’. Technologies have presently advanced to the point where security professionals have numerous opportunities before them to detect and stop attacks. Put simply, retrospection is one of the latest techniques designed to afford security professionals a second chance when it comes to delivering the right verdict at the right time.
RetrospectionFilesCommunicationProcess December2014_riskuk_dec14 09/12/2014 13:14 Page 57
Retrospection: File, Communication and Process Monitoring
Predictive analytics, hidden threats Further, the only thing that you can be certain of in life is that nothing is certain. For thousands of years the human race has tried to prove otherwise. People have attempted to predict the future with tarot cards and by staring into crystal balls. It’s highly unlikely that we’ll ever be able to see exactly what lies ahead but, thanks to significant technological advances, what we can do is use our knowledge of the past and the present in order to drive a desired future outcome. In the field of IT security, today’s threat landscape is not the same one that we faced when the first PCs were introduced, but new technology creates an exciting opportunity for the security sector to strengthen its defences. This is absolutely vital in a world where cyber attacks are becoming increasingly sophisticated and targeted. It’s no longer a case of ‘If’ a network will be attacked but ‘When’. The security industry used to be able to build a specific response to a specific cyber security threat. Now, though, attackers make it their job to stay one step ahead and find new ways of avoiding detection. The lack of visibility organisations enjoy in today’s ‘noisy’ networks means persistent threats have plenty of places in which to hide. Fortunately, predictive analytics is an emerging detection capability that can help security professionals seek out any trespassers. Predictive analytics doesn’t necessarily mean seeing an attack before it happens. Rather, it’s about identifying and tracking unknown malware, wherever it may be hiding. Due to the fact that predictive technologies are in their infancy, gaining a baseline understanding of the foundations upon which they’re being developed is a good first step when exploring this new area. The following key questions can help. (1) How is the knowledge derived? An approach that’s grounded in knowing what ‘normal’ activity looks like can spot unusual behaviour on a network – the symptoms of an infection – through behavioural analysis and anomaly detection combined with advanced security intelligence. A model – derived from many smaller models and a concise representation of past behaviour – is created and used to predict how entities should behave in the future. Ideally, data is
correlated in the cloud to enhance the speed, agility and depth of threat detection. If there’s a discrepancy in expected behaviour that’s significant it’s then flagged for investigation. (2) How is the knowledge presented? For predictive analytics to be practical and usable, security professionals should look for solutions that automatically present and explain findings and recommend next steps in an easy-to-understand format. These insights give existing security teams the confidence to act upon the analysis and improve controls, protection and remediation without the need for highly-trained experts. (3) How is the knowledge used? When integrated with existing security techniques, predictive analytics can help to make defences more accurate and more capable of detecting unknown or unusual behaviour on the network. Machine learning capabilities allow a given system to learn and adapt based on what it sees and pinpoint where dangers may reside. They seek evidence of an incident that has taken place, is under way or may be imminent. Although they don’t necessarily handle security or policy enforcement, they can provide continuous intelligence to other systems – such as content-based security solutions, perimeter management or policy management solutions – so that they may find unexpected threats leading to the prioritisation of controls, protection and remediation.
Terry Greer-King: Director of Cyber Security at Cisco
“Retrospection offers significant advantages over event-driven data collection or scheduled scans for new data. It captures attacks as they happen. Once deemed ‘innocent’ files can be tried again” 57
www.risk-uk.com
TrainingandCareerDevelopment December2014_riskuk_dec14 09/12/2014 12:41 Page 58
Corporate calling Working in a uniformed environment is very different from operating in the commercial world where every penny of the investment made in security and resilience has to be justified and is often hard won against competing commercial priorities. Jeff Little examines a new training course designed for those making the transition towards roles in the security sector ith the world becoming an increasingly more volatile, uncertain and chaotic environment in which to live and work, security and resilience – in its various guises – is an industry that’s expanding rapidly and one that will continue to grow through the next decade and beyond. The security infrastructure budget in the US alone, for example, is set to approach $86 billion by 2016 and forecast to grow at a rate of 8.4% per year. Maritime security aimed at countering Somali piracy is another significant market. That’s not to mention the demand for combating a growing asymmetric threat from international and domestic terrorism nor the dangers posed from natural disasters spurned by climate change forces which are on the increase. All of these scenarios demand agile responses provided by visionary minds. In the UK, the private and corporate security sectors have grown and morphed significantly over the past decade due to economic globalisation and threats adopting an international dimension. On top of that, new technology is swiftly and continually changing the very ways in which security systems are provided at all levels. Security is second nature to anyone who has served – or is still serving – in the Armed Forces, the police service or indeed the Security Services and intelligence agencies.
W
58
www.risk-uk.com
Further, security, resilience and dealing with disaster is a way of life for those charged with managing highly sensitive documents and the control of lethal weapons and ammunition. Many will have served at the operational and tactical levels of command while some will have worked as members of the strategic ‘Gold’ command groups. Many will have deployed overseas on operational service and seen the devastating results of hurricanes and typhoons, the debris of war and the effects of pandemic disease on communities like those of East Africa. Others will have participated in major incidents in the UK or assisted with civil community-type operations, for example by helping with the terrible and devastating floods that occurred back at the beginning of 2014.
Manifesto for Professional Security One of the greatest challenges facing the security sector over the next decade will be to make security a career of first choice for young men and women leaving university and charting their futures. Individuals who find themselves at the very beginning of their career. This need has been brilliantly recognised by The Security Institute with the launch of its ambitious new plan entitled: ‘Recognised, Respected and Professional’ (‘A Manifesto for Professional Security’: The Security Institute’s Vision of The Future, pp12-14). The Manifesto recognises the need to heighten the profile of the sector. It seeks to encourage collaboration with universities, education providers, schools and careers advisors. There’s full recognition that we must identify career paths for individuals from the point that they join the industry to the very top of the profession and show that ‘Security’ can be a challenging, intellectually stimulating and exciting career. Until this aim is achieved, though, the security industry will continue to rely heavily upon personnel from the police, the Armed Forces and the Security Services moving to a second career in either the corporate or the private sectors. This transition is, of course, a logical step for those for whom security has been a part of their vocation from Day One of their careers. Such men and women have provided leadership at major incidents, dealt with the news media and harbour deep experience of resilience and disaster management at first hand. In addition, they’ve been trained to work under pressure and thrive in stressful conditions. They provide a solid bedrock of talent and experience upon which the industry depends at what is a time of significantly
TrainingandCareerDevelopment December2014_riskuk_dec14 09/12/2014 12:42 Page 59
Training and Career Development
increased threats from terrorism, natural hazards, climate change effects and, of course, potential epidemics.
Working in different worlds That said, even they don’t know it all. Working in a uniformed environment is different from operating in the commercial world where every penny of the investment made in security and resilience has to be justified and is often hard won against competing commercial priorities. Many middle-ranking and senior officers and warrant officers step straight into appointments of significant responsibility with international commitments and the reputations of major brand names at stake. Others move to defend elements of the Critical National Infrastructure where there’s a need for more sophisticated defences against a range of asymmetric, omnidirectional and multi-faceted threats. Many more move into private security companies (which used to be known as Private Military Security Companies until a change of title was deemed beneficial to their interests). Such companies have achieved great success in dealing with pirate activities, for example off the coast of Somalia. With this canvass in mind, ForcesBridge Training has constructed an intensive, relevant and threat-driven two-week training course to give such leaders a head start as they make the transition to the commercial sector. The dynamic syllabus covers all aspects of the contemporary security spectrum for the protection of employees and senior management who travel the globe. It looks at the protection of intellectual property rights as well as the physical demands of defending, for example, a headquarters building by using access control and electronic alarms.
Value of security investment Strategic thinking in their new role will be crucial for those transitioning to Civvy Street, and convincing the Board of Directors about the value of investment in security systems is covered in detail. The course will enable delegates to meet other members of their cohort beginning their journey in this growing and dynamic industry and mix with guest speakers who’ve been practising in the sector for many years. Regular update briefings will be held for those who attend while password-controlled access to the
website (www.forcesbridgetraining.com) will keep all delegates up-to-speed with new techniques as and when they evolve. In short, all delegates will become an immediate member of the ForcesBridge alumni – a group destined to become the driving force in what’s now a rapidly growing threat mitigation industry.
360-degree vision is with us The ‘Heads of Security’ or ‘Security and Resilience Directors’ of today and tomorrow will be expected – and required – to have a full 360degree vision of the industry, its strengths and weaknesses and the technical systems and tools available to them in 2015 and beyond. No matter how broadly based a service career they will have enjoyed to date, candidates cannot be expected to have more than 180-degree vision at the point at which they make their transition. Indeed, many may only boast a 90-degree specialist duty view or even less. Therefore, ForcesBridge Training has constructed a course which will provide a full and comprehensive overview of the complete security landscape. The course is dynamic, testing and up-to-date with current global developments such as the Jihadist fundamentalist threat emanating from the Mesopotamian Basin, the dangers of cavity bomber attacks and the risks posed by organic explosive devices. Delivered in central London, the two weeklong course will provide candidates with knowledge of risk management, an overview of investigation techniques and electronic security systems. It explores the relevant British and international standards, introduces the laws and responsibilities designed to prevent and reduce crime, deal with cyber attacks and counter today’s terrorist threats. The course also describes the needs of the resilient organisation that’s ready and prepared to deal with disruption to its supply chain at home and abroad, confident in its disaster management protocols and playing host to a well-practised contingency action team with a solid set of operating procedures configured to lead the company’s route back to normality should the worst case scenario ever transpire. For those yet to enter the security industry, assistance with writing a relevant CV and preparing for that all-important interview is also provided.
*The next ‘Security Design and Management’ training course will be delivered by ForcesBridge Training at the prestigious Royal United Services Institute (RUSI) in London between 16-27 February 2015. Further information is available online at: www.forcesbridgetraining.com
Jeff Little OBE MBA FSyI FICPEM: Director of ForcesBridge Training
“In the UK, the private and corporate security sectors have grown and morphed significantly over the past decade due to economic globalisation and threats adopting an international dimension” 59
www.risk-uk.com
RiskinAction December2014_riskuk_dec14 09/12/2014 13:11 Page 60
Risk in Action Axis Communications helps drive down losses at Tractamotors Automotive servicing business Tractamotors has realised a 60% reduction in losses for the retail arm of its business following the installation of nearly 50 Axis Communications network cameras at its site in Cavan, Ireland. Initially, Tractamotors investigated an upgrade to its current analogue CCTV system but, after testing a hybrid digital video recording package, the company decided to make the full switch from analogue to digital. Ciaran Murray, IT manager at Tractamotors, explained: “We felt Encom’s proposal to use Axis network cameras in tandem with Milestone XProtect was the perfect solution.” Axis and partner organisation Encom have developed a feature-rich, state-ofthe-art solution combining Axis network cameras and a Milestone XProtect video surveillance system, in turn enhancing surveillance coverage to protect members of staff, monitor Health and Safety and, importantly, reduce shrinkage across the 2.5-acre site. Over 40 Axis M32 Series fixed dome network cameras are installed in the hardware and retail areas of the business in order to minimise stock loss and reduce incidents of theft. Using Axis video encoders, Encom has been able to integrate elements of the existing analogue system into the new IP solution. Tractamotors’ shop floor has lots of aisles obscured by shelving, with no clear field of view. To address this, Axis’ Corridor Format is used in conjunction with the Axis M3204 network camera to rotate the video’s aspect ratio to a portrait view. Surveillance coverage in the store has been increased to 80%. Camera count has also increased for other parts of the site to address the Health and Safety concerns in the tyre and refitting areas of the business. All entrances and exits are now closely monitored.
Corps Security applies winning formula for Glasgow 2014 Glasgow’s hosting of the 20th Commonwealth Games in late July and early August was considered a resounding success, with over 4,500 athletes and around one million spectators converging on the city. Featuring 17 different sports over 11 days of competition, 261 different medal events took place across 14 individual venues on three compact site clusters to the east, south and west of the city centre. In January of this year, Corps Security was appointed to provide event security and related services for the Glasgow Green Precinct and nearby Holiday Inn. The former served as the venue for the finish of the
60
www.risk-uk.com
High-tech monitoring renders unmanned forecourts a viable option Remote monitoring is helping to solve the battle of manning petrol forecourts on a 24hour basis. Over a three-year period, a 73% increase in the number of unmanned forecourts monitored by Farsight Security Services appears to signify a growth in popularity for remote monitoring over staffing these often high-risk environments. Lone workers at petrol forecourts face an increasing array of dangers including fire and theft but remote monitoring can help eliminate these risks. Malcolm O’Shea Barnes, senior operations manager at Farsight Security Services, explained: “Working with technology partners and Primary Authority Partners for Petroleum Legislation, Farsight has produced an affordable and environmentally-friendly solution that can be retrofitted around existing equipment and respect national guidelines.” In 2011, only 1% of petrol forecourts monitored by Farsight used video analytics. In 2014, that number has rocketed to 69%. The remaining 31% are expected to follow.
marathon as well as the ever-popular cycling time trials and road races. Jason Taylor, Corps Security’s event sales and marketing manager, explained: “Our key operational objectives were to maintain safety and security in the immediate environment, provide support to the venue management team throughout the deployment and ensure that any live broadcasts were not disrupted. At the Holiday Inn, we were tasked with maintaining a safe environment for members of the International Boxing Federation.” A vigorous and robust recruitment process was initiated with the thorough assessment and screening of 853 potential candidates. Approximately 60 appointments were made and the selected individuals given additional event-specific training, with 23 courses completed across the UK by four trainers over a total of 1,344 hours.
RiskinAction December2014_riskuk_dec14 09/12/2014 13:11 Page 61
Risk in Action
Norfolk and Norwich University Hospital makes patient safety a top priority Norfolk and Norwich University Hospital (NNUH) is an NHS academic teaching hospital located on the southern outskirts of Norwich, and was the first new NHS teaching hospital built in England for more than 30 years. It replaced the former Norfolk and Norwich Hospital (founded in 1771) and the West Norwich Hospital. NNUH was built under a PFI scheme and opened in late 2001. It has 987 acute beds and offers a wide range of NHS acute health services plus private patient facilities. It’s also a teaching centre for nurses, midwives, doctors and therapists and plays host to the Norwich GP specialist training scheme. The hospital has always concentrated on leveraging the latest technologies. Now, NNUH has deployed one of the most advanced access control solutions available to ensure the safety and overall protection of its patients, visitors and staff. The integrated TDSi system enables NNUH managers to quickly identify all areas on site and ensure security staff can respond appropriately to, for example, suspicious individuals or hazardous conditions. Appraising the original access control system that encompassed old legacy door controllers, network and cabling infrastructure, Check Your Security used its Enterprise Audit Report tool to gather and collate a healthcare security inventory and produce a security asset register highlighting location, condition, value and system architecture design. FM concern Serco Group plc had to augment the site-wide upgrade while not compromising security and services. To help manage this challenge, Serco Group plc appointed engineering officer Steve Hewitt as project manager. Hewitt’s role was to oversee critical paths and ensure milestones were delivered on time with the correct resources for Check Your Security to upgrade the TDSi hardware and software with minimal disruption. Simon Wardle, facilities and services contracts manager at NNUH, explained: “The latest TDSi EXgarde Security Management Software 4.2 and hardware offers the hospital new opportunities to explore current market technologies and third party integrations.”
Sawbridgeworth Town Council implements IDIS DirectIP surveillance Due to theft, vandalism and anti-social behaviour, managers at Sawbridgeworth Town Council in Hertfordshire wanted to upgrade the local authority’s surveillance capability to cover shopping areas, main thoroughfares and new Town Council offices. Following a technology evaluation, they selected Sunstone IP Systems to complete the necessary installation due to the company’s “forward-thinking approach” encompassing IDIS DirectIP fullHD cameras, IDIS video management software and a digital wireless network configured to keep infrastructure and installation costs to a minimum. Sunstone has installed a digital point-to-multipoint wireless network throughout the town with link speeds in excess of 100 mbps per location. The network currently supports external DirectIP dome cameras installed on existing Hertfordshire County Council-owned lampposts and linked back to DirectIP NVRs located in Sawbridgeworth Town Council’s offices. The vandal-proof day and night cameras feature infrared, audio input and output as well as motorised varifocal lenses for ease of configuration. The cameras provide coverage of the town centre, including a major road junction and thoroughfare in and out of London, plus the new Town Council premises. The Sunstone-designed system provides Sawbridgeworth Town Council staff with a centralised monitoring capability while giving Hertfordshire Police remote access to full-HD footage in order to detect and solve crime. To date, the DirectIP solution has provided vital evidence relating to three crimes since its implementation in the late summer of 2014.
High security for first combined Dental Hospital and School in four decades Security Solutions – a division of Assa Abloy UK – has secured a contract to supply products for Birmingham Dental Hospital & School of Dentistry – the UK’s first new integrated dental hospital and school for nearly 40 years. Being a key element of the new Edgbaston Medical Quarter, the development is seen as highly strategic for the city and further enhances its reputation as a hub for medicine, learning and life sciences. The new state-of-the-art facility will house a range of services for the public including walk-in emergency dental care, oral surgery, oral medicine, orthodontics and paediatric dentistry delivered by Birmingham Community Healthcare NHS Trust. The public will access all dental services in one wing of the building with a second wing providing world class research facilities. This landmark development was granted detailed planning permission in December 2012 for the site, which is the former home of BBC Pebble Mill studios. Security Solutions has scheduled 500 timber door sets and architectural ironmongery for the prestigious project, including laminate-faced doors with painted frames complemented by Scanflex door furniture. An array of Assa products will be supplied to the project, including its high security P600 cylinders and modular rack and pinion door closers in addition to cam motion door closers that will fulfil the Equality Act 2010.
61
www.risk-uk.com
TechnologyinFocus December2014_riskuk_dec14 09/12/2014 12:39 Page 62
Technology in Focus Hoyles develops Fire Door Checker for blocked fire exits Unchecked, blocked fire exits are without doubt an accident waiting to happen and should be taken very seriously. Checking systems are an excellent idea, but many routines of this nature can fall by the wayside. With this in mind, Hoyles has developed a clever way in which to ensure fire exit doors are regularly checked and available to be fully opened in the event of an emergency. The Exitguard fire exit door alarm is a time-served favourite of security installers and end users, and has now taken on an additional role. The new facility is called Fire Door Checker and is a standard feature available on all of the keypad-operated Exitguard solutions. The Fire Door Checker can alert staff to ‘Open-Check-Close’ as soon as the building is occupied. Here, each Exitguard emits an intermittent sound while strobing. Only when the fire doors have been verified will the Exitguard sounder and strobe stop. This ensures a given door is available for emergency use, after which it resumes its normal security monitoring role. The Fire Door Checker operates via a switched signal from the intruder alarm, clocking machine, a time switch or on an independent basis. If a more frequent check is required, the time switch option will allow the end user to introduce a tighter regime of checking suitable to their exact requirements. In addition to the Fire Door Checker function, Hoyles’ Exitguard door alarm range provides a comprehensive solution for the security – and prevention of misuse – of fire exit doors. Different models provide options for battery, 12 V DC and mains power source as well as control by either keypad or key switch. www.hoyles.com
Tyco adds Compact IP Mini-Bullet camera to Illustra portfolio Tyco Security Products has introduced the Illustra 610 Compact IP Mini-Bullet camera which “provides exceptional video quality” within a small framework, making it appropriate for indoor or outdoor active surveillance situations. With 1080p resolution for crisp, clear HD video, the cameras provide various viewing angles (including a horizontal view) and a corridor mode designed to capture video in narrow hallways or other areas where the traditional landscape format will not suffice. Using a built-in IR LED, the cameras deliver video surveillance in a variety of lighting conditions. Wide Dynamic Range on these models further minimises the impact on surveillance video caused by glare. Multiple streams of H.264 and MJPEG compression ensure “excellent image clarity” with controlled bandwidth usage. A built-in micro SD/SDHC card slot enables several days of recording to be stored on a memory card. Also, when triggered, the embedded motion detection sensor in the cameras can send an alert to the operator or an e-mail to any handheld device. www.americandynamics.net
62
www.risk-uk.com
Simplifying and reducing the cost of building security with Videx Videx has launched two products in its access control range: a new standalone single door proximity access system (designated the MINI-SA2) and a low cost, multi-protocol proximity reader – the MINI-M – for Portal Plus and third party access control systems. The MINI-SA2 offers an easy-to-install and program access control solution for managing a single entrance using shadow and delete cards without the need for PC or software components. Neil Thomas, national sales manager at Videx, said: “Many buildings need access control to a single main entrance. However, currently available systems often have multiple door capability and complicated programming options using a PC. All of the MINI-SA2’s functions are contained within a reader so no external controller is needed, just a suitable power supply.” The MINI-M is a compact multi-protocol proximity reader for deployment with the Videx Portal Plus range or third party access control systems using Wiegand protocol. Typical applications for the MINI-M include access control within commercial premises, schools, hospitals and student accommodation blocks. Numerous access control systems are available with different requirements and levels of complexity but, in many cases, the readers only need to allow or deny access to proximity cards. As stated, the new MINI-M reader uses Wiegand communications protocol and is therefore compatible with many different access control systems. www.videx-security.com
TechnologyinFocus December2014_riskuk_dec14 09/12/2014 12:39 Page 63
Technology in Focus
Norbain announces partnership with Digital Barriers
The next generation AEOS Blue hardware line controller from Nedap builds on the company’s successful AEOS Security Management Platform – the first software-based platform designed specifically for security management. Now on the sixth generation of controller, with AEOS Blue it’s fair to say Nedap has once again unlocked a new realm of software-driven functionality. The AEOS Blue will deliver cost savings for both the installer and the customer. AEOS Blue is an energy-efficient, powerful hardware line consisting of door controller, door interface and power for a self-contained solution that can handle both the simplest and the most complex of security needs. Another new feature of the AEOS Blue is the completely redesigned and simplified software licensing model which makes the price of AEOS Blue more competitive than ever for its range of functionalities (including the control of air locks and revolving gates). The new software licensing model makes the calculation and design of security systems “perfect” every time.
Norbain can now offer end users the innovative SafeZone-edge video analytics app from Digital Barriers, the specialist provider of advanced surveillance technologies. SafeZone-edge is the first product in its class to deliver performance comparable to that of conventional server-based analytics. It features “exceptional” detection accuracy and minimal false alarms, yet can be installed quickly on to compatible Axis Communications cameras. SafeZone-edge is UK Government certified (under the i-LIDS scheme) and designed to protect both secure facilities and vulnerable commercial sites. In addition to reliable performance, SafeZone-edge has been designed with a “relentless focus” on ease of deployment, affordability and scalability in mind. The innovative auto-calibration feature dispenses with complex scene calibration tasks, allowing multiple cameras to be installed both quickly and without fuss. Intelligent processing ensures reliable operation, adapting automatically to seasonal and environmental conditions (variable illumination, shadows and weather, etc) that can otherwise cause nuisance alarms. In a reallife operational test conducted over the course of a week, the replacement of a VMD solution with SafeZone-edge resulted in a nuisance alarm reduction of 10,000-plus to just one.
www.nedapsecurity.com
www.norbain.com
Nedap reinvests in AEOS with next generation controllers
New loop interface and survey kit introduced for XPander range Apollo Fire Detectors has launched a Diversity Loop Interface Unit and Survey Kit specially designed for the XPander range. Connecting up to 31 XPander devices to an Apollo addressable loop, and reporting the status of each device to a control panel, the upgraded Diversity Loop Interface Unit provides increased signal integrity. Signals to and from the device are transmitted through the internal orthogonal bi-directional aerials, which require no adjustment or maintenance, allowing for easier set-up and no ongoing costs. The device is backwards compatible with previous versions, allowing for continuity of support at existing sites using the XPander range. The Diversity Loop Interface Unit is approved to EN54:17, EN54:18 and EN54:25.
The XPander Diversity Survey Kit allows a more detailed site survey to be undertaken to determine the suitability for an XPander installation and its integrity once installed. Providing details such as dB and background noise levels, the upgraded kit is more userfriendly, allowing for quicker and easier use. The new Survey Kit meets the requirements for BS 5839 Part 1 for conducting a site survey. Charles Smith, head of product management at Apollo Fire Detectors, commented: “The devices will instil end user confidence in our detection equipment, from the initial site survey through to the connection of XPander devices to the Apollo loop.” www.apollo-fire.co.uk
63
www.risk-uk.com
Project1_Layout 1 06/05/2014 17:05 Page 1
Store, manage and control keys, cards and small assets more securely and efficiently with KeyWatcher® Touch. Access is limited to authorized users, and all transactions are recorded with detailed reports available. The system will even automatically email transactional information to any user – at any time. And KeyWatcher’s convenient touchscreen makes removing and returning keys easier than ever. With our modular design and full scalability, it’s easy to see how we keep making key management better. That’s Morse Watchmans’ outside the box thinking – right inside the box.
morsewatchmans.com • 0115-967-1567
Appointments December2014_riskuk_dec14 09/12/2014 11:42 Page 65
Appointments
Robert Hannigan Robert Hannigan succeeds Sir Iain Lobban as director of GCHQ. Hannigan has been the Director General (Defence and Intelligence) at the Foreign and Commonwealth Office (FCO) since 2010. First announced back in April, Hannigan’s appointment was made following a recruitment process chaired by national security advisor Sir Kim Darroch that was open to both crown and civil servants. Commenting on his new role, Robert Hannigan said: “It’s a privilege to be asked to lead GCHQ. I have great respect for the integrity and professionalism of the staff and for what they’ve achieved under the outstanding leadership of Sir Iain Lobban.” Hannigan joined the Civil Service from the private sector, initially becoming director of communications for the Northern Ireland Office. He was then appointed to be principal advisor to (then) Prime Minister Tony Blair and various Secretaries of State for Northern Ireland on the peace process. Hannigan was also the Prime Minister’s security advisor and head of intelligence, security and resilience at the Cabinet Office from 2007 (with responsibility for the UK’s National Security Strategy).
Appointments Risk UK keeps you up-to-date with all the latest people moves in the security, fire, IT and Government sectors Chris Wisely Chris Wisely has been promoted from head of operations to the newly-created role of managing director at Axis Security (part of the Axis Group of security, reception management and support services companies). Wisely has worked in the security industry for more than 20 years and joined Axis Security in 2009 as finance director before progressing to head of operations in 2012. In the five years he has been with the business, Wisely has worked with the senior management team in further strengthening the company’s operations, including the launch of its bespoke online portal – Axis e-Connect – giving customers easy access to live reports, documentation and information about their portfolio. Wisely has also overseen a significant investment in employee training and played a key role in creating specialist teams to manage recruitment, training, compliance, contract mobilisation and Health and Safety. As managing director, a key focus for Wisely will be redefining the company’s vision and the business strategy required to deliver that vision. “We want to be viewed as the leading provider of security services in key sectors and geographies, so it’s important that we are known more widely,” urged Wisely. “We also want to be known as the best employer in the industry and have made great strides in developing a detailed training programme for our officers and management staff, allowing us to develop and retain the very best people.”
Lynn Watts-Plumpkin
Kenneth Hune Petersen
The IQ Group – which encompasses both Industry Qualifications and the Institute of Administrative Management – has appointed Lynn WattsPlumpkin to lead its allnew IQ Verify certification body. IQ Verify will specialise in the certification of management systems, products and services, and is in the final stages of UKAS accreditation to ISO 17021 and ISO 17065. Watts-Plumpkin, whose background includes significant roles at both the NSI and the SSAIB, said: “I’m delighted to be joining the IQ Group at this time. IQ Verify will be distinct in its offering. The focus will be on standards associated with corporate resilience, the investigations sector and PSC1 within the security industry. We will also be developing inspection schemes for a number of economic sectors and trade bodies.” IQ Verify began operations on 1 December.
Kenneth Hune Petersen is the new chief sales and marketing officer at IP video management software specialist Milestone Systems. Petersen will be based out of the company’s global headquarters in Denmark and, as a member of the Executive Management Team, report directly to CEO Lars Thinggaard. For the last 17 years, Petersen has worked with SimCorp, his most recent role being that of senior vice-president, head of global sales. Petersen was responsible for sales leadership in developing business across the Nordic region and also spent a decade in the States building up SimCorp’s Americas business unit. Petersen holds an MSc in Economics from Copenhagen University. “Kenneth is inspiring and passionate about leadership and building business,” stated Lars Thinggaard. “Our reputation has been derived from constantly fostering innovative solutions to meet our customers’ needs, and we’ve continually raised the bar in our industry when it comes to collaboration. Kenneth’s job is to help accelerate our growth and further the company’s reputation as a bridge-builder between our customers and technology.”
65
www.risk-uk.com
Appointments December2014_riskuk_dec14 09/12/2014 11:42 Page 66
Appointments
Andrew Osborne and David Taylor The Security Systems and Alarms Inspection Board (SSAIB) – which is celebrating its 20th Anniversary as a fire, security and telecare certification body – has recruited two new manned services assessors to join the team headed by scheme manager Stephen Grieve. The duo’s appointments come in the context of future regulation through mandatory business licensing – the most significant factor affecting the security industry since the Security Industry Authority introduced individual licensing under the Private Security Industry Act 2001. Andrew Osborne (pictured) joins the SSAIB to cover the south of England. He brings with him an extensive and wide-ranging 40-year track record of business experience including security screening and training, Health and Safety management and risk assessments with companies including G4S. Osbourne’s appointment to the team is mirrored by David Taylor’s recruitment to cover the Midlands and the north of England. Taylor has a similarly impressive industry CV dating back over 20 years and including roles as an operations, training and quality and security manager for Sigma Security. Taylor served as a project manager for Wilson James covering British Airways’ Heathrow headquarters, as well as being manager of security and safety services for both the Portman and Coventry Building Societies. “Bringing on board professionals of Andrew and David’s calibre is a significant step for the SSAIB as we invest in our regional manned services assessment capability in the run-up to the anticipated 2015 introduction of business licensing,” commented Stephen Grieve, “with all of the important implications involved in that process.”
Billy Hopkins IDIS has announced the appointment of Billy Hopkins to the role of regional sales manager based out of the company’s European headquarters in Brentford. Hopkins will manage distribution sales in South East England to meet the demand for next generation DirectIP HD surveillance solutions. Assuming responsibility for leveraging and nurturing new and existing distribution partnerships, Hopkins will also take an active role in developing bespoke marketing and sales initiatives to drive value for IDIS partners. Hopkins brings with him over ten years’ experience from across the security buying
66 www.risk-uk.com
Andrew Pigram Andrew Pigram joins AMG Systems – the British manufacturer of CCTV transmission solutions – in the role of sales and marketing director. In addition, and as part of the company’s drive into new industry sectors, Sara Bullock now takes up the newly-created position of business development director. Speaking about Pigram joining the company, AMG Systems’ founder and managing director Alan Hayes commented: “Ethernet and IP are becoming the technology of choice in terms of systems. We’re designing and manufacturing high functionality managed switches specifically for the security industry. AMG can make sure these solutions are totally fit for purpose and include all the added features necessary for this market. Andrew’s depth of knowledge will drive forward this sophisticated UK-based expertise such that it reaches growing global markets.” On his new appointment, Pigram stated: “I’ve known and worked with AMG Systems’ solutions for many years. The challenge of helping to shape the future of the business is irresistible.” Pigram joins AMG after having worked for a decade at Norbain, one of the largest security and surveillance solutions distributors in the UK. He boasts more than 20 years’ experience in leading marketing and business development teams having worked across international B2B companies. Pigram holds a BEng (Hons) in Computer and Control Systems Engineering.
chain, having served as an installation engineer and in various manufacturer and distributor sales roles. His expertise encompasses a deep understanding of analogue and IP surveillance and access control systems from some of the best known brands in the security industry. Previous roles have included engineering at Chubb Security, business development at Norbain SD, technical support at Samsung Techwin and his most recent post as technical sales manager for Focus Security Distribution. Hopkins commented: “I’m looking forward to working with our channel partners on developing the successful business relationships for which IDIS is well-known.”
oct14 dir_000_RiskUK_jan14 07/11/2014 16:42 Page 1
Best Value Security Products from Insight Security www.insight-security.com Tel: +44 (0)1273 475500 ...and lots more Computer Security
Anti-Climb Paints & Barriers
Metal Detectors (inc. Walkthru)
Security, Search & Safety Mirrors
ACCESS CONTROL
Security Screws & Fastenings
Key Control Products
Empty Property & Lone Worker Alarms
Traffic Flow & Management
see our website
ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERS
FRONTIER PITTS Crompton House, Crompton Way, Manor Royal Industrial Estate, Crawley, West Sussex RH10 9QZ Tel: 01293 548301 Fax: 01293 560650 Email: sales@frontierpitts.com Web: www.frontierpitts.com
ACCESS CONTROL
ACT ACT – Ireland, Unit C1, South City Business Centre Tallaght, Dublin 24 Tel: +353 (0)1 4662570 ACT - United Kingdom, 2C Beehive Mill Jersey Street, Manchester M4 6JG +44 (0)161 236 9488 sales@act.eu www.act.eu
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES
UKB INTERNATIONAL LTD ACCESS CONTROL
APT SECURITY SYSTEMS The Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NY Tel: 020 8421 2411 Email: info@aptcontrols.co.uk www.aptcontrols-group.co.uk
Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com
B a r r i e r s , B l o c k e r s , B o l l a r d s , PA S 6 8
ACCESS CONTROL, CCTV & INTRUSION DETECTION SPECIALISTS
SIEMENS SECURITY PRODUCTS ACCESS CONTROL
KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk
Suite 7, Castlegate Business Park Caldicot, South Wales NP26 5AD UK Main: +44 (0) 1291 437920 Fax: +44 (0) 1291 437943 email: securityproducts.sbt.uk@siemens.com web: www.siemens.co.uk/securityproducts
ACCESS CONTROL & DOOR HARDWARE
ALPRO ARCHITECTURAL HARDWARE
ACCESS CONTROL
COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68
Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES ACCESS CONTROL MANUFACTURER
NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com
HTC PARKING AND SECURITY LIMITED 4th Floor, 33 Cavendish Square, London, W1G 0PW T: 0845 8622 080 M: 07969 650 394 F: 0845 8622 090 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk
ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERS
ACCESS CONTROL
HEALD LTD
INTEGRATED DESIGN LIMITED
HVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface Mount Solutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards, Security Barriers, Traffic Flow Management, Access Control Systems
Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com
Tel: 01964 535858 Email: sales@heald.uk.com Web: www.heald.uk.com
www.insight-security.com Tel: +44 (0)1273 475500
oct14 dir_000_RiskUK_jan14 07/11/2014 16:42 Page 2
ACCESS CONTROL
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS
SECURE ACCESS TECHNOLOGY LIMITED
ALTRON COMMUNICATIONS EQUIPMENT LTD
Authorised Dealer Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: comms@altron.co.uk Web: www.altron.co.uk
CCTV AUTOMATIC VEHICLE IDENTIFICATION
NEDAP AVI PO Box 103, 7140 AC Groenlo, The Netherlands Tel: +31 544 471 666 Fax: +31 544 464 255 E-mail: info-avi@nedap.com www.nedapavi.com
G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk
CCTV/IP SOLUTIONS
DALLMEIER UK LTD ACCESS CONTROL â&#x20AC;&#x201C; BARRIERS, GATES, CCTV
ABSOLUTE ACCESS
3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com
Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV
CCTV & IP SECURITY SOLUTIONS
PANASONIC SYSTEM NETWORKS EUROPE
BUSINESS CONTINUITY
BUSINESS CONTINUITY MANAGEMENT
CONTINUITY FORUM Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org
Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: system.solutions@eu.panasonic.com Web: www.panasonic.co.uk/cctv
COMMUNICATIONS & TRANSMISSION EQUIPMENT
KBC NETWORKS LTD. Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com
DIGITAL IP CCTV
SESYS LTD High resolution ATEX certified cameras, rapid deployment cameras and fixed IP CCTV surveillance solutions available with wired or wireless communications.
PHYSICAL IT SECURITY
RITTAL LTD
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk
Tel: 020 8344 4716 Email: information@rittal.co.uk www.rittal.co.uk
CCTV
TO ADVERTISE HERE CONTACT: MANUFACTURERS OF A COMPLETE RANGE OF INNOVATIVE INFRA RED AND WHITE LIGHT LED LIGHTING PRODUCTS FOR PROFESSIONAL APPLICATIONS INCLUDING CCTV SCENE ILLUMINATION, ARCHITECTURAL UP-LIGHTING AND COVERT SECURITY.
Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk
ADVANCED LED TECHNOLOGY LTD Sales: +44 (0) 1706 363 998 Technical: +44 (0) 191 270 5148 Email: info@advanced-led-technology.com www.advanced-led-technology.com
www.insight-security.com Tel: +44 (0)1273 475500
oct14 dir_000_RiskUK_jan14 07/11/2014 16:43 Page 3
INFRA-RED, WHITE-LIGHT AND NETWORK CCTV LIGHTING
RAYTEC Unit 3 Wansbeck Business Park, Rotary Parkway, Ashington, Northumberland. NE638QW Tel: 01670 520 055 Email: sales@rayteccctv.com Web: www.rayteccctv.com
CCTV SPECIALISTS
PLETTAC SECURITY LTD Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 0844 800 1725 Fax: 01788 544 549 Email: sales@plettac.co.uk www.plettac.co.uk
TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR
COP SECURITY Leading European Supplier of CCTV equipment all backed up by an industry leading service and support package called Advantage Plus. COP Security, a division of Weststone Ltd, has been designing, manufacturing and distributing CCTV products for over 17 years. COP Security is the sole UK distributor for IRLAB products and the highly successful Inspire DVR range. More than just a distributor.
COP Security, Delph New Road, Dobcross, OL3 5BG Tel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 201 sales@cop-eu.com www.cop-eu.com
WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.
MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ
Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com
CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOS FRAUD DETECTION
AMERICAN VIDEO EQUIPMENT Endeavour House, Coopers End Road, Stansted, Essex CM24 1SJ Tel : +44 (0)845 600 9323 Fax : +44 (0)845 600 9363 E-mail: avesales@ave-uk.com
CONTROL ROOM & MONITORING SERVICES
THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS
NORBAIN SD LTD ADVANCED MONITORING SERVICES
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com
EUROTECH MONITORING SERVICES LTD.
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.com Web: www.eurotechmonitoring.com
EMPLOYMENT
FIRE AND SECURITY INDUSTRY RECRUITMENT
DISTRIBUTORS
SECURITY VACANCIES www.securityvacancies.com Telephone: 01420 525260
EMPLOYEE SCREENING SERVICES
THE SECURITY WATCHDOG Cross and Pillory House, Cross and Pillory Lane, Alton, Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.uk Telephone: 01420593830
sales@onlinesecurityproducts.co.uk www.onlinesecurityproducts.co.uk
IDENTIFICATION
ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PRODUCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.
ADI GLOBAL DISTRIBUTION Chatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RN Tel: 0161 767 2900 Fax: 0161 767 2909 Email: info@adiglobal.com
www.insight-security.com Tel: +44 (0)1273 475500
oct14 dir_000_RiskUK_jan14 07/11/2014 16:43 Page 4
COMPLETE SOLUTIONS FOR IDENTIFICATION
PERIMETER PROTECTION
DATABAC GROUP LIMITED
GPS PERIMETER SYSTEMS LTD
1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com
14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk
INDUSTRY ORGANISATIONS
PLANNED PREVENTATIVE MAINTENANCE
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY
BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk
THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY
SECURITY MAINTENANCE CONSULTANTS • Planned Preventative Maintenance (PPM) Specialists • Price Comparison Service (achieving 20-70% savings) • FM Support / Instant Reporting / Remedial Work • System Take-Overs / Upgrades / Additions • Access, CCTV, Fire & Intruder, BMS, Networks & Automation • Free independent, impartial advice Tel: +44 (0)20 7097 8568 sales@securitysupportservices.co.uk
SSAIB 7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org
INTEGRATED SECURITY SOLUTIONS SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
HONEYWELL SECURITY GROUP Honeywell Security Group provides innovative intrusion detection, video surveillance and access control products and solutions that monitor and protect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology with traditional analogue components enabling users to better control operational costs and maximise existing investments in security and surveillance equipment. Honeywell – your partner of choice in security. Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com Web: www.honeywell.com/security/uk
POWER
STANDBY POWER SPECIALISTS; UPS, GENERATORS, SERVICE & MAINTENANCE
DALE POWER SOLUTIONS LTD Salter Road, Eastfield Industrial Estate, Scarborough, North Yorkshire YO11 3DU United Kingdom Phone: +44 1723 583511 Fax: +44 1723 581231 www.dalepowersolutions.com
POWER SUPPLIES – DC SWITCH MODE AND AC
DYCON LTD Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471 060 Fax: 01443 479 374 Email: marketing@dyconsecurity.com www.dyconsecurity.com The Power to Control; the Power to Communicate
INTEGRATED SECURITY SOLUTIONS
INNER RANGE EUROPE LTD Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com
STANDBY POWER
UPS SYSTEMS PLC Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
TYCO SECURITY PRODUCTS Heathrow Boulevard 3, 282 Bath Road, Sipson, West Drayton. UB7 0DQ / UK Tel: +44 (0)20 8750 5660 www.tycosecurityproducts.com
UPS - UNINTERRUPTIBLE POWER SUPPLIES
ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk
PERIMETER PROTECTION INFRARED DETECTION
UPS - UNINTERRUPTIBLE POWER SUPPLIES
GJD MANUFACTURING LTD
UNINTERRUPTIBLE POWER SUPPLIES LTD
Unit 2 Birch Industrial Estate, Whittle Lane, Heywood, Lancashire, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk
Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk
www.insight-security.com Tel: +44 (0)1273 475500
oct14 dir_000_RiskUK_jan14 07/11/2014 16:43 Page 5
SECURITY
ONLINE SECURITY SUPERMARKET
EBUYELECTRICAL.COM CASH MANAGEMENT SOLUTIONS
LOOMIS UK LIMITED 1 Alder Court, Rennie Hogg Road, Nottingham, NG2 1RX T - 0845 309 6419 E - info@uk.loomis.com W - www.loomis.co.uk
Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com
INTRUDER ALARMS – DUAL SIGNALLING
WEBWAYONE LTD CASH & VALUABLES IN TRANSIT
CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk
11 Kingfisher Court, Hambridge Road, Newbury Berkshire, RG14 5SJ Tel: 01635 231500 Email: sales@webwayone.co.uk www.webwayone.co.uk www.twitter.com/webwayoneltd www.linkedin.com/company/webwayone
LIFE SAFETY EQUIPMENT
C-TEC PHYSICAL CONTROL PRODUCTS, ESP. ANTI-CLIMB
INSIGHT SECURITY Unit 2, Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com
Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: http://www.c-tec.co.uk
PERIMETER SECURITY
TAKEX EUROPE LTD FENCING SPECIALISTS
J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk
Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takexeurope.com Web: www.takexeurope.com
SECURITY EQUIPMENT INTRUSION DETECTION AND PERIMETER PROTECTION
OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com
PYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix
SECURITY SYSTEMS INTRUDER AND FIRE PRODUCTS
BOSCH SECURITY SYSTEMS LTD
CQR SECURITY
PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 01895 878088 Fax: 01895 878089 E-mail: uk.securitysystems@bosch.com Web: www.boschsecurity.co.uk
125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk
INTRUDER ALARMS – DUAL SIGNALLING
CSL DUALCOM LTD Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 F: +44 (0)1895 474 440 www.csldual.com
SECURITY EQUIPMENT
CASTLE Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042 www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity
www.twitter.com/castlesecurity
INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS
SECURITY SYSTEMS
RISCO GROUP
VICON INDUSTRIES LTD.
Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk
Brunel Way, Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com
www.insight-security.com Tel: +44 (0)1273 475500
Project2_Layout 1 24/10/2014 14:32 Page 1
Our focus is to make darkness totally visible
Maximize performance in low light Wouldn’t it be helpful if you could rely on clear and relevant images regardless of the lighting conditions? With the DINION IP starlight 8000 MP camera, Bosch offers a new quality standard in round-the-clock video surveillance. Regardless of lighting conditions, time-of-day or object movement, the camera delivers relevant IP video 24/7. With its impressive technical specifications, this is the ultimate 24/7 camera. Learn more at uk.boschsecurity.com