Risk UK March 2014 by Western Business Media Limited

Cover mar14_001 06/03/2014 13:55 Page 1

March 2014

Security and Fire Management

Access control and integration Identifying security blind spots The proactive approach to data management News and views from the Industry Associations

Project2_Layout 1 06/03/2014 12:53 Page 1

ÂŽ

Galaxy Mobile App

Complete remote control, at the touch of a button GX Remote Control the new Mobile App from Honeywell, allows you to access your Galaxy system remotely anytime, anywhere. Managing the security of your home or premises has never been easier, whether you need to check if the children have arrived home safely or if you have set your security alarm, GX Remote Control has it covered. Download GX Remote Control free from iTunes or Google play to experience the convenience and simplicity of security on the move.

All other company names and products are trade names, trademarks or registered trademarks of their respective companies.

EDIT contents_riskuk_Dec12 06/03/2014 12:52 Page 3

March 2014

70 - Predicting the unpredictable

Contents 42 Going backwards? UK property protection in reverse gear? Here we digest the opinions expressed in the recent AiS London lecture

44 Floods make waves Flood claims volumes should prompt review of insurance claims operations says Owen Knight of RPost UK

46 Justice for all... 6 News

Victims of crime – justice where art thou? Asks Crawford Chalmers, ASIS UK Chapter Charity Liaison Lead

News stories for security and fire professionals

11 Appointments

48 Technology in focus A round-up of some of the latest new products on the market

Some of this month’s movers and shakers

13 Utilities - protecting supplies Geny Caloisi looks at how society keeps ticking when its utilities are safe and secure

16 Ensuring IP availability Ensuring maximum availability of HD IP video, as well as cost effective deployment and running costs, are critical today

19 Watching over us in 2014 BSIA CCTV section chairman Simon Adcock looks at how quality CCTV application will remain high on the agenda in 2014

21 Counter-Terror Expo 2014 preview An overview of some of the attractions at this year’s event

25 A blaze of good news

54 Risk in action Successful security and fire case studies revealed

59 Time for listening The ‘Fire Minister’ throws down challenges but will he listen to the answers?! asks Graham Ellicott of the FIA

60 Tenant protection Andrew Bennett of Eversheds looks at the fire risks in multioccupancy buildings

63 IT News News stories from the IT and data security sectors

65-82 The IT Security Section

27 Achieving key security success

This month we have contributions on IT and business security issues from Optimal Risk, Iron Mountain, Nice Systems, GridTools, Safetica, Technocover, Sword Active Risk, Assa Abloy, New Net Technologies, Manigent and CrowdControlHQ.

Why best practices provide best value when implementing key control and asset management systems

83 The Risk UK Directory

Fire safety is improving significantly, helped by measures including fire risk assessments, says Keith Strugnell of SSAIB

32 Setting the standard A warning about the false sense of security CE marks provide

34 Integrating benefits Adam Bernstein looks at access control and integration in the security sector

38 Security blind spots Critical infrastructure advice from Ian Graham of Verint Systems

ISSN 1740-3480 Risk UK is published 12 times a year and is aimed at risk management, loss prevention and business continuity professionals within the UK’s largest commercial organisations. © Pro-Activ Publications Ltd, 2014 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without the written permission of the publisher. The views expressed in Risk UK are not necessarily those of the publishers.

Risk UK is currently available for an annual subscription rate of £78.00 (UK only)

40 Intelligent integration Hugh Hamill of Boston Networks looks at the shift towards integration and intelligent building systems over IP

Managing Editor Andy Clutton Tel: 0208 295 8308 E-mail: andy.clutton@risk-uk.com Contributing Editor Geny Caloisi E-mail: geny.riskuk@gmail.com Design & Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 4292015 E-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 0208 295 1919 E-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 0208 295 1919 E-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton

RISK UK PO Box 332, Dartford DA1 9FF

Chairman Larry O’Leary

Editorial: 0208 295 8308 Advertising: 0208 295 8307

3 www.risk-uk.com

EDIT comment mar14_riskuk_mar14 06/03/2014 13:34 Page 1

Evacuate Everyone 0HHWLQJ WKH FKDOOHQJH RI HYDFXDWLQJ EXLOGLQJV XVLQJ YLVXDO VLJQDOOLQJ DQG H[FHHGLQJ WKH UHTXLUHPHQWV RI (1 UHTXLUHV D VWHS FKDQJH LQ EHDFRQ SHUIRUPDQFH ,PDJLQH WKH OLJKW RXWSXW UHTXLUHG IRU D VLQJOH EHDFRQ WR QRWLI\ D SHUVRQ LQ D KRWHO URRP RU D IDFWRU\ ZRUNHU LQ D PDFKLQH URRP :KHQ DFWLYH 6RQRV 3XOVH DQG 1H[XV 3XOVH Ã&#x20AC;UH DODUP EHDFRQV DUH XQPLVVDEOH DQG XQPLVWDNDEOH DWWUDFWLQJ DWWHQWLRQ IURP SHRSOH ZKR DUH QRW ORRNLQJ DW WKH GHYLFH DQG DOUHDG\ SUHRFFXSLHG ZLWK RWKHU WDVNV

Hotel Room

Factory /DUJH VFDOH IDFLOLWLHV UHTXLUH WKH PD[LPXP DPRXQW RI FRYHUDJH ZLWK WKH PLQLPXP QXPEHU RI GHYLFHV

Machine Room (DU GHIHQGHUV FDQ SUHYHQW DXGLEOH VLJQDOV IURP EHLQJ UHFHLYHG 3XOVH $OHUW 7HFKQRORJ\ HQVXUHV UHFRJQLWLRQ RI Ã&#x20AC;UH HYDFXDWLRQ VLJQDOV LQ D FOHDU DQG XQDPELJXRXV PDQQHU

Signalling Solutions

3XOVH $OHUW 7HFKQRORJ\ SURGXFHV D OLJKW RXWSXW VR EULJKW LW FDQ QRWLI\ VRPHRQH LQ D KRWHO URRP ZLWKRXW UHO\LQJ RQ DXGLEOH VLJQDOOLQJ

Gymnasium 9LVXDO $ODUP 'HYLFHV DUH QRW MXVW IRU WKH KHDULQJ LPSDLUHG Even something as innocuous DV ZHDULQJ KHDGSKRQHV SURYLGHV FKDOOHQJHV WR evacuation systems.

EDIT comment mar14_riskuk_mar14 06/03/2014 13:34 Page 2

Comment Signalling Solutions

Sonos Pulse Ceiling EN54-23 Coverage: C-3-15

Sonos Pulse Wall EN54-23 Coverage: W-3.1-11.3

FEATURING:

• EN54-23 compliant beacon technology • :DOO DQG FHLOLQJ PRXQW OLJKW RULHQWDWLRQV • :KLWH DQG UHG ÁDVK RSWLRQV • :LGH FRYHUDJH SDWWHUQ RQH GHYLFH FDQ SURWHFW PRVW URRPV • P$ EHDFRQ FXUUHQW # +] ÁDVK UDWH

Tel: +44 (0)1706 233879 ZZZ NOD[RQVLJQDOV FRP ÀUH

Cutting risks Don’t cut security spend based on statistics.. n February the security company Farsight released its call-out statistics from the last three years and reiterated the importance of an effective security system regardless of the economic climate. The Office for National Statistics released its latest employment figures this month. The statistics show a decrease in unemployment of 1.2% - representing a continued decline since hitting the17-year peak at the end of 2011. Unemployment and less disposable income are traditionally linked to crime rates, but Farsight’s police call-out stats for the last three years contradict this theory. Average number of police callouts, per site, has consistently remained between one and two every year during the three-year period 2011-2013, says the company. And ironically, in the month when lower unemployment figures were released, Farsight had one of its busiest months with three arrests made in the first three weeks of the month. That is almost double their average arrest rate from the past three years. Malcolm O’Shea-Barnes, Farsight’s Senior Operations Manager, said: “It’s dangerous to assume that lowering unemployment means lower crime rates. There’s no real synergy between the two, as our call out statistics for the past three years reflect.” “Security monitoring systems are often regarded as a grudge purchase but we see time and time again how our monitoring can save companies a small fortune through crime prevention. Three potential crimes have been averted this month and arrests made. This is proof, if it was needed, that security systems are as essential now as ever and they do pay themselves many time during the course of their lifetime.” And the report is also proof that anyone looking for the slightest reason to cut spending on any areas of security is playing a risky game. Yes there might be fewer people out of work at the moment but the population is higher than it ever was, so you’ll probably find that it is not the criminals that are suddenly finding gainful employment, but it’s the latest batch of school/university leavers and those who need to find a new job following redundancy or a spell of child rearing etc getting jobs. We still have plenty of career criminals rather than criminals with new careers. So often when budgets are tight the first things to fall under the microscope are the ‘non-productive’ elements of a business, i.e. marketing and security. Unfortunately cutting one leaves your new customers unaware who you are and the other gives the criminals who do know you, an easier way in. Security is like insurance – it’s a bit of a grudge purchase for most of us but you never know when you will rely on it and if you’re living without it, you’re essentially gambling. Don’t just think of the security risks involved think of the after-effects too. More often than not, these after-effects are the real crippler for continuing in business. Therefore the warning is: if you do decide to look again at your security spend to try and find areas that can be cut or reduced you might be putting yourself, and your staff, at risk of becoming one of the people on next year’s unemployed statistics. And the competition for those in that situation is tougher than ever, despite any government spin. Andy Clutton - Managing Editor

December 2012

www.risk-uk.com

EDIT news mar14_riskuk_mar14 06/03/2014 13:36 Page 2

News

Sprinkler study shows potential savings One in five warehouses in England, approximately 621 premises, will have a fire requiring the attendance of fire fighters each year. The total annual cost to the UK economy of fires in English warehouses without fire sprinklers is £232 million. The main finding from a three-year study conducted independently by BRE Global and commissioned by the Business Sprinkler Alliance (BSA) has shown that sprinklers are, on average, a cost effective investment for warehouses with a floor area above 2,000 sq/m, with the greatest benefit arising from the reduction in direct fire losses. The study looked at the whole-life cost benefit analysis for fire sprinkler installation in three ranges of warehouse sizes. Key findings from the BRE study include: • The whole life costs for warehouse buildings larger than 2,000 sq/m (around half a football pitch in size) with fire sprinklers are on average 3.7 times lower than ones without them • Fire sprinklers were, on average, not costeffective in warehouses with an area below 2,000sq/m • Environmental benefits from sprinklers include a reduction in CO2 emissions from fire, reduced size of fire and reduced quantities of water used to fight fire

Euralarm presents PEARS concept Euralarm recently participated in the Archimedes Round Table discussion on Crisis Management and Civil Protection. The association of European manufacturers, installers and service providers of the electronic fire safety and security industry presented its PEARS project and the way the project supports in sharing data in the emergency management process. The focus topic of the recent Archimedes round table (Warsaw) was to identify gaps for efficient and effective operations of crisis management and civil protection. Beside several project reports, the experiences from a simulation game were used to stimulate an intensive discussions between the R&D community (e.g. Industrial Research Institute for Automation and Measurement, Université Catholique de Louvain, Scientific and Research Center for Fire Protection) and end users (e.g. firefighters Dortmund, Spanish National Police, crisis information centre). These discussions showed that sharing data/information in the emergency management process is of vital importance for efficient operations. This is in line with the results of the

6 www.risk-uk.com

• Only 20% of warehouses between 2,000 and 10,000sq/m are fitted with fire sprinklers. For warehouses above 10,000sq/m, the estimated fraction with fire sprinklers is 67% • If all warehouses above 2,000sq/m were fitted with sprinklers, the annual saving to businesses in England could be up to £210m. Dr Debbie Smith, Director of Fire Science and Building Products at the BRE, said: “Despite a year-on-year decrease in the number of commercial fires, the estimated annual cost of these fires is rising along with related societal and environmental impacts. This project has broken new ground in terms of evaluating these broader sustainability impacts of fire in warehouses and demonstrating that, on average, sprinklers can be shown to deliver a net benefit.” Iain Cox, BSA Chairman and former Chief Fire Officer of Royal Berkshire Fire and Rescue Service, said: “The findings of this study scratch the surface in terms of the return fire sprinklers bring to business. In the future the BSA intends to look at the cost effectiveness fire sprinklers have on other sectors, such as manufacturing. What is clear from the current research is that insurance alone is not enough to fully protect companies from the long-term impacts of fire. We urge the Government to do more to encourage the installation of fire sprinklers in commercial premises and promote a better understanding of the positive impacts of physical resilience.” PEARS project and the first ideas about a “European Emergency Communication” from the fire section of Euralarm. Thorsten Ziercke, Euralarm’s project leader PEARS took the opportunity to present the PEARS-Alert4All concept. The project has learned that fire and security products not only can but also should be integrated into public alert systems. The extensive installed base could be easily upgraded to receive alert signals which could be utilised to activate audible and/or visual warnings. More sophisticated systems can convert public alert messages into intelligible voice messages or display the same message on PCs. Integrating existing safety and security systems into a public alert scenario could be a cost effective and rapid alternative to reach large parts of the population. Since the first presentation of the concept in October 2013 the PEARS-Alert4All concept received positive feedback. End users such as firefighters, police organisations and crisis information centres were invited by the Euralarm project leader to contribute to the standardisation groups CEN TC 391 and ISO TC 223 that are looking for experts from civil protection to make their standards even better.

Project1_Layout 1 05/02/2014 17:39 Page 1

Have you tried Integriti yet?

Sophistication is not about size The Integriti Security Management System is an IP connected access control and intruder security system that oﬀers sophisticated centralised management for both small systems on a single site, or large systems distributed across the country or across the globe.

With a growing list of new installations take a moment to think of what you’re missing! The Integriti system oﬀers an advanced suite of software, hardware and integrated solutions to deliver complete management of your entire integrated system.

Inner Range Europe Limited Units 10-11 Theale Lakes Business Park Moulden Way, Sulhampstead Reading, Berkshire RG74GB UNITED KINGDOM

integriti@innerrange.co.uk

a4 integriti 0ne page UK.indd 1

+44 (0) 845 470 5000 www.innerrange.com 4/12/2013 8:40 am

EDIT news mar14_riskuk_mar14 06/03/2014 13:36 Page 4

ANPR growth affecting barrier sales The growing adoption of automatic number plate recognition (ANPR) technology is having an adverse impact on the vehicle entrance control industry, specifically the vehicle barrier and off-street parking systems markets. According to IHS, the presence of ANPR technology is increasing the most for toll ways and off-street parking garages, which is negatively impacting the growth of vehicle barriers. In ANPR mature markets such as the Americas where the adoption of the technology is prevalent, highway/toll barrier revenues are projected to decline by 16.1% from 2013 to 2017. ANPR systems work by using cameras with optical recognition capabilities to identify vehicles and grant access while minimizing congestion. Less congestion allows systems to operate at a higher profitability thus increasing the system’s ROI in comparison to traditional barrier solutions. The most popular use of ANPR systems is in tolling which allows cars to pass freely while penalising unpermitted vehicles through their license plate registration. IHS estimated the global tolling industry to be worth $3 billion in 2013 and projects tolling to be the fastest growing ANPR application in the world. The growing trend of privatisation within the tolling sector, along with the lack of government highway financing in mature markets such as

Publisher extends risk management contract Immediate Media has extended its risk management contract with Pilgrims Group. Pilgrims was initially awarded a twelve month contract in 2012 to provide front of house security with customer facing officers. There was also a need for security personnel to be flexible and able to adapt to changes in the usual office environment, as Immediate Media’s office has a bar and recreation area which are used for events. The newly awarded contract marks a continuation of this service and will see Pilgrims provide manned guarding, front of house, customer services, access and egress as well as ad hoc services for open days, events and conferences. Pilgrims MD, Bill Freear, says, “Having this contract extended by Immediate Media demonstrates our client’s satisfaction with the service that we’ve provided. Once again, it shows that the quality of the people we provide is our success story.” Edel Ryan, Facilities Manager at Immediate Media, says, “We awarded Pilgrims the contract after they stepped in to help with a temporary task during the refurbishment of the company’s new office in Hammersmith. Once again, they have faultlessly created an impression of a friendly and safe environment.”

8 www.risk-uk.com

Western Europe and the United States, has increased the popularity of ANPR technology in order to optimise profitability. A less developed trend is the use of ANPR technology in off-street parking systems. ANPR allows for ticketless off-street parking systems that can offer subscription or long-term parking options. These cameras can not only increase the effectiveness of parking revenue by reducing fraud and allowing for faster ticketless entry, but the cameras can also be integrated into 24-hour security systems which increases their value. IHS projects parking to be the third fastest growing application for ANPR from 2012 to 2017 with a compound annual growth rate (CAGR) of 9.4%. The main barrier for the ANPR technology is the price. The image quality of ANPR cameras is crucial for vehicle entrance control revenue systems because any motion blur could result in revenue loss. This requires investment in both ANPR hardware and software which can be costly. IHS predicts the highway/toll barrier market to be the most significantly impacted by the increasing adoption of ANPR technology in the vehicle entrance control market. The impact on the off-street parking sector is currently minimal; however as more parking garages look to adopt ANPR this will ultimately result in less requirements for traditional parking hardware. This could be problematic for suppliers that do not invest in ANPR technology.

Gate Safe gets design backing Secured by Design, the official UK Police initiative supporting ‘designing out crime,’ is backing up ‘Gate Safe’, a charity that campaigns to improve standards of safety for automated gates. References to Gate Safe will feature on the Secured by Design Guides for Homes, Schools and Commercial premises. Established in 1989, Secured by Design is owned by the Association of Chief Police Officers (ACPO) and focuses on the design and security for new and refurbished homes, commercial premises and car parks, as well as acknowledging quality security products and crime prevention projects.

EDIT news mar14_riskuk_mar14 06/03/2014 13:36 Page 5

News

Southeastern upgrades security The operation centre for Southeastern Trains, in Ramsgate, serves over 170 stations throughout Kent, East Sussex and London and employs over 3,800 people. Over the past year, Southeastern Trains has upgraded security at its Ramsgate Engineering Depot, where its trains are maintained, cleaned and serviced. Ramsgate is also an important location for the comings and goings of many of the company’s staff. The initial requirement for the project was to increase security at barriers in and out of the site, ensuring access was strictly monitored. The installer, ICL, approached Castel because its Softphone Intercom product fitted the client’s requirements. The CAP IP V1B (single-button video) intercom has now been installed at the depot’s gates and barriers. The system calls back to operators

Mitie bags £15m contract with London Borough Mitie has been awarded a seven-year contract in excess of £15m with the London Borough of Sutton. The company will deliver a range of facilities management services including mechanical and electrical maintenance, building fabric repairs, security, front of house, waste and care-taking services across the Borough’s stock of 190 buildings and schools. Mitie was chosen for its solution which will deliver value for money, robust contract management, and engagement with the wider community including apprenticeship opportunities.

who use Castel’s Xellip Media Softphone on their PCs to answer calls and view images. Calls are diverted out of hours to the Southeastern Trains control room, which is at a different location. Thanks to the ease of installation of the equipment and the way in which the intercoms can be integrated into Southeastern’s expanding system, further access control solutions at the site have been earmarked for development throughout 2014.

12% growth for CCTV market predicted The worldwide market for video surveillance equipment is expected to expand by more than 12 percent this year, according to a white paper from IHS Technology entitled “Trends for 2014 Video Surveillance Trends for the Year Ahead.” Revenue in 2014 is expected to rise to $15.9 billion, up from $14.1 billion in 2013, as presented in the attached figure. “During the past decade the video surveillance equipment market has grown quickly, expanding at a double-digit rate in most years,” said Niall Jenkins, research manager, video surveillance and security services for IHS. “This year will be no exception, with growth led by strong demand for fixed-dome and 180/360-degree network camera products. As for vertical markets, the city surveillance and utility/energy sectors will drive the biggest increases in sales.”

9 www.risk-uk.com

EDIT news mar14_riskuk_mar14 06/03/2014 13:36 Page 6

News

Hazardous area and equipment guide published E2S Warning Signals has published a new ‘Guide for Hazardous areas’ which is available as a free download from their website. The guide has been put together with specifiers and hazardous area engineers in mind with matrix tables that enable fast crossreferencing of information between the main certification systems: ATEX, IECEx, North American and Canadian standards. Protection concepts are listed along with applicable zone, class or division and typical equipment protection level in an easy to read format. In addition, the guide contains ample reference information related to gas and dust atmospheres and potentially explosive environments, such as: • Gas and dust groups and typical substances according to the main certification systems • Maximum surface temperature of equipment, temperature classifications and ignition temperature limits of gas / dust • Apparatus groups and typical ignition temperatures for common gases, vapours and dust • Type of protection and basic concepts of protection listed by zone according to ATEX & IECEx and class and division according to US and Canadian standards • IP ratings and NEMA enclosure types • Typical equipment markings of hazardous area signalling products from the E2S portfolio.

Security improved following theft Green Gate Access Systems has created ‘peace of mind’ for customers and employees at Rates Ford, Essex, following the theft of a clients’ car from the speed fit bay during a service. The installation consisting of five additional bollards, one barrier and swipe card entry system across the entire site – was in direct response to the loss of the vehicle. Having put the finishing touches to a full security installation on-site, the new safety measures will eliminate a reoccurrence of theft in the future. A total of fifteen high visibility, crash resistant Easy700 bollards in four strategic locations, provide full perimeter security for the garage and ensure that no vehicle can be driven from the showroom, forecourts or workshop areas whilst the bollards are enabled. Operated by secure swipe cards or wall mounted code panels, the bollards provide peace of mind to the garage owner as well as improving insurance premiums and security guard costs. “High impact resistant rising bollards are becoming an increasingly popular choice over more conventional swing gates and barriers that often take out a large area of ground that cannot be used, or block off valuable parking spaces.” explains Managing Director of the Green Gate brand, Neil Sampson. “With a rise and fall time of around six seconds, bollards provide a quick and secure solution.”

Corps Security teams up with ACP Solutions Corps Security has formed an exclusive strategic partnership with ACP Solutions. The agreement will see the two companies combine their respective areas of expertise to deploy security solutions for some UK events. ACP Solutions configures temporary Wi-Fi network connectivity that enables communications at events that present security challenges – eg where there is a large acreage to be secured. Its area of speciality is equine events, having completed projects for the nearby Badminton Horse Trials, as well as the Burghley Horse Trials in Lincolnshire. With the growth in mobile devices such as tablets and smartphones, Wi-Fi is now seen as a vital on-site service for staff, traders and visitors. In addition, and as part of a communications infrastructure, event organisers are increasingly looking to utilise highlevel surveillance technology that can be operated over Wi-Fi. ACP Solutions’ director, Phil Platts explains, “Security is a major issue for organisers who have to protect staff, visitors and property, and ensure the smooth running of their events. We are increasingly involved with the specification of IP based CCTV and by working closely with Corps Security we are now able to provide our customers with a range of technology to suit a diverse range of applications and the personnel to operate it.” According to Jason Taylor, Corps Security’s event sales and marketing manager, there is a perfect synergy between the two companies. He says, “We have very similar target markets and we are both determined to extend our activity within the sports, leisure and agricultural event sectors.” Today’s deployable CCTV systems can transmit live or recorded images directly to a control centre via GPRS, 3G, broadband or wireless LAN. Products can simply be screwed to a wall or fixed to a mast, plugged into an appropriate power source and activated a process that can take as little as 90 seconds to complete.

www.risk-uk.com

EDIT people mar14_riskuk_mar14 06/03/2014 13:37 Page 3

Appointments

Dan England TDSi has appointed Dan England as its new national account manager for UK sales. Dan’s role involves the continued development of relationships with existing key Platinum and Gold Partners whilst at the same time taking the lead in working with major blue chip end users and their agents to ensure that the TDSi product range is specified for projects in the future. TDSi’s Managing Director, John Davies, commented, “We are delighted to welcome Dan England to the TDSi team. Whilst 40% of our turnover is overseas, the UK is still our primary market and Dan’s role is pivotal in maintaining our sales growth moving forward.” With a varied CV of experience, Dan’s skills range from planning and design, through to installation, commissioning and on-going maintenance. Prior to joining TDSi, Dan was national accounts manager for Kings Security Systems and held project management roles at UK Security Projects and Securitel Services.

Steve Norman IP CCTV distributor ezCCTV.com has announced a new Field Sales Manager joining the team. Steve Norman will be responsible for expanding new business opportunities and projects in the Midlands and North. Ilona Porter, Managing Director of ezCCTV.com said: “Continuing with our strong growth, Steve will help to further expand our current customer base. He brings a wealth of experience having worked in the industry for many years at companies including Chubb and Vicon. In the next twelve months, we look forward to working closer with our customers, helping them to win more projects with our expanding field sales and support team.” Commenting on his new role Steve said: “I am very happy to be joining ezCCTV at what is a very exciting time for the company. I look forward to helping the company achieve and exceed its growth plans.”

Kirsty Elkin Kirsty Elkin has joined the professional security division of Samsung Techwin Europe as IT Channel Manager for UK & Ireland. Kirsty, who was previously Distribution Channel Account Manager for D-Link (Europe), will be responsible for developing relationships with key market influencers operating within the IT channel in order to identify new sales opportunities for Samsung Techwin’s range of IP network based video surveillance solutions. “The IT channel is a key part of Samsung Techwin’s growth strategy and Kirsty’s appointment to this newly created role reflects our commitment to offer outstanding pre as well as post-sales support to customers who operate in this important market sector,” said Simon Shawley, Director UK and Ireland for Samsung Techwin Europe. “I am confident that Kirsty’s extensive knowledge of the IT channel will enable her to make a significant contribution to our ongoing success in the growth of the sales of our IP and network based security solutions.”

Robert Truesdale Securi-Guard has appointed Robert Truesdale as Fire and Security Systems Manager. Plymouthborn Bob, who has worked in the security business for the past 22 years, will oversee both the technical side, in terms of the installation and maintenance teams, as well as sales activities, in the fire and security division of the company. He will also be responsible for client liaison, ensuring customer expectations are met at all times, as well as monitoring the latest technological developments in the security industry for the company. Bob started out in the security industry as an Alarm Service Engineer. Since then he has acquired experience at senior level having worked in both operational and sales management, as well as in customer support. He also has a wide knowledge of electronic fire and security systems and considerable project management expertise too.

Matt Daley Matt Daley has been appointed Business Development and Sales Engineer at fire safety equipment and systems manufacturer Patol. Matt’s career started in Australia where he gained experience in the electrical industry. After completing his electrical apprenticeship, Matt then spent two years with an electrical contractor before moving into a technical position with an Australian switchgear manufacturer and supplier. In the nine years there, Matt was able to work his way through the company, finishing as Office CoOrdinator. Matt then moved into Project Management for an electrical switchboard manufacturing company and was there for four years before relocating to the UK in 2010. After arriving in the UK, Matt secured employment with Kidde Fire Protection as a Sales Engineer before taking up this new position with Patol.

11 www.risk-uk.com

EDIT people mar14_riskuk_mar14 06/03/2014 13:37 Page 4

Appointments

Thomas Lausten

Gareth Bond

Milestone Systems has a new Vice President of Sales for EMEA in Thomas Lausten. He is also a new member of the Extended Leadership Team (ELT) in Milestone Systems. With proven competency as a professional manager, he will contribute to the strong growth curve that Milestone has attained since its founding in 1998. Lausten brings solid expertise from the security industry in Europe, as well as broad cultural insight into the differences across the region. Throughout his career he has consistently performed, growing with his positions and responsibilities at Siemens Building Technology - Security Products, ADI Global Distribution, Bewator and Antech. “We are eager to tap into Thomas Lausten’s knowledge about today’s security distributors and how run-rate business is built and managed in two-tier channels. I look forward to including Thomas in the Milestone management team and changing our DNA to cater to the work at hand in our ambitious strategic goals,” says Eric Fullerton, Chief Sales and Marketing Officer at Milestone Systems.

Videx Security has appointed Gareth Bond as South West Sales Manager. He brings twenty years of experience in the security industry to his new role. In his new position, Gareth will build upon the company’s existing relationships with security distributors, wholesalers, installers and end users such as local authorities where he has significant experience. Amongst his duties, Gareth will undertake customer site surveys and will introduce new Videx door entry and access control products to customers. Neil Thomas, Videx Security’s National Sales Manager, comments: “Gareth’s experience and customer support will be of great benefit to our customers in the South West.” For his part, Gareth is excited about the opportunity to work on projects for Videx Security - both on larger projects for private and social residential housing as well as commercial installations.

Philip Longley

Orlaith Palmer

MAD CCTV has announced the appointment of Philip Longley to the company. Philip will be replacing Stuart Reynolds, who is retiring from the role of International Sales Director, after fourteen years with the company. Picking up the reigns from Stuart, Philip plans to expand the MAD offering even further and says: “Building on Stuart’s great work, I’ll be looking to expand the company’s reach, with the development of a broader range of product solutions. I’ll also be adding to the established UK and worldwide customer base, with the development and expansion of MAD into new markets.” Philip joins MAD from Synectics, where as one of the original founding fathers of the company, he held the roles of Managing Director and latterly Vice President (Middle East).

Eaton’s security business has announced its intention to develop both its specification and specialist distribution channels by promoting Orlaith Palmer to the role of sales and marketing manager. Bringing a wealth of channel marketing experience to the position, Orlaith has worked for a number of organisations, including Toshiba TEC UK Imaging Systems and Ricoh, where she devised and implemented a series of successful channel management based initiatives that drove up sales and increased market penetration across Europe. She joined Cooper Security in early 2013 as its marketing manager and has played an instrumental role in integrating it into the Eaton organisation.

Paul Dawson ESP has appointed Paul Dawson as its new Managing Director. Paul takes up his new position after spending three years as commercial director at Scolmore. Having started out as an apprentice electrician in Leeds 26 years ago, Paul developed a passion for the business and has carved out a successful career ever since. Moving into sales at the age of 21, he joined Scolmore in 2007 as regional sales manager for the north before taking up the role of commercial manager in 2008 and commercial

www.risk-uk.com

director in 2010. Commenting on his new appointment Paul said: “I am thrilled to be taking on the role of managing director at such an exciting time in ESP’s development.”

EDIT article 16 mar14_riskuk_mar14 06/03/2014 13:11 Page 1

Securing utilities

Protecting the supply tility companies have the very important task of generating, transmitting, and distributing, electricity, natural gas and water and dealing with the sewage. The good functioning of modern society is dependent upon these ‘critical national infrastructures’ (CNI) delivering their services flawlessly. Utility companies can be easy targets for terrorist attacks, either physically or online. If enemy forces take control of utilities during a war, it can be catastrophic. During World War II, Battersea Power Station allocated misleading labels to its switches so that if the power station fell in to enemy hands, it would have been very difficult for them to find the right switch to leave key government buildings in the dark. Today, there more sophisticated resources available. Chris Plimley, Sales Manager at Zaun points out: “The threat of terrorism, organised crime, civil unrest, sabotage, protest and simple mindless vandalism is ever-present in this industry. Imagine the shocking publicity coup if international terrorists managed to poison the mains water supply or the chaos if the power to a major city were cut. We’ve even seen pressure groups mobilise swiftly to threaten operations they disagree with, such as the anti-fracking protests against the likes of Cuadrilla.” Zaun, a manufacturer and installer of steel fencing, which works with EDF, E-on, National Grid and Thames Water has seen perimeter systems develop significantly over the last 20 years. The need for fit-for-purpose and aesthetically appropriate solutions are now top of the agenda for security and safety conscious businesses, according to the company. Honeywell Security’s Douglas Gray, ACS Sales Manager says: “Each utility sector has specific areas for concern when it comes to risk and security that need to be taken on a case-by-case basis. For water companies there is the need to ensure contamination of their supplies does not occur. For an electricity company it may be ensuring staff are working in a safe environment . Security needs to be of the highest standard when working with utility companies. Products such as Honeywell’s Galaxy Dimension, have been deployed in these environments providing a fully integrated intrusion and door control security solution, helping to minimise one source of potential risk.”

Catering for multi-site operations

buildings and many have headquarters and substations, which might not be geographically close to each other. For practical and costeffective reasons, staff will not always be allocated at every substation. However, a sound security layout will keep HQ updated on who is where to avoid unauthorised personnel or intruders accessing restricted areas, and to act quickly when needed. The main security objective is not just to keep assets safe but also to reduce the risk of incidents that can disrupt normal operations. To maintain productivity across all sites safety solutions, such as remote monitoring, can help on making intelligent decisions and taking action fast. TAG Guard Systems (TAG), a security company that provides integrated wireless security, fire and safety services, has a 24/7, 365 days-a-year control room in Lincolnshire, from where it serves its clients. Nigel Walker, TAG Operations Director explains: “Our products can be installed anywhere as they are not dependant on any internet connection or power cables. This is ideal for multi-site companies and it can be scaled up or down when needed. Our system works wirelessly over 3G networks and it can also use satellite transmission for hard to cover areas. All information received from our security devices needs to be monitored; this is

How society keeps ticking when its utilities are safe by Geny Caloisi

“There is no template security measure that you can put in place into high risk sites such as utility companies”

Utility companies are usually located in large

www.risk-uk.com

EDIT article 16 mar14_riskuk_mar14 06/03/2014 13:11 Page 2

Securing utilities

why at the core of the wireless systems is our own central monitoring facility: TAG Alarm. At any one time we have at least three trained staff in our Lincolnshire control room. Whether an intruder activates an alarm, is seen on camera or is picked up by a movement detector, our wireless security products send a signal via the mobile networks alerting our control room.” TAG watches over 200 sites with its motion detectors, CCTV and tagging system. Depending on the client, any alarm raised is immediately dealt with either contacting a guarding company on site, the utility company’s key holder or directly calling the police. Voice alarms warning intruders can also be activated remotely. TAG products create a virtual fence on sites, but you also need physical security. “Most appropriate physical security solution will be site specific,” emphasises Zaun's Plimley, “It will depend on factors such as its location; the geography of the site, whether it’s on uneven or sloping ground or hard standing that doesn’t allow for below ground foundation; and the need to resist mob or vehicle attack. “The solution most often used by our customers in the utilities sector is ArmaWeave, because of its premium security rating, ease and flexibility of install and overall value for money. Because ArmaWeave is woven and has no welds, it can be made from high tensile steel giving it substantial resistance to cutting attacks with hand, powered and non-contact tools. The tight mesh pattern provides no climbing aids, again limiting the potential for intrusion.” Zaun also supplies MultiFence where foundations aren’t possible. The company created a system specifically to provide maximum security in temporary installations for the London 2012 Olympics.

“Imagine the shocking publicity coup if international terrorists managed to poison the mains water supply or the chaos if the power to a major city were cut…” 14

www.risk-uk.com

Safety at work The possibility of an external attack or intrusion is only one side of the coin on managing utility company's risk. Working with energy generating products can be hazardous. A major threat when working with highly flammable elements, such as oil and gas, is fire. An early warning smoke detection system can be instrumental in buying time to respond to the fire threat and minimise losses. Xtralis' VESDA detectors, for example, use an Airsampling Smoke Detector (ASD) and offers multiple configurations of alarms and a wide sensitivity range. The detectors can be positioned in easy to access and maintain areas but, at the same time, sampling pipes can be inserted into hard to reach or closed areas, such as electrical equipment enclosures. “An integrated approach is ideal and it is what we always encourage our customers to adopt,” says Plimley and adds, “This is equally true for safety and security. If an accident occurs or there are fatalities, it is essential the company knows how many and who was on site through a Persons on Board report. This can be done by taking the data from the access control system integrated into gates, barriers and turnstiles on the perimeter, providing a report for emergency services to tally against. “We provide systems that enable this integration of high security fencing, hostile vehicle mitigation, cameras, gates, turnstiles, access control, sensors, proportional-integralderivative controller (PID) and buried fibre; all monitored, analysed and controlled remotely from one central site.” As Honeywell’s Gray concludes: “There is no template security measure that you can put in place into high risk sites such as utility companies. Each company and site needs to be assessed on a case-by-case basis to decide what security measures are needed. Is it perimeter control to ensure that sites are secure from the public? Is it access control to ensure certain high-risk areas are not accessible to certain employees? A security company needs to work with the site manager to establish what the key needs of the business are and can then create a tailor made solution for that particular site. “However, utility companies need to ensure that they employ a range of measures to enhance security. Using a combination of solutions such as PRO2200 or NetAXS-4 for access control or SC100 Seismic Sensor for vibration detection, in conjunction with a powerful CCTV system, can provide a rigorous security set-up and help to mitigate risk.”

008_Layout 1 29/05/2013 22:38 Page 1

Star performers in low-light conditions

Be wise and choose the most light-sensitive HD cameras on the market. The new DINION starlight HD 720P and FLEXIDOME starlight HD 720p RD/VR are the next real breakthrough in HD security. In poor light these amazing HD cameras deliver a clear color image where others show only black and white. And in extreme low-light they deliver a black and white image where others show no image at all! Add the Bosch Video Security app and overcome the bandwidth barrier so you can view HD images from anywhere. See video security in a new light at www.boschsecurity.com/hdsecurity

EDIT article 2 mar14_riskuk_mar14 06/03/2014 13:01 Page 2

Ensuring IP availablility In security and surveillance applications, ensuring maximum availability of high definition IP video, as well as cost effective deployment and running costs, are critical factors, says Santos Muro, business development manager at Korenix UK

topology that is capable of handling network traffic. At the same time, in the event of an incident, rapid sub-second recovery of the network is required in order to minimise disruption to operators. The solution should also alert all the required operators as to what has happened and where in the network the incident occurred, so that any remedial action can be taken.

Factors to Consider: PoE/PoE+ rom security systems for public buildings to motorway traffic monitoring and city surveillance systems, high definition IP video surveillance is a rapidly growing market, where the quality of the network determines the reliability and quality of video delivery. Network redundancy is therefore a key factor in selecting the most appropriate solution. Ensuring that high definition IP video of critical infrastructure is always available, while minimising deployment and running costs, are equally important.

Solution In order to minimise installation costs, the ideal solution is a full Power-over-Ethernet (PoE) deployment at video camera locations, while connecting to a full gigabit multi-ring

When selecting a suitable switch, vibration is often overlooked. This is particularly important if the switches are installed close to a motorway or railway line 16

www.risk-uk.com

For network hardware such as Ethernet managed switches and end devices (cameras), it is important to consider the IEEE standards relating to PoE, as some hardware manufacturers provide non-standard versions. The original IEEE standard for PoE devices is designated as 802.3af normal PoE maximum 15.4Watts per port. However, this power rating may not be sufficient for the latest high power cameras, particularly the units that offer PTZ (pan-tilt-zoom) functionality. Many IP cameras now have integral motors and drives or other features such as fans or heaters. Fans, for example, may be required to prevent the inside of the camera dome from becoming â&#x20AC;&#x2DC;foggedâ&#x20AC;&#x2122; with condensation due to temperature fluctuations. Some switch manufacturers may only offer units that satisfy the normal PoE power standard (i.e. 15.4Watts), which may not be sufficient. The latest IEEE standard is designated as 802.3at High power (or PoE+) maximum 30Watts per port. PoE+ therefore allows more powerful PTZ cameras to be deployed.

EDIT article 2 mar14_riskuk_mar14 06/03/2014 13:01 Page 3

IP availability

Even if an existing network already has a variety of non-PoE switches installed, the IEEE POE+ standard specifies that plugging in a non-PoE unit to the network will not harm this device as power is not sent until the switch (Power Sourcing Equipment) and the end device (PD powered device) have confirmed via an ‘automatic system check’ that PoE is actually required by the device. Another key benefit of deploying PoE/PoE+ switches is that these can be installed by network engineers rather than qualified electricians, which reduces deployment costs. Other advantages are that POE switches offer a variety of manageable features, including: Power Device ‘Keep Alive’ Check – a managed switch periodically communicates with end devices in order to check they are OK. If it doesn’t respond, the switch waits, then cuts off the power and reboots the end device, before flagging this action up to the operator, who may wish to investigate further. Automatically rebooting a camera can save considerable time and costs by not having to physically send an engineer to the camera location to unplug/plug in the device. Power Scheduling – the system can be set up to schedule provision of power to end devices, which can be switched off at certain times of the day when they are not needed. For example, a security camera in an office car park may be switched on only between the hours of 8am and 7pm. Power Priority – if there is a power drop over the network or emergency back-up power is required, the system can be set up to provide

In order to minimise installation costs, the ideal solution is a full Power-over-Ethernet (PoE) deployment at video camera locations power to only the most critical end devices in the network.

Ring Redundancy Demanding new IP video applications require seamless video throughput. The end customer considers any breaks in video feed as unacceptable. This includes not only live monitoring of video, but also recording of video for later review, as well as live analytics for monitoring doors, areas and any other location of interest to security operators. For these types of applications, service level agreements may exist, which will specify that the network operator must provide a minimum uptime of, say, 95% or higher. Ring redundancy is therefore a critical factor. Ring recovery times may need to be down to subseconds (e.g. <5ms) for a bespoke ‘all-thesame-switch’ vendor solution, or <50ms for an IEEE standard interoperable system. Today, network topologies therefore require more complex offerings than standard single ring designs. The world is moving towards multiple, interconnected ring topologies. For example, the new ITU-T8032 ring topology standard is designed to operate without ‘Broadcast Flooding’ to build the ring topology and which also allows a more unified interoperable approach from different

www.risk-uk.com

EDIT article 2 mar14_riskuk_mar14 06/03/2014 13:01 Page 4

IP availability

vendors. This standard is designed to eliminate all the network conversation between devices to keep the network traffic to an absolute minimum.

Hardware Specifications In security and surveillance applications, typically at least one managed switch in a ring is located in the main communications room, with the majority of switches installed at the point of the camera, for example, pole mounted at a main gate in a small junction box at the side of a railway line or motorway. Here, the main factor to consider is the temperature rating of the switch. Most switches operate between 0°C and +40°C. However, over the past few years, temperatures across Europe and the UK have been pushing towards new records, with summer temperatures in the high 30s and winter temperatures as low as -20°C, particularly in the more rural locations. In these environments, ruggedised switches will need to be deployed. Designed from the component up, these switches typically offer operating temperatures of -40°C to +75°C, although this will vary from one switch manufacturer to another. These switches have typically undergone rigorous specialist

Demanding new IP video applications require seamless video throughput. The end customer considers any breaks in video feed as unacceptable 18

www.risk-uk.com

testing to ensure that they can operate reliably at these extreme temperatures. When selecting a suitable switch, vibration is often overlooked. This is particularly important if the switches are installed close to a motorway or railway line. The vibration from HGVs or from trains travelling past 24/7 is often sufficient to break any standard device within a short period of time. For very harsh environments such as waste recycling plants, where highly corrosive gases occur, or for very high humidity conditions, optional special coatings can be applied to switch components to prevent parts actively corroding. As well as switches, any Small Form Pluggables (SFP’s) used in the application (e.g. optical transceivers, fibre optic modules) also need to be industrialgrade rather than office-grade devices, otherwise they are likely to fail.

Software All managed switches typically have a full software suite that allows for complete configuration into any network topology. As with all software, patches and bug fixes are required from time to time. These are standard across all reputable switch manufacturer ranges and are typically provided free-of-charge to customers. Allowing software updates also offers the opportunity of providing the customer with new additional features to an existing hardware platform as these are developed over time.

EDIT article 6 mar14_riskuk_mar14 06/03/2014 13:04 Page 1

BSIA comment

he message is one that is hard to argue against: when employed effectively, CCTV systems are a critical crime-solving tool. In 2010, the Met Police stated that 1 in 6 crimes are solved thanks to these solutions. And with the technology improving, expanding and becoming more accurate through the years, we can expect these numbers to continue to grow. The introduction of a code of practice for publicly-owned CCTV systems last year was a great step forward for our industry. As a section we welcomed and supported it; although it initially only covers a tiny proportion of CCTV systems, it is an important achievement to promote best practice when using the technology. However, we are clear that it is not just government and local authorities that need to know how to maximise the potential of these systems. Last year, we launched a successful piece of research based on a study of the number of CCTV cameras currently used in the UK. The research showed that 70% of the approximately 5 million cameras in the UK are currently privately-owned. This means that it’s private companies that are funding the majority of the nation’s cameras and providing the majority of footage used by Police. Therefore, a key focus for our industry in 2014 will be to make guidance and advice available for this side of the end-user spectrum. In 2013, we started this work by holding some successful seminars to help CCTV users to navigate the latest regulatory and technological developments in the sector. Events were held in Scotland, Leeds and Windsor. The Scottish event’s speaker line-up included Chief Superintendent Grant Manders, Police Scotland Head of Safer Communities, who was very supportive of the initiative and recognised the need to forge stronger partnerships between police and private sector. At the event he said: “CCTV is a pivotal aid to policing in the 21st Century, and is at its most successful when developed and operated in a strong partnership between the industry and operators.” In 2014 we will work to ensure best practice, advice and product updates continue to be made available for our customers in both private and public sector. Another area that continues to be critical to our work as a section is making sure the industry is responsive to technology developments. Remotely monitored CCTV cameras continue to be an effective and popular choice to secure sites while improving the efficiency of the security operations. Other areas such as IP technology, facial-recognition technology and

Watching over 2014 2013 was a critical year for the CCTV industry. The government’s launch of the CCTV Code of Practice dominated the headlines and once again opened up the debate around responsible use of the technology. Here, the British Security Industry Association’s CCTV section chairman, Simon Adcock, looks at what this has meant for the industry, and how quality CCTV application will continue to be high on the agenda for 2014. video analytics also continue to expand. This constantly evolving technological landscape means the industry needs to remain responsive while continuing to guarantee the quality of the products it offers. That’s why our work with the BSIA to be at the forefront of the development of national and international standards, and codes of practise is so critical. And this is true not only for the UK market. In the current economic climate we are seeing more and more CCTV manufacturers looking abroad for exporting opportunities. With developments in IP and wireless technology set to drive buying behaviour in overseas markets in 2014, there is a real opportunity for responsible UK companies to shine. The Middle East in particular has become a key market for our industry in 2013, and will no doubt continue to gather momentum as we move deeper into 2014. Our section members will therefore continue to work with the BSIA’s Export Council to share best practice and make sure UK CCTV companies can make the most of opportunities abroad. CCTV is one of the most important security developments of the recent years, but the success of any system requires a diligent approach to planning, design, installation, maintenance and operation, as well as the use of quality products. The BSIA is committed to developing and sharing best practice to drive up standards in our industry. The public is already largely on side, with 62% wanting to see more cameras in their local area. It is important that we retain their trust and confidence in 2014.

The introduction of a code of practice for publiclyowned CCTV systems last year was a great step forward for our industry 19

www.risk-uk.com

Project2_Layout 1 06/03/2014 12:58 Page 1

Weâ&#x20AC;&#x2122;ve updated our Corporate Identity and Logo to reflect Scannaâ&#x20AC;&#x2122;s continuing commitment to High Quality, High Performance X-ray Products. Visit us at Counter Terror Expo, Stand D36, April 29-30 to learn more.

Rugged, weather- resistant flat panel portable x-ray systems

Large Format Flexi X-ray Plates for large area x-ray investigation

EDIT ctx mar14_riskuk_mar14 06/03/2014 13:35 Page 3

CTX 2014

CTX 2014 – an overview Now in its 6th session, Counter Terror Expo brings buyers and specifiers together from across the world within government, military, law enforcement, emergency services, critical national infrastructure, private sector and the security services. The show hosts technology, equipment and services alongside a high level education programme designed to protect against the evolving security threat. 9,500 attendees and 400+ exhibitors will participate in a free-to-attend exhibition, multiple show floor workshops, new show feature zones, IEDD demo area, high level conference streams, behind closed door briefings and networking events in one secure environment. Here we look at just a few of the products and services on show from 29-30th April at Olympia, London.

Alford Technologies Alford Technologies will be launching a new lightweight disruptor, the 1 Litre Bottler Lite user-filled explosive disruptor and Squid Tape, the underwater non-adhesive fixing tape at the Expo. Bottler Lite and the standard Bottler ranges are omni-directional explosive disruptors that come in a range of sizes. The Bottler Lite range already consists of a 0.25 litre and 0.5 litre charge and the 1 litre size enhances the range by offering a larger, more powerful disruptor. As with the other Bottler Lite products, the new charge can accommodate one of three different explosive loads to deliver the same omni-directional effect, but with a higher water to explosive ratio than the original 1 Litre Bottler giving a more controlled and precise disruptive effect and less collateral damage. This, says the company, makes them ideal for use against soft-cased IEDs or in urban or indoor applications. Squid Tape is a silicone-based nonadhesive tape which can be used in air and underwater for joining or tying items together or for fixing charges to targets. While non-sticky to the touch, it is adhered and bonds to itself even when completely submerged. Stand F35

Zaun The smartest Video Content Analysis (VCA) system is the latest addition to the temporary fencing on show at Counter Terror Expo (CTX). The solutions developed by partners Zaun, Hardstaff Barriers and Highway Care have integrated electronics with woven mesh ArmaWeave fence, and a range of temporary solutions – Rapid Deployable System (RDS), MultiFence and SecureGuard – PAS 68 enhancements, blockers and bollards. They have incorporated the latest VCA system using Pan Tilt and Zoom (PTZ) cameras from EyeLynx into the RDS, which can reportedly save up to 90% of police time. After the Labour conference, Inspector Steve Worth of Greater Manchester Police said: “RDS is now firmly the preferred product for the delivery of security operations for party political conferences we police, fully supported by The Home Office.” Cameras record HD 24/7 and whenever the perimeter is compromised or a potential intruder approaches too close to the fence, Pharos will send a snapshot alert to the control centre for visual verification – or even to assigned personal mobile devices, such as the police chief or nearest constable to the breach. Stand J50

Fischer The Fischer Rugged Flash Drive is a tough memory stick, designed for safe storage and transportation of sensitive data in harsh environments. It is suitable for use with ruggedised computers. The Fischer circular connector interface, combined with durable encapsulation technique, guarantees data safety in case of loss or theft. Fischer Rugged Flash Drive is equipped with high speed flash memory, signalling and protocol certified, and available from 4 Gb to 256 Gb. Stand F45

www.risk-uk.com

EDIT ctx mar14_riskuk_mar14 06/03/2014 14:23 Page 4

CTX 2014

Cognitec Cognitec has introduced a new product that combines hardware for image acquisition with software for verification processes. FaceVACS-Entry is ready for integration into electronic gates (eGates) which provide travellers with electronic passports (ePassports) the option to pass through automatic passport checks. After a person enters the gate, the system detects the person’s face, adjusts the position of the cameras according to the person’s height and then captures frontal images. The software instantly verifies the live images against biometric photos stored in passports, other ID documents and/or facial image databases. Cognitec says it has optimised the system to ensure efficiency and ease of use for travellers while capturing images that guarantee high verification accuracy, thus fully complying with guidelines set by the European Border Police (Frontex). A proprietary sensor, able to distinguish between human faces and artefacts like printed images and masks, detects presentation attacks. Stand L70

Frontier Pitts At the show Frontier Pitts will be showcasing two new Shallow Depth HVM Bollard solutions, including what is reported to be the world’s first PAS 68 single Terra Neptune Bollard which has been impact tested with 7.5t travelling at 40mph (64kph) resulting in zero penetration. The PAS 68 Anti Terra Range includes the portfolio of PAS 68 HVM (Hostile Vehicle Mitigation) products; the Terra Sliding Cantilevered Gate 7.5t @ 50mph, the Terra Ultimate Barrier 7.5t @ 50mph and the Compact Terra Barrier 3.5t @ 30mph. PAS 68 Blockers include the Terra Surface Mount Blocker 7.5t @ 50mph, Terra Shallow Blocker 7.5t @ 50mph and the Terra Blocker 7.5t @ 50mph, whilst the Terra Bollards portfolio include a range of retractable rising and static bollards. For the anti-intruder pedestrian market the Terra Diamond Turnstile has been accredited with LPS 1175 Security Rating 3 & 4. The company’s product range also includes rising/drop arm barriers, sliding security gates, hinged and bi-folding gates, road blockers and rising kerbs, active and static bollards and pedestrian control gates and turnstiles. Stand D65

22 www.risk-uk.com

Heald This year Heald announced the arrival of the shallow mount Mantis static bollard, an evolution of the shallow mount Raptor series. Reported to offer a rapid, low cost installation, the Mantis is listed as a viable alternative to deep mount static bollards. The Mantis is available with a range of stainless steel covers, finished in a variety of colours. The Mantis offers a static solution with a true excavation depth of only 250mm. No precasting of the pit is required, nor is any additional rebar. Heald recently tested the Mantis at MIRA’s testing grounds, where it received a rating of PAS68:2013 Fixed Bollard V/7500(N2)/64/90:0.0/0.0. This means that the Mantis will arrest a 7.5 tonne truck from a speed of 64kph with zero penetration and zero dispersion. In the impact the structure of the bollard remained intact, ensuring continued protection against further attack. Stand B65

Ricoh At this year’s Counter Terror Expo, Ricoh will be introducing its long range zoom lens with PAIR01 technology (Pentax Atmospheric Interference Reduction) plus HD resolution over HD-SDI output and an internal electronic image stabiliser to optimise the video quality. The H55ZCME-F-HD-PR01 is a ½” C Mount 55x Motorised Zoom Lens for identification over 650 m distance. The lens zoom range is 12 to 66mm, and when the internal 2.5x extender is switched in, the focal length increases to 30, 5 to 1,680mm. With 1,680mm focal length at over 650 m distance, the field of view is 2.5m by 1.9m. The extremely high magnification in combination with HD resolution means a person can be identified at distances in excess of 650m. Therefore, this lens is ideal for video surveillance in sports stadiums, city centres, air ports, harbours, as well as border control, intersections and roads. Stand G38

023_Layout 1 06/03/2014 15:20 Page 1

EDIT article 17 mar14_riskuk_mar14 06/03/2014 13:12 Page 2

Inside story

Three enhancements announced Honeywell has upgraded its Galaxy Flex integrated intruder and access control solution with a ‘night set’ mode, a new compact housing design and a Galaxy Range Mobile App for remote access

www.risk-uk.com

alaxy Flex can be used by installers as a standard piece of equipment, regardless of whether it is being integrated into a commercial or residential building. This flexibility provides benefits for both installers, who are able to install the product quickly and easily without the need to learn how to operate a new system, and for users who can choose a solution that has both residential and commercial benefits. The new ‘night set’ mode allows homeowners to create separate night-time security setup, providing protection while they are asleep. This feature enables users to arm only the sensors needed to protect the house perimeter or isolated areas of the house. It also provides a silent mode, removing audible tones during arming and hence allowing users to set the alarm without disturbing others in the house. This feature allows for easier programming for user set-up, which saves installers time on the job. The new firmware also provides a set-up wizard, which simplifies the process of setting up simple alarm signalling to a monitoring station, with or without a back-up signalling path over telephone lines, broadband or wireless GSM/GPRS links. This provides benefits for installers allowing them to take advantage of fast, reliable signalling solutions without the need for extensive training or prolonged set-up times. The new compact housing design provides an ideal solution for systems that do not require several additional add-ons to the basic panel and where space is limited. The new housing provides benefits to installers for quick and easy installation in both residential and commercial settings. The prevalence of smartphones and tablets means that mobile applications are becoming an increasingly popular way of providing services to consumers. The enhanced Galaxy Flex solution capitalises on this ongoing trend by allowing users to access the

system remotely – anytime, anywhere – through their own broadband connection by easy download of the ‘Galaxy Flex Range Mobile App’ from any application store. Accessing Galaxy Flex via its mobile app allows easy remote control of the system at the touch of a button. Features such as status reporting, set and unset, control of groups, outputs and detailed log information can all be accessed on the go. We caught up with Martin Pacitti, Galaxy product manager EMEA, Honeywell Security Group to find out more: You’ve added a ‘night set’ mode. What is the alternative option for systems without it? With the addition of the ‘night set’ mode installers can now offer the Galaxy Flex system for not only commercial installations but also for residential installations, something they haven’t previously been able to do. This provides several benefits to installers as they do not have to be trained to install it or have to stock separate residential and commercial products. The new ‘night set’ mode also offers residential users the option of several easy to select modes providing further simplicity and ease of use. Everyone is talking about remote access via phones and tablets, but are people actually using it? The feedback we are receiving is that people are using remote access via their mobile devices. With the growth of portable devices such as smartphones and tablets it makes sense for customers to use remote access as they can control their entire security system on the move, saving them time and offering added convenience. The demand for remote access via mobile devices is something that we are seeing grow across the industry. Is speeding up the install time the main benefit of the new housing design? Every aspect of the new housing was designed to help installers do things faster and more easily in comparison to tradition metal enclosures. Everything from the moulded inserts to accept the optional peripheral boards, to the ABS material to allow wireless devices to be clipped into the same box, and the snap-on hinged lid has been specifically designed to speed up install time. www.honeywellgalaxyflex.com

EDIT article 19 mar14_riskuk_mar14 06/03/2014 13:12 Page 1

SSAIB comment

elcome new figures from the government provide good news about fire-related deaths and other injuries, as well as the number of blazes attended by local authority fire and rescue services – all of which are down. Fatalities caused by fires in England dropped by a third (to 140) in the six months April-September 2013, compared with the same period ten years ago, according to the Dept for Communities and Local Government. There were also 94 deaths due to accidental dwelling fires during April to September. This total was 17 per cent lower than the equivalent timeframe ten years ago. Meanwhile, 1663 hospital non-fatal casualties occurred in fires during April-September – a 7% reduction over the same period in 2012 – while fire and rescue services attended 102,000 fires in England between April-September 2013. That’s a significant 55% decrease compared with 2002. The Fire Industry Association says this decreasing trend has been attributed to successful fire safety and prevention activity, such as highlighting smoke alarms and other building fire safety systems and features, audits and enforcement activity, fire safety campaigns and education, and other advice. Commercial buildings, non-domestic and multi-occupancy premises in England and Wales are already required to undertake a ‘suitable and sufficient’ fire risk assessment carried out under the Regulatory Reform (Fire Safety) Order 2005, and equivalent legislation in Scotland and Northern Ireland. While the overwhelming majority of premises do this, if the assessment is thought to have been carried out to an insufficient extent, the ‘Responsible Person’ or ‘Duty Holder’ can face an unlimited fine or up to two years in prison. A number of certification bodies now offer schemes accredited under the BAFE SP205 Life Safety Fire Risk Assessment Scheme, enabling anyone who’s required by law to carry out a fire risk assessment of a premises, and who employs a specialist third party company to provide this, to demonstrate that they’ve taken the necessary reasonable steps to comply with their legal obligations and requirements under fire safety legislation. The idea of a fire risk assessment is to determine the appropriate fire precautions. In purpose-built blocks of flats there will normally be no need for a fire alarm system in the common parts, but the individual flats should have smoke alarms (not interlinked with other flats), while smoke detectors are often required in the common parts to operate smoke vents (but not raise the alarm). This is because of the ‘stay put’ policy whereby, if a fire occurs in one

A blaze of good news flat, it should be safe for all other residents to remain within their own flat. The exception is where compartmentation and means of escape are so deficient that a ‘stay put’ policy is not safe; under these circumstances there is a need for a common fire alarm system, in which there are detectors and sounders in every flat. In the case of buildings converted into flats the fire precautions in a modern conversion (particularly carried out after 1992) will be identical to those in a purpose-built block of flats, so the above principles apply. They may also apply to some older conversions, particularly where compartmentation and means of escape met the standard of the day and, under a fire risk assessment, continue to be regarded as reasonable. However, some older conversions will need a common fire alarm system to evacuate all residents, regardless of where the fire occurs. Houses in multiple occupation (HMOs) also need a fire risk assessment if there are common parts, off which there are independent flats or bedsits. In this case the entire building needs to be treated as a single occupancy with a common fire alarm system extending throughout the dwelling units, common parts, etc. The good news story on fire deaths, injuries and callouts is also something that service providers can build on. SP205 certification allows them to prove that they carry out due diligence and are up to the mark. It has been commented, within the fire industry, that a little, or indeed the wrong knowledge can be dangerous and proponents of the SP205 scheme say it provides a benchmark for reassurance. These are sobering points for businesses choosing to carry out compulsory fire risk assessments themselves, and clearly more serious still for those choosing to carry on trading without arranging one at all. The legislation states that the ‘Responsible Person/Duty Holder’ is required to appoint a competent person to carry out the task – defined as someone with sufficient training and experience or knowledge and other qualities enabling them properly to assist in undertaking the preventive and protective measures. Commercial fire risk assessors can use SP205 accreditation to market themselves as providers with the required technical and quality management competency, using assessors possessing the relevant proficiency and knowledge.

Fire safety is improving significantly, helped by measures including fire risk assessments, says Keith Strugnell of SSAIB

Fatalities caused by fires in England dropped by a third (to 140) in the six months April-September 2013

www.risk-uk.com

EDIT article 18 mar14_riskuk_mar14 06/03/2014 13:12 Page 2

Inside story

Real-time alarm opportunities A look at the launch of the real time remote monitoring platform, LiveGuard

www.risk-uk.com

he cloud-based solutions platform from LiveGuard enables home security companies to add features such as smartphone remote control and home automation to their existing products. “Many traditional home security alarm companies are starting to see how new pressures are coming from technology change and new entrants like telcos, ISPs and utilities who are starting to move into home security on the back of their home automation offerings,” said Mark Naldrett, Sales Director of LiveGuard. “Plugging into our platform will help traditional alarm companies to get quickly up to-date, inject new life into their product ranges and help them protect and optimise their existing customer base. It will also enable them to compete effectively for new sales against the growing tide of cheaper, lower spec’d foreign products.” LiveGuard’s solution enables homeowners to remotely monitor, protect and control their homes in real-time. The platform supports IP cameras and a wide range of Z-wave-based home automation products offering functionality which includes remote alarm control, live surveillance, zone-based alarming and sensor-driven call alerting with cloud-served incident video footage. If there is a problem the system uses a voice call to get the homeowner’s attention but if the alarm goes unanswered it will then contact specified friends and family in rotation to ensure a rapid response to the situation. Alternatively, integration to Immix Call Centre software means that alarm calls can be relayed direct to a third party monitoring station for professional intervention. Home owners can also use their smartphones to remotely control lights, door locks, heating and a wide range of other electrical devices both individually or on a scheduled basis to simulate occupancy when away from home, prepare their property for their return

home and manage energy more efficiently. We caught up with Mark Naldrett to find out more about the system: There are a number of systems on the market that allow remote alarm monitoring, what’s so special about your solution? This solution goes beyond simply remote alarm monitoring. Supplied as an integrated add-on to an existing alarm product, users can arm or disarm their alarm remotely and get a voice call alert with relevant alarm footage. They can deal with it themselves or one-touch divert the footage to an ARC, and if they miss the call the system rings a list of nominated people in rotation instead. On top of all this they can also remotely live view as well as control heating, lights, door locks individually or on a scheduled basis to simulate occupancy, prepare their home for their return and even manage energy more efficiently. How do you think installers could benefit from offering the LiveGuard solution to their customers? Supplied as an integrated add-on to existing security alarm products means that installers can sell new product functionalities to their customer base as well as to incoming clients. The combination of home security with home automation gives them a significant new growth sector to tap into to. And installers do not need to be IT experts either – IP cameras, Z-wave sensors and switches are all wireless so auto detected and configured and you don’t need to open a port on the router either – because it is easy to install and use. Are security concerns surrounding the use of the cloud now a thing of the past? Our cloud platform actually increases security because our “heartbeat” technology means we do not have to open a port on the router which is a major security risk, while smartphones can be paired to the system based on their internal IMEI numbers. We also serve alarm footage to smartphones from the cloud servers so it is still available even if the intruder steals the inhome recording device. Cloud-based applications are increasingly commonplace and secure and the weakest link in cloud security tends to be people not looking after their passwords properly. www.glamex.co.uk

The combination of home security with home automation gives installers a significant new growth sector to tap into to

EDIT article 4 mar14_riskuk_mar14 06/03/2014 13:02 Page 1

Security management

Achieving security success ey control and asset management technology is seeing significant growth across a broad range of applications, and for good reason. It’s a reliable and cost effective method to improve building security by ensuring that facility keys are properly managed with regard to access, storage and tracking. Key management systems can reinforce access control policies that are already in place and can also help to reduce the costs associated with lost keys or unmanaged access. The effective implementation of a key control and asset management system can be achieved through best practices to realise decreased operational and financial risk and provide the best value from the application. This article presents several best practices for deploying key control and asset management solutions, including: • What You Need to Know about the Technology • Getting Started • Designing and Customising the System • System Integration • Software Add Ons • Mobile Applications • Application Examples • Conclusion

What you need to know Key control and management systems are defined as an orderly and secure solution for addressing controlled usage and safekeeping of mechanical keys. The tamper-proof systems are designed so that only authorised users – using pre-programmed PIN codes, access cards or biometrics – can access keys, while on-board advanced technology automatically records all access activity. A basic system typically consists of a computerised key storage cabinet, a key locking mechanism and a tracking system. From this basic package, several options and design variations can be added to customise the solution and help protect the investment as needs grow and change. For networked installations, management software can also be included in the system. Permission levels can be established for each user and data can be monitored from any desktop connected to the network. Additionally, the software can run activity reports, sort based on different criteria and view and print reports, among other uses. Vital documents, cash, employee badging/access control cards, data drives and even small electronic gear can also be controlled

and secured using asset management lockers or keycard modules that can be integrated into a key control system. Asset locker systems are identical in function to key control systems; users can access items only from the lockers/modules for which they have been preauthorised and any activity such as removing or returning items or opening lockers/modules is automatically recorded in an audit trail. Today’s key control and management systems have become a higher level management tool for effectively addressing the safety and security of building occupants and the security of the building assets. Knowing the identity of authorised key holders, which keys they have in their possession or have access to and when they were used are all essential pieces of information needed to help ensure a safe and secure environment. Further, technological developments and open protocols have made it possible to integrate key control with access control and other security systems as part of a facility’s networked security system. Now, a user who has taken a specific key can be denied egress from the facility until the key is returned – and selected management can be alerted via

Fernando Pires, VP, Sales and Marketing at Morse Watchmans looks at why best practices provide best value when implementing key control and asset management systems

A basic system typically consists of a computerised key storage cabinet, a key locking mechanism and a tracking system 27

www.risk-uk.com

EDIT article 4 mar14_riskuk_mar14 06/03/2014 13:03 Page 2

email if a key has not been returned on time. Key management systems have become an operational necessity in environments such as correctional institutions, hospitals, car dealerships, property management, casinos and educational facilities, to name just a few examples. Key management is also a critical function for anyone overseeing security at conference centres, government agencies, control rooms, automotive businesses and corporate buildings. However, key control can and should also be applied to businesses of all sizes because of the measurable benefits of enhanced security and convenience, as well as increased staff productivity and accountability.

Getting started Implementing a key control and management system is a straightforward process that involves a few basic steps: take inventory of the facility to identify all access points and installed locks; ascertain the operational needs of employees as well as of others who may need access to the facility (e.g., service repair or cleaning crew); and establish a policy with easy to follow procedures for effective key control and management. The first step is to catalogue every access point and every piece of door hardware. This process is followed by management assessing which individuals have keys, which keys they have and which doors they access. Without this preliminary audit, itâ&#x20AC;&#x2122;s almost impossible to know what size and type of key cabinets will best fit your needs and where the key control systems should be located. System growth should also be factored in at this stage of planning. What may seem adequate today may become insufficient in a year or two. The ability to add on the exact components you need, or change modules where and when you need, helps protect your investment. This way you will avoid having to rip and replace an entire key control and asset management system because the current system cannot accommodate lockers for securing cell phones or other valuable items, or does not integrate with a new access control system. Next, review operational needs to understand how the facility works on a day-to-day basis, so that use of a key control and management system is efficiently optimised and daily operations are disrupted as little as possible. Whether the facility is a hospital, dormitory,

Mobile applications are quickly becoming a preferred platform for security managers accessing key control data and even to perform transactions 28

www.risk-uk.com

hotel or an office building, having a comprehensive grasp of daily activity will help in implementing a key control system and will also help in minimising the trade-off between security and convenience. If a networked key control system is planned, a review of the network topology will reveal any configuration and performance alterations that may need to be applied. Compatibility with other security systems should also be reviewed to maximise interoperability for more comprehensive integrated operations. A simple but strong set of guidelines for administration and use of the key control system will help to define areas of responsibility and enable better control of the keys.

Designing and customising the system Configuring a key control solution is as easy as identifying needs and then building the system with modular components that meet those needs. Users select a cabinet size, and if more than one cabinet is required, the arrangement can be linear (side by side) or stacked. Cabinet doors may be solid steel or they may be seethrough polycarbonate designs. Choices for modules to fill the cabinets may include a selection of key storage modules, credit card modules or simply blank modules (to be filled at a later time). The combination of modules is entirely up to the user, providing the ability to customise and also change the system to meet growth or other specific needs. Custom modules and lockers that can accommodate plastic card keys or other valuable items may also be included in the system. Lockers, available in various configurations, can be used for storing credit cards, small firearms, cell phones, 2-way radios, laptop computers, tablets, cash trays and so on, and can be managed as efficiently as keys in key control systems. Items can be returned to any open locker for convenience, and systems can be set up as personal storage spaces for one or multiple users. Key control and asset management systems can also be configured with additional security features to help enhance the integrity of the system. For example, where protection of asset lockers itself is mission-critical, installation of a remote access device provides an additional layer of protection by enabling the locker system to be placed in a secure room. A second individualâ&#x20AC;&#x2122;s PIN input and verification are then required in order for an authorised employee to access the contents of a locker. Access to the key and asset cabinets can also be customised, with options including a built-in keypad, biometrics such as a fingerprint reader

EDIT article 4 mar14_riskuk_mar14 06/03/2014 13:03 Page 3

Security management

and a magnetic or proximity card reader. Systems that integrate card readers for access can often utilise the access control cards that are already in use throughout the organisation, making the system implementation easier and more convenient. Changes to an individualâ&#x20AC;&#x2122;s access authorisation can be made instantly by program administrators. The optional user interfaces can be integrated directly into the cabinet for easy accessibility or they may be separate. In either design, users can access only the stored items that they have been authorised to remove or return.

System integration A key control and asset management solution can usually be integrated with the existing physical security system without costly upgrades or overhauls. For example, asset control systems featuring alarm and relay inputs/outputs can be integrated with existing video surveillance systems for additional security. Ethernet and USB capability help to ensure system compatibility and integration. Key management systems can also integrate with a facilityâ&#x20AC;&#x2122;s existing identification cards. The compatibility with other security systems and network access offer an added richness and usability and integration with existing data bases saves time and money. Ethernet or TCP/IP communications ports allow ease of use for direct connectivity to printers or other devices, or networked connectivity via Ethernet.

an incident occurs, management can query the system for specific details, such as a listing of all transactions between certain times; and when doing a follow up investigation, management can request a report for the hour preceding the incident. Or, immediately following an incident, a report can be generated showing which keys are back in the system and which keys are still out and who last accessed them. Together with the audit data from an access control system, a key control systemâ&#x20AC;&#x2122;s reporting system provides a strong evidence trail.

Software add ons

Mobile applications

One of the enabling factors for successful key control implementation is the ability to manage all programming, remote functions and reports for the system with a software-driven solution. Similar in concept to popular access control systems, the PC-based package of key management software helps make day-to-day operations and activities easier and more fluid. Users can be added from a global list and all specific settings (added or modified) will be automatically synchronised across the system. Profiles can be assigned for improved user control, and administrative access levels have various options to be tailored to specific needs such as reports only or alarms only. Built-in schedulers can be programmed to automatically download all data to a secure PC as required by the user. With this capability, management can better sort and analyse information to maintain maximum control of access and security issues. Scheduled email reports, detailing what keys are in or out and who has/had them, keeps security management informed and up to date. If

Advanced communication capabilities also enable key control systems to be monitored and administered remotely from PDAs or smartphones as well as from the desktop. Apps for automated key control systems enable users to maintain control of keys no matter their location. At any time, an authorised user can see real time transactions and information about keys that are in use and any keys that are overdue, as well as about where and when alarms may have been triggered or overall system status. For investigative purposes, managers can even review key usage to determine who may have last accessed a key for a vehicle that was found to be damaged. Having this information available on a mobile device is like having a remote office. Notifications and events are automatically sent to authorised personnel, allowing them complete control of the system. They can cancel an alarm and even, if necessary, remotely disable user privileges. These features, along with multiple others, provide the mobile user with a greater level of convenience and control

www.risk-uk.com

EDIT article 4 mar14_riskuk_mar14 06/03/2014 13:03 Page 4

Security management

when it comes to key control management. Mobile applications are quickly becoming a preferred platform for security managers accessing key control data and even to perform transactions. The result is improved safety and integrity of the facility.

Application examples

The benefits of adding a key bank system to a dealership operation are many

www.risk-uk.com

Educational facilities - a robust key control and management system can provide an additional layer of security and information for first responders in an educational environment. For example, badges can be pre-configured and distributed to designated first responders and, in the event of an incident, when they reach the scene they simply scan the badge into the system and the critical emergency keys will be released. It’s also important to remember that in addition to traditional first responders such as fire, law enforcement and EMS (emergency medical services) personnel, there is a wider circle of school staff and departments that play an integral role in emergency situations. Key control systems that are strategically located, networked and easy to use/manage add to an individual’s ability to efficiently cope with an emergency. Many schools (both public and private) today at all levels are battling budget cuts to their operational expenditures, and key control systems may help reduce costs. For example, services by janitorial or maintenance staff can be shared among several schools in a district rather than be dedicated to a single school, or teaching/support staff may be assigned to more than one school. In these instances, instead of issuing duplicate sets of keys to several employees (and potentially creating a security vulnerability), a single set of keys can be stored in a key control system that is located in the building for which the keys are used. Using their pre-authorised PIN codes, visiting staff can quickly and easily access needed keys without having to go looking for them or interrupt another individual to dispense the needed key. All access activity is recorded and any changes to authorisations can be made quickly and easily by the system administrator. Casinos - To effectively manage casino assets, key control systems store, control and track keys that are used for access to all the most sensitive and highly secured areas of the casino where money and chips are held, including the slot department and cages. Customised features and advanced technology in key control systems also make it easier for casinos to comply with gaming commission regulations pertaining to key control and management. For example, to meet

gaming regulations that require the three man rule to access sensitive or restricted key sets, the key control system can be programmed to recognise these keys or key sets and only open the cabinet door and release them once the three required logins are completed and the credentials verified. These measures ensure that no one person acting alone can access a sensitive or restricted key and that these keys never leave the property. Gaming requirements do vary from state to state, as well as from tribe to tribe. The key control and management system chosen for deployment in a casino environment should be flexible, so that it can accommodate any of the above regulations and much more. It should also be modular and scalable, so the number of keys and the scope of features can change and grow along with the business. Finally, it should be easy to use, as training time can be costly and many employees will need to be able to access the system. Fleet Management / Car Dealerships - The benefits of adding a key bank system to a dealership operation are many. Management controls who accesses vehicle keys, who enters the system, who takes a key and why it is removed and how long the key is out. No more missing keys. No more mystery damage or mileage. In applications for automated key control and management systems used in fleet operations or dealerships, software is available to track key usage so that management knows at any given time who has accessed keys and when. Dealerships that network their key control systems can experience additional benefits in managing vehicle usage. For example, scheduling can be used to ensure that drivers can’t simply grab the newest car on the lot while older cars sit unused. Additionally, networked systems allow keys to be returned to any fleet key cabinet in the system. This makes it easier to track a vehicle that has been returned to a location different from where it was picked up. The system software will record the location and time so anyone looking for that vehicle will know where it – and its keys – is currently located. This benefit allows vehicles to be moved around and located as needed.

Conclusion By following these best practices for key control and asset management systems, users may experience decreased operational and financial risk and achieve best value from the application. The guesswork is removed and the technology can be implemented with measurably higher levels of success.

Project2_Layout 1 06/03/2014 13:52 Page 1

EDIT article 8 mar14_riskuk_mar14 06/03/2014 13:05 Page 2

Setting the standard The recent introduction of mandatory CE marking has helped to ensure all door security products in the EU meet minimum standards, however specifiers should not rely on the symbol as a sign of quality. Here, Jon Burke, Marketing Manager of Abloy UK, warns about the false sense of security CE marks provide, and advises specifiers to use only trusted brands to avoid dangerous and sometimes illegal installations ast year saw mandatory CE marking for all construction products in the EU added to the Construction Products Directive. Now, under the Construction Products Regulation (CPR), it is a legal requirement for UK manufacturers of construction products to apply CE marking to any of their products, which are covered by Harmonised European Standards (hENs). CE marking is an indication of a product’s compliance with EU legislation, enabling them to be traded within the European market. However, a common misconception is that a CE mark guarantees that a product is of a very high quality.

If a product features a CE mark, it means it has met the minimum standards required, but that does not guarantee it will perform to the highest standard

www.risk-uk.com

Quality control If a product features a CE mark, it means it has met the minimum standards required, but that does not guarantee it will perform to the highest standard. For example, a lock CE marked to EN12209 only has to achieve the minimum performance levels of between two and four on the 11-digit classification scale for durability and fire performance. For suppliers and manufacturers, the CE mark is there to offer protection from prosecutions brought against them under health and safety legislation. If a product is performing correctly under its CE mark, then this is a strong defence in any subsequent legal matters. However, problems can arise when Specifiers and installations opt for cheaper products and assume that because they boast a CE mark they will be of sound quality. We are now seeing a large number of counterfeit products featuring CE marks, although they do not meet the necessary safety requirements. This means that by opting for cut-price alternatives, Specifiers and installers could actually be fitting non-compliant products that do not perform properly. In cases such as fire, smoke, and/or escape doors in public places, there is a danger that these substandard installations could cost lives.

Anything to declare? CE compliance also requires the manufacturer to prepare a ‘Declaration of Performance’ (DoP) legal document and to supply it to the customer. If a DoP has not been drawn up, then a CE mark cannot be affixed. By law, DoPs must

EDIT article 8 mar14_riskuk_mar14 06/03/2014 13:06 Page 3

Access control

be made available for anyone in the supply chain to view, and for easy accessibility Abloy UK hosts all of its DoPs on its website. As CE marking is a mandatory requirement for hardware products that are intended for use of fire, smoke, and/or escape doors, all products to be used on these doors must comply with standards EN179 for emergency and EN1125 for panic. They must also have been successfully 3rd party type tested against EN1634-1 for fire performance if the door is fire rated, this applies equally to all hardware regardless of whether a mechanical operation or an electrical operation. For products that are used on fire rated or escape doors, DoP’s need to be available on request, but they don’t have to be provided alongside the product itself. Suppliers and manufacturers will need to retain the DoPs of products for a period of 10 years after they are placed on the market, ensuring a lengthy space of time in case any legal cases are drawn involving that product.

Protecting specifiers So, what does this mean for the specifier and installer? They are responsible for ensuring that products - such as fire doors – that they

supply and fit are compliant with the current building regulations. Harmonised European Standards (hENs) provide a solid technical basis for manufacturers for testing the performance of their products. Specifiers are able to use information from the hENs to assess the performance criteria of a product before installing it. Areas covered include testing, assessment and sampling methods, and further details of the minimum performance criteria required to achieve CE marking and how the product is labeled. For CE marks to be valid, products can only be supplied with the parts that the product was originally tested with. If an installer tampers with a product or modifies it in any way – even something as small as changing the colour of the device - then the CE mark will be invalid and no legal protection will be offered. So, to ensure the utmost safety, specifiers and installers are advised to only use wellknow respectable brands that are renowned for quality products. After all, ignorance will not stand up as a defense in court.

For CE marks to be valid, products can only be supplied with the parts that the product was originally tested with

EDIT article 7 mar14_riskuk_mar14 06/03/2014 13:04 Page 2

Integrating benefits Adam Bernstein looks at access control and integration in the security sector

s technology has developed to offer greater protection so have the threats and the individuals and organisations behind the threats. But it’s not just high security locations that need protecting, it can be premises as mundane as student accommodation where what was almost unprotectable 20 years ago can now be secured – barring indifferent human intervention (students pegging doors open) – with minimal fuss.

Trends Per Bjorkdahl, chairman of ONVIF, a non-profit organisation that promotes and develops global standards for interfaces of IP-based physical security products, sees the internet and internet based protocols as the way forward. He thinks that the use of IP has enabled a multitude of smart and useful features in the systems: “IP has really created opportunities for not only more advanced security features but also for effective management features that were not possible previously.” Neil Thomas, national sales manager, at Videx Security is of the same view; he thinks that the internet (IP) and mobile telephony are transforming the development and use of access control and door entry systems. He says: “With the widespread availability of both audio and video codecs, it was an evolutionary step to include this technology in door entry systems. Although the technology is far different from the conventional door entry system, it offers much more flexibility for the integrator and system designer. It allows systems to be created using an existing infrastructure within a building.” For Tim Northwood, general manager of Inner Range, the Internet has encouraged manufacturers to implement features and functionality that make life a lot more convenient for both integrators and end users alike. He notes the ability for an end user to connect remotely from any internet connection or even 3/4G from almost any device and respond to system alarms and messages in real-time and fully interact with the system.

With the widespread availability of both audio and video codecs, it was an evolutionary step to include this technology in door entry systems 34

www.risk-uk.com

“Providing users and integrators with functionality such as software and firmware upgrades over the internet as well as system licence management saves time on site and therefore money. All this said, where high security is a consideration is has become the norm for outside connections to the internet to be restricted and in many cases denied and quite rightly so.” But Northwood doesn’t really see any individual features or functionality moving major market trends – “but what we do see is that end users are a lot smarter nowadays and want ‘more bang for their buck’”. He considers that the trend is definitely to integrate and automate. “They want a system that is simple to operate yet provides a full feature set from the outset. End users are now far more IT savvy so they understand what is possible and expect their integrated systems solutions to live up to their expectations.” The trends in many technology markets have clearly developed with the introduction of smart phones and tablets. According to Thomas, users are finding they don’t need dedicated devices such as cameras and alarm clocks, radios and so on - one device which offers all (and more) is filtering down into market deployment. Thomas thinks that the use of such devices will continue to grow and will find new applications over the next few years – including the control of door entry and access. By way of example, the Wall Street Journal reported at the end of January that Starwood Hotels & Resorts is implementing a keyless entry system at two locations in the US. Hotel guests will be able to download a mobile application to their smartphone before arriving. Rather than visiting the front desk to check into their room, the guest simply checks in through the app and can go directly to their hotel room. The app generates a virtual key for room entry. So while door entry systems once had been standalone products requiring separate wiring and installation of audio or videophones, with the introduction of IP based products, using standard TCP/IP protocols over local or wide area networks, door entry systems integrate more fully with other devices. Technology is allowing users to answer calls on smart phones and tablet devices and in addition, they are able to deal with visitors more effectively as calls can be answered from multiple devices whether in the home, office or on holiday. So the smartphone is the way forward: A report from Ofcom issued in March 2013, Communications Market Report 2013, reckons

EDIT article 7 mar14_riskuk_mar14 06/03/2014 13:05 Page 3

Access control

The buying pattern and the buyers approaching the market place seem to have evolved recently – and economics is the driving force that 51 per cent of the UK population now owns a smartphone a number that will surely rise when the 2014 report comes out.

Whole package System resilience, in any security application, is clearly going to be high on the agenda. Thomas thinks that the need for redundancy for IP based products is about ensuring users get stable and dependable use out of the systems connected to the network. “Systems should be capable of dealing with any minor interruptions to the network. By definition, the more redundancy built into a system, the higher the cost, so to determine what is required users need to discuss the level of redundancy needed to maintain the required level of operation.” But should buyers purchase a whole package - access control, CCTV, alarms and remote monitoring - from one company? Thomas believes that buyers should shop around because it is not always necessary to purchase different products that make up an integrated system from one company. “Customers need to choose carefully the products they think are more suited to their individual circumstances and talk to the chosen manufacturers to ensure they can then be integrated.” Bjorkdahl confirms this saying that firms “should definitely choose the components that provides the best solution to the specific needs, both technical and commercial.” Part of the reason for choosing the best of breed from the market, says Thomas, is that users wanting to add security systems to their premises are faced with a complex range of options and components with many different features, using different technologies that may not always be suitable for integration with each other. But he thinks that by talking to manufacturers, advice can be given as to how best to choose from the wide range of options available. In contrast, Northwood has a different view. “I certainly think [buyers] should get the heart of the integrated system from one manufacturer because intruder, access, automation as one hardware and software package avoids the interoperability between different manufactures systems issues.” Northwood does, however, make the point that most integrated platforms of this nature can talk to numerous CCTV systems so the end

www.risk-uk.com

EDIT article 7 mar14_riskuk_mar14 06/03/2014 13:05 Page 4

user can normally select their favoured CCTV system. But he believes that remote monitoring is a different kettle of fish and while the integrated platform will provide PSTN/GSM/3-4G/IP signalling, the actual ARC should be the end users choice. Thomas does add, though, “whether buyers should integrate access control, CCTV and intruder protection will depend on individual circumstances. Integration may provide a comprehensive security system that is simpler to manage and makes investigation of incidents easier by linking CCTV images with access control events.” For him, the question of whether to integrate will depend on various factors including the number of potential visitors to a building, the likelihood of crime, vulnerability of users and so on. The chosen system must also be expandable and future proofed as far as possible. This may be why

But should buyers purchase a whole package access control, CCTV, alarms and remote monitoring - from one company? 36

www.risk-uk.com

Thomas believes that biometric systems are ideal for many applications - experience has shown him that in areas where devices are prone to vandalism or misuse, proximity systems may be better suited.

Buying is evolving The buying pattern and the buyers approaching the market place seem to have evolved recently – and economics is the driving force according to Northwood. “We see a lot of end users who are obviously looking to make savings in this current financial climate. The smart ones tend to look for these not necessarily in reduction of product or installation costs, but rather than in upgrading to an intelligent product that can offer more than just a security system.” Of course, it’s possible that those buyers are more in tune with the idea of an integrated system or software package that may be able to control their existing hardware; or maybe they’re looking to bring a number of disparate systems under a single point of control or management. Northwood thinks that the type of buyer is

EDIT article 7 mar14_riskuk_mar14 06/03/2014 13:05 Page 5

Access control

changing quickly as individuals with IT expertise move into decision-making positions within the sector. He also considers that the integrated systems market is still very project driven. He cites the example of someone who is looking for a solution that integrates intruder/access/control and other third party options, such as CCTV and building management systems into one system, who then put this under a single maintenance contract. Interestingly, it’s not just the type of purchase made that’s changing, the method of payment is changing too. Bjorkdahl believes that the market will shift more and more towards recurring monthly revenue streams shared over the internet.

Care and standards When it comes to the specification, Northwood says that this greatly depends on the size and complexity of system required. “A buyer (end user) has a number of options open to them when looking to specify a system. Depending on the size of their organisation they may already have in house expertise such as a security or IT manager who knows what they want and has researched the market for the product that best suits them. A buyer may have a competent systems integrator they already use who can provide advice or they may use the professional services of any of the numerous consulting practices.” But as with any technically based industry, manufacturers are seeing the ever-increasing trend of end users making direct approaches to seek advice. Inner Range is no different. Says Northwood: “Going directly to a manufacturer for advice has advantages as the buyer is more likely to get a complete system overview and demonstration, hopefully making system choice easier. It’s also a very useful process for us as we get to hear first-hand what end users want and this can greatly influence our future product development.” Thomas echoes this: “As door entry and access control systems grow in size and complexity, it becomes increasingly important [for buyers] to speak to manufacturers for advice and guidance.” He adds that recently, organisations such as Secured by Design, the official UK police initiative supporting the principles of designing out crime, have provided advice and guidance on selecting suitable products which have been tested to stand up to attack.

Future proofing and service Naturally no one wants to buy a system that is

Naturally no one wants to buy a system that is out of date soon after installation out of date soon after installation. A classic example of this from a bygone age are the forts built in the Solent during the 19th century to guard against a French invasion that never happened. Costing a fortune, they were redundant before they were finished. Future proofing is the answer and Northwood sees this as a way for manufacturers to retain long term customers rather than selling their products in an everchanging consumer electronics cycle. He considers future proofing an easy option for manufacturers – which more are doing: “Making your new product backwards compatible with older product is essential. Why should a customer/buyer who has invested significantly in a system have to make further large product investment just to take advantage of a few new features?” And by extension, a good service agreement is key too, but Bjorkdahl points out that “any service agreement must reflect the needs of the user organisation - the higher the expected availability of the system the higher the need of a service agreement.” Northwood takes the argument further, “[service] is very important - you’ve invested the latest state of the art integrated system, so why would you not maintain it and be able to call on expert advice and services 24/7?” Thomas agrees. “Whatever the case, it is important that door entry and access control systems are regularly maintained and a service agreement [is in place to] allow users to determine the schedule and details of inspection visits for general cleaning and maintenance.” Bjorkdahl sums up the solution to future proofing: “Make sure the products are conformant to established standards both mechanically and for interoperability.” So today integrated systems have large IT components, software and servers and most end users are going to need support when it comes to database management, software additions and upgrades. It’s becoming far more accepted that an end user will have a service contract with the installer for hardware and maintenance at the site and with the manufacturer for software support which is often carried out remotely. This may well be the way that the industry moves on.

www.risk-uk.com

EDIT article 11 mar14_riskuk_mar14 06/03/2014 13:07 Page 2

Critical infrastructure

Unifying security blind spots T

Critical infrastructure advice from Ian Graham, SVP & General Manager EMEA, Video & Situation Intelligence Solutions, Verint Systems

Cybercrime, espionage and terrorism are the top three security threats highlighted by the CPNI 38

www.risk-uk.com

he nation depends on the proper operation of its critical infrastructure. Airports and seaports, power plants and transportation networks as well as government and military facilities are all integral to the smooth running of the country. Multiple security systems and sensors safeguard these entities, including access control, building management, identity management and panic alarms, video surveillance and analytics. However, the problem is that these systems often operate independently, in proprietary environments, and can even be geographically dispersed which can lead to a fragmented approach to security. With natural disasters, human error and terror threats ever present in today’s society, it is imperative organisations unify their security approach to help keep one step ahead of the potential risks at all times. Critical infrastructure such as power, heat, our daily transportation, and communication structures are at the heart of our existence, however there are a number of threats to keeping businesses secure, and this means security must be watertight. Cybercrime, espionage and terrorism are the top three security threats highlighted by the Centre for the Protection of National Infrastructure (CPNI) and the latter is of particular concern, with terrorism related arrests rising by 60% according to latest figures from the Home Office. The recent security scare at Edinburgh Airport, when numerous outbound flights were cancelled after an unattended bag was found, shows us that the nation is on constant alert, and that there is always a new threat round the corner. At this time of year, it’s common to hear about snow, heavy rain and strong winds causing all sorts of hazards for people and businesses around the country, and this winter is no exception. Floods have recently caused mayhem for transportation lines in the South East, meaning that security teams need to be on high alert and have appropriate drills in place, to monitor for any extra weather induced risk, in case of derailment or power failure. Human error is also a common problem that needs to be accounted for. Recently, the London Underground’s Victoria Line was suddenly closed after a control room was flooded by cement, resulting in hundreds of passengers being evacuated and the damage of critical signalling equipment. In this unexpected scenario, CCTV, alarms and crowd management plans would have been essential in getting everyone quickly and safely out of the station.

Mitigating Risk Through Technology

With the above in mind, what steps should be taken to ensure the highest security levels across our critical infrastructure? Firstly, security professionals should rigorously plan for any of these eventualities. Sitting down with teams to run through emergency procedures should be a common occurrence to enable you to anticipate problems and have contingency in place. In terms of technology, organisations should optimise the placement of security devices, for instance identifying the prime location for security cameras at recognised railway station trouble spots, or biometric scanners at airport check points and customs. Such technology should be implemented to achieve a 360 degree view of any given area. In a more traditional set up, technology tends to operate in silos. However systems are now more advanced and security professionals should be looking to unify processes to create a fully integrated security network that centrally manages all security data. For example, if a camera spots an unusual package at a railway station, it will automatically detect and send this information back to the relevant security manager or the control room. Similar alerts can be coming in from other various devices and locations. To help prioritise and action appropriate responses, a centralised analytics dashboard can be implemented. The right technology can also help in the development of standard operating procedures, the evaluation of contingency plans, and to provide feedback on access and crisis management exercises. Security professionals can run virtual scenarios based on simulated factors, such as an unauthorised individual loitering around a controlled area or environmental problems such as gas leaks at power plants, to better map out escape routes and lock downs. We can’t predict the future, and natural disasters and terrorist attacks are by nature going to take us by surprise. However, as security professionals within these industries, it’s your responsibility to plan for these hypothesised events as much as possible. From implementing basic alert systems to overarching strategy, having the right centralised technology in place to manage the entire process will ensure nothing slips through the cracks and ultimately, keep critical infrastructure and the invaluable services they provide, safe and secure.

Project2_Layout 1 06/03/2014 13:47 Page 1

EDIT article 24 mar14_riskuk_mar14 06/03/2014 13:29 Page 2

Intelligent integration Hugh Hamill, Director of Fire & Security Systems, Boston Networks looks at the shift towards integration and intelligent building systems over IP

With the use of encoders, an evolutionary approach to IP migration negates the high up-front costs associated with analogue systems 40

www.risk-uk.com

ith IP CCTV forecasted to show continued growth, until at least 2017, it seems that the security industry’s focus will shift to fully integrated IP security systems, incorporating CCTV, access control, intruder detection and other intelligent building systems. The increasing number of ‘global’ smart cities and the adoption of intelligent building technologies are indeed transforming traditional communication networks and enabling them to be utilised for much more than just data and voice, with the inclusion of security and building control systems. As technology evolves, intelligent building solutions have proven to ease the facilities burden and pave the way for IT and estates to bridge the gap between departments. Perhaps then it is no surprise then that Frost and Sullivan recently published a report detailing the increase in awareness and expected, considerable, growth of the biometrics market as well as recent news announcements emerging that key industry manufacturers are set to diversify their portfolios, to provide smarter surveillance and access control technologies. The last twelve months have seen key trends appear within the security industry which have paved the way for the development and further integration of the latest innovations and technologies, set to shape the future market place such as: Falling cost of IP technology – IP security technology has seen dramatic reductions in price over the past few years due to the increasing levels of competition between manufacturers and the seemingly boundless progression of technologies. The relationship between access and surveillance - Integration between previously proprietary systems is becoming more and more common and is now more often ‘expected to happen’ rather than asked ‘if feasible’. Physical Security Information Management (PSIM) – The integration of multiple security applications, into a single management system, provides complete visibility of all systems. Benefits include significant cost savings, ease of installation and operation, enhanced usability and future proofing. Business intelligence – The adoption of IP technologies, sophisticated Video Management Systems (VMS) and PSIM software has granted security and estates managers a wealth of business intelligence that can be used not only for security but also payroll, student attendance

records, health and safety requirements and to provide valuable insight to support marketing and sales. Video analytics – The capacity to evaluate video footage at a granular level, allows operators to determine specific information about the content of their video. Intelligent analytics can provide early alerts to incidents needing attention and can relieve security staff from having to watch monitors for hours on end. Remote services – The capacity to enable and disable user’s access to specific areas of buildings or entire campuses remotely has granted organisations significantly higher levels of security. Remote services can allow controllers to simply isolate an intruder or restrict access to an entire building. Mobile access – The unprecedented, global growth of mobile devices and applications has been fully utilised by the security market to offer users mobile access to analytics and critical footage, thus enabling preventative and reactive measures to be actionable in real time.

Why IP CCTV? Across varying sectors the shift from analogue to IP CCTV is continuing to accelerate. The benefits are being driven by both advances in technology and integration capabilities and they show no sign of slowing. With IP CCTV, long gone are the days of massive investment with depreciating assets. Omnipresent and intelligent surveillance acts as a deterrent to anti-social behaviour and theft and enables swift response to any incidents with high quality footage. However CCTV is now used for much more than security, for example providing analytics to help the retail market identify opportunities and reinforce marketing campaigns. IP security products can be gradually introduced and added to existing systems to create hybrid solutions. With the use of encoders, an evolutionary approach to IP migration negates the high upfront costs associated with analogue systems. Moreover there is no mass ‘rip out and replace’ required which is often not a financially viable option. Megapixel and HDTV network cameras provide high quality detailed footage and can employ progressive scan for superior image quality, even in scenes with a high degree of motion. In addition HDTV video can be streamed reliably over IP and wireless networks. Moreover, in a fully IP surveillance system, images from a network camera are digitised once and they stay digital with no unnecessary conversions and no image degradation.

EDIT article 24 mar14_riskuk_mar14 06/03/2014 13:29 Page 3

Smart security

ANPR ANPR differs significantly from CCTV. Data is very easy to capture and quick to search and can rapidly identify locations of potential interest. An important difference includes the ability for ANPR to be used so that offenders can be immobilised in real-time. ANPR systems provide automatic barrier openings for authorised vehicles, whilst logging entry and exit times. Non-authorised vehicles cannot gain access until permission is manually granted to proceed. Number plate data, along with other data such as location, time and read confidence can be seamlessly logged, encrypted and sent via a fixed or wireless network. Additionally, ANPR systems can be seamlessly integrated in to your main CCTV control room and PSIM platform.

IP access control With the latest access control products combining IP readers and controllers, intercom functionality and remote applications, an entirely multifaceted access control experience is coming to the fore. With the utilisation of new technologies and the increasing capabilities for multiple system integrations, common Access Control complexities can be reduced whilst streamlining business processes, providing real time critical data and, most importantly, increasing levels of security. Wireless and IP ID card functionality can enhance security and pride a highly controlled environment. Not only can areas be highly secure and, if desired, entirely inaccessible, an IP solution can provide seamless access to core facilities in a highly controlled and managed way. Entire and multiple buildings can be controlled from a central location, providing unrivalled levels of access control flexibility and greatly simplified security management processes. An IP solution can be remotely managed offering the functionality to access and change profiles rapidly, adding real value. Intelligent ID card systems can provide detailed audit trails of users, granting complete control and granular levels of visibility, enabling them to track the movement of students, staff and visitors throughout buildings and campuses and can delete users remotely and securely, if required.

Intelligent Buildings The integration of security systems, with the IT network, delivers a wealth of benefits and the utilisation of IP and wireless technologies drive scalability and cost effectiveness whilst

delivering increased levels of resiliency and proving simpler to maintain. Delivering estates and security managers all the critical information they require to monitor, maintain and protect their assets, employees and data is, in effect, intrinsically weaved in to the role of the IT department, which is being more and more widely recognised and embraced. Future trends in intelligent building technology will be heavily dominated by security, with the Intelligent Building market predicted to continue to grow this year, in particular we will see: Early adoption - A greater adoption of the integration of security into Intelligent Buildings at point of construction, allowing for greater cost savings and accelerated interoperability. Physical Security Information Management (PSIM) An increase in the demand for PSIM to create truly unified and centralised systems. Edge CCTV storage – to record CCTV footage locally and reduce the transportation of non-critical information when the network is busy.

Smart Integration As a nation, the UK is perceived as a Big Brother society, due to its large volume of CCTV cameras. However with massive amounts of legacy equipment becoming end of life, now is the time to think smarter and deploy truly intelligent and fit for purpose IP security solutions. By using intelligent and integrated security solutions, the need to have a multiple cameras covering a given area is no longer the best or only solution. A far more effective approach is to have a single HD camera that will become active upon specific movement, or an alert from an IP access control system. Moreover the use of ANPR and barrier control technology is another example of where your security estate can work ‘smarter’. With the strategic placement of entry and exit cameras across your estate, you can effectively monitor the entire vehicular activity and reduce the requirement for multiple pan tilt zoom (PTZ) cameras and the hours of footage these would generate. Using this level of integration and managing and monitoring entire estates with an intelligent PSIM solution can deliver multiple benefits – company wide. However from a purely security perspective, streamlined alarm and access control, pre-defined levels of security, high quality HD footage, smart storage and simplified maintenance is, some say, just the tip of the iceberg.

With massive amounts of legacy equipment becoming end of life, now is the time to think smarter and deploy truly intelligent and fit for purpose IP security solutions 41

www.risk-uk.com

EDIT article 28 mar14_riskuk_mar14 06/03/2014 13:31 Page 2

Going backwards? I

Is UK property protection in reverse gear? Here we digest the opinions expressed in the recent AiS London lecture

t would probably come as a surprise to the public and most law makers to know that the fire integrity of new buildings was generally diminishing over the years rather than progressively increasing, that is, if they had been present at Dr Jim Glockling’s controversial AiS London lecture on the evening of 24th February 2014. This is the inescapable conclusion when the roll call of developments over the last few years that negatively impact new build fire resistance is considered, inferred Jim. Wouldn’t it strike most people as odd that as one of the most advanced western economies the UK has a lamentable national policy on the most cost effective active suppression technology of all, namely sprinkler protection? Why is it that the UK and the burgeoning Fire (Value) Engineering consultancy sector see a need for sprinklers in only a few mega projects when our European competitors require such protection on buildings a fraction of the size so that the community’s investment is prudently safeguarded? As values and undivided compartment sizes inexorably grow, rather than beef up national practice on suppression, UK is busy repealing the fire safety provisions of local legislation whilst at the same time introducing unprecedented constraints on the response to

When it comes to the government the fact is that their remit stops at evacuation 42

www.risk-uk.com

automatic detection systems and limitations on fire and rescue services’ budgets. All this makes for an anxious insurance industry coming on top of economic restraints, loosened regulation to encourage low cost building and the popularity of new building systems using materials that cannot possibly compare with traditional bricks and mortar. However Jim is happy to concede that the many construction methods, including ‘modern methods’, and timber framed now permitted by building regulations, are broadly equivalent in terms of life-safety. However this cannot be said when the survival of the building itself and its contents are at stake. The talk looked at how three stakeholder groups - central government, insurers and senior management - could influence this state of affairs. When it comes to the government the fact is that their remit stops at evacuation – there is no further interest in how the building, environment, business, or community suffers beyond this point. It seems to be the government’s assumption that decent property protection standards are market driven by the second group, the insurers. But even if the fierce competition between insurers (encouraged of course by government) allowed it, why should that industry be saddled with the task of imposing standards that elsewhere would be seen as a matter for which for the national authorities take responsibility? When it comes to the last group, the Managing Director level in business, Jim professed himself stumped. Time and again examples are found in industry and commerce of businesses failing to grasp the fundamental disciplines of business resiliency vis-a-vis catastrophic perils. Dependencies without alternatives or back-ups; multiple production lines and combustible storage within a single undivided fire risk; compromises on layout and protection. How is it that astute business brains do not see the exposure to the business of a single catastrophic event when they recognise all manner of other risks that might not be immediately obvious to the man in the street? It’s not as though senior managers can claim they do not understand their responsibilities. They are, after all, familiar with the Companies Act that imposes on directors (amongst other things) a duty to ‘promote the success of the company’ and have regard to ‘the likely consequences of any decision in the long term and the impact of the company’s operations on the community and the environment’. Even when initial proposals support sound business resilience design, typically these see

EDIT article 28 mar14_riskuk_mar14 06/03/2014 13:33 Page 3

AiS comment

subsequent modifications and compromises that look distinctly ill-advised with established protection standards altered “on a whim”. Such observations seemed to chime with the risk advisors in the audience who commented that, to their credit, architects are known to prepare robust designs, only to have them overturned by an unseen hand somewhere between the drawing board and construction. How are these decisions made? Who is advising the decision makers? What expertise do they have? This can be a mystery commented our speaker. On a more positive note however it seems awareness of the importance of continuity planning is gaining traction in UK business with the RISCAuthority ‘ROBUST’ Resilient Business Software Toolkit having registered 12,000 users at last count. To Dr Glockling Fire Engineering is a Jekyll and Hyde - a toolkit that may be used to benefit fire protection or undermine it. When used effectively it uses novel means to achieve resilience goals, perhaps using advanced materials, all appropriate to specific end use. When used poorly, as a vehicle for introduction of poorly performing materials and choices seemingly driven solely by cost cutting and the

profit motive, property protection (as against life safety) is sacrificed. Solutions are often over-reliant on ‘human control methods’. Of the more promising developments on the horizon Dr Glockling singled out the relatively recently created discipline of Building Information Modelling (BIM) with which by 2016 all major buildings will be ‘virtually’ designed. Through the ‘B4FIRE Project’, RISCAuthority, in collaboration with Loughborough University, will seek to ensure all building elements contain insurance relevant information such as ignitability, combustibility, combustible content and fire rating. The aim is to achieve a simple overall measure of ‘Resilience’ and enable designs to be made to an identified level. Additionally, RISCAuthority will soon be releasing a revised version of their Approved Document ‘B’ which incorporates insurer requirements in Annex J – Fire Engineering. This will be updated to cover timber framed construction and will (amongst other things) set a framework for the limitation of fire spread, time to recovery, maximum targeted % capability loss as well as actually dealing with measures to put the fire out - something some fire engineering schemes seem oblivious to!

On a more positive note, it seems awareness of the importance of continuity planning is gaining traction in UK business

EDIT article 15 mar14_riskuk_mar14 06/03/2014 13:10 Page 2

Floods make waves Flood claims volumes should prompt review of insurance claims operations says Owen Knight, Senior Business Consultant with RPost UK o one can doubt the efforts made by insurers to respond quickly to policyholders whose homes have been damaged by the recent UK floods. The extent of the problem has given rise to a number of unique challenges which, once the immediate issues have been dealt with, will encourage insurers to examine the way in which they handle similar events in the future. The concentration of many claims in localised areas has created resourcing issues for both insurers and policyholders who, in many cases, have had to abandon their homes for reasons of safety or discomfort. This presents an initial difficulty in communicating with policyholders who, typically, will have moved out of their homes to temporary accommodation with friends or family, or to a hotel, before moving on to rented accommodation. During this period there is a need for mobile communications, as it may be difficult or impossible to make contact by post or land line. To respond effectively, the insurer will need regular, reliable contact with the claimant to confirm the details of the loss and damage; to arrange protection of the property from further loss or damage; to enable access for loss adjusters, claims management and cleaning up services; and to arrange restoration and repair. Problems faced by the insurer include knowing whether the communication has been received by the claimant and obtaining a response to this communication. A telephone call requires someone to answer; a text message needs confirmation of receipt. Email is a better medium, now that many people have smart phones and can access their email accounts while on the move. Email is arguably the best option, as both sender and receiver deal with the message at a time best suited to them, without the need to be engaged in an interactive process. The problem with standard email is that it is insecure, with no proof of delivery or of content delivered, thus raising the possibility of a legal

To respond effectively, the insurer will need regular, reliable contact with the claimant 44 www.risk-uk.com

dispute between the insurer and claimant regarding these issues. The solution for the insurer, which also provides certainty for the claimant, is to adopt a secure and auditable email service. There are several such services available, all with differing levels of functionality. So what should the insurer be looking for, in order to be able to provide the best solution?

Here are a few pointers. Legal proof of delivery. Does the service provide an audit trail that will stand up in court, which will prove sending, delivery, time of delivery, content delivered and to whom it was delivered? Standard email messages can easily be edited and filed, leading to difficulties in proving who said what to whom. Proof of email delivery is an improvement on postal services where delivery may be recorded, but proof of the contents of the envelope cannot. Legal proof of emailed instructions to loss adjusters and other third parties involved in the solution will protect the insurer against allegations of mishandling the claim. Proof of time of delivery. The recording of the time of delivery of an email allows the insurer to prove that they acted in a timely fashion, as well as providing evidence of the sequence of events. Delivered using a ‘push’ service. When a claimant is forced out of their home by flooding, they may well have lost, or have no access to, their computer. There is no point in asking them to access documents in a repository or web service, as they may not have access to the sign-on credentials and password. Also, such processes are dependent upon action by the recipient. By using a ‘push’ approach, all the recipient needs is access to an email service and possibly a web browser. Push services also reduce friction in the claims process. Recording proof of responses. Some services provide the ability for an email recipient to respond securely, and can be used to provide legal evidence of the timing and content of the

EDIT article 15 mar14_riskuk_mar14 06/03/2014 13:10 Page 3

Insurance

response. The ability to sign contracts electronically. In some cases an insurer may not have a continuous contract with a loss adjuster. When a disaster occurs, the insurer may ask a loss adjuster to send a team immediately to the affected area with the intention of ‘sorting out the contract later’. A secure email service with eSignature and eContracting facilities makes it easy to negotiate and sign contracts by email, thus providing certainty to the contracting parties and eliminating delay. Encryption. There may be a requirement to send encrypted email to safeguard personal, sensitive and confidential data, such as lists of valuables, or alarm codes. A secure email system should be able to provide this functionality. Portability. Insurers and loss adjusters will need to be able to send secure email from mobile devices in the field, to allow responsive decision making to be converted into action. Integration with back office systems. It must be simple to integrate the secure email service into existing systems, using APIs provided by the supplier, or using the standard SMTP protocol. Some additional work may be required to accommodate new methods of

handling claims. The potential benefits of a secure email system in dealing with flood claims are clear, streamlining the claim process and providing proof of communications that can be used as legal evidence should problems arise. Implementation of secure email need not be expensive, nor does it require scheduling of a major IT project. With additional demonstrable benefits in improved business process, compliance and in countering fraud across all areas of any insurance provider, a secure email system can be implemented as part of a ‘business as usual’ budget if properly planned – and should pay for itself through savings on postage and mail handling costs.

EDIT article 20 mar14_riskuk_mar14 06/03/2014 13:13 Page 2

Justice for all? Victims of crime – justice where art thou? Asks Crawford Chalmers, ASIS UK Chapter Charity Liaison Lead and also Deputy Chairman of EPIC ne of the problems in answering the question in this country is the very meaning of what people understand by the word justice, or hope that it means. For anyone facing criminal charges, there has always been (and always will be) the paramount principle in law of respecting and protecting their rights to a fair trial. For victims of crime however, justice as they experience it too often means disappointment and frustration. Depending on the seriousness of the crime, it can quite simply be life changing. Only last year the government set up a new board which will attempt to improve a criminal justice system that it hopes will help tackle a range of problems, not least of which are ‘unforgiveable delays’. The only surprise is how long it has taken for this to happen when half of all criminal court trials scheduled on a given day do not go ahead as planned, taking up valuable court time and contributing significantly to the frustrations of victims and their witnesses. As one of many who works when time allows as a volunteer in the Victim Support Witness Service, I know only too well how such delays impact on the way criminal justice works for victims in our courts. In the early stages of my past life in CID, a renowned criminal barrister told me not to get dispirited following a crown court acquittal – ‘ It’s all in the game’ as he aptly put it. From my perspective, the ‘game’ continues to be played out in courts up and down the country every day. It is a cornerstone of our justice system that a defence lawyer has to ensure the evidence is rigorously tested at all times , and if that means putting victims through the most challenging experience of their lives then so be it. The prize of winning the case is the only objective and the reality that many people forget is that the lawyers practise law, not justice.

Last year the government set up a new board which will attempt to improve a criminal justice system that it hopes will help tackle a range of problems 46

www.risk-uk.com

Many millions of pounds are spent preparing cases for trial, and defending those charged with offences. Victims are not so lucky. The various services which support them rely mostly on volunteers and only around 2% of the costs of our criminal justice system are spent directly on them. So why have delays become ‘unforgiveable’ ? Two of the reasons I submit are not historically focused on enough because they are considered essential to the rights of all defendants. Firstly, whilst there are many who do plead guilty at the very first court date, those who decide to plead not guilty kick start a system which gears up for a trial whether to be held before a magistrate or before a jury in the crown court. The problem is that in literally thousands of those ‘not guilty’ cases, the defendants change their plea to guilty on the date of the trial. The result of this is that many millions of pounds are wasted in Crown Prosecution Service costs, but what about the impact on victims? As I have seen all too often, they will be at court waiting to give evidence and preparing themselves mentally for what is often a nerve-wracking experience, only to be told they are not needed. One reason for this is that defendants delay pleading guilty until the day of the trial hoping that victims and their witnesses will not show up, leading to a collapse of the case. In many cases these defendants are being funded by legal aid. In my view this amounts to nothing more than a public funded waiting game, and a straightforward abuse of the system. To put it even more bluntly, I suggest it qualifies as witness intimidation. The average waiting time for crown court trials, from the time a decision is made to hold a trial to it actually beginning, is six months , though in the London area it is not unusual for a victim to wait a year or longer for a trial to be held. Secondly, and considered a right that can never be jeopardised, is the ‘sacred cow’ in our criminal justice system – the right to trial by jury. This cow means that a defendant can choose trial by jury over small thefts with real examples such as stealing food items worth a few pounds, stealing from a parking meter, or theft of an old mobile phone. To make matters worse, two thirds of defendants who choose a crown court trial in cases which could be dealt with by magistrates (‘either way’ cases) finish up pleading guilty when they get to crown court. Why? In addition to hoping the victim or witness

EDIT article 20 mar14_riskuk_mar14 06/03/2014 13:13 Page 3

ASIS comment

will not turn up, another answer may be found as far back as 20 years ago. Lord Runciman who chaired the 1994 Royal Commission on Criminal Justice warned then that one of the three main objectives for defendants opting for trial by jury was simply to put off the trial. There were a number of “personal” reasons for this, one being to enable defendants to have part of their sentence counted while on remand in a softer prison regime, which includes being able to wear their own clothes! The reality of all the delays is that victims may decide to give up on the trial ever taking place, and may no longer want to give their evidence. Can they be blamed for being unable to keep their lives on hold indefinitely? Does the longer the time gap between the crime and the trial make it possible that the victim’s evidence is likely to be regarded as less reliable? Could this be a gamble that some defendants and their representatives take? With such a reality, it is obvious how difficult it can be to persuade victims to report crimes in the first place, and then to be willing to give evidence. Some light in the long dark tunnel for witnesses has been the abolition last year of

committal hearings intended to speed up and improve efficiency. Pilot schemes have also begun in terms of an ‘Early Guilty Plea ‘ system . Amazingly it has taken until very recently for proposals to be put forward for a change in the law which would give greater protection in court for example for victims of rape and child abuse. There is much to be done to enhance the rights of victims of crime, because after all “If we do not maintain justice, justice will not maintain us” (Francis Bacon 1561-1626)

Available Now!! SA66 & DA66 Two new revolutionary electric locks that solve all the issues with transom fitting and Side loading on both single and double action doors. Issues with shear locks, and solenoid bolts are problems of the past. • • • • • • • • • •

Releases under side loads in excess of 100kg (PRen13637) Holding force of 1000kg 10mm thick solid stainless steel bolt 13mm bolt projection Pulls door closed if misaligned by up to +/- 8mm Fail safe/fail secure Bolt stays retracted until door is closed to eliminate bolt noise Door and bolt position monitors Surface housings available for both timber and glass mounting Fire rated BS.476.Part 22-1987

www.secure-access.co.uk Tel: 0845 1 300 855 info@secure-access.co.uk

EDIT tif mar14_riskuk_mar14 06/03/2014 13:39 Page 2

Technology in Focus CCTV you can do yourself! Hadrian Technology has launched what is described as an easy to use and affordable DIY CCTV system, the Hadrian DIY kit. General Manager of Hadrian Technology, Gary Trotter, hopes the new kit will encourage more home owners to reassess their security measures. Gary said: “CCTV systems are a powerful form of deterrent from potential thieves and can help home and business owners relax when they leave their premises. The Hadrian DIY kit is a good value option for those operating on a budget. Our new DIY system is quick and easy to be installed by the home owner. Following installation by the customer, they can then call on our team who will visit their home free of charge if required, to link to any remote monitoring device they want to use with the CCTV.” The kit comes complete with four colour eye ball style cameras suitable for indoor and outdoor use, built-in infrared, four 20 metre cables, a power supply, and a four channel digital recorder. Another added bonus is that the system comes with a 500 GB hard drive, which will collect a month’s worth of footage on each camera comfortably. Footage can be streamed directly to an app on smart phones, laptops and a tablet, which helps users keep on top of things wherever they are. www.hadriantechnology.co.uk

Aluminium enclosed ATEX approved sounders E2S has launched intrinsically safe alarm horn sounders and combination devices with aluminium enclosures. The IS-D105 sounder and IS-DL105 combination device are approved to IECEx and ATEX standards for Zone 0 and the IP66 sealed marine grade aluminium enclosure is phosphated and powder coated, offering enhanced protection for on and offshore applications. The alarm horn produces up to 105 dB(A) at 1

www.risk-uk.com

Locks allows temporary access Codelocks has enhanced its KitLock 1000 cabinet locks to enable cabinet owners to grant temporary access to their cabinets by using time-sensitive access codes. “Many of our digital locks are used to restrict access to equipment locked inside cabinets, for example, data servers locked inside cabinet racks or machinery within utility cabinets,” said Grant Macdonald, Managing Director of Codelocks. “NetCode is a new web-based application that gives managers the ability to grant temporary access codes to a remote location, so an authorised engineer or customer can access their equipment unaccompanied.” The application is particularly useful where access is required for routine servicing or oneoff maintenance purposes, for example, where service engineers might visit many different locations in one day. Using the application, a field service manager (FSM) can generate timesensitive codes for the engineer to gain access to the locked cabinets. The code can be sent via an SMS text message or by email to the engineer’s mobile on the day the access is required. Using time-sensitive access codes is a more secure way to grant access, as the code will not work outside a designated timeslot. KL1000NC cabinet locks are configured prior to dispatch with a unique matching algorithm, allowing the NetCode software to predict the access codes on the lock. www.codelocks.co.uk

metre with a choice of 49 alarm tones and two additional, remotely selectable, alarm stages. For specific applications, custom tone configurations and frequencies can be engineered. The sounder can be combined with an LED beacon featuring an array of 6 highintensity LEDs. The alarm sounder and LED beacon can be powered through a single Zener barrier or galvanic isolator. Alternatively, the audible and visual elements of the IS-DL105 combination model can be controlled individually. www.e2s.com

EDIT tif mar14_riskuk_mar14 06/03/2014 13:39 Page 3

Technology in Focus

Stand-alone door control Kantech has introduced the ioPass SA-550 Stand Alone Door Controller for use in small security applications. Designed as a self-contained, stand-alone unit, the ioPass SA-550 complements Kantech’s existing line of access control solutions, addressing the need for a simple, effective and intuitive tool that can be deployed by growing businesses. The ioPass SA-550 offers an integrated 26-bit Wiegand ioProx proximity card reader that can store up to 1,000 users. For ease of installation, the unit is programmed directly from the keypad, with all commands displayed on a 16-character, 2line LCD. The ioPass SA-550 supports up to eight door configurations, with flexible options such as door access schedules and unlock schedules. The configuration data is transferrable to other SA-550 door controllers via a USB key. Other features of the ioPass SA-550 Stand Alone Door Controller include an audit trail for the last 3,500 transactions with a time stamp, a six-language selectable user interface, the ability to program 24 recurring holidays and 24 nonrecurring holidays per controller, and four door access schedules and one door unlock schedule per controller. www.kantech.com

Tough, water resistant data displays Data displays are an essential component of most contemporary equipment; however, because they must be visible, they are often the most exposed and the most vulnerable. They are often difficult to fix securely in place and even more difficult to protect. The Storm 5100 Series features toughened, water resistant, data displays with integral USB 2.0 interface. These robust, monochrome displays are ideal for use in exposed or industrial environments. Bright white transflective display technology is securely encased within a sealed and impact resistant bezel. The bezel features a hard coated UV and scratch resistant, polycarbonate window. Available in either 20 character x 4 line, 20 character x 8 line or 128 x 64 pixel graphic versions these USB 2.0 display devices can be easily installed into any control panel or equipment enclosure. They require no liquid sealants or adhesives to achieve a toughened, sealed and weather resistant installation. Offered in a range of eight different configurations/specifications, Storm 5100 Series Displays offer designers a ‘ready to use’ data display solution for a wide range of indoor and outdoor applications. www.storm-interface.com

Oxygen reduction system to prevent fires Nobel Fire Systems in conjunction with Isolcell now offers the oxygen reduction fire prevention system, N2 FireFighter. The methodology of the N2 FireFighter is based on the principle of keeping the atmosphere in areas to be protected low in oxygen, less than normal ambient. This will automatically extinguish and inhibit combustion while remaining safe for humans. The effect of this auto-extinguishing atmosphere on humans is the same as the air at 3300m elevation; the partial pressure of oxygen at that height is equal to the partial pressure of oxygen in the methodology of N2 FireFighter. Therefore N2 FireFighter prevents the start of any combustion in the protected areas by monitoring and controlling the proportion of oxygen to nitrogen in the enclosed atmosphere. The oxygen reduction system uses machines with specific, automatically regenerating filters, which modify air through a process with reportedly very low energy consumption. The proportion of oxygen to nitrogen is changed without the need of additional products or compounds. www.nobel-fire-systems.com

www.risk-uk.com

EDIT tif mar14_riskuk_mar14 06/03/2014 13:39 Page 4

EN54 compliant fire panel with VdS certification

Repeater panel for two-wire fire system Fike Safety Technology (FST) has launched a Repeater Panel as part of its TWINFLEX pro Smart 2-Wire Fire Detection System. The Repeater Panel is a small remote display unit that can be connected to a 4 or 8 zone version 2 TWINFLEX pro panel via an RS485 data link, with a maximum of 8 Repeater Panels connected to a single control panel. The unit does not itself connect to or control any devices; it simply reports all fire and fault events that occur in the system. It can also perform system actions over the data link (i.e. silence alarms, reset, sound alarms and silence buzzer). The Repeater Panel is intended to provide display capability at secondary building entrances, nurseâ&#x20AC;&#x2122;s stations and at any location where the panel event information is required to be displayed. The TWINFLEX pro system incorporates the Multipoint combined smoke and heat detector with built-in sounder, which allows the whole system to be easily installed using only one pair of wires per zone. As Multipoint offers 7 different modes of detection, the installation is made simpler since one device suits all applications. www.fikesafetytech.co.uk

Hazardous area lighting range launched Raytec has launched Spartan - a range of ATEX/ IECEx LED floodlights that the company says will change the way we look at lighting for hazardous area environments. The new range delivers an output of up to 9,000 lumens. The floodlights are also reportedly ultra-efficient, using half the number of LEDs compared to traditional solutions and requiring a maximum of only 120W. Its CoolXtrudeTM thermal management system delivers power whilst ensuring an operational life of 10 years+, allowing Spartan to be rated for up to T6 environments. Spartan is ATEX and IECEx approved for all Zone 1 and Zone 2 applications and is enclosed in a marine grade aluminium housing with toughened front glass window, using Raytecâ&#x20AC;&#x2122;s long-life LED technology. The range offers a full flood light family, available in three sizes, White-Light and Infra-Red and emergency versions. Spartan Linear and Bulkhead products are also available on request. www.rayteccctv.com

www.risk-uk.com

Bosch Security Systems has further developed its Universal Security System with the UGM 2040 BMA model, a modular, large-scale unit for complex fire alarm systems. The central server is capable of managing up to 200,000 data points, either via serial data paths or Ethernet as required. This makes it particularly suitable for large companies with a decentralised system structure, such as airports, banks, energy supply companies or large plants. The new fire panel UGM 2040 has been awarded VdS certification (G 213071) and conforms now also to EN54-standards. The fire panel is operated centrally via up to ten colour touchscreens for each system node. These touchscreens can either be integrated into a 19-inch system cabinet or positioned on a base for use in different locations. It offers scenario-oriented, intuitive operation including full text searching and numerous filter functions, providing a clear overview of even complex systems and rapid processing of alarm messages. The integrated serial interfaces permit the UGM 2040 to connect to existing fire detector systems or subsystems and can serve as a central, cross-system control unit for automated processes in distributed, connected subsystems. In the event of a fire, for example, the system can be used to activate specific approach routes for the fire brigade from a central workstation. www.bosch.com

EDIT tif mar14_riskuk_mar14 06/03/2014 13:39 Page 5

Technology in Focus

Fisheye camera for panoramic views

Software upgrade with virtual keypad Eaton’s security business has announced the availability of the latest software for its Menvier and Scantronic i-on intruder control panels, V4.04, with features that will appeal to installers and enhance the end-user experience. The most notable feature of V4.04 is the introduction of a virtual keypad –that can be accessed via a web browser interface. By using a common web browser such as Mozilla Firefox, Google Chrome, Apple Safari and Microsoft Internet Explorer, via almost any desktop and mobile device, installers and end users can gain remote access to a control panel from anywhere in the world by using an on-screen version of a physical keypad. V4.04 is free of charge and any installers who are part of Eaton’s Touchpoint Membership Programme are able to update control panels with the new software. A key feature that has been improved is the ability of the system to transmit a text message to an end user to alert them about an alarm. This used to rely on network operators’ SMS bureaus, which often proved to be unreliable. V4.04 has added ETSI Protocol 1 functionality as a way to send a text message over PSTN and increase the performance of this feature. www.eaton.com

Thermal camera for low-light or zero-light use DVTEL has released ioimage Thermal, a new line of thermal cameras. Available in fixed and pantilt versions, the cameras feature video analytics to deliver image interpretation and comprehension for customers requiring detection in low-light or zero-light environments. Powered by DRS Technologies the cameras can be integrated with existing surveillance systems. The ONVIF Profile-S-compliant ioimage Thermal camera is the first product in the line of edge-based surveillance devices from DVTEL that

American Dynamics has introduced the Illustra 825 fisheye camera, a camera that provides video quality and smooth digital pan-tiltzoom (PTZ) movements for capturing real-time 180°/360° panoramic views of wide areas. According to the company, with a single 5 megapixel camera, the Illustra 825 Fisheye can do the work of two, three and sometimes four cameras in many indoor applications. Leveraging the power of 5 megapixels, this camera can provide a 360°degree view of a whole lobby using a ceiling mount or a 180°degree view of a room, using a wall mount, or even a 2x2 view of 4 simultaneous dewarped streams. The Illustra 825 Fisheye is reportedly easy to set up, configure, and maintain with its webbased user interface. The Illustra Connect tool provides quick access to firmware upgrades, IP address assignments, diagnostics and more. ONVIF compliant, the Illustra 825 Fisheye works with a variety of mounts in the American Dynamics portfolio. www.americandynamics.net

Dome camera with IR LEDs Santec has extended its CCTV camera portfolio with the introduction of the new dome camera VTC-261IRP featuring day/night switching. The unit has been designed for indoor applications and the camera is equipped with a manual zoom lens with 2.8-12 mm focal length. Camera settings can conveniently be made by using the OSD menu (On-Screen-Display). The camera’s versatility is due to characteristics such as Wide Dynamic Range (WDR), day/night function and integrated IR LEDs. www.santec-video.com

are optimised to work in low-light conditions. The infrared detector allows ioimage Thermal devices to detect the energy (or heat) that all objects, structures and people emit. This approach, says the company, enables a more consistent image than traditional cameras in harsh environments, such as those affected by fog, haze, smog, smoke, rain and extreme variances in temperature. The new thermal line is compatible with the entire DVTEL IP-based technology portfolio and is scheduled to be available in early 2014 through DVTEL’s network of authorised resellers. www.DVTEL.com

www.risk-uk.com

EDIT tif mar14_riskuk_mar14 06/03/2014 13:40 Page 6

Cameras built for the outdoors Axis has launched three outdoor-ready, marinegrade stainless steel cameras that enable 360° coverage of wide areas in resolutions up to HDTV 1080p and zoomed-in detail with up to 36x optical zoom. Axis Q60-S cameras, with SAE 316L stainless steel and a nylon clear dome cover, can operate in -30°C to 50°C (22°F to 122°F). They have IP66, IP6K9K, NEMA 4X and MIL-STD810G 509.5 approvals, ensuring protection against dust, rain, high pressure/steam jet cleaning, snow,

Self-Managed Switch with Gbps Uplink ComNet Europe has introduced a six-port SelfManaged Ethernet switch, the CNGE2FE4SMS. The switch has four copper TX ports and two Gigabit SFP Ethernet ports. This allows the Ethernet data from the four TX ports be combined and uplinked through the Gbps SFP port and multiple CNGE2FE4SMS units to be daisy-chained together through the gigabit backbone. It can support a large number of IP cameras depending on the selected camera’s bit rate. The Gigabit uplink capability can handle a larger number of cameras as compared to the company’s other SMS products. The self-management feature requires no user intervention and is preprogrammed to avoid flooding the network. The CNGE2FE4SMS offers management without the cost or user knowledge required for a managed switch. This port-configured Ethernet switch allows the user to create a virtual Local Area Network (VLAN) that manages the Ethernet data being transported, thereby preventing network flooding. The CNGE2FE4SMS is pre-programmed and meets the IEEE 802.1x VLAN management standard. The two optical ports are designed to forward

Transmitter converts devices to wireless The LGTX434 wireless transmitter module, from Luminite, converts third-party active IR beams, door contacts and other alarm devices to wireless operation. By removing the need for hard-wiring, the transmitter module makes installation quick and simple, with control by Luminite’s Genesis detector system. “The Transmitter Module simplifies and speeds up installation times by using wireless communication,” explains Graham Creek, Managing Director of Luminite. “Detectors and

www.risk-uk.com

ice and salt fog. The cameras come with a multiconnector cable and a media converter switch that allows for network connection using standard network or fibre optic cables. The switch also enables the cameras to connect to external alarm devices via two configurable input/output ports and to 12 V power. Stainless steel mounting accessories are sold separately. Axis Q6042-S provides Extended D1 resolution and 36x optical zoom. Axis Q6044-S offers HDTV 720p and 30x optical zoom, while the Q6045-S supports HDTV 1080p and 20x optical zoom. www.axis.com

the data from the four electrical ports to the next switch, to a PC, or another Ethernet connection. CNGE2FE4SMS is an easy way to add IP Video to a network and is designed for use in harsh environmental applications. www.comnet.net

alarm products can be positioned for optimal detection performance, because they don’t require civil works for installation. Only 3 volt or 12 volt power is needed. 12 volts is for when an external power source is used and 3 volts is for when batteries are used. Battery life depends on battery capacity, but is often 2 years or more.” Up to 64 Transmitter Modules and PIRs can be used in a single wireless system, communicating with a Masthead receiver up to 1Km away. The Masthead is connected by RS232 or Ethernet to a CCTV system. www.luminite.co.uk

EDIT tif mar14_riskuk_mar14 06/03/2014 13:40 Page 7

Technology in Focus

360 degree hemispheric-view mini dome IP camera

Keep keys safely to hand Securikey’s Self-Retracting Key Reel range now features a choice of over 30 models including the Heavy Duty Key Reels designed for the industrial and commercial market, with each model capable of carrying up to 284g. The range includes the Super 48 models, which feature a durable yet lightweight case made from a polycarbonate material as well as a patented ball-joint feature that secures keys firmly in place. The Super 48 can be attached to belts via a metal spring clip that converts to a belt loop, or a leather loop if preferred. Other models in the Heavy Duty range are manufactured with either an ABS or stainless steel case and offer four methods of attachment to either belts or clothing to cater for most requirements. All models, including the Super 48, incorporate the recognised Kevlar cord, which is stronger and lighter than steel on an equal-weight basis and offers a smooth, quiet operation. There is also a choice of Extra Heavy Duty models, which are capable of carrying weights up to 425g and are ideal for securing items such as GPS devices, torches and larger tools. Best suited for light commercial and domestic use, all models in the Standard Duty Key Reel range are housed in either a stainless steel or an ABS case and feature 600mm of stainless steel chain. Light Duty models are also available and offer attachment options of either a spring clip or a jewellery pin, with 910mm of nylon cord to ensure ID or access control cards are kept close to hand at all times.

Available from the end of February 2014, the SNCHM662 from Sony makes it possible for users to have five megapixel (MP), high-resolution video and a 360-degree view of an area with one camera. The SNC-HM662 features a 360degree panomorph lens from ImmerVision which provides clarity and resolution towards the edge of the lens, whereas, says the company, traditional lens technology performs better in the centre. The camera is also optimised to maximise the sensor coverage resulting in a higher resolution where necessary. These features combined make the camera suitable for panoramic overviews. The SNC-HM662 also supports electronic pan/tilt/zoom (ePTZ) and 11 different viewing modes through the Sony Web viewer. The SNC-HM662 is designed to be used with a VMS solution so that ‘de-warping’ (correcting image distortion and straightening the viewed image) can be fulfilled on the client side. This feature gives viewers the advantage of always seeing a complete overview of the recorded video scene, regardless of the live view being digitally cropped and zoomed to an area of interest. The SNC-HM662 also supports twoway audio with an optional microphone and speaker, PoE and edge storage capabilities. www.pro.sony.eu

www.securikey.co.uk

Card readers offer encryption layer AR10S-MF/AR40S-MF card readers for the SiPass integrated access control system from Siemens are compatible with Mifare Classic, Mifare Plus and Mifare DESFire EV1 cards. When used in conjunction with Mifare Classic and Mifare DESFire EV1 cards, encryption technology is employed between the card and the card reader. In addition, all communication between the card reader and the host system can be encrypted, delivering a high level of security. The card readers are also ready for near field communication (NFC) standards which allow for contactless communication.

The basic version is a straight card reader, while other versions incorporate an integrated keyboard and an easy-to-read OLED display that enables system alerts and messages to be delivered instantly. Both the keypad and the display are illuminated, and their brightness automatically adapts to the ambient light conditions. All versions have an LED frame which can be illuminated in red, yellow or green. The card readers are available for surface and flush mounting and clip securely to a backplate or recessed box that has been previously installed and can be removed only using a key. www.nextgenerationcardreaders.com

www.risk-uk.com

EDIT ria mar14_riskuk_mar14 06/03/2014 13:37 Page 2

Risk in action Door entry panels for riverside project

One Tower Bridge is a riverside development situated adjacent to Tower Bridge and the Tower of London. Urmet was selected to supply the door-entry panels for this high-end residential project. Berkeley Homes needed a full-IP solution for this development that was both aesthetically pleasing and also reflected the needs and requirements of the highly discerning individuals who will take up residency at the development. The developers chose 52 Power over Ethernet (PoE) Elekta Glass Panels for all of the entrances at the eight blocks within the development, which comprises 350 apartments in total. The buildings all have a dedicated 24-hour concierge and security managed by Harrods Estates. With Urmet’s range of IP solutions, the eight residential blocks are interlinked to provide instant, single-platform control for all access and security-related requirements. www.ipervoice.co.uk

Doors for security and hygiene Assa Abloy Security Doors has supplied cleanroom doors to an NHS Foundation Trust hospital in Central London. St Thomas’ Hospital, based on Westminster Bridge Road, London, is a prominent landmark due to its location opposite the Houses of Parliament on the banks of the River Thames. Assa Abloy Security Doors worked with the hospital to correctly specify doors, which would contribute significantly towards hygiene, as well as providing important security and access features. Powershield cleanroom steel doorsets were specified to reduce the development of surface bacteria and prevent the spread of infections throughout the hospital. Assa Abloy Security Doors installed the doors in the new Central Sterile Services Department in the hospital over a period of two weeks and also installed standard hardware and cleanroom glazed screens, with up to 60 minutes fire Integrity. Aaron Moffett, Quantity Surveyor at ASSA ABLOY Security Doors, said: “Cleanliness and hygiene within a hospital are usually only associated with practices, processes and apparatus, consequently the importance of doors can be overlooked. However, specifying the right door can be essential in providing protection against the build-up and transfer of dirt and contaminants.” www.assaabloy.co.uk/securitydoors

www.risk-uk.com

Water success with CCTV upgrade Twelve months ago, Secure Engineering won the tender to extend the existing camera system at one of the largest water sites in the UK. The site in question has over 40 analogue cameras in place, and needed nine new cameras to be used primarily for process monitoring, and also for security. Secure Engineering looked at the site holistically, working out how the camera infrastructure could be utilised to be IP compatible, with the greatest opportunities for the other analogue cameras to be updated when budgets allowed. Water sites can be somewhat harsh environments, with spray, dust and dirt potentially risking image quality. Secure recognised that infrared LED cameras with integrated wiper facilities were needed, to keep the images clear in all weather and lighting conditions. The company installed a Dallmeier NVR, and nine new analogue cameras by Redvision, with IP encoders added to each one. The cameras were linked with an 8-core fibre optic cable, configured in a self-healing ring network that ensures uninterrupted service. This provides the beginning of a new modular system, which the remaining analogue cameras can be added to over time. This work phase nears completion, and will be completed early this year. www.SecureEng.co.uk

EDIT ria mar14_riskuk_mar14 06/03/2014 13:38 Page 3

Risk in Action

Danish complex sees drop in incidents IQinVision has revealed that Ellemarken Condominiums, located in Køge, Denmark, has deployed a combined IQinVision and Milestone IP video surveillance system to improve safety and reduce vandalism. Smartguard was in charge of project installation. The Ellemarken complex, situated in Køge, Denmark, 45 miles southwest of Copenhagen, is comprised of more than 1,125 one, two, three, and four bedroom units. The condominium’s management sought to improve overall security at the complex, prevent break-ins and theft, reduce graffiti, and most importantly, prevent unauthorised persons from entering buildings through each building’s stairwell entrances. The housing development has deployed 248 IQeye cameras throughout all its buildings, locating them in every stairwell entrance. The majority of the cameras are IQeye Alliance-mx models. Video is recorded at 8 frames per second and is viewed mainly for post-incident investigation. All camera data is managed by Milestone XProtect Corporate IP video management software (VMS), designed for large-scale, high-security deployments. Since the cameras have been installed, Ellemarken management has noticed a significant reduction in the number of security incidents. Several crimes have already been solved using video evidence and with the large decrease in the number of crimes and other expensive incidents, management is confident their expenditure on the IQeye cameras will achieve a full return on investment within two years. www.iqeye.com

Luxury hotel resort completes IP upgrade installation A luxury hotel and resort group has completed the first installation of IDIS DirectIP full-HD surveillance at its new flagship resort in Phuket, Thailand, as part of a wider programme. Ahead of opening the Phuket resort, the group’s security team needed to implement an HD video surveillance solution that would be unobtrusive and match the resorts luxury brand and image. The solution needed to ensure the safety and security of the resort’s guests and staff, while the implementation needed to meet extremely tight deadlines ahead of the inauguration in late 2013. Integrator Rutledge Integrated Systems (RIS) specified the complete end-to-end DirectIP solution, comprising 45 internal and external dome cameras and two 32channel network video recorders (NVRs), is managed through the simple and intuitive IDIS Centre video management software (VMS). The IP-enabled and vandal proof range of one and two megapixel cameras, also feature pan-tilt-zoom, low light and audio functionality. Eighteen terabytes of storage provided by the DirectIP NVRs support the resort’s requirement to store 31 days of footage all in full-HD. Andy Rutlege, Managing Director at RIS, said, “The luxury resort group are an existing customer for RIS, and we were determined to complete the project ahead of the inauguration. We are currently rolling out two similar DirectIP solutions in the Maldives and Miami with another nine scheduled over the next few months.” www.idisglobal.com

55 www.risk-uk.com

EDIT ria mar14_riskuk_mar14 06/03/2014 13:38 Page 4

Kent school expels false alarms Milton Court School in Kent is a one-form educational establishment for children aged 311 years old. Over 250 staff and pupils occupy a two storey Victorian building that has undergone extensive refurbishment over recent years to create a stimulating, comfortable and energy efficient learning environment. However, after recognising that its fire detection system was nearing the end of its life and becoming increasingly unreliable, Paula Cruickshank, office manager at Milton Court, took action. She comments, ‘We were experiencing frequent false alarms, which in this type of environment is extremely disruptive. In order to have a more reliable life safety infrastructure we needed a completely new solution that could meet our needs both now and in the future.’ Obsidian Security was awarded the contract in July 2013. Project manager, Ben Aspland, explains, “Milton Court required a BS 5839 compliant category L2 analogue addressable fire detection system. Detection and alarm devices from Hochiki Europe, controlled by a Kentec Syncro AS panel provided an ideal package to meet the school’s requirements.’” The fire detection system is based around Hochiki Europe’s Enhanced Systems Protocol (ESP), a total communications solution for intelligent fire detection. The fact that ESP is an open protocol system means that detectors, interfaces and control equipment are interchangeable.

LHDC fire system for power station Hinkley Point B Nuclear Power Station site licensee and operator EDF Energy placed an order for the supply, installation and commissioning of a Patol linear heat detection cable (LHDC) fire detection system in order to protect cable flats and risers in the power station. Giving early detection of hazards at temperatures well below flame point, the Patol LHDC comprises a coaxial cable inside a protective sheath. The core of each cable is tinned copper coated steel with resistive negative temperature coefficient polymer insulation. The insulation is formulated so that the polymer starts to conduct as temperature rises. When this happens, the controller compares the signal and triggers an alarm. The technology has been applied at the Hinkley B facility to replace an original system installed in the 1990’s which required 140 local zone monitoring units dispersed throughout the cable flats. The new system offers significant

www.risk-uk.com

To minimise disruption to Milton Court during term time, the work was carried out during August. Describing the scope of the activity, Ben Aspland says, ‘We needed to keep the existing system fully operational to provide complete protection during the process. We also had to put in place a new wiring infrastructure, as the cable that was already in-situ was very old, did not meet the current standards and did not extend into some of the areas where new devices would be sited.’ The system features Hochiki Europe devices including over 60 ALG-EN optical smoke detectors, which feature High Performance Chamber Technology. This minimises the differences in sensitivity experienced in flaming and smouldering fires and helps to reduce the possibility of unwanted alarms at Milton Court. These are complemented by a number of the company’s heat detectors, sounders, sounder bases and interface units. In addition, ACA-E multi sensors have been sited in the canteen and staff kitchen and were chosen specifically for their ability to alternate between day/night detection modes. The detectors are programmed to operate as heat sensors during normal school hours and as optical smoke sensors and heat sensors outside of these times. This significantly reduces the probability of false activations caused by normal cooking smoke or steam in these areas. The times are set via the control panel time clock and can be reset when necessary to account for changes of use or school holidays. www.hochikieurope.com

technological advances, employing control modules grouped into five distributed swing frame control cabinets with 19 inch rackmounted LHDC monitoring and actuation control modules. This makes identification and location of a potential incident much easier, with each control module monitoring the existing zonal length of analogue re-settable LHDC. The modules feature a two stage alarm output, activated when a short length of the cable is elevated in temperature above the pre-defined trip points. The alarm signals from the modules are sent to the site’s fire alarm system and also to 600 zonal metron actuated sprinklers located throughout the cable flats. If the second stage of the two stage alarm is reached, the relevant sprinklers are automatically activated to quickly extinguish the fire in the affected zone. A further benefit is easy access for maintenance, with the control cabinets located outside the cable flat and riser areas, thereby eliminating the need to work in confined spaces. www.patol.co.uk

EDIT ria mar14_riskuk_mar14 06/03/2014 13:38 Page 5

Risk in Action

New hospital protects life and property Apollo Fire Detectors’ Discovery range of fire products have been chosen by Static Systems Group and Skanska to provide life and property protection at the new premises of The Royal London Hospital. The Royal London Hospital has been at its current location on the south side of Whitechapel Road, Whitechapel, since 1757. Phase 1 construction work at The Royal London Hospital, part of the £1.1billion redevelopment which also includes St Bartholomew’s Hospital in the City of London, took place over five years and opened in January 2012. The hospital’s new premises consist of three interconnecting tower blocks – two of 17 storeys and one 10 storeys. There are 746 beds arranged over approximately 26 wards and 26 operating theatres. At peak times there are approximately 7,000 occupants within the hospital’s building and grounds, including patients, staff and visitors. Static Systems recommended Apollo as the solutions provider for the project. In total, more than 10,000 Discovery units are installed throughout The Royal London Hospital’s new building, including around 5,000 multisensor detectors, approx 150 heat detectors and around 1,500 manual call points. The fire system consists of 37 main fire alarm panels with over 180 loops, 17 repeater panels and two Master Inter-ringing Units (MIUs). These are monitored and managed by two central indicating equipment PCs, one in the fire command centre for occupation and use by attending fire officers and one in the 24/7 building management office. The system, which monitors more than 500 zones, also includes around 3,500 input and output units. These units interface with automatic fire dampers, access controlled doors, sprinkler flow and anti-tamper valves, lifts, Motor Control Centres (MCCs), and initiates, via firefighter’s control switches, smoke extract and purge fans. As required by the HTMs, in the case of a fire, the building is evacuated on a phased basis. www.apollo-fire.co.uk

Fire safety upgrade for housing association Trent & Dove Housing has recently completed a smoke and carbon monoxide (CO) alarm installation programme using solely Aico mains powered alarms and accessories. Aico 160 Series smoke alarms were originally fitted throughout the 5,200 properties located across East Staffordshire by Trent & Dove Housing shortly after the Association took over the housing stock from East Staffordshire Borough Council in 2001. With the alarms approaching their ten-year replacement date, Trent & Dove undertook a fire risk assessment and decided to increase the specification from a BS 5839-6 category LD3 system to the more robust LD2. This has involved replacing the alarms throughout to the new Aico 160RC series, upgrading to optical alarms on landings, installing heat alarms in kitchens and interconnecting all alarms on the system, with the addition of a central alarm control switch. To reduce installation times and costs, Trent & Dove Housing has kept the existing Aico 160 series Easi-fit base plates for the alarms fitted upstairs, while installing the ground floor alarms on RadioLINK bases. RadioLINK allows Aico alarms and accessories to be wirelessly interconnected by Radio Frequency (RF) signals rather than cabling, which saves time and disruption when installing systems in existing properties. Martin Veckungs, Project Manager at Trent & Dove Housing, comments on the new alarm specification and the savings made: “Any additional alarms would obviously require mains wiring into the system, however by using heat / smoke alarms and switches with RadioLINK interconnection, we achieved a relatively simple installation without the need to run interconnect cable back to the closest alarm. In order to link into the existing wired alarms we could simply exchange one of the existing bases for a RadioLINK base, keeping disruption and disturbance to a minimum. This solution was ideally suited to properties having no accessible ceiling void such as ground floor / intermediate floor flats.” www.aico.co.uk

www.risk-uk.com

dycon ad risk nov13_Layout 1 06/11/2013 14:01 Page 1

D15xx & D24xx SERIES DIN-rail Mounted 1-3A Power Supplies

• No fixing screws required, clips directly onto an NS32 (‘G-Section’) or an N35/7.5 ‘Top Hat-section’ DIN-rail • Efficiency higher than 90% at full rated output • 230vAC -12vDC, 230vAC–24vDC, 1–3 A output versions • 110vAC–12vDC version for construction sites • With or without battery backup

Dycon POWER SOLUTIONS

EDIT article 1 mar14_riskuk_mar14 06/03/2014 13:00 Page 1

FIA comment

t a recent ‘fire event’ in the Palace of Westminster the opening address was given by Brandon Lewis, a DCLG Under Secretary of State (aka the ‘Fire Minister’) with responsibilities that include fire. Brandon emphasised that prevention and protection are now the front line for the Fire & Rescue Services. Indeed over the last ten years there has been a 35% reduction in domestic fatalities so this approach in conjunction with the efforts from other fire stakeholders is paying dividends. Brandon threw down two challenges to all in the fire sector, namely: How can we keep up this reduction in fire fatalities? How can competency become the norm for all in the fire sector? Further speakers warmed to the issues highlighted by Brandon, for example a senior fire engineer commented that competency is required from all involved with fire safety whether their buildings be ‘code compliant’ or fire engineered. He went on to say that it should be remembered that however good the fire design of a building it can be ‘undone’ by poor construction and maintenance. A discussion ensued as to whether all fire engineering is value engineering as there had been some comments about this earlier on, most of it being anecdotal with no hard evidence. The competency theme was built upon by a representative from a fire research facility who asked why Building Regulations 7 (Materials and Workmanship) and 38 (provision of fire safety information to the Responsible Person) aren’t adhered to so that the building is ’safe’ and its subsequent occupiers are fully informed of its fire protection systems. To supplement these comments it should be appreciated that Approved Document B (the fire guidance document to the Building Regulations) says, “Building Control Bodies may accept the certification of the installation or maintenance of products, components, materials or structures as evidence of compliance with the relevant standard. Nonetheless, a Building Control Body will wish to establish, in advance of the work, that any such scheme is adequate for the purposes of the Building Regulations.” In part this answers Brandon’s competency challenge as if the Materials and initial Workmanship are dealt with by certification schemes and then if the appropriate paperwork and associated information are passed on to the Responsible Person then they can ensure that the building is kept ‘fire safe’. However the Brandon could bring influence to bear by ensuring that only competent people (those that are members of suitable schemes) are used on all buildings or as

Time for listening a minimum on those that employ the use of taxpayers’ money. A National Social Housing Fire Strategy Group representative echoed the previous speaker’s views by arguing that there is a real need to sort out Building Regulation 38 and the way that it is implemented and enforced. A thoughtful presentation from the Fire Protection Association posed the question as to why the Government won’t legislate to protect: The most vulnerable in society from fire Those people affected by others over whom they have no control when it comes to fire Very large premises from the ravages of fire which can cause loss of life, property damage and reduced levels of employment In particular the comment concerning the most vulnerable in society would drive down fire deaths in this demographic group, such legislation would include the provision of the appropriate fire protection systems at the change of a tenancy (fire detection, suppression etc.). Indeed past Westminster events have included presentations on the level of fire deaths in rental accommodation, and in particular those properties where there is no working smoke detection. A similar piece of legislation applies in Scotland under the ‘Repairing Obligations’ so one must ask why English rental property is not treated in the same way? Hopefully Brandon is now listening as Government announced on 20 November 2013 that it would be carrying out a review as to whether new rules are required for carbon monoxide and smoke detectors in private accommodation. The Government’s own champion for fire safety in rental accommodation gave a presentation concerning Firemark which is a training and advice tool for all of those involved with fire safety in rental accommodation. He indicated that when he asked Brandon’s predecessor Bob Neill about the implementation of Firemark he was told, ‘you don’t get it do you? Just get on with it!’ Now that last comment is a pragmatic attitude that could be applied to all of us in the fire sector including the Minister and only time will tell if he heeds the answers to his challenges and gets on with it in the appropriate manner!

The ‘Fire Minister’ throws down challenges but will he listen to the answers?! asks Graham Ellicott, Chairman, Fire Industry Association (FIA)

Brandon could bring influence to bear by ensuring that only competent people (those that are members of suitable schemes) are used on all buildings 59

www.risk-uk.com

EDIT article 3 mar14_riskuk_mar14 06/03/2014 13:02 Page 2

Tenant protection Andrew Bennett solicitor in Eversheds’ National Health and Safety and Environment Team looks at fire risk and multi-occupancy buildings

ith 8.5 million people in England now renting from a private landlord and 17% of UK households living in social housing, how can landlords and owners of multi-occupancy buildings ensure fire protection, detection and evacuation measures are all adequate for tenants? The issues surrounding fire risks in multioccupancy buildings were brought painfully to light on 3 July 2009. On that day six people died in a fire at a council-owned tower block, Lakanal House, in London. Tragically, the 11 week inquest into their deaths (in March 2013) found that the deaths could have been prevented had opportunities regarding fire safety been taken. The spotlight during the Inquest was on Southwark Council, owners of the tower block, but clearly the case is also of relevance to private landlords or owners of multi-occupancy buildings.

The law on fire The Regulatory Reform (Fire Safety) Order 2005 is the primary source of the legal requirements in this area since this legislation replaced the former fire certificate regime for commercial premises under the Fire Precautions Act 1971. In short, the 2005 Order seeks to draw parallels with the Health and Safety at Work Act 1974, and the supplementary health and safety regulations to this Act, by creating a specific regime of risk assessment and fire risk compliance regarding the risk of fire. The 2005 Order creates responsibilities for specific people such as the “responsible person” (the person with control over a building) who has the responsibility to assess fire risk and implement fire safety procedures that are workable for the buildings under their control. If they do not have the expertise to do this, then they must hire a “competent person” to do so. The duty (placed on the responsible person) to do everything “reasonably practicable” to protect people in a building or in the vicinity from the specific risks associated with fire is also now specifically enshrined in fire safety legislation. However, this legislation specifically excludes domestic premises and therefore the implications of cases such as the New Look fire in Oxford Street in 2007 (for which New Look were fined £400,000 in 2009) may have been overlooked by private landlords and owners of multi-occupancy domestic buildings. The 2005 Order only applies to the common areas of house in multiple occupation (HMOs),

www.risk-uk.com

flats, and other sheltered accommodation. Sitting alongside the 2005 Order, the Housing Act 2004 created a new regime of regulation for fire safety in existing residential premises through the housing health and safety rating system (HHSRS), licensing provisions for HMOs and management regulations for HMOs. The HHSRS will generally be the principal tool used to assess and enforce fire safety standards, but HMO licensing conditions will reflect HHSRS assessments. As with the 2005 Order, the responsible person for the purposes of fire safety provision and maintenance at the residential accommodation is the person having control – usually the landlord, or alternatively in HMOs the manager. The 2005 Order and the 2004 Act therefore combine to form a twin set of regulation for HMOs which has the potential for overlap, and for incidents to slip unnoticed (and investigated) between a gap between the two pieces of legislation. The Lakanal House fire and subsequent inquest is therefore crucially important in closing this potential gap in general awareness and enforcement of fire safety, and also considered who (the council or the building contractor responsible for the construction of a building) should be responsible for ensuring that a building is complaint with building regulations (although the latter topic is out with the scope of this article). Moreover, many of the issues that caused the fire at Lakanal House arose because of modern refurbishments to the building, highlighting the fact that even recently built multi-occupancy buildings may have fundamental flaws with regard to fire safety. Key recommendations from Lakanal House Inquest Coroner Frances Kirkham chose to make several recommendations (via Rule 43 letters) to the council, the Communities and Local Government department, and London Fire Brigade. The key recommendations were: Further guidance should be given to assist HMOs in considering what the extent of fire risk assessments should be. On a general level, evidence demonstrated that many HMOs and social landlords have still not conducted sufficient fire risk assessments (or in some cases, any fire risk assessment at all) on their buildings, despite the fact that the legislation has now been in place for many years. The Lakanal Inquest demonstrated that HMOs often have some of the most complicated building structures of any building premises, and therefore specialised HMO fire risk assessors may be necessary. Buildings should have clear plans of their layout and escape routes, which are easily

EDIT article 3 mar14_riskuk_mar14 06/03/2014 13:02 Page 3

HMO fire safety

accessible to the fire brigade. A massive frustration for the fire brigade at Lakanal House was the confusing and complicated flat numbering system (for the 98 flats) in the building and the fact that they could not easily identify the escape routes in the building when they attended. Although one of the fire fighters had visited the building only two months before the incident to familiarise themselves with the building, another fire fighter had been so confused by its layout that he had actually checked the same flats twice, not realising that the 10th floor was actually just the second floor of the ninth floor maisonettes that he had already checked. Residents should know what to do in the event of a fire. There was confusion as the fire service attending Lakanal House appeared to give a mixed message to residents whether or not they should attempt to leave or stay in the building. Evidence from the inquest suggested that residents within Lakanal House knew little about fire safety within the building. On a national level, the coroner recommended that the government publishes guidance clarifying when tenants should be told to “get out” of blocks and when they should be told to “stay put”. Modern refurbishments can actually weaken the fire safety of a HMO. Expert evidence at the inquest demonstrated that panels fitted to the outside of Lakanal, and then causing curtains on other floors to be set alight, during a recent refurbishment would probably have burned quicker than the original materials. This caused the fire to spread quickly on the outside, rather than the inside, of the building. Similarly, “boxing in” under the stairs in the flats significantly failed in less than five minutes, causing the fire to spread quicker and through unexpected routes. Any modern refurbishments to a building should be assessed (and brought to the attention of local authority building control departments) for their potential impact on fire safety. Expert David Walker suggested landlords view a ten per cent sample of flats inside a block when doing fire risk assessments.

Steps to fire safety Whilst the Lakanal House Inquest was important in raising awareness of fire safety issues in HMOs for private landlords and owners, the issues that caused the fire could have been prevented if the basic concepts of fire risk assessment had been followed. These are: Step 1: Identify Hazards within the premises. Risk assessing the modern refurbishments at Lakanal House would have shown that the

panels on the outside of the building and the “boxing in” would have a significantly negative impact on fire safety. Step 2: Identify people at risk within the premises. Does the risk assessment identify how many people are within the building, how many flats there are and where they are located, and how easily they will be able to use fire safety procedures? This is also aligned to ensuring that the people within the premises are actually aware of the fire risks in a building. Could a fire fighter easily locate people within a building in the event of a fire and avoid the confusion that arose at Lakanal House? Step 3: Evaluate, remove or reduce risk and protect against remaining risk. The level of risk must be evaluated once the key parts of the premises and hazards are identified. It is a legal requirement that wherever practicable measures must be taken to eliminate or minimise risks. This means measures proportionate (in terms of time and money) to the level of risk. The refurbishments to Lakanal House, and the visit of the fire brigade to the building just weeks before the fire, were the most obvious missed opportunities to properly implement step 3. Furthermore, in 2009, a BBC investigation found a report into the safety of Southwark’s tower blocks that was done on the authority of a parliamentary committee as early as 2000. The report carried out by Southwark Building Design Service said that Lakanal House had a “risk of localised fire spread between wall panelled sections”. Step 4: Record, plan, inform, instruct and train. This is linked to Step 2 above, and the failures in relation to this step were plainly evident at the Lakanal House Inquest.

Conclusion Ultimately, the council, the other public bodies, and the contractors involved in the inquest regarding Lakanal House were not prosecuted. However, there was a full corporate manslaughter investigation carried out by the police, and in another recent case Warwickshire County Council were fined £30,000 after pleading guilty to a health and safety law charge relating to the death of four fire fighters in November 2007. Clearly fire risk assessment is back in the spotlight, and private landlords and owners face tragic consequences, and the risk of being involved in lengthy investigations, prosecutions, and potentially inquests if they fail to take risk assess fire safety standards, take advice and implement necessary changes to the way they control fire risks within their buildings.

The 2005 Order only applies to the common areas of house in multiple occupation (HMOs), flats, and other sheltered accommodation 61

www.risk-uk.com

Project1_Layout 1 03/02/2014 12:31 Page 1

29– 30 APRIL 2014 | OLYMPIA, LONDON

Counter Terror Expo offers the most comprehensive display of technology, equipment and services alongside a high level education programme designed to protect against the evolving security threat. 9,500 attendees and 400+ exhibitors will participate in a free to attend exhibition, multiple show ﬂ oor workshops, new show feature zones, IEDD demo area, high level conference streams, behind closed door brieﬁngs and networking events in one secure environment.

Co-Located with

Lead Media Partner

Integrated Security Sponsor

Scanning & Screening Sponsor

Supported By

CTX 2014 for Security Professionals If you or your team are responsible for the protection of companies, assets and personnel within; Anti-Piracy, Aviation, Banking, Communications, Critical National Infrastructure, Energy, Finance, Health, IT, Logistics, Maritime, Nuclear, Oil & Gas, Police, Private Sector, Security Companies, Supply Chain, Transport Security, Utilities and Water or other large scale sensitive sites, then CTX 2014 is your must attend event.

EDIT it news mar14_riskuk_mar14 06/03/2014 13:35 Page 3

IT News

Are you opening the gates for more cyber-attacks? The Internet, cloud servers and the easy access to broadband have given workers the opportunity to perform their duties even when they are not at their desks. However, accessing a server remotely means that there is no firewall to stop potential cybercrimes. According to a survey carried out by TalkTalk Business, 82 per cent of small business employees use work time for personal matters, over a third of them for more than two hours a day. TalkTalk Business surveyed 1,000 small business employees with over 70 per cent admitting taking work home on evenings and weekends, clocking up an average of 1.7 hours each day. With business commitments creeping into personal time, the vast majority of employees (82 per cent) are redressing the balance themselves by also catering to personal needs at work. Given that less than half of respondents feel they can spot obvious scams, this blurring of work and personal life has the potential to cause security headaches. Modern scams are extremely complex, and men appear less confident in their ability to identify them than women: 40 per cent of men say they’re easily able to recognise threats online, compared to 50 per cent of women. Somewhat ironically, employees in IT and telecoms are the least confident in their ability to spot risky content. This could be because they are often technically-trained and understand the complexity of modern viruses, therefore are less likely to underestimate them. Checking the news, shopping online and ‘life admin’ – tasks like booking travel or online banking – are the most common activities done on a work computer. While some respondents acknowledge the threat these actions could pose, the majority seem unaware: just under a third, 32 per cent, said shopping online while at work may be risky to the business, and only a quarter believe streaming music or video poses a danger to the company. “The traditional 9-5 is a fallacy”, says Charles Bligh, Managing Director of TalkTalk Business. “For many people, work no longer ends at the office door, it continues on the train home or after picking up the kids from school. “That flexibility has to work both ways. It isn’t surprising to see people catering to their own personal needs in office hours, but security solutions need to evolve to reflect that change of behaviour. Malicious content is getting more advanced and harder to spot – we only need to look at recent malware targeting the NHS or Yahoo! for proof of that.”

IT News

Encrypted data recovery on-the-fly Software engineers at Kroll Ontrack have unveiled ‘decryption-on-the-fly,’ technology that can reduce the amount of time it takes to recover encrypted hard drives with a logical or physical failure – a key development in light of the growing number of cyber threats that are driving the adoption of encrypted drives. This automated decryption technology allows engineers to target only areas of the hard drive that have been used while also automating the decryption process – improving the typical industry recovery turn time dramatically. A typical recovery project involving an encrypted drive can take up to five days to complete using traditional solutions. CA Technologies estimates IT downtime costs North American companies $26.5 billion per year, at an average cost of $42,000 per hour according to Gartner, Inc. “Simply put, the longer a company is without its data, the more money it loses,” says Paul Le Messurier, data recovery operations manager, Kroll Ontrack. “We know our new ‘decryption-on-the-fly’ technology represents a breakthrough for the data recovery industry because it can make a significant impact on a company’s ability to rebound from an IT outage or other potentially catastrophic events with minimal damage to the business.”

According to a survey carried out by TalkTalk Business, 82 per cent of small business employees use work time for personal matters, over a third of them for more than two hours a day, increasing risk

www.risk-uk.com

EDIT it news mar14_riskuk_mar14 06/03/2014 14:24 Page 4

IT News

Cyber attackers trying to influence stock trading Prolexic Technologies has said that cyber attackers are using DDoS attacks in an attempt to influence market values and interfere with exchange platforms. The Prolexic Security and Engineering Team (PLXsert) details the findings in a white paper, DDoS Attacks Against Global Markets. “Typically, DDoS attacks are launched to fuel public discourse, or for revenge, extortion and blackmail – but that is changing,” explains Stuart Scholly, president of Prolexic. “During the past few years in particular, DDoS attack campaigns have posed a significant threat to the financial services industry, as well as other publicly traded businesses and trading platforms. As part of our DDoS attack forensics, we have uncovered a disturbing trend: Many of these malicious attacks appear to be intent on lowering the target’s stock price or currency values, or even temporarily preventing trades from taking place.” The public image of a global business or financial service is closely associated with its cyber presence. Taking a publicly traded firm or exchange platform offline – and spreading rumours that raise questions about its ability to conduct business online – can create false or misleading appearances. This is a hallmark of market manipulation. Overall, PLXsert found a direct relationship between DDoS cyber-attacks and a temporary change in the valuation of a company. “A few specific cyber-terrorist groups are responsible for most of these attacks. So far they have not been successful in bringing down an entire major marketplace,” says Scholly. “But DDoS attacks keep getting bigger, stronger, longer and more sophisticated, so we cannot be complacent. What’s more, the risk goes beyond the actual outage – social media chatter and media coverage can amplify the perceived effect, disruption and damage caused by a cyberattack campaign.”

A new approach to data protection Sophos SafeGuard Encryption 6.1 has been released to enable wide-scale adoption. Addressing the two biggest issues in encryption - performance and usability - SafeGuard Encryption 6.1 leverages on native operating system (OS) encryption for better performance. It also delivers multi-platform management across all devices and Cloud environments. “We’re pleased to deliver SafeGuard Encryption 6.1 with a different approach that enables people to work the way they want for new levels of productivity, without sacrificing time, performance or features,” says Dan Schiappa of Sophos. “With it we are enabling organisations to fully embrace a data-centric approach to encryption; to reach compliance standards; and to maintain credibility and good standing in today’s market.” With Sophos SafeGuard managing Microsoft BitLocker for Windows or Mac FileVault 2, the time required to encrypt a disk and boot up the operating system is greatly reduced, as compared to third party encryption engines. Disk encryption time is up to seven times faster and boot times are up to three times faster. Terry Myerson ofMicrosoft, said, “Sophos Safeguard offers the best of both worlds by taking everything that makes BitLocker great and adding innovative compliance and enterprise-management capabilities on top of it.”

www.risk-uk.com

IT security training for staff needed A survey conducted by One Poll for PhisMe in December 2013 revealed that UK office workers do not understand basic security threats and organisations are failing to provide adequate training to help identify them. A quarter of UK office workers do not know what phishing is and almost a fifth of UK organisations do not provide training to help staff understand security threats. The survey looked at the attitudes of 1,000 UK office workers, revealed that UK organisations are taking a lackadaisical approach to security training, with 19 per cent not providing any staff security training whatsoever, and 24 per cent not providing basic security training, including induction training, classroom training, employee security policy training or phishing training. The recent spate of cyberattacks against some of the well-known brands have highlighted the significant impact cybercrime can have on organisations. Businesses cannot afford to ignore or short-change the importance of staff security training given the odds of compromise. Failure to do so can result in significant financial losses to organisations, as well as loss of intellectual property, confidential customer data, and customer trust. Commenting on the findings, Rohyt Belani, CEO of PhishMe, says: “Phishing is one of the biggest security threats to organisations and it is critical that staff are given continuous training on how to identify evolving threats. Attackers use techniques such as spear-phishing where they create very credible looking malware-bearing emails and target specific individuals within an organisation, based on publicly available information. A disengaged employee population makes it increasingly difficult for organisations to defend against advanced cyberattacks. “Organisations that provide staff with immersive security training are able to leverage them as a line of defence and a robust attack detection mechanism, to better protect their networks. Even if a company has all the latest security technologies in place to protect their systems, human susceptibility is still one of the leading causes of a successful breach.”

EDIT article 13 mar14_riskuk_mar14 06/03/2014 13:07 Page 1

Proactive protection

The proactive approach nformation security is proving to be a static concept in the way it is being implemented even as ‘proactive security’. It is evident among the more prepared companies are making dangerous risk judgments about where to invest in protecting against a breach, and how to invest in response and recovery from the loss of critical data, and the compromise of systems. Many firms are yet to appreciate that a critical vulnerability is highly likely to cause such a severe impact that the ability to return to normal operations does not constitute ‘recovery’, and is very much secondary to the long term loss or damage to the organisation and its reputation. To many firms, the loss of trust among customers, suppliers, or partners will have long term implications for their ability to generate revenue and profit. So why is this the case? In most cases, security managers are being over-faced with technological solutions that claim to be critical elements in providing a security barrier to intrusion, and companies are investing in ‘great hopes’. The main hope being that various layered systems are left to run and successfully detect and block attempted intrusions. This management attitude is essentially reactive and passive. The shift towards a more proactive approach first requires a seismic shift in management perspective, to view security as an essential function to protect what companies have built over many years, and ‘prevail’ in the ongoing confrontation with malicious adversaries. But the reality that all companies face is stark. They are invariably ‘weaker’ than the opposition, unprepared for the challenge they must meet, and quite unaware of the many manifestations of the threat. So it is no surprise that they find it difficult to grasp what an enduring and relevant security model really looks like, let alone, how to implement it. Moreover, the simplistic approach commonly adopted shows the ‘symptoms of delusion’ that have plagued security concepts since the building of Hadrian’s Wall to the Maginot Line, and they are perilously under-estimating their adversary. The reality of current practices is that they are failing. Penetration testing is providing no guarantees that vulnerabilities have been uncovered, and security measures are being circumvented every day. In short: static security postures are ineffective when faced with an ‘advanced’ attacker who has the ability to apply a sophisticated approach that corporate security can neither anticipate, nor detect in time to

effectively prevent. Proactive security requires a complex, and integrated or ‘converged’ approach that incorporates human and physical security elements as much as IT security to provide ‘security of information’. Human failings and lacklustre adherence to good security practices tend to explain many security breaches and the era of employees bringing their own devices into the work place is exacerbating the risk that companies face. Social engineering, subversion, targeted intrusion, and infiltration can all expose information security technology to threats from within ‘the perimeter’. For most organisations the human and physical elements require leadership and cultural change that prove difficult for them to adopt, because of the intensive program of awareness that is required to support more rigid policy and procedure. In the meantime, firms are investing in technology but still experiencing unsustainable losses, and discovering that the technology is being persistently undermined by different methods. Cyber threats are now broader and more dangerous, and have proved that static security concepts are insufficient in the face of advanced and well-funded attackers. The rise of espionage in the cyber domain has shown that information is not secure, and e-sabotage is a growing threat to process industries. The issue is much less about the nature of the security concept, but more about the ‘doctrine’ that firms adopt to combat the threats. Industry needs to move from ‘security’ concepts to ‘defence’ concepts. Defence is a more dynamic concept because it incorporates the assumption that we have to react to an attack in real time, and we require various options with which to respond, depending on the objectives and methods of the attacker. This is increasingly the case as organisations are learning that the attack process, [from the attacker perspective] from first reconnaissance to full assault, can last for days/weeks/months. In the case of espionage, and the evidence of malware like ‘flame’ or most recently ‘the mask’: the end game is not ‘assault’ but the exfiltration of information that can persist for years.

Dan Solomon of Optimal Risk looks at the shift towards proactive information security and why your protection choice is vital

In most cases, security managers are being over-faced with technological solutions that claim to be critical elements in providing a security barrier to intrusion

www.risk-uk.com

EDIT article 13 mar14_riskuk_mar14 06/03/2014 13:08 Page 2

Proactive protection

To many firms, the loss of trust among customers, suppliers, or partners will have long term implications

66 www.risk-uk.com

An advanced approach to cyber defence should consider adopting a pre-emptive approach, and a more active defence posture. Both need to be seen as different ‘doctrine-based’ approaches: A pre-emptive approach assumes that active measures will anticipate current threats and are prepared to repel attacks, based on relevant threat intelligence, preparation, and testing of response measures, and as part of a ‘developed’ detection-response doctrine. This approach is built on the principles of pre-empting potential failure, by simulating what defence needs to achieve, how to achieve it, and under which circumstances it will fail. This is then mapped against the types of threat that the organisation faces and informs any enhancement of capabilities that is required. It ensures ‘readiness’ to deal with what reasonably can be anticipated, and the effectiveness of capabilities that the firm has. To many organisation this approach presents great benefits, not least to build trust and confidence in the capabilities they have in place, and the response they can deploy to an attempted intrusion. It also helps to enhance awareness within the organisation around weaknesses and different attack scenarios by regularly testing security and exercising response. A pre-emptive approach is effective in the majority of cases where it is implemented comprehensively, but for some organisations, the intensity required for such a high level of readiness and awareness is difficult to maintain. It requires an ongoing program of ‘sensitisation’ so that security apparatus and processes are fine-tuned to the impending threats as far as they can be identified. Furthermore, in more advanced and particularly in converged scenarios, an overreliance on threat intelligence is ineffective and the monitoring of system access and data-flow can be insufficient. For organisations which have little or no scope for security failure, a pre-emptive approach still falls short of the essential requirements of ‘defence’ because it does not offer them enough opportunity to intercept and defeat attempted breaches that have multifaceted characteristics, and have employed complex deception against them. They also offer weak a deterrent factor. An active defence is built on the assumption that effective defence requires a pre-prepared, active plan to deter, or ‘counter-act’, or engage threats as part of an active defence doctrine. This is a complex undertaking conceptually because the approach and the methods differ fundamentally from the conventional security posture. It requires organisations to prepare the technical, architectural and operational ‘conditions’ that will allow active methods to

provide advantage, out-manoeuvre adversaries, negate threats, and prevail in any engagement. The architecture can incorporate files & devices [honeypots], or a network [honeynet] or designated ‘zone’ [sandbox] that exists simply to delay, and isolate an attack, and can trigger an immediate response when hacker or malware connects to it. This can also incorporate an array of specific technical measures including ‘tar traps’ that are concealed in invisible layers of code of web-based applications. In this way a suitably configured defence also offers effective options for intercepting zero-day exploits, and brand new malware that security systems are yet to identify. For converged threats, advanced defence offers a mechanism to detect malicious activity from insiders, and dealing with the BYOD threat or the compromise of wifi systems, by routing threats through a ‘zone’ in which they can be examined and identified before reaching an organisation’s ‘true’ network. The ‘smart’ combination of measures can provide the defender with the means to develop a doctrine for identifying attackers behaviour, scripts, tools, and exploitation methodology. This is important because attackers and their tools are as equally prone to flaws as nearly all other software. So the ‘smart’ defender will have pre-established a number of different ways in which these measures can be used to outwit the defender, and to fulfil specific defensive objectives. To an expert eye, attackers behaviour may even be more predictable and therefore exploitable than a typical defender because they feel protected by their anonymity. So the opportunity to engage, and counter-act against attackers, can pose a credible threat of exposure and represent a real deterrent to attackers. While the expenditure of time and resources are key considerations in their targeting options, the risk of identification or compromise is anathema to attackers. Hence, a dynamic defence provides sufficient early warning typically associated with ‘strategic depth’, and options that can allow the defender to respond quickly and effectively. If the defence is suitably complex it can provide ‘conceptual mobility’, which enables the defender to employ his own methods for evasion and surprise as part of a pre-active doctrine. These parameters prescribe the active methods that a dynamic defence requires, and an agility whereby those capabilities can be applied to a range of different scenarios that may not have been anticipated. More than anything else, any firm that cannot afford to experience loss of confidential data, or intellectual property to the point of zero tolerance, must embrace greater complexity to achieve greater assurance, and must accept the

EDIT article 22 mar14_riskuk_mar14 06/03/2014 13:27 Page 1

Software

Speeding up software delivery ost IT departments are striving to build more agile, modern, cost-effective environments in the bid to accelerate the delivery of valuable, quality software to the business. However, for banks and financial institutions in particular, legacy systems and continually tightening external compliance pressures are impeding agility when it comes to the provision of new software projects. One of the key ways to speed the delivery of new projects is to minimise the risk of production defects. Creating efficiencies in test data provision mitigates the risk of delays, rework and spiralling costs, which slows time to market. Testing accounts for approximately 40% of the average software development lifecycle, and as much as 50% of development and testing time is spent manipulating, searching for or manually creating the right data to meet test case requirements. In an ideal world, organisations would standardise and automate the majority of these time consuming manual processes. Recent research however shows that very few companies achieve significant levels of automation and many, especially in the banking and financial services market, are still heavily reliant on manual testing. The question is, why? Where financial institutions are concerned, the fact that most are dealing with legacy systems, systems that in some cases are over 40 years old, is seriously hampering their ability to move to a more standardised approach. To add to the issue, often the knowledge around these systems and various nuances about them remains in the heads of individuals. This makes it increasingly difficult to create standard, repeatable testing processes and is one of the reasons that testing is still incredibly reliant on manual intervention. Banks are also under constant pressure to meet ever growing and tightening compliance and regulatory requirements. Current data protection and legislation such as HIPAA, PCI DSS, the EU Data Protection Directive and the UK Data Protection Act means that much more vigilant practices around the use of data needs to be adhered to. Traditionally, most financial institutions used full copies of production databases to provision data for development and testing. This practice however is no longer viable due to growing legislation requirements, so banks now have to use some form of data masking to solve this

problem. However, for banks that have large and complex IT architectures with sensitive data stored across multiple sites and disparate data sources, as well as a lot of manual processes, data masking is very expensive, slow and error prone. With an increased pressure on cost control and cost reduction, banks need to find more intelligent ways of finding the right test data as well as provisioning and creating test data marts. Implementing an end-to-end Test Data Management (TDM) solution offers total control over data throughout the software development lifecycle (SDLC). Building clear, unambiguous requirements from the outset helps to ensure quality in testing, whilst shortening test cycles by more than 30%. It also cuts defects creation by up to 95%, reducing costly rework. Clarity in requirements also allows testing teams to better understand what needs to be tested. This allows them to design the perfect, minimum set of tests to cover all of the required functionality. No bank can afford the time, the cost or the risk of employing an army of manual testers anymore. Whether building or testing new software, re-engineering systems or migrating applications, banks and financial services companies need to be able to respond to changing requirements by provisioning fit for purpose test data to the right place at the right time to accelerate and improve test cycles. Moving to an end-to-end Test Data Management system will deliver significant test process improvements that will enhance the performance and effectiveness of testing, ultimately speeding the delivery of better quality software to the business and at less cost.

Huw Price, Managing Director at Grid-Tools, explains how you can accelerate software delivery at less cost with end-to-end test data management

One of the key ways to speed the delivery of new projects is to minimise the risk of production defects

www.risk-uk.com

EDIT article 9 mar14_riskuk_mar14 06/03/2014 13:06 Page 2

Internet safety

According to Safetica, while Free Wi-Fi may be the buzzword, it’s semi-free Wi-Fi that companies really want to provide for their employees

Hazards of workplace Wi-Fi S emi-free Wi-Fi is where a company gives almost free Wi-Fi access to its employees – along with a few monitoring safeguards over what employees can download, access, and upload with their smartphones. It is about providing a nice perk for employees without handing them the keys to the company. And it is much more complicated to set up then just plugging a standard router into the network cable. Providing a semi-free Wi-Fi is based on three major points: technical, legal, and social. Each one of these three points has to be considered for a successful implementation.

Driving at work on the internet highway Internet in the workplace is no new phenomena – even in an industrial setting. For example, a major automobile factory had free-standing internet terminals in its break area with assembly line workers able to do some surfing during their coffee breaks. Given the hi-tech setup of this factory, these workers had a much faster internet connection on the assembly line than they did at home. This level of access was even more amazing when one considers the automotive sector’s incredibly secretive culture over new models and trade secrets. But, this was before the current wave of smartphones and free Wi-Fi. Given that a company already provided internet access for fixed computers – what should they do now to bring this policy into the Free Wi-Fi era – and keep a minimum level of controls on their employee’s activities?

It’s time to be semi-free with your Wi-Fi Semi-free Wi-Fi should provide employees with a workplace benefit of easy internet access together with the assurance for their employers that the company is not creating problems for itself. There are legitimate reasons – liability, competitive secrecy, to name a few – for a company to limit internet access. Keeping employees from downloading unwanted content or

Wi-Fi networks bring a range of security issues – both internal and external – to companies 68

www.risk-uk.com

uploading photos of unreleased future products is just good business sense. But implementing a semi-free WiFi is no simple step for a company, especially when it is connected with data control and potentially monitoring employee actions.

1. Technical security Wi-Fi networks bring a range of security issues – both internal and external – to companies. These issues can be summarised as who connects and what are they connecting to. From the external (who connects) perspective, Wi-Fi networks are often weak spots in a company’s security. At a very basic level, companies need to monitor the Wi-Fi signal for control over the people actually connecting, have a firewall installed, and use strong authentication processes (WPA2 with AES encryption, strong passwords). Then there is the internal (what are they doing) perspective where Data Loss Prevention or monitoring software come into play. These offer companies the intriguing possibility to control and monitor data use. Issues to consider here are how deep management wants this software to go into daily employee internet use, installation complexity, and the time burden required for its day-to-day administration. In short, there are various options, but there are no easy answers.

2. Legal – company policy and the collision with employee privacy The technical ability to monitor puts companies on a potential collision course with employee privacy rights. One of the major no-no activities is reading employee emails – except under very specific conditions. But since rules over individual privacy and employer’s ability to protect their confidential data vary by region and country, companies need to take a close look at the rules covering the legal use of software such as Safetica.

3. Social – creating a positive social environment Within the European Union, employers must have written consent from each employee for any policy that involves monitoring. But a signed piece of paper is really the start. Communicating the need for monitoring together with benefits from the Wi-Fi access is not just a technical or legal check-off point, it really is a long-term HR issue for the whole organisation.

Project1_Layout 1 01/08/2013 12:11 Page 1

Bringing together the entire security buying chain In 2014 IFSEC International, the largest and longest running security event moves to a truly international venue. With more than 40 years at the heart of the security industry, reČľecting innoYatiYe industry trends and SroYiding insight into the Oatest technoOogy to NeeS Eusinesses and goYernments secure Put the date in your diary now! www.ifsec.co.uk/add2014

IFSEC International is Sart of

PROTECTION & MANAGEMENT Week

WWW.IFSEC.CO.UK

17-19 JUNE 2014 ExCeL LONDON

EDIT article 21 mar14_riskuk_mar14 06/03/2014 13:27 Page 2

Risk management

To be forewarned is to be forearmed! Jamie Wilson, Security Marketing Manager EMEA at NICE Systems looks at the rise of Web Intelligence

Predicting the unpredictable S everal weeks ago I was participating in local 10k run made even more challenging by the wind howling off of the Solent! Much of the talk amongst the crowd and runners afterwards was of the storm that was forecast for later in the evening. Sure enough the winds gathered strength and the next morning there was the obligatory news item on fallen trees. Weather predictions have come on leaps and bounds since the infamous forecast by Michael Fish way back in 1987. Meteorologists now have access to more data, have become better at interpreting it and in turn are able to give us more accurate forecasts, which in turn enable us to plan our day better. Today, the security industry is going through a similar cycle. In recent years I have been extolling the virtues of PSIM (Physical Security Information Management) technology, explaining how it enables the control room to integrate their existing and new on-site safety and security systems, and better respond to incidents in accordance to best practise and regulation. However, the missing piece of the puzzle is how to get better at ‘forecasting’ potential incidents. This is where the emergence of a new area known as Web Intelligence (also known as Open Source Intelligence) is starting to have an impact. Security professionals tend to have very good instincts and judgements, enabling them to observe even the slightest differences that most other people would ignore. This is why people are still such a vital link in the security process. They are also adept at using their experience to make assumptions about what is likely to happen. Of course, you know that if a football match is happening at 3pm on a Saturday afternoon, or a protest march through central London is planned, there is a likelihood that some form of incident will occur. But, think about a terrorist attack such as the Boston Marathon bombing, or the siege in Kenya late last year. It is unlikely that the security team at the shopping centre ever expected, or were prepared for such an event. Yes, it may sound like something out of an episode of 24 or Homeland but Web Intelligence is no longer the preserve of the secret services and it is accessible for security professionals in

Security professionals tend to have very good instincts and judgements, enabling them to observe even the slightest differences that most other people would ignore 70

www.risk-uk.com

the control room, whether in a power station, airport, railways, docks, or even urban areas. Put simply this technology enables you to take what is referred to as Big Data (unstructured data that is available in open sources across the web, such as websites, online newspapers, social networks, forums, chat rooms, blogs and virtual databases) and monitor and analyse the ‘chatter’ in order to gather intelligence and in turn identify a specific threat, target, or trend. Using this insight you can then put in place the necessary preventative and/or counter measures to mitigate or eliminate the risk. Of course, many people are still getting to grips with the potential of the PSIM solutions that they have invested in, but by adding Web Intelligence it really does provide that continuous closed circuit (a phrase we rarely hear these days) of incident detection and management, post event reporting, scenario reconstruction and process improvement. There are many adages such as ‘fail to prepare, then prepare to fail’, or ‘to be forewarned is to be forearmed’, but the simple truth is if you know something is going to happen, then you have a far greater chance of managing the situation more effectively, migrating its impact, or even preventing it. Sadly, though we still can’t prevent the weather!

Project1_Layout 1 06/08/2013 12:13 Page 1

Security solutions for todayâ&#x20AC;&#x2122;s challenging times

Consultancy Operational Consultancy Manned Guarding Training Information and Intelligence Communications Support Technical Systems Equipment

Global economic pressures are forcing organisations to review expenditure across the board. But, the security issues remain the same. So, do you cut your security? Pilgrims offers a complete and complementary range of security, communications and support services, backed by an unmatched commitment to the highest level of quality, efficiency and client care, to reduce costs not cover. Our expertise and global experience allow us to deliver robust, practical solutions for todayâ&#x20AC;&#x2122;s challenging financial climate.

For more than ten years, Pilgrims has been supporting clients across the globe, protecting and enabling their businesses to continue in spite of threats from terrorism, serious organised crime and natural disasters. Our personnel are handpicked for their experience, skills, training and personality to match the requirements of our clients. This, combined with our continual exposure to the worldâ&#x20AC;&#x2122;s hot spots and difficult regions, makes Pilgrims the ideal choice for advice and support. Pilgrims provides a global service, with local knowledge through our employment of local personnel, quality control, continual ongoing training and our relationships with specialists and local partners.

We can help you find the right solution. Call Pilgrims on: +44 (0)1483 228 786 www.pilgrimsgroup.com

EDIT article 14 mar14_riskuk_mar14 06/03/2014 13:08 Page 2

The last line of defence

CPNI and LPCB approval regimes test and rate the resistance of products for different categories of physical attack corresponding to different levels of risk, broadly from low to terrorist. In other words, they provide a tested measure of the product’s capability to defend the asset and resist entry, giving time for response by police or security personnel.

Assurance of performance

There are few guarantees when it comes to managing risk and improving business resilience. But when solutions do come with some assurance, they warrant closer examination. Michael Miles, managing director of Technocover discusses

abotage, terrorism and infiltration are growing threats for critical national infrastructure, while theft, extortion and vandalism are risk factors of concern to all businesses. Identifying these security risks is one thing. Implementing appropriate upgrades of operational assets and buildings to mitigate them is even more of a challenge, especially in the current economic climate. Nevertheless, asset and security managers are under pressure to harden vulnerable areas of their operation against physical breaches and unauthorised entry. Greenpeace’s infiltration of Tricastin nuclear plant in France last year was a timely reminder of this. In the UK, the government has long picked up the baton on asset protection in the utilities. The water industry works to a legislated standard of security, while telecoms, energy and transport have mandates on security, too. This is driving the adoption within these sectors of third party certified security equipment – primarily CPNI or LPCB approved for the protection of access points, process equipment, production storage and operational buildings. We are referring here to physical security products such as doors, locks, access covers, kiosks, escape hatches, window bars, louvres, cages, and associated ‘built-in’ deterrents to unauthorised entry.

Asset and security managers are under pressure to harden vulnerable areas of their operation against physical breaches and unauthorised entry 72

www.risk-uk.com

This assurance of performance becomes extremely important when, for example, a door or access cover stands as the last line of defence between the assailant and process or asset under threat. Measures such as video surveillance, access control, biometrics and remote management provide important layers of security to intercept and identify unauthorised personnel. But ultimately, they are not designed to provide physical defence against a determined gang with heavy duty tools. Strange to say, but history’s depiction of the final assault on a castle with a battering ram has resonance for today’s security management. In many instances, asset integrity often comes down to how long an engineered ‘barrier’ will prevent infiltration of the ‘stronghold’. Strategically, much is at stake if today’s strongholds of water, gas, electricity and telecommunications are breached. It could be the doors and emergency exit to a building with strategic IT, production or site management facilities. It could be a cabinet with vital electronic controls, switch gear or water sampling outlets. It might be a kiosk housing hazardous chemicals or cables that could be targeted for their metal content. It may be an access cover to underground power distribution, telecommunications or water installations which must also foil attempts at other forms of sabotage such as chemical contamination not to mention theft. Third party certification is as close as you can get to a guarantee of the physical integrity of these critical points and assets against an assessed level of risk. This can have far-reaching impacts on a business, from enhanced protection of supply infrastructure for business continuity and more favourable risk assessment for insurance purposes. Effectively, when you build in third party approved equipment to the fabric of your operation, you are also building in greater business resilience and a greater insurance of the bottom line.

Risk strategies Increasingly, asset managers across critical infrastructure and commerce are looking to the

EDIT article 14 mar14_riskuk_mar14 06/03/2014 13:08 Page 3

Risk management

benefits of certified security for their risk strategies and business cost base. Certainly, demand in the utilities has generated greater choice, sophistication and volume of third party approved products. Alongside CPNI approval which has grown out of government testing, LPCB third party certification is widely accepted as an alternative in the infrastructure, commercial and public sectors. Under LPCB approval, façade elements must meet a robust dedicated standard, LPS 1175 (Specification for testing and classifying the burglary resistance of building components, strong-points and security enclosures). Products are tested and awarded an LPCB security rating – SR 1 to 8, where 8 is the highest – according to the duration of attack and type of tools they are able to withstand. The security rating (SR) classes product performance according to a proven hierarchy of assessed risk of attack that is updated in response to Home Office guidance. LPCB also assesses the resilience of the product to possible ‘intellectual’ strategies to assail its defences. Significantly, LPCB approval is not based on one product test. Through regular audits, LPCB certification ensures that the product continues to comply with the prevailing standards and their revisions. The LPCB auditing process ensures and helps to confirm that the product on the market offers the same security performance as the product which was originally tested. Although a type test indicates the test sample meets a particular performance standard, the test results do not guarantee future products will provide equivalent performance. In addition, LPCB approval can only be awarded to companies already assured by ISO9001 quality systems for design and manufacture.

Investment Third party certification represents a very significant investment by the manufacturer in design and production quality, and, in the case of LPCB, the on-going assessment of products. Better marques of security are not easily gained; almost 95% of products submitted to LPCB fail first time. Inevitably, equipment certified to approval systems like LPCB may come with a perceived higher price tag. But this comparatively small extra investment buys not only a substantial element of engineering certainty, but can safeguard against potential business disruption or even catastrophic event that could cost millions of pounds. Manufacturers signed up to certification like LPCB are invariably quality and innovation

driven, and will consider other functionality in their designs. For example, assisted lifting on access covers, removable roofs to kiosks and access control on doors, enhances both operational efficiency and health and safety. The quality of product protection against corrosion, such as steel galvanising and paint finishes, will have a bearing on equipment durability and maintenance – also important in maximising return on security investment. While CCTV, intruder alarms and other surveillance systems play an important role in asset protection, physical security as the last line of defence is especially critical for insurers. An insurance company will have a perception of the level of security appropriate for a specific type of built asset and will require the customer to meet that expectation. If not, the insurer may be unable to insure at normal terms, may need to apply a higher excess or higher premium, or may even decide it does not want to take on the risk. Certified security products will positively affect insurance assessment and premiums, especially over time when their effectiveness is demonstrated in reduced claims. An insurer may recommend or even stipulate a reliable security standard including LPCB approved products and LPS 1175. Notably, businesses that self-insure often specify products to LPS 1175. According to a recent study, huge growth is predicted in the global market for physical security – from $55.59 billion in 2013 to $85.51 billion in 2018. But businesses need to look carefully at the credentials of the security products competing for a slice of this burgeoning market. With much of the UK’s critical national infrastructure in its hands, the private sector faces tough challenges in protecting critical assets to required standards under the competitive pressures of a commercial market. Robust physical security protects more than just bricks and mortar and operational infrastructure. It pays off in other areas of risk management, including health and safety, operational efficiency and insurance liability, as well as underpinning business resilience and continuity of service. For all types of business, inside or outside of critical infrastructure, security products with reputable third party approval could be the best route to maximising all of these returns.

According to a recent study, huge growth is predicted in the global market for physical security – from $55.59 billion in 2013 to $85.51 billion in 2018 73

www.risk-uk.com

EDIT article 10 mar14_riskuk_mar14 06/03/2014 13:07 Page 2

Risk management

Spreading the risk! S

Spreadsheets should be banned from the Risk Management process – Keith Ricketts, Marketing Director at Sword Active Risk explains why

preadsheets are universally loved. Why, because they give everyone their own version of the truth, with complete autonomy to update and amend them as often as they like, without interference from anyone else. However, while spreadsheets might be great tool at an individual level they are completely un-scalable, and therefore totally unsuitable for compiling and analysing information enterprise-wide, or even for individual projects. When applied to a risk management scenario, the potential horrors magnify. Who knows what risks are lurking in a spreadsheet so far undiscovered, with all around thinking that they have ‘ticked the box’ and that risk is managed. Using spreadsheets and emails to manage risk, is a very risky approach.

Here are the main reasons that the spreadsheet approach doesn’t work: Lack of Integrity – Spreadsheets are easily manipulated. Anyone could make changes to data to help present a better picture. This could be to cover up a situation, to help move blame or mitigate responsibility, or to present a situation or opportunity in a better light. No audit trail – you can’t easily check who changed what when. You have no guarantee of the provenance of data supplied, and you can’t see how it may have changed over time. Deadlines missed – Spreadsheets don’t have any workflows or processes built into them so there is no mechanism to highlight missed deadlines. No consistency – With no formal structure, each time a new spreadsheet is set up the formatting will be different. Difficult to compile information – Risk management information could be held within hundreds of spreadsheets across the organisation. Compiling them is a very long and arduous task.

Risk management is too important to leave to a spreadsheet It is well documented that a mature approach to enterprise and project risk management pays dividends. Whether it’s increased profitability, ontime delivery, more accurate forecasting or better strategic planning, effective risk management

Modern risk management for both project and the enterprise has evolved way beyond what spreadsheets and emails are capable of handling 74

www.risk-uk.com

provides a competitive differentiator and drives top and bottom line results. Increasingly risk management is no longer a standalone function. Taking a proactive approach to risk management is becoming ever more critical to success and can deliver major benefits including: • Improved EBITDA – up to three times, according to the Ernst & Young study in 2012 • Improved Visibility - Enhanced visibility and accountability to build confidence i • Actionable information – supports more effective planning and decision making • Better resource allocation - across the enterprise leads to better asset utilisation • Achieve Goals - Deliver projects on time • Better relationships with insurance providers, regulators and stakeholders • Comparing Spreadsheets with Enterprise Risk Management Software Modern risk management for both project and the enterprise has evolved way beyond what spreadsheets and emails are capable of handling. Organisations need access to risk data seven days a week, 24 hours a day. Information must be easily accessible, understandable and actionable. Risk management necessarily involves every department and asset within the business, which amounts to a lot of data that needs to be collected with an easy to use tool. The software can then calculate the risks, the likely impacts on the business and communicate that information to those that need to know. With the sheer scale of the data involved, the geographic spread of many organisations, risk management can only by managed effectively using purpose built software. Unlike spreadsheets enterprise and project risk management solutions can bring the risk management process to life. They can help to identify emerging risks that may otherwise go unnoticed, enable best practice for mitigating risk, and highlight opportunities that can help organisations to reach goals, win more business and increase revenue/profitability.

Making a difference to the bottom line Manual methods and spreadsheet solutions have become the high-risk option for managing risks and are no longer up to the job. Only a true enterprise risk management solution will capture consistent data, provide a single version of the truth, allow access to real-time, trustworthy information and provide the reports required to proactively manage risk and opportunities. ERM can move risk management from a cost to the business to a value-adding process which can make a difference to the bottom line of any organisation or project.

EDIT article 27 mar14_riskuk_mar14 06/03/2014 13:31 Page 1

Serviced sites

Servicing sites securely he serviced office sector has undeniably evolved into one of the fastest growing sectors in the global commercial property market, providing innovative flexible property solutions as an alternative to traditional long lease terms. The decision for a business to establish a temporary office, or a new office, for small or a large team, can be a very expensive affair. There are numerous costs to consider including IT infrastructure, office furniture, equipment etc. All are prime concerns that take can take those responsible away from the primary aim of running a successful business. Within a serviced office environment, these burdens are taken care of with assurances of furniture, facilities and security, freeing businesses up to continue in their ambitions to make an impact. There are many ways to choose between the vast number of serviced office providers. Location is key to be close to consumers, clients and reduce travelling expenses. Location can also have a significant impact on your staff morale to influence productivity and making it a more positive environment. Even when the perfect location is sourced, business managers often have to decipher between the finer details such as cost and resource to reach a final decision. And here, a serviced office provider’s reputation can make an impact. “Functional” factors can also include the physical security structure of the premises and all that is contained therein and pertinent to the property. At a time when the serviced office sector continues to see impressive growth in established markets including the UK, bad reviews from tenants who have not experienced a secure environment can quickly impact on profits and revenues. Most importantly, in a digital and social age where reviews on any sector play an increasingly significant role in decision-making process for potential tenants, an event against just one serviced office operator of any size could instantly send catastrophic ripple effects through an entire industry. This is especially true with the growing use of LinkedIn as the professional networking site, with tenants and providers engaging on a much more direct and public level. A sense of security and peace of mind throughout a stay, for tenants and their business operations, could make the difference

between an individual or continuing theme in good and bad reviews. There is a secondary impact on poor security management on site. Whilst security is integral to protect tenants and business possessions from crime, another function is to create an efficient running serviced office operator. An efficient running serviced office facility ensures keys are always in the right place to welcome and check in new tenant, security or facility managers and cleaners have access to all offices necessary to carry out their duties with no disruption to daily operators. At the same time, if serviced operators have refurbished and upgraded security to rely on access control cards, an efficient running service would depend on easy to use and proven technology, especially to ensure tenant changeover is as much an operation as possible to save valuable time and resource. The key to success is ensuring security measures are integrated successfully into the everyday operations of facility managers and fully understood by all business tenants on site.

Damian Marsh, Managing Director UK, Assa Abloy Access Control discusses meeting the security challenge for serviced office providers

Why struggle? The decision to upgrade security is inevitably competing with other priorities, and many serviced office owners and operators still believe security specification is akin to a Pandora’s box – once it’s opened all the problems will be released. The issue is compelled with rapid advances in security technology, from access control to biometrics and the rapidly growing trend of electro mechanical, which means there is a plethora of potential solutions for each security and access challenge. But the fact the choice is so wide is, in itself, a problem for time constrained facility and security managers. For many who have invested in office locations to create an inspirational working environment, the importance of smart design for any security

www.risk-uk.com

EDIT article 27 mar14_riskuk_mar14 06/03/2014 13:31 Page 2

Serviced sites

upgrade is equalled to the fear of integrating security systems and associated wiring and cabling affecting the overall aesthetics. This is especially true in commercial buildings where there is a mixture of door types with the potential to make any cabling to introduce new access control or security systems. For serviced office owners, there is the additional challenge of ensuring systems are integrated with many modern providers promoting the notions of intelligent and live buildings as being the future working landscape. Associations such as the BCA offer advice, and easy access to a wide range of industry suppliers, to assist in security specifications and the day to day running of a serviced office operation.

What can providers do?

Action Point: Is security a top priority for you as a serviced office provider, or are there other reasons why this is not a focus? Are you struggling to deal with the issue or looking to find ways to improve security? To add your voice to the debate visit www.facebook.com/assaabl oyuk

www.risk-uk.com

Appropriate security measures can only be put in place if a serviced office provider has a good understanding of the security risks. It is essential for operators to undertake a comprehensive security risk assessment, which identifies potential risks in all interior and exterior areas, together with measures to remove or reduce the risk. A security risk assessment must also assess both the risks to office tenants and any permanent staff on site and include the risks of internal business crime that is currently at its highest rate since prior to the recessionary period. Business espionage is highlighted by the Federal Bureau of Investigation (FBI) with significant impacts on the global and UK economy, at a time when it is only just showing sensitive signs of recovery A security risk assessment can be undertaken as a stand-alone exercise or as part of a more general risk assessment of operations, and may include, but is not restricted to: • ensuring that security equipment is checked and maintained; • ensuring that security procedures are followed by employees and all tenants • outlining security procedures to new tenants on arrival, through notices or information sheets, or by other appropriate means; • encouraging tenants to practice ‘tidy desk policies’ and consider their own security arrangements, especially to protect data and expensive computer, tablet or mobile equipment. • supervising contractors and other visitors; • providing security training for employees and tenants, as appropriate; • identifying new risks and taking appropriate action; • looking for methods of reducing risk and improving security on a continuing basis;

• investing in additional security measures. Risk assessments should always be undertaken by a competent person or an external resource such as a local professional access control specialist or installer who would be able to offer advice on the different upgrade opportunities, in accordance with budget and resource. Risk assessments should also be updated on a regular basis or if there are significant changes at the establishment such as a refurbishment or expansion works. The findings of a security risk assessment should be recorded in writing. From such findings, as well as having appropriate security equipment, policies and procedures, it is essential for tenants to work to reduce security risks. By working through these procedures to reach a conclusion on how to progress security arrangements, service office providers can promote their commitment to a duty of care to tenants and an ability to offer the very latest inspirational technology and security services on site at all times.

Summary There are a host of different reasons why corporate occupiers choose serviced offices as part of their overall strategy and providers must continue with the significant opportunity to consider their entire offering to their target audience. Whilst creating a welcoming environment is a necessity, there is clear evidence to suggest a real requirement for a secure office space, to protect from both external criminal activity and the opportunist (or desperate) internal threats. There are many solutions available for serviced office providers looking for state of the art technology to raise the security levels of their premises and complement existing access control systems, without the need to modify the door or the aesthetics of the environment. Choosing the right system requires careful analysis of the purpose and bespoke requirements of individual office buildings. With many security and facility teams struggling to deal with the sheer volume of solutions available, it is worth coordinating with a security specification team to understand the options available in accordance with budget and resource. In doing so, and building a picture of the security specification required, any decision to upgrade security on site can result in an instant ability to improve the controllability and access control level throughout the premises for the benefit of the serviced office provider and its tenants.

EDIT article 25 mar14_riskuk_mar14 06/03/2014 13:29 Page 1

The power of paper

few years ago, Qinetiq, a leading defence company, built a small unmanned aircraft to take pictures of its hot air balloon record attempt. The engineer responsible for the airbag that would cushion the miniature aircraft on landing was so thrilled with his revolutionary design that he decided to submit it for patenting. All went well until a routine review of the company’s paper archives revealed that a near identical design had been created in the 1950s by the engineer’s grandfather. In a seminal 2001 research paper, industry analyst IDC said that knowledge workers can spend up to 90 per cent of their time recreating information that already exists in their organisation (The high cost of not finding information, IDC, 2001). Indexing securely stored paper archives or scanning paper documents for easy search, retrieval and analysis can help companies mine their legacy information for knowledge and insight. Digitised documents can be subjected to modern data analysis techniques, or investigated alongside digital records, revealing things that could have taken years to discover another way. Businesses need to make that they take care of their paper documents, know where to find them when they need them and understand how to extract the value from the information. For many firms this can seem easier said than done. The reality with paper on site is that over times it is inclined to get lost, damaged or destroyed. Job changes, mergers and acquisitions, company restructurings and office moves can mean that vast volumes of information disappear or end up archived away and forgotten. Fragmented supply chains can mean that information ends up spread across companies and individuals. The Saturn V rocket that launched the Apollo space missions in the 1960s and 70s was designed and built in great haste by a wide range of suppliers and engineers. Millions of documents were created including blueprints, designs, descriptions and test results. No-one ever pulled these all together into a single document repository for which one company or individual was responsible. Today, only fragments of the information can still be found. Many of those involved in its creation or use are long gone. If mankind wishes to return an astronaut to the moon, much of the knowledge would be have to be recreated. Most companies don’t have to deal with quite such a dramatic scenario. But, faced with an ageing workforce, a younger generation of employees who change jobs with greater

Paper in the IT age frequency, rapid product life-cycles and fluid supply chains; protecting information so its value is not lost is becoming a major challenge. Where should you start? First and foremost, you need to introduce a robust, centralised information management policy that can accommodate information in all its formats and structures, and accept that this is not just something to put on the shoulders of the IT department. You need to know what you know, where it is and who is responsible for it. Make your data future-friendly. Establish an approach for converting the most valuable paper information into digital formats that can be read ten or 20 years from now, and securely archive the rest offsite. Accept that you will not be able to keep everything – and probably have a legal obligation to delete certain types of information after an agreed length of time. For the information you choose to keep, it is important to introduce easy-to-use search and retrieval processes, and to know how to extract the value of all your information. The best innovations can come from looking at old data in a new way, so make sure yours is captured and safe. Your successors and their successors in turn will thank you for it.

Phil Greenwood, Director, Information Management and Business Outsourcing at Iron Mountain considers the power of paper in an age of big data

Businesses need to make that they take care of their paper documents, know where to find them when they need them and understand how to extract the value from the information 77 www.risk-uk.com

EDIT article 23 mar14_riskuk_mar14 06/03/2014 13:28 Page 2

Changing for the better Change detection technology has changed - for the better says Mark Kedgley, CTO, New Net Technologies ew experts would argue against the importance of real-time file integrity monitoring (FIM) in an era of fast changing and sophisticated security threats. It is literally impossible to second guess the method of a breach and therefore the ‘last line of defence’ detection offered by FIM has never been more critical. The worldwide coverage of the recent breach at Target shows how vital cybersecurity is, and how high the stakes are if your defences are breached. Little wonder that leaders in security best practices such as NIST, the PCI Security Standards Council and the SANS organisation all advocate FIM as an essential security defence. That said, many would also challenge the actual value and quality of some FIM deployments over the past decade. From the highly complex, $multimillion software investments all the way down to freeware, far too many deployments are actually increasing, rather than reducing, business risk by creating a deluge of unmanaged and unmanageable alerts. Put simply - too much information and not enough context to provide an effective solution. But write off FIM at your peril. Not only does FIM play a key role in compliance, but used correctly, it is also a proven and robust way to protect against evolving security threats, including zero hour malware and the APT. There is now a vitally important middle option available that exists between the complex and expensive legacy products and freeware: the latest generation of NNT solutions is easy to deploy, a fraction of the price and, critically, simple to use. When an entire system can be deployed for the cost of a typical consultancy exercise from the legacy vendors, isn’t it time to reconsider your take on FIM?

Changing security threat Organisations recognise that traditional security tools such as Antivirus and Firewalls alone are no longer adequate to fully protect against the inexorably expanding range and variety of threats. Real-time file integrity monitoring helps

The worldwide coverage of the recent breach at Target shows how vital cybersecurity is, and how high the stakes are if your defences are breached 78

www.risk-uk.com

to improve external and internal threat defences by reporting on all irregular file and configuration changes. Tracking change and flagging up the unauthorised, unexpected and out of context change is a key security best practise that will identify serious, business compromising security breaches that would otherwise have been undetected for weeks, months, even years. For all these reasons - File Integrity Monitoring (FIM) has been used by many organisations for many years – yet it is possibly only recently that it could be considered both affordable and simple enough to use effectively. Despite the compelling, indeed essential, value FIM can offer, large numbers of organisations are still dissuaded from investing due to the perceived cost and complexity of the technology, a perception set by the early pioneer products in the FIM market. For good reasons: the traditional FIM solution is complex. It requires dedicated personnel to manage and configure. And it is expensive – really expensive. Just the cost of getting started can be a surprise – and bear little relation to the initial quote. By the time the business has considered the options, from the devices to be monitored, agent versus agentless deployment, database system or simple file detection, security policy compliance auditing as well as simple daily FIM reports, the bill is enough to make your eyes water. Sadly the up-front expense is just the beginning of the problem with the legacy FIM product; it is down the line that the issues – and the costs – really become untenable. Unless the business has one – or more - dedicated individuals with the time and skills to manage tasks, adjust actions, modify rules and edit policy to deliver the fine grain monitoring that complex FIM solutions require, the whole thing becomes unmanageable. The alternative is to call in costly consultancy resources to make the changes every single time the business wants to add devices or adjust policy. It is no surprise that such additional costs cannot be justified. The result is too many alerts, and no focus. Alert overload inevitably leads to the system being ignored and a genuine security incident could be missed. The situation is almost worse than not having a solution at all. So what is the option? Leave the system unmonitored? Not the best idea. Freeware? Possible – there are a number of solutions. But that, too, is fraught with danger. While freeware can enable organisations to tick the compliance box, its value is questionable. The biggest problem is the lack of context provided to change information: every single Windows update or file changes will create an alert. There is no way of

EDIT article 23 mar14_riskuk_mar14 06/03/2014 13:28 Page 3

Change detection

differentiating between good and bad changes – and that is really dangerous. As most security auditors now concede, organisations that have gone down the freeware route are now overwhelmed by unmanageable and unmanaged change information that is leaving them wide open to breach and abuse.

Middle way So freeware is really not viable. But does the alternative really have to be so expensive? Is the highly complex, ‘reassuringly expensive’ tag a sop to the CTO’s ego or the painful reality of dated design and behemoth of a business model that is predicated on consultancy, upgrade and support fees? The truth is that the latest generation of FIM solutions are far less complex. They can be deployed remotely; and are highly intuitive, hence avoiding the need for expensive consultancy. Critically they are usable: rather than creating the extensive and unmanageable log file of ignored events, by minimising complexity newer solutions are easily adjusted to ensure only the relevant changes – those therefore requiring investigation – cause alerts. Rather than getting swamped with unmanageable volumes of unnecessary and

unhelpful alerts, the business gets a few critical issues to investigate, making the process of spotting a zero hour attack much more likely.

Conclusion FIM is a fundamental factor in the overall fabric of security. That said, there is no doubt that the ‘reassuringly expensive’ solutions in the market have undermined the perception of FIM’s value. Having a poorly configured and misused FIM solution is more dangerous than not having one at all. The sad reality is that many organisations are simply flushing away the $multi-million investment – and at the same time putting data security and system compromise at risk. If FIM is to work for the business, individuals need to understand and trust the output. And that means it has to be quick to deploy, easy to use and simple to update. With the right approach, FIM adds value and truly safeguards the business – without adding unjustifiable cost. For those organisations using FIM, it is time for honesty and to determine whether the current deployment is a friend or foe. For the rest, stop assuming FIM is too complex and expensive: times have changed. Not only is FIM approachable and attainable – but it has also never been more important.

CERTIFYING

Despite the compelling, indeed essential, value FIM can offer, large numbers of organisations are still dissuaded from investing due to the perceived cost and complexity

SECURITY

The leading certification body for Guarding Services. Appointed Security Industry Authority (SIA) Approved Contractor Scheme (ACS) Assessing Body. ISO 9001 and Product Certification for Key Holding and Response Services, Door Supervisors, Static Site Guarding and Mobile Patrol Services, Event Stewarding, Crowd Safety, Security Wardens, Cash and Valuables in Transit, Close Protection Services and Security Dogs. Contact us for a free no obligation quote.

Telephone : 0191 296 3242 www.ssaib.org

SSAIB

EDIT article 26 mar14_riskuk_mar14 06/03/2014 13:30 Page 2

Top of the threats! I

Cyber is the number one operational risk to big business writes Colin Lobley, Director at Manigent

n the wake of the financial crisis of 2008/2009, the risk management agenda within the financial services industry has been dominated by increasingly complex regulatory demands. This focus on compliance has distracted firms from other significant operational threats to their business. In particular, financial services firms now need to act fast to address the growing cyber threat from business, cultural and technological perspectives. One inevitable consequence of the financial crisis has been a slew of directives coming not only from national regulators (such as the PRA and FCA) but also transnational regulators such as the European Banking Authority and G20. Whilst there was undoubtedly a need to improve the regulatory frameworks within which the financial services industry operates, this has led firms to concentrate on regulatory risk at the expense of genuine business risks, such as those driven by the cyber threat. Cyber-driven risk has emerged as probably the key operational risk faced by financial services firms (and many other non-financial services firms) over the last few years as the importance of the digital economy and its supporting infrastructure has increased.

The vulnerability of firms Financial services firms are particularly vulnerable because these businesses rely heavily on digital technologies and the flow of information they facilitate to power their operations. Yet very few manage these critical enabling assets through a ‘business lens’ to maximise their value and mitigate the risks. The growing number of cyber-threat and information-driven incidents evidences this. Throughout the information lifecycle, we induce risk into the IT-enabled system. What if we lose it or someone steals it? What if it becomes unavailable so we can’t use it? What if it loses its integrity – that is we aren’t using the most current or accurate information? The answers can range from nothing to a major company catastrophe with significant financial and reputational damage. Within the financial services world, the FCA’s

Financial services firms are particularly vulnerable because these businesses rely heavily on digital technologies and the flow of information they facilitate to power their operations 80

www.risk-uk.com

‘Risk Outlook 2013’ identified ‘Increasing reliance on technology without fully understanding the consequent risks and dependencies’ as a major market risk. In terms of a cyber-attack, it stated that ‘there is an increasing threat of outside (cyber) attacks, which pose operational risks to firms and threaten market integrity through service disruption, breach or theft of personal information, or network intrusions causing loss of control of critical infrastructure and payment systems’.

Measuring the risks Measuring the risk is not an exact science with studies and surveys putting the global impact of cyber incidents anything up to $1trillion, but also as low as $300bn (The Economic Impact of Cyber Crime and Cyber Espionage, McAfee, 2013). Kasperky Labs’ Global Corporate IT Security Risks Survey, 2013, states that on average, a serious incident can cost a large company $649,000, and small and medium-sized companies $50,000. A direct attack on a large company can cost it $2.4m in direct financial losses and additional costs (The PwC Global State of IT Security Survey). For a small and medium-sized enterprise, such an attack gives an average $92,000 loss. The Global findings from the Ponemon Institute’s Cost of Cyber Crime Study, 2013, found that ‘organisations in defence, financial services, and energy and utilities experience substantially higher cyber-crime costs than organizations in retail, media and consumer products’.

The many ‘vectors’ of a cyber-attack In terms of attack ‘vector’, Ponemon research showed that the most costly cyber-crimes are those caused by malicious insiders, distributed denial of service (DDoS) and web-based attacks. Additionally a large part of the costs lye in slow detection. ‘The average time to resolve a cyber-attack was 27 days, with an average cost to participating organizations of $509,665 during this 27-day period. This represents a 39 per cent increase from last

EDIT article 26 mar14_riskuk_mar14 06/03/2014 14:01 Page 3

Cyber threats

year’s estimated average cost of $354,757. Results show that malicious insider attacks can take 53 days on average to contain’. What we can say with certainty is that all organisations have, or will, suffer a cyberincident and a number of recent incidents bring to light the severity of the cyber threat.

Examples of cyber-crime Individual companies have suffered hundreds of millions of pounds worth of losses, and this isn’t taking into account the longer-term impacts of reputational damage or lost IPR on the sales pipeline. Below are listed some incidents that due to the magnitude of the loss, or the size of organisation, are among the most significant. All are directly or indirectly related to the financial services industry: Heartland Payment Systems, 2008, $140m total cost - criminals using spyware stole over 100million individual card numbers. Citigroup, 2011, $2.7m - theft of customer funds following 200,000 customer names, contacts details and account numbers having been stolen. Incident cost will have been significant higher than this direct theft. Barclays, 2013, £1.3 million - bank heist carried out with a remote-control device plugged into a Barclays branch computer.

De Vere Group, 2013 – had their company identity cloned twice, with the criminal impersonators profiting from unsuspecting investors. The NASDAQ trading market was shut down following a significant disruption in August 2013, following on from a software glitch in May that disrupted Facebook’s IPO, for which they were fined $10m. The list of incidents and fines issued that can be attributed to cyber-attacks and inadequate information management in financial services is exceptionally long. And whilst all sectors are at risk, often financial information is the target and this will ultimately impact financial institutions through customers reclaiming stolen funds and making insurance claims.

Conclusion The threat is already significant and it is clearly escalating. Last year also saw what has been described as the largest ever cyber-attack. The DDoS Spamhaus attack had enough force to cause worldwide disruption of the internet. The high likelihood of cyber-attacks, combined with the severity of their impacts on the whole business, make it the number one operational risk to a major business and in need of serious management attention.

EDIT article 5 mar14_riskuk_mar14 06/03/2014 13:03 Page 2

Social media

Social problems? Why social media is moving up the risk register and why risk managers should be worried by James Leavesley, Chief Executive Officer at CrowdControlHQ

ocial media is here to stay with some analysts predicting that by 2016 as many as 40% of enterprises will utilise social media as a customer service channel. So why should this worry risk managers? Surely social media is the responsibility of the marketing department and aren’t there policies and procedures in place to prevent anything from going wrong? Think again. An organisation’s reputation can quickly be damaged through the instant spread of bad news or a negative incident via social media. Gone are the days when public affairs departments had time to consider statements to be released to the press, traditional media and customers in the event of a crisis happening. In fact a crisis can even begin on social media. It only takes one disgruntled customer to take to Twitter, You Tube or Facebook and the results can be costly. Even worse damage can be done by a disgruntled employee with access to corporate social media accounts and a determination to discredit the company.

Regular risk rules apply In common with any risky situation normal risk assessment rules apply to managing social media – identify, record and mitigate risk. But how can this be achieved with an inherently disparate and very individual communication channel.

Step one: identification The first step is to identify potential risks, in the case of social media these include: • Employees sharing confidential information • Loss of control or ownership of the organisation’s social media accounts • Careless posting by employees – accidental or deliberate • Employees defaming their employer on personal profiles • Failing to respond to negative posts or responding in an inappropriate manner • Failing to listen to the social web or the right conversations • Not sharing best practice • Being unaware of who is listening to which conversations and responding on behalf of the organisation

An organisation’s reputation can quickly be damaged through the instant spread of bad news or a negative incident via social media 82

www.risk-uk.com

A lack of attention to detail in terms of knowing how usernames and passwords are being shared means that in the event of something going wrong no-one is accountable or traceable for posting the offending content. The lack of an audit trail makes it difficult to identify who and why a damaging internal post has appeared. Likewise, is it clear who is responsible for replying to external negative comments and in what tone? Adding fuel to the flames can make matters worse but if the source of that fuel cannot be identified steps to call a halt and correct the situation will take precious time.

Step two: record and manage To record and manage potential social media risks the second step is to implement an enterprise control platform that works seamlessly across the entire organisation, from marketing to customer service and operations. A single dashboard provides controlled access to an organisation’s social media profiles monitoring who is authorised to make posts and the content of those posts. Individual logins only known by administrators will maintain security while greater control of abusive comments including keyword alerts (such as swear words) means content can be quickly and automatically removed. Including a wiki area in the enterprise control platform means there is an easily accessible store for training materials, policies, guidelines and procedures. These documents can be made available to all users or specific user groups and workspaces in the event of either an internal or external risk being identified to allow a fast response.

Step three: mitigation Mitigation is the third step when it comes to the control of social media risk. Nothing should be done in haste. In the event of the worst happening social media channels should be kept open and readers kept informed as to what is being done to remedy the situation. Openness and clarity are essential. In the event of the crisis having been created internally, audit trails and validation will soon identify the source and allow the necessary actions to be taken. If the crisis was as a result of an external source, the right people required to respond will be alerted and the appropriate reaction documented. So while there is no doubt that social media will continue to move up the risk register, by implementing sound processes and procedures supported by an enterprise control platform risk managers should still be able to sleep soundly at night.

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 1

Best Value Security Products from Insight Security www.insight-security.com Tel: +44 (0)1273 475500 ...and lots more Computer Security

Anti-Climb Paints & Barriers

Metal Detectors (inc. Walkthru)

Security, Search & Safety Mirrors

ACCESS CONTROL

Security Screws & Fastenings

Key Control Products

Empty Property & Lone Worker Alarms

Traffic Flow & Management

see our website

ACCESS CONTROL & DOOR HARDWARE

ALPRO ARCHITECTURAL HARDWARE ACCESS CONTROL

ACT Unit c1 South city Business centre Tallaght D.24 Ireland www.accesscontrol.ie tel: 00 353 1 466 2570 UK Lo Call Number: 0845 300 5204

Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk

ACCESS CONTROL – SPEED GATES, BI-FOLD GATES

ACCESS CONTROL

APT SECURITY SYSTEMS The Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NY Tel: 020 8421 2411 Email: info@aptcontrols.co.uk www.aptcontrols-group.co.uk

HTC PARKING AND SECURITY LIMITED 4th Floor, 33 Cavendish Square, London, W1G 0PW T: 0845 8622 080 M: 07969 650 394 F: 0845 8622 090 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk

B a r r i e r s , B l o c k e r s , B o l l a r d s , PA S 6 8

ACCESS CONTROL

KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk

ACCESS CONTROL

INTEGRATED DESIGN LIMITED Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com

ACCESS CONTROL

COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68

Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com

ACCESS CONTROL MANUFACTURER

NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com

ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERS

HEALD LTD HVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface Mount Solutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards, Security Barriers, Traffic Flow Management, Access Control Systems

ACCESS CONTROL

SECURE ACCESS TECHNOLOGY LIMITED Authorised Dealer Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk

AUTOMATIC VEHICLE IDENTIFICATION

NEDAP AVI PO Box 103, 7140 AC Groenlo, The Netherlands Tel: +31 544 471 666 Fax: +31 544 464 255 E-mail: info-avi@nedap.com www.nedapavi.com

Tel: 01964 535858 Email: sales@heald.uk.com Web: www.heald.uk.com

ACCESS CONTROL – BARRIERS, GATES, CCTV ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERS

FRONTIER PITTS Crompton House, Crompton Way, Manor Royal Industrial Estate, Crawley, West Sussex RH10 9QZ Tel: 01293 548301 Fax: 01293 560650 Email: sales@frontierpitts.com Web: www.frontierpitts.com

ABSOLUTE ACCESS Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES

ACCESS CONTROL – MANUFACTURER

UKB INTERNATIONAL LTD

ROSSLARE SECURITY PRODUCTS

Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com

Rosslare Security Products manufactures the Security Industry’s largest and most versatile range of Proximity and Smart Card readers.

Bletchley Park, Milton Keynes, MK3 6EB Tel: 01908-363467 Email: sales.uk@rosslaresecurity.com www.rosslaresecurity.com ISO 9001 and ISO 14001 Certification

www.insight-security.com Tel: +44 (0)1273 475500

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 2

MANUFACTURE STANDALONE ACCESS CONTROL PRODUCTS PSU’S, KEYPADS, ELECTRIC LOCKS, BREAKGLASS, EXIT BUTTONS

RGL ELECTRONICS LTD “Products to Trust – Power to Help” Pelham Works, Pelham Street, Wolverhampton WV3 0BJ Sales: +44 (0) 1902 656667 Fax: +44 (0) 1902 427394 Email: info@rgl.co www.rgl.co

BUSINESS CONTINUITY

BUSINESS CONTINUITY SOFTWARE & CONSULTANCY

CONTINUITY2 E232 Edinburgh House Righead Gate Glasgow G74 1LS Tel: +44 (0) 845 09 444 02 Fax : +44 (0) 845 09 444 03 info@continuity2.com

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS

ALTRON COMMUNICATIONS EQUIPMENT LTD Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: comms@altron.co.uk Web: www.altron.co.uk

CCTV

G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk

CCTV

PECAN

BUSINESS CONTINUITY MANAGEMENT

CONTINUITY FORUM Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org

Stortech Elec, Unit 2 spire green Centre Pinnacles West, Harlow, Essex CM19 5TS Tel 01279 419913 Fx 01279 419925 www.pecancctv.co.uk email sales@stortech.co.uk

CCTV/IP SOLUTIONS

DALLMEIER UK LTD 3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com

PHYSICAL IT SECURITY

RITTAL LTD Tel: 020 8344 4716 Email: information@rittal.co.uk www.rittal.co.uk

CCTV & IP SECURITY SOLUTIONS

PANASONIC SYSTEM NETWORKS EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: system.solutions@eu.panasonic.com Web: www.panasonic.co.uk/cctv

BUSINESS CONTINUITY 4 Scotia Close Brackmills Northampton NN4 7HR 01604 769222 www.bcontinuity.com

COMMUNICATIONS & TRANSMISSION EQUIPMENT

KBC NETWORKS LTD.

CCTV

SURVEILLANCE / CCTV

IDIS EUROPE

Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com

DIGITAL IP CAMERAS

SESYS LTD

1000 Great West Road, Brentford, LONDON TW8 9HH Tel : +44 (0)203 657 5678 Fax : +44 (0)203 697 9360 uksales@idisglobal.com

Supplying digital IP camera for rapid deployment, remote site monitoring, fixed and short term installations. High resolution images available over mobile and wireless networks to any standard web browser.

MANUFACTURERS OF A COMPLETE RANGE OF INNOVATIVE INFRA RED AND WHITE LIGHT LED LIGHTING PRODUCTS FOR PROFESSIONAL APPLICATIONS INCLUDING CCTV SCENE ILLUMINATION, ARCHITECTURAL UP-LIGHTING AND COVERT SECURITY.

END TO END CCTV SOLUTIONS/RECORDERS, CAMERAS, NETWORK PRODUCTS

ADVANCED LED TECHNOLOGY LTD Sales: +44 (0) 1706 363 998 Technical: +44 (0) 191 270 5148 Email: info@advanced-led-technology.com www.advanced-led-technology.com

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk

DEDICATED MICROS 1200 Daresbury Park, Daresbury, Warrington, WA4 4HS, UK Tel: +44 (0) 845 600 9500 Fax: +44 (0) 845 600 9504 Email: customerservices@dmicros.com www.dmicros.com

www.insight-security.com Tel: +44 (0)1273 475500

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 3

INFRA-RED, WHITE-LIGHT AND NETWORK CCTV LIGHTING

RAYTEC Unit 3 Wansbeck Business Park, Rotary Parkway, Ashington, Northumberland. NE638QW Tel: 01670 520 055 Email: sales@rayteccctv.com Web: www.rayteccctv.com

CCTV SPECIALISTS

PLETTAC SECURITY LTD Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 0844 800 1725 Fax: 01788 544 549 Email: sales@plettac.co.uk www.plettac.co.uk

TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR

COP SECURITY Leading European Supplier of CCTV equipment all backed up by an industry leading service and support package called Advantage Plus. COP Security, a division of Weststone Ltd, has been designing, manufacturing and distributing CCTV products for over 17 years. COP Security is the sole UK distributor for IRLAB products and the highly successful Inspire DVR range. More than just a distributor.

COP Security, Delph New Road, Dobcross, OL3 5BG Tel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 201 sales@cop-eu.com www.cop-eu.com

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.

MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ

Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com

CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOS FRAUD DETECTION

AMERICAN VIDEO EQUIPMENT Endeavour House, Coopers End Road, Stansted, Essex CM24 1SJ Tel : +44 (0)845 600 9323 Fax : +44 (0)845 600 9363 E-mail: avesales@ave-uk.com

CONTROL ROOM & MONITORING SERVICES

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS

NORBAIN SD LTD ADVANCED MONITORING SERVICES

210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com

EUROTECH MONITORING SERVICES LTD.

Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.com Web: www.eurotechmonitoring.com

EMPLOYMENT

EMPLOYEE SCREENING SERVICES

DISTRIBUTORS

THE SECURITY WATCHDOG Cross and Pillory House, Cross and Pillory Lane, Alton, Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.uk Telephone: 01420593830

EMPLOYMENT

URGENTLY NEEDED… National Franchise Opportunities with an established Security Company with over 4000 installs specialising in Audio Monitoring. Try before you buy scheme. Contact Graham for full prospectus graham@securahomes.co.uk TEL: 01274 631001

sales@onlinesecurityproducts.co.uk www.onlinesecurityproducts.co.uk

IDENTIFICATION

ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PRODUCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.

ADI GLOBAL DISTRIBUTION Chatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RN Tel: 0161 767 2900 Fax: 0161 767 2909 Email: info@adiglobal.com

www.insight-security.com Tel: +44 (0)1273 475500

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 4

COMPLETE SOLUTIONS FOR IDENTIFICATION

PERIMETER PROTECTION

DATABAC GROUP LIMITED

GPS PERIMETER SYSTEMS LTD

1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com

14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk

INDUSTRY ORGANISATIONS

PLANNED PREVENTATIVE MAINTENANCE

TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY

BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk

THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY

SECURITY MAINTENANCE CONSULTANTS • Planned Preventative Maintenance (PPM) Specialists • Price Comparison Service (achieving 20-70% savings) • FM Support / Instant Reporting / Remedial Work • System Take-Overs / Upgrades / Additions • Access, CCTV, Fire & Intruder, BMS, Networks & Automation • Free independent, impartial advice Tel: +44 (0)20 7097 8568 sales@securitysupportservices.co.uk

SSAIB 7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org

INTEGRATED SECURITY SOLUTIONS SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

HONEYWELL SECURITY GROUP Honeywell Security Group provides innovative intrusion detection, video surveillance and access control products and solutions that monitor and protect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology with traditional analogue components enabling users to better control operational costs and maximise existing investments in security and surveillance equipment. Honeywell – your partner of choice in security. Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com Web: www.honeywell.com/security/uk

POWER

STANDBY POWER SPECIALISTS; UPS, GENERATORS, SERVICE & MAINTENANCE

DALE POWER SOLUTIONS LTD Salter Road, Eastfield Industrial Estate, Scarborough, North Yorkshire YO11 3DU United Kingdom Phone: +44 1723 583511 Fax: +44 1723 581231 www.dalepowersolutions.com

POWER SUPPLIES – DC SWITCH MODE AND AC

DYCON LTD Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471 060 Fax: 01443 479 374 Email: marketing@dyconsecurity.com www.dyconsecurity.com The Power to Control; the Power to Communicate

INTEGRATED SECURITY SOLUTIONS

INNER RANGE EUROPE LTD Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com

STANDBY POWER

UPS SYSTEMS PLC Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk

SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

TYCO SECURITY PRODUCTS Heathrow Boulevard 3, 282 Bath Road, Sipson, West Drayton. UB7 0DQ / UK Tel: +44 (0)20 8750 5660 www.tycosecurityproducts.com

UPS - UNINTERRUPTIBLE POWER SUPPLIES

ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk

PERIMETER PROTECTION INFRARED DETECTION

UPS - UNINTERRUPTIBLE POWER SUPPLIES

GJD MANUFACTURING LTD

UNINTERRUPTIBLE POWER SUPPLIES LTD

Unit 2 Birch Industrial Estate, Whittle Lane, Heywood, Lancashire, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk

Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk

www.insight-security.com Tel: +44 (0)1273 475500

mar14 dir_000_RiskUK_jan14 06/03/2014 14:12 Page 5

SECURITY

ONLINE SECURITY SUPERMARKET

EBUYELECTRICAL.COM CASH MANAGEMENT SOLUTIONS

LOOMIS UK LIMITED 1 Alder Court, Rennie Hogg Road, Nottingham, NG2 1RX T - 0845 309 6419 E - info@uk.loomis.com W - www.loomis.co.uk

Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com

INTRUDER ALARMS – DUAL SIGNALLING

WEBWAYONE LTD CASH & VALUABLES IN TRANSIT

CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk

11 Kingfisher Court, Hambridge Road, Newbury Berkshire, RG14 5SJ Tel: 01635 231500 Email: sales@webwayone.co.uk www.webwayone.co.uk www.twitter.com/webwayoneltd www.linkedin.com/company/webwayone

LIFE SAFETY EQUIPMENT

C-TEC CCTV

INSIGHT SECURITY Unit 2, Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com

Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: http://www.c-tec.co.uk

PERIMETER SECURITY

TAKEX EUROPE LTD FENCING SPECIALISTS

J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk

Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takexeurope.com Web: www.takexeurope.com

SECURITY EQUIPMENT INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com

PYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMS INTRUDER AND FIRE PRODUCTS

BOSCH SECURITY SYSTEMS LTD

CQR SECURITY

PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 01895 878088 Fax: 01895 878089 E-mail: uk.securitysystems@bosch.com Web: www.boschsecurity.co.uk

125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk

INTRUDER ALARMS – DUAL SIGNALLING

CSL DUALCOM LTD Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 F: +44 (0)1895 474 440 www.csldual.com

INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS

RISCO GROUP Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk

SECURITY EQUIPMENT

CASTLE Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042 www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity

www.twitter.com/castlesecurity

VICON INDUSTRIES LTD. Brunel Way Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com

www.insight-security.com Tel: +44 (0)1273 475500

Project1_Layout 1 03/02/2014 12:30 Page 1