FrontCover May2015_001 11/05/2015 14:30 Page 1
May 2015
Security and Fire Management
The Top-Down Approach Prioritising Risk Management Issues and Response IFSEC and FIREX International 2015: Show Previews Contractual Basics, Negotiation Procedures and Risk Delivering Step Change at The Security Institute Vertical Focus: Security in the Leisure and Events Sector
Project1_Layout 1 11/05/2015 12:03 Page 1
Contents May2015_riskuk_Dec12 11/05/2015 13:00 Page 3
May 2015
Contents 31 Leisure and Events Sector Security
Techniques for Tactical Interviewing (pp48-49) 5 Editorial Comment
This month’s Risk UK Vertical Focus centres on security in the leisure and events sector. Adam Breeze highlights stadium security (p33) while Daren Lang visits Burnley FC’s network surveillance installation (p34). Perimeter protection is the focus for Mo Ali (p36). Tim Northwood concentrates on access control in fitness centres (pp37-38) and Steve Hodges assesses security and safety tactics at Southampton FC’s St Mary’s Stadium (p39)
41 ISO 9001 2015: Adaptation and Change Andrew O’Hara on the scheduled 2015 revisions for ISO 9001
6 News Update G4S Annual Report 2014. London to host 2016 ASIS European Security Conference. Launch of The SANS Cyber Academy
43 Intelligent Control and Monitoring in HVM Are current Hostile Vehicle Mitigation solutions integrating well with their security product cousins? Debbie Heald investigates
8 News Special: IFSEC International 2015 Preview The Conference Programme. The Keynote Speakers. The Exhibition. Brian Sims previews what’s in store for end users visiting IFSEC International 2015 at London’s ExCeL
46 The Security Institute’s View
11 News Special: FIREX International 2015 Preview
51 FIA Technical Briefing
Brian Sims brings Risk UK’s readers all the latest detail on content for FIREX International which runs from 16-18 June
54 Security Services: Best Practice Casebook
12 Opinion: Security Training and Assessment
56 Sailing The Perfect Cyber Storm
Stuart Galloway considers the current security training and assessment landscape and offers salient views on ways forward
Colin Lobley discusses the difficulties of ‘cyber’ management
48 In the Spotlight: ASIS International UK Chapter
58 Training and Career Development 14 Opinion: Security’s VERTEX Voice Why is the Living Wage campaign of such great importance for today’s businesses? Peter Webster provides some talking points
Angus Darroch-Warren evaluates the importance of training and delivery methods designed to attain the best end results
60 Risk in Action 17 BSIA Briefing Companies shouldn’t only be reviewing their security strategies in light of potential terrorist attacks. As Mike O’Neill explains, they ought to be discussing policy on a continual basis
62 Technology in Focus 65 Appointments Key people moves across the security and fire business sectors
20 The Security Market: Solutions to Risk Prioritising risk management issues and organising a risk response are key remits for security professionals. Peter Speight and Peter Consterdine examine the Best Practice approach
67 The Risk UK Directory ISSN 1740-3480
24 Contractual Basics, Negotiations and Risk John Spratt covers negotiation, Service Level Agreements, Key Performance Indicators and prices for security contracts
26 The Risk UK Interview Terry Sallas informs Brian Sims that the nature of value required by end users from their security solutions providers is changing
28 Everything’s Under Total Control Information management systems at Newcastle University and the University of the Arts London outlined by Brian Sims
Risk UK is published monthly by Pro-Activ Publications Ltd and specifically aimed at security and risk management, loss prevention, business continuity and fire safety professionals operating within the UK’s largest commercial organisations © Pro-Activ Publications Ltd 2015 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means electronic or mechanical (including photocopying, recording or any information storage and retrieval system) without the prior written permission of the publisher The views expressed in Risk UK are not necessarily those of the publisher Risk UK is currently available for an annual subscription rate of £78.00 (UK only)
Editor Brian Sims BA (Hons) Hon FSyI Tel: 0208 295 8304 Mob: 07500 606013 e-mail: brian.sims@risk-uk.com Design and Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 429 2015 e-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 01322 292295 e-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 01322 292295 e-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton
Risk UK PO Box 332 Dartford DA1 9FF
Chairman Larry O’Leary
Editorial: 0208 295 8304 Advertising: 0208 295 8307
3 www.risk-uk.com
EditorialComment May2015_riskuk_jul14 11/05/2015 14:24 Page 1
Texecom’s Premier Elite mobile apps have been recently enhanced and upgraded. Featuring a brand new interface and key feature upgrades including push notifications and IP camera access, the Premier Elite Mobile Apps put you in control of your home security. •
Push notifications keep you notified of system events
•
Easier and more intuitive to use
•
IP Camera control allows you to access your own home camera system
SmartKey App Emulating Texecom’s acclaimed wireless SmartKey interface, the SmartKey App provides end-users a simple, intuitive interface to arm, part arm, disarm and trigger up to 3 programmable outputs. The SmartKey App is also contained within the Keypad App.
Keypad App The Keypad App emulates a Premier Elite keypad interface. This allows end-users, master users and engineers the ability to remotely control the alarm system, as if physically standing in front of an actual keypad connected to the system.
Engineer App The Engineer App contains all the functionality of Keypad App with added system engineer diagnostics and commissioning tools. Panel status, zone status, event log (view last 25 events) and remote anti-code reset functions make this a valuable engineering tool.
Designed & made in the UK by Texecom
EditorialComment May2015_riskuk_jul14 11/05/2015 14:25 Page 2
Editorial Comment
Security for professionals The Premier Elite Series represents the most advanced electronic security solutions Texecom has to offer. These products are designed to protect high value installations where design flexibility, product performance and integrated solutions are a priority.
Focusing on R&D re-dating a Strategic Defence and Security Review scheduled to take place later on this year, the Royal United Services Institute for Defence and Security Studies (RUSI) report entitled ‘The Future of Research and Development in the UK’s Security and Intelligence Sector’ explores the UK’s R&D roadmap to 2020, duly identifying a series of recommendations for the British Government and stakeholders across the security and intelligence community. Authored by Charlie Edwards (director of the National Security and Resilience Studies Group at RUSI) and Calum Jeffray (that same group’s research Fellow), the Whitehall-based Think Tank’s excellent document suggests that, in recent years, UK Government spending on R&D in security and defence has fallen faster than in any other area. At the same time, the Security Service and intelligence agencies face an ever-more diverse range of “technically competent adversaries” and yet “have less control than ever” over the development of new technologies. “Investment in R&D in the UK has continued to fall over the last 30 years,” explained Edwards. “In 2012, the year for which you’ll find the most recent figures, R&D amounted to 1.72% of UK GDP. This was lower than the 2.06% average for the EU and far short of the Government’s target to have increased UK R&D investment to 2.5% of GDP by last year.” RUSI states there’s a widespread belief that current levels of funding for R&D activities in the security and defence sector are insufficient. “This is problematic in the area of national security, where operational priorities often necessitate innovation that’s fast and responsive to the needs of the security and intelligence agencies without any disproportionate financial burden.” While the Government and its agencies have indeed taken notable steps of late to increase their level of transparency and open up the market to a broader range of “young and technically adept” SMEs, RUSI believes that “significant obstacles” remain when it comes to linking Government requirements for national security with emerging capabilities across the private sector. Addressing the significant challenges around sustaining technological advantage, the RUSI report explores ways in which to improve engagement between Government, private investors and industry operating in this sector to ensure that R&D investment is strengthened, priority capabilities are understood by investors and that all critical proficiencies are maintained. Key recommendations are that Government needs to attract more private investors to the security sector by increasing market confidence. There must be clearer indications from Parliament on technology policy, strategy and procurement which, urges RUSI, would improve investor confidence and help industry to “better allocate its R&D resources” in priority areas. Investment in R&D for security must be increased and the ‘culture of secrecy’ broken down for investors “unable to gauge market requirements” and the return on their fiscal injections. Today’s threat environment is hugely complex. With budgetary pressures ongoing, RUSI’s desire to witness an increased market confidence that will attract new private finance in security and intelligence R&D simply must be facilitated by Westminster.
P
Brian Sims BA (Hons) Hon FSyI Editor
www.texe.com Sales: 01706 220460
December 2012
5
www.risk-uk.com
NewsUpdate May2015_riskuk_may15 11/05/2015 15:29 Page 6
G4S communicates strong Annual Report for 2014 with revenues totalling £6.8 billion lobal security business G4S has issued its Annual Report for 2014 wherein the company outlines that emerging market businesses have accounted for 36% of Group revenues and 40% of profits across the last 12month period. The company has posted total revenues of £6.8 billion for 2014, which is up from £6.6 billion in 2013, as well as a total PBITA (Profit Before Interest, Tax and Amortisation) of £329 million. Indeed, the G4S Group’s overall performance and prospects are reflected in the directors’ approved recommendation to increase the final dividend by 5% to 5.82 pence per share. Organic growth for 2014 was 3.9% overall and 9% in emerging markets. That growth, combined with the ongoing success of restructuring and efficiency programmes, has witnessed underlying profit increase by 8%, underlying earnings rise by 12% and cash generated by operating businesses ascend from £420 million to £526 million. Revenues within the security and FM sectors totalled £4,004 million (up from £3,898 in 2013) while security systems and technology generated revenues of £566 million (in turn representing 8% of total G4S Group revenues for 2014). Care and justice services realised revenues of £605 million last year and, as such, a rise of £19 million on the 2013 figures. Meanwhile, specialist outsourced services – including support for front line policing work and projects with the utilities sector – generated a substantial £504 million. For its part, the cash solutions business brought in revenues of £1,071 million, duly accounting for around 16% of Group revenues. In 2014, the business took determined action to strengthen its sales capability, customer relationships and customer service, making substantial investments in strategic account management and also implementing a systematic approach to measuring and monitoring customer satisfaction. Such investments have begun to improve pipeline management and, in 2014, the business won new contracts worth a combined total value of £2.1 billion. G4S achieved revenue growth of 8.9% in its emerging market businesses and 6.9% across its North American operations. As expected, revenues in the UK and Ireland and Europe
G
Ashley Almanza: CEO at the G4S Group
6 www.risk-uk.com
regions declined by 1%, directly reflecting the end of the Electronic Monitoring contract in the UK and the cessation of the prison service contract in the Netherlands. No less than 56 under-performing or ‘immaterial’ businesses were reviewed in 2014 and eight of them (including US Government Solutions) subsequently sold. The sell-offs raised gross proceeds of £177 million in 2014 and, indeed, have generated gross proceeds of £248 million since 2013. 20 businesses have now been discontinued and 22 are presently under review while 14 will be retained with performance improvement plans to be put in place in due course. Businesses sold had revenues of over £700 million and an average net margin of 2.8%.
“Excellent progress” being made Speaking about the Annual Report’s contents, G4S Group chairman John Connolly commented: “Over the course of 2014, the Group has moved forward across a broad front while management has made excellent progress, executing the Strategic Plan with great skill and energy. The Board has been particularly pleased with the progress made in strengthening the global leadership team, reinforcing the G4S Group’s values and investing in organic growth, customer service and operational efficiencies.” Group CEO Ashley Almanza explained: “Over the past 18 months, we’ve established a number of important programmes to improve the productivity of G4S. Given the scale and current stage of organisational maturity within the business, these programmes address a material opportunity to improve our performance and create shareholder value. Our restructuring and organisational efficiency programmes made good progress in 2014, and we believe there are further opportunities to implement lean processes and more efficient organisational structures as we progress. Any new programmes will be subject to stringent financial, economic and operational criteria.” Independent studies suggest that global demand for security is expected to grow at a compound average rate of 7% per annum between 2013 and 2023, reaching circa £210 billion in annual revenues by 2023. G4S states that the main drivers of industry growth are diverse. They include the economic environment and, of course, regulation.
NewsUpdate May2015_riskuk_may15 11/05/2015 15:30 Page 7
News Update
London set to host 2016 ASIS European Security Conference ASIS International, the global organisation for security professionals, has announced that it will hold its 15th European Security Conference and Exhibition in the city of London, with the event running from 6-8 April 2016. The ASIS European Security Conference and Exhibition (or ASIS Europe 2016) is a unique business security summit that’s expected to attract around 600 senior security professionals from all over Europe and beyond. Exhibition visitors and conference delegates will be able to share and learn about effective strategies and solutions for securing their organisations’ people, property and information in today’s challenging global security environment. The event will be organised around three days of bespoke and detailed educational sessions, keynote speakers, professional visits to leading organisations in the Greater London area, a Summit for Chief Security Officers (CSOs) organised by the CSO Round Table of ASIS International and a trade exhibition featuring cutting-edge security technology and solutions developed by leading companies. A significant element of the event will be the various networking opportunities offered such as the traditional Welcome Party, the President’s Reception, working lunches and professional networking breaks. Dave Tyson CPP, president of ASIS International, told Risk UK: “We look forward to returning to London with our 2016 European Security Conference and Exhibition. London is one of the world’s leading hubs of culture, business and finance with its own unique security challenges. ASIS Europe 2016 will be an excellent occasion for a global exchange of Best Practice and experience regarding those challenges.” Andy Williams CPP, chairman of ASIS International’s UK Chapter, added: “The security profession in Britain is one of the most developed around the world, and the decision of ASIS International to return to London reflects that fact. We look forward to working with all likeminded organisations on making this extremely important annual event a great success.” ASIS International has invited subject matter experts to participate in the conference programme by submitting proposals for a presentation. The organisation will accept proposals on all security-related topics including supply chain security, loss prevention, hotel security, intellectual property, maritime piracy, terrorism, executive protection, internal theft and fraud, competitive intelligence, brand protection, physical security, cyber security and convergence, investigations, due diligence and global business issues. *Abstracts for papers can be submitted until Tuesday 15 September 2015. More details about the Call for Presentations and the event itself are available online at: www.asisonline.org/london
Andy Williams CPP: Chairman of ASIS International’s UK Chapter
SANS Academy to create “highly-skilled cyber defenders” in eight weeks The “world’s first intensive cyber boot camp” has been launched to quickly deliver a new band of highly-trained online defenders who can take up the growing number of cyber security roles organisations are struggling to fill. The SANS Cyber Academy has been realised in response to pressing demand from business and Government for a way in which to quickly equip recent graduates with the specific skills needed to deal with today’s cyber threat. Teaching compresses two years’ worth of cyber security training and experience into just eight weeks. Those who complete the course will be armed with the skills needed to walk straight into a cyber security role and offer considerable and immediate impact to the host business. “The cyber skills gap is growing and the graduate pipeline will not meet demand in the short term,” explained Andrew Smith, EMEA managing director at the SANS Institute. “This is particularly critical in Government departments and the defence industry which are top targets for cyber criminals, cyber espionage, activists and terrorists. We need to create new skilled professionals very quickly and not just hire from the existing pool.” The eight-week SANS Academy course will teach candidates how hackers operate and how to respond when things go wrong. Delegates will build a fully-functioning business network – first badly and then correctly – to understand the ways in which hackers might infiltrate the enterprise. In addition, candidates will have to make security policy recommendations to ‘management’ in order to prevent problems from recurring. Candidates will sit both GCIH and GSEC certifications, themselves world-renowned benchmarks of cyber security expertise.
*The inaugural SANS Cyber Academy begins on Tuesday 1 September 2015 at the St David’s Hotel, Cardiff
7 www.risk-uk.com
NewsSpecialIFSECInternational2015EventPreview May2015_riskuk_apr15 11/05/2015 15:28 Page 8
IFSEC International 2015: The Conferences, The Keynote Speakers, The Exhibition In 2015, IFSEC International returns to London’s ExCeL. Organiser UBM has assembled an absorbing mix of content for attending end users. Brian Sims outlines what’s in store within the conference programmes and, of course, plans for the sold out exhibition’s show floor area
*The Protection and Management Series is the UK’s largest event dedicated to protecting and managing property, people and information. Organised by UBM EMEA, the series incorporates IFSEC and FIREX International, Safety & Health Expo, The Facilities Show and Service Management Expo and attracts more than 40,000 attendees **The 2015 Protection and Management Series of events will run from 16-18 June at ExCeL, London
ideo surveillance and intruder alarms, access control, perimeter protection and physical security, IT and cyber security, integrated security solutions, Safe Cities and intelligent buildings… If you’re talking ‘Security’ in 2015 then IFSEC International has it covered and in some detail. Running from 16-18 June at London’s ExCeL, UBM’s flagship IFSEC International exhibition is the premier global event for the security sector, bringing together the entire buying chain under one roof. Last year, the show attracted more than 24,000 unique visitors and over 650 leading manufacturers, suppliers and distributors from 100-plus countries. Indeed, the 2014 edition witnessed a 25% increase in end user attendance and a 68% upsurge in delegates for the dedicated conference programme. 24% of those visitors were looking to allocate a security budget of £1,000,000 or more, while a staggering 11,000 attendees downloaded the Official Show App. Some indication, then, of both the popularity and pulling power of IFSEC International.
V
The IFSEC Academy The IFSEC Academy affords end users free access to the best education. At IFSEC International 2015, the educational content is concentrated within several theatres located on the show floor. Content in the Convergence Theatre and the Safe Cities Theatre will cover a range of issues, among them counter-terrorism and numerous applications of technology
8 www.risk-uk.com
across integrated security, IP security, intelligent buildings, access control, video surveillance and physical security. Sessions within the Convergence Theatre include a presentation by Jim McHale (managing director, owner and founder of Memoori Business Intelligence), who will detail the Internet of Things in Buildings and the part played here by security. Also, a Crossrail Case Study courtesy of Tony Pearson (senior consultant at Exova Warrington Fire Consulting) and Chris Stevens (director at SIDOS UK) highlights the fire safety, engineering and security elements of this gargantuan construction project. Another highlight in this theatre will be a cyber security ‘Masterclass’ from Kaspersky Labs’ David Emm wherein he’ll review the threat landscape in 2015 and offer some salient predictions for the future. Content in the Safe Cities Theatre is designed to demonstrate how traditional security solutions can work in tandem to play a vital role in the advanced security architectures of our major cities, in turn providing stronger resilience and a safer future for us all. Sessions here include a delivery from Mike O’Neill – managing director at Optimal Risk Management – covering the detailed subject of security risk management and a presentation by the BSIA’s immediate past chairman Geoff Zeidler, who’ll be considering the Police and Security Initiative for London. A number of other theatres will house seminar sessions tailored to your needs as a security professional. For example, the Security Solutions Theatre focuses on Best Practice for the installation, compliance, testing and future proofing of security systems. Key sessions not to be missed include a seminar on intelligent surveillance led by Will Lloyd from BRE Global, tips on how to save money with smart tools –
NewsSpecialIFSECInternational2015EventPreview May2015_riskuk_apr15 11/05/2015 15:28 Page 9
News Special: IFSEC International 2015 Event Preview
delivered by Jim Swift of the BB7 consultancy – and the presentation by Roland Muller from Siemens Building Technologies (who’ll be sharing his extensive knowledge on installing wireless applications). Also, make sure you visit the ever-popular Tavcom Training Theatre and benefit from bespoke educational training tips and advice when it comes to CCTV, IP, access control, intruder alarms and much, much more. Run in association with Risk UK’s sister publication Benchmark Magazine, the all-new Innovation Arena will be a focal point at IFSEC International 2015. Only those security products and solutions truly meeting Benchmark’s high level definition of innovation will be given the opportunity to present to industry professionals on this exclusive platform, ensuring that end user visitors are able to witness genuine innovation live on the show floor. End users will also be able to meet and chat with the finalists of Benchmark’s prestigious Innovation Awards.
Exhibitors at the show Among the exhibitors at IFSEC International 2015 is integrated security solutions developer TDSi. The company will be showcasing the new version of its powerful EXgarde security management software on Stand F1100. TDSi’s new-look stand will also feature SOLOgarde, MICROgarde and EXcel controllers in addition to enterprise solutions highlighting the combined possibilities rendered by the company’s software products, including VUgarde CCTV software integration. Now boasting some 1,700 registered companies, the Security Systems and Alarms Inspection Board (Stand F1375) will be led by new CEO Alex Carmichael, who took over the reins from Geoff Tate in March. SSAIB-registered companies include businesses providing electronic security, intruder alarm, security guarding and fire detection solutions. Throughout IFSEC, the SSAIB team will be available to answer questions and discuss specific issues that concern registered firms and their end users. On Stand F1300, Vanderbilt is set to meet with integration partners and security/risk managers. Taking centre stage will be three of the latest new product developments within the company’s portfolio – the Aliro access control system, the Vectis iX family of IP-based video recording solutions and the SPC intruder detection range. Hall S17 Stand D1700 is the place to be if you want to see ASSA ABLOY showcasing its integrated security and access control
technology. The business will reveal how its future-proof solutions enable customers the correct level of access across a wide range of end user markets, among them the commercial, education, transport and retail sectors. Products from ASSA ABLOY, Mul-T-Lock, Traka and Yale will be on display.
Series of Inspirational Speakers Baroness Karren Brady CBE, Sir Ranulph Fiennes – the man dubbed ‘The World’s Greatest Living Explorer’ – and multiple Olympic champion Sir Chris Hoy MBE are the Inspirational Keynote Speakers lined up for the Protection and Management Series 2015. Baroness Brady will open the event on Tuesday 16 June. A regular newspaper columnist, author and novelist, Baroness Brady is known as ‘The First Lady of Football’ having become managing director of Birmingham City FC at the tender age of just 23. Her current role is vice-chairman at Barclays Premier League club West Ham United FC. In this Keynote Address, Baroness Brady will share anecdotes from her own rise within the business world, offering plenty of insights and advice for today’s practising professionals who are looking to drive their own strategic performance to new heights. Sir Ranulph Fiennes was the first person to reach both the North and South Poles on foot and harbours extensive experience of largescale fundraising, team building and performing under pressure. Be inspired and motivated by listening to Sir Ranulph’s timely and detailed advice at London’s ExCeL on Wednesday 17 June. Britain’s greatest-ever Olympian, Sir Chris Hoy MBE will be the Inspirational Keynote Speaker on Thursday 18 June at 11.30 am. Having won a total of six gold medals and one silver medal across three Olympic Games, Sir Chris Hoy reached the pinnacle of his career by attaining his fifth and sixth gold medals at the hugely successful London 2012 Games. In his motivational and engaging session, Sir Chris Hoy will talk attendees through the ‘marginal gains’ strategy which he credits for much of his success. Based on the theory that marginally optimising every possible area for improvement will result in profound progress, it’s a strategy that can be translated to any business sector.
Baroness Karren Brady CBE
Sir Chris Hoy MBE
“Running from 16-18 June at London’s ExCeL, UBM’s flagship IFSEC International exhibition is the premier global event for the security sector” 9 www.risk-uk.com
Project1_Layout 1 05/03/2015 12:18 Page 1
NewsSpecialFIREXInternational2015EventPreview May2015_riskuk_apr15 11/05/2015 15:27 Page 2
News Special: FIREX International 2015 Event Preview
With just one month to go before FIREX International opens its doors at London’s ExCeL, organiser UBM has unveiled further details in terms of what visitors can expect at this year’s show. Brian Sims reports ot to be missed at FIREX International 2015 is the Expertise & Guidance Theatre, offering a free-to-attend educational programme across the three days covering key topics including fire doors, smart hotel solutions, IP systems and fire risk management, Notable highlights include a session entitled: ‘Enforcement and the Fire Safety Order: Is it Working?’ run by Nick Coombe (fire safety regulation manager at the London Fire Brigade). This session is designed to explore the lessons learned ten years on and also ask if there needs to be any changes made to the legislation. Lance Ruetimann (senior manager for industry affairs within the Building Technologies Division at Siemens, Switzerland) will look at ‘Evolving Fire Safety Towards Holistic Safety’, discussing fire safety and the convergence of other safety measures along with the importance of evolving fire detection and alarm systems into danger detection and management solutions. Also, the Fire Industry Association’s Graham Simons will offer a timely and detailed update on the Construction Products Regulation. For full details of the educational programme running across the three days, and for the latest updates, the readers of Risk UK are urged to visit the FIREX International website: www.firex.co.uk
N
Latest news from the exhibition floor With over 100 exhibitors now confirmed across the show floor, FIREX International will showcase all of the very latest technologies, solutions and knowledge for practitioners designed to ensure life safety. BM TRADA is a leading provider of independent testing and approvals services and, at this year’s show, will highlight the benefits of effective passive fire protection through a range of interactive exhibits, live demonstrations and free seminars. On the first day of FIREX International, BM TRADA will conduct a live fire door test from its fire testing facility in High Wycombe that will be streamed directly to the FIREX Expertise & Guidance Theatre. This powerful demonstration will show two identical doors subjected to a prolonged period of fire. One of the doors will
UBM unveils further strategic content plans for FIREX International 2015 have been correctly specified and installed while the other will demonstrate many of the common mistakes made. Another exciting feature at this year’s FIREX International is the Loss Prevention Certification Board’s Red Book Pavilion. Here, visitors to the show can access information about products and services enjoying certification bestowed by the LPCB. Meanwhile, the Fire Protection Association’s Information Zone is all set to provide an excellent environment for visitors in which they can relax and network with their industry colleagues during the event. There’ll also be a wide range of presentations and seminars delivered by leading fire industry experts. Gerry Dunphy, event director for FIREX International, commented: “We want to make sure there’s a real mixture of thought leadership, Case Studies and debate generated by experts within the industry. This will sit alongside the practical hands-on experiences that are so well-loved by our traditional audience. We’re very much looking forward to hosting the entire fire safety industry at London’s ExCeL.”
*FIREX International 2015 takes place from 16-18 June at ExCeL, London and will be presented as part of UBM EMEA’s Protection and Management Series. The Protection and Management Series 2015 encompasses five major shows in related marketplaces covering safety, service management, facilities, security and fire
Co-location with IFSEC International This year, FIREX International is co-located alongside IFSEC International (www.ifsec.co.uk) which re-unites the fire and security industries in one location. There are increasing opportunities and convergences within and between both sectors so this seamless blend at London’s ExCeL will create three days of focused attention on life safety and property protection. Both FIREX International and IFSEC International once again welcome a formidable range of world-leading manufacturers and service providers. With a major focus on innovation and products, these events provide complete snapshots of what’s available and an intriguing view in terms of future product developments. Make sure you’re there.
Gerry Dunphy: Event Director for both FIREX International and IFSEC International
11 www.risk-uk.com
OpinionSecurityTrainingandAssessmentControls May2015_riskuk_apr15 11/05/2015 15:31 Page 12
Best Practice in Security Training and Assessment: What should it look like? If it were then that would possibly afford an indication of the company applying to be a training centre. If they’re charging a ridiculous price for their course then there’s an issue with quality somewhere inside that operation.
Providers must be responsible
Last month’s Risk UK carried an extremely interesting article by Industry Qualifications’ CEO Raymond Clarke designed to stimulate discussion and thinking around improvements that could be made to training and assessment practices for Security Industry Authority licencelinked qualifications. Here, Stuart Galloway delivers some thought-provoking responses to the points raised
12
www.risk-uk.com
rom my perspective, I’m not so sure that I would agree with Industry Qualifications CEO Raymond Clarke’s assertion that most of the training and assessment in the security sector is carried out to either a good or high standard (‘Controls on Security Training and Assessment: Why they must be strengthened’, Risk UK, April 2015, pp58-59). That, I feel, is something of an assumption as there’s no real evidence available to support such a statement. My experience of recruiting tutors for Security Industry Authority (SIA)-focused training courses was that in excess of 60% of those interviewed were not suitable for a variety of reasons, including doubts around sector competency and even their ability to teach. To be frank, a considerable number came across as ‘PowerPoint slide readers’. Further, I’m not certain I would fully agree it’s widely acknowledged that assessment in the security sector is ‘high risk’. If this is the case, why are awarding organisations not doing anything about it within the terms of their own quality control measures? Does the security sector suffer from an oversupply of training provision? The simple answer is: ‘Yes’, but you have to look at who approved that level of provision. Yes, that’s right. It was the awarding organisations. Ridiculously low course prices have been an issue for over ten years. It’s not a new phenomenon within the security sector. Why, then, is this issue not part of the due diligence process carried out by awarding organisations?
F
To my way of thinking, Raymond is being slightly unfair in highlighting employability programmes as an increased risk. I would lay the responsibility for recruitment squarely with the training provider. Provided, of course, that they’re following the correct procedures in learner engagement, there should be no real increased risk about which to be concerned. At least part of the problem lies in basic skills testing. From my own experiences as an external quality assurer, I know that basic skills testing in centres varies widely. It’s often carried out on the morning of the first day of the course when, ultimately, it’s too late to identify issues and provide any support. Maybe it’s at this juncture that awarding organisations can provide back-up for centres by having a standardised approach to basic skills testing in place and details of when that testing ought to be carried out. Testing should be conducted in advance of the commencement of the course such that it affords the training provider the necessary information concerning suitability of learners attending the course. This assists with lesson planning in terms of what teaching strategies need to be adopted for the learners on a given course. A practice that, I fear, is very rare indeed. Cost pressures will always be there no matter what. In order to have an effective quality assurance system you need to go beyond the established norms. Such actions obviously come at a price, but what price can you put on not having an effective system in place? To some extent, awarding organisations are at the mercy of training providers. If a centre is intent on committing fraud – or, indeed, any other type of offence – then there’s really little the awarding organisation can do until such actions are discovered either through external verification visits or whistleblowing. Personally, at present I don’t believe either of the latter are encouraged to a sufficient enough degree. In relation to external verification, the norm is at least one annual visit (which may increase depending on registrations). These visits
OpinionSecurityTrainingandAssessmentControls May2015_riskuk_apr15 11/05/2015 15:32 Page 13
Opinion: Security Training and Assessment Controls
should be stepped up to at least three per annum in respect of security industry-related qualifications – with two of those visits being unannounced – and then perhaps increased still further according to a standardised risk rating orchestrated across all awarding organisations. Yes, this will impact on costs, but again it’s worth asking the question: ‘What price can you put on quality?’
SIA licensing for trainers The notion of a new category of licence for trainers administered by the SIA is not only very unlikely because of primary legislation, etc but also an unnecessary financial burden. Many training providers are not solely focused on – or indeed wholly reliant upon – the provision of security-related qualifications. That being so, the provision of such a new system may prove unnecessarily complex and costly. Rather, as part of centre/tutor approvals the awarding organisations should ensure that suitable checks are carried out in relation to fit and proper person tests. Informed decisions can then be taken. In my experience, the awarding organisations adopt differing approaches to tutor approval ranging from virtually non-existent to robust. The fact remains that such approaches have to – and, indeed, must – be standardised across awarding organisations.
Developing and managing a register I’ve always been a great advocate of providing a register for tutors, but the $64,000 question is: ‘Who would manage it?’ Let me put forward three proposals that could be workable when it comes to developing and managing a register of training providers and trainers. First, let’s work with the Education and Training Foundation as its priorities are not dissimilar to those we are trying to attain in the security space. The Foundation also runs a membership scheme which might be adaptable to suit the governance requirements of the private security industry. Second, why not work with a standardssetting organisation that has no direct interest in the private security industry so as to develop and manage the required registers? An example organisation could be the ‘boutique’ assessment centre EMQC, the present assessors and managers for the respected matrix standard. Third, we could look to form an Institute for Security Training Professionals represented through a governance Board by way of all awarding organisations with approval to deliver SIA licence-linked qualifications.
Funding would be derived through an annual fee from tutors to remain on the Approved Register with awarding organisations paying a levy based on the number of qualifications they provide to the sector. Awarding organisations would send quarterly reports to the Institute in relation to centre activity, including detail on numbers of learners, achievements – unit by unit as well as overall qualifications – and external verification visits. Alleged incidents of malpractice would be reported on an ‘as and when’ basis.
Sharing of data Any failure of the qualifications regulators to maintain historical records in relation to malpractice investigations would astound me. This is something that should be in place now across the entirety of the education and training sector. This is not a failing of the security sector but rather one that could be levelled at the awarding organisations for not ensuring that such a system already resides with the qualifications regulators. Continuing this theme, maintaining statistical data on attendance rates at examinations is a procedure that should already be conducted by awarding organisations. Significant swings in attendance are likely to occur, but in all honesty I fail to see how this would be affected by an unannounced visit. In order to standardise the reporting of a visit – be it announced or unannounced – the simple answer would be to have a mechanism in place that records the details of those in attendance either during training or an examination. Such detail could then be verified against the course when returned.
Stuart Galloway Cert Ed MIfL Dip RSA: Senior Associate at WSG Associates and a Specialist in Business and Education Support Services
“Ridiculously low course prices have been an issue for over ten years. Why, then, is this issue not part of the due diligence process carried out by awarding organisations?” 13
www.risk-uk.com
OpinionSecurity'sVERTEXVoice May2015_riskuk_apr15 11/05/2015 15:31 Page 14
The Living Wage: Stepping in the Right Direction
Much attention is now being paid to the excellent Living Wage campaign orchestrated in the UK by the Living Wage Foundation. Why is it of such great importance for businesses and their employees operating in the private security sector? Peter Webster offers his considered opinions on the matter Citizens back in 2001. The founders were parents in the East End of London who wanted to remain in work but discovered that, despite working two or more National Minimum Wage rate jobs, they were struggling to make ends meet and continually left with no time for family and/or community life.
The Living Wage Foundation
he level of wage rates in the UK’s security guarding sector has been a significant cause for concern over many years now. The advent of the TUPE Regulations has prevented wages from going backwards at the time of contract change but has done little or nothing to help improve many wage rates in the real world. In the South East of England, it’s not uncommon to see examples of security solutions customers insisting on wage levels of £10.00 – or more – per hour. That said, we’re still witnessing far more examples of security officers who are receiving the National Minimum Wage, and particularly so the further north you travel. When bidding for a security contract, in order to comply with the TUPE Regulations private sector security companies have to maintain the wage levels currently paid, even if they do happen to be at the level of the National Minimum Wage. It’s a sad fact, but it’s true. What’s more, as you can imagine this situation isn’t helping our ongoing cause to improve the image of the security sector. Ultimately, it must be said that wage rates are driven by what the customer base is willing to pay for the security service provided, either directly or indirectly. In recent times, great attention has been paid to the Living Wage Foundation and its campaign that was launched by members of London
T
Peter Webster: Chief Executive of Corps Security
14
www.risk-uk.com
The Living Wage Foundation focuses on three key areas: accreditation, intelligence and influence. The organisation offers accreditation to employers that pay the Living Wage – or those committed to an agreed timetable of implementation – by awarding the Living Wage Employer Mark. There’s also a Service Provider Recognition Scheme designed for third party contractors who pay their own staff the Living Wage and always offer a Living Wage option when submitting tenders. In terms of intelligence, the Living Wage Foundation provides advice and support to employers and service providers implementing the Living Wage. This takes the form of Best Practice Guides, Case Studies from leading employers, model procurement frameworks and access to specialist legal and Human Resources advice. Importantly, the Living Wage Foundation also co-ordinates the announcement of the new Living Wage rates each November. When it comes to influence, the Living Wage Foundation provides a forum for leading employers and service providers to publicly back the Living Wage, working diligently with Principal Partners who bring financial and strategic support to the table. At £7.85 per hour, the current Living Wage – itself calculated according to the basic cost of living in the UK – is 21% higher than the National Minimum Wage. The Living Wage figure rises to £9.15 per hour in London. With a great deal of publicity being given to it – including endorsements from high profile figures such as Prime Minister David Cameron, the former Labour Party leader Ed Miliband and Boris Johnson, the Mayor of London – it’s an idea that’s growing in popularity. So much so,
OpinionSecurity'sVERTEXVoice May2015_riskuk_apr15 11/05/2015 15:31 Page 15
Opinion: Security’s VERTEX Voice
in fact, that during 2014 the number of accredited Living Wage employers more than doubled, with over 1,000 employers across the UK having now signed up to the scheme. In many ways this isn’t surprising. An independent study examining the business benefits of implementing a Living Wage policy in London found that more than 80% of employers questioned believe the Living Wage has enhanced the quality of the work completed by their staff, while absenteeism has subsequently fallen by approximately 25%. Two thirds of employers reported a significant impact on recruitment and retention within their organisation while 70% of them felt that the Living Wage had actively increased consumer awareness of their commitment to be an ethical employer. Another poll, this time commissioned by the Nationwide Building Society, suggests that people feel employers should pay the Living Wage if they can afford to do so. 75% of those questioned in the survey believe that employers should be required to reveal whether they are Living Wage payers with an indication that more than half of the population are more likely to use the goods and services realised by Living Wage employers. From our own point of view, we’re certainly beginning to see more and more customers looking at ways in which to pay the Living Wage and so improve the incomes of their contract security guarding personnel. Companies are now increasingly beginning to view their participation in the Living Wage campaign as something of a ‘Badge of Honour’. That campaign has – and very cleverly, in my opinion – drawn on companies’ ongoing and increasing desires to demonstrate high levels of Corporate Social Responsibility.
Issues affecting security providers Companies aren’t always signing up for purely altruistic reasons, either. They realise that there are negative connotations in paying the National Minimum Wage, particularly so if their profits are high. This is the case in sectors like the financial world where there are some very high earners. How would the public feel if such blue chip companies were paying security officers the National Minimum Wage to protect their people and property while affording other personnel directly on the books hundreds of thousands of pounds in bonuses? As stated, increased staff motivation and retention rates, reduced absenteeism and lower recruitment costs are some of the common benefits reported following implementation of the Living Wage. These are all issues that
Extensive KPMG report finds attitudes and awareness towards the Living Wage are “on the up” Research around the Living Wage commissioned by KPMG has highlighted that attitudes and awareness towards the campaign are changing in a massively positive way, with almost 80% of adults questioned suggesting that they’ve heard of the initiative, writes Brian Sims. Looking at the social mobility issues facing the UK, the survey polled 4,500 adults and 500 16-17 year olds to chart their views, duly finding that seven out of ten UK adults would consciously shop in favour of a Living Wage accredited retail chain – representing a rise of more than 10% in less than 12 months. “It’s clear from the poll that ensuring the lowest paid in society are treated fairly should be near the top of the agenda for both Government and employers,” explained Mike Kelly, head of the Living Wage programme at KPMG UK. “With all of the main political parties citing action on Living Wage in their 2015 General Election Manifestos, the pace of change is accelerating. Nearly a quarter of the listed FTSE 100 businesses are now accredited, and more and more employers are reaping the benefits of joining this movement.” Rhys Moore, director of the Living Wage Foundation, added: “The Living Wage is no longer a neutral debate. The number of accredited businesses now stands at over 1,400. With 80% of adults and 60% of 16-17 year olds having heard of the Living Wage, this issue is now squarely mainstream thanks in large part to the leadership of enlightened employers.” The KPMG study finds that 60% of adult males and 70% of adult females cite employers not paying enough as the reason people in the UK are living in poverty, a belief shared by 55% of 16-17 year olds. On a regional basis, the survey shows that Northern Ireland has the highest proportion of earners in the UK paid below the Living Wage (at 27%) and has the lowest awareness of the Living Wage across the UK regions. Only seven out of ten people in Northern Ireland have heard of the Living Wage compared to nine out of ten in Scotland, which is the most conscious region. directly affect the security sector. On that basis, it’s my firm belief that we all need to look at the long-term benefits of buying into this idea. Sceptics might suggest that moving to the Living Wage from the National Minimum Wage simply means paying the same people more money for doing the same job. Although in the short term that’s perfectly true, it would also mean that those same people take greater pride in their work, feel more valued, are better engaged with their employment and increasingly committed to their roles. For employers, it realises reduced staff churn – another problem that has been around for some time – and the ability to make a more worthwhile investment in training as personnel are less likely to leave the host company. Looking towards the longer term, better pay also means that the security business sector becomes far more attractive as a career option and, as a direct result, higher calibre people will want to join our ranks.
*The author of Risk UK’s regular column Security’s VERTEX Voice is Peter Webster, CEO of Corps Security. This is the space where Peter examines current and often key-critical issues directly affecting the security industry. The thoughts and opinions expressed here are intended to generate debate among practitioners within the professional security and risk management sectors. Whether you agree or disagree with the views expressed, or would like to make comment, do let us know (e-mail: pwebster@corpssecurity.co.uk or brian.sims@risk-uk.com)
“The advent of the TUPE Regulations has prevented wages from going backwards at the time of contract change but has done little or nothing to help improve many wage rates” 15
www.risk-uk.com
Project1_Layout 1 11/05/2015 17:20 Page 1
Integrating, monitoring and protecting
The risks faced may change but Reliance High-Tech remains one step ahead. For over forty years we have been trusted by government departments, major corporations and private customers to provide protection at the highest level.
Innovators in security technology
From physical security, emerging cyber-threats, advanced PSIM to smart monitoring services; we work hand-in-glove with customers to ensure total protection. So whatever the threat or challenge at Reliance High-Tech we have the expertise, experience and resources to deliver the best solution. Call us now to discuss your requirements in strictest conďŹ dence.
0845 121 0802 www.rht.co.uk
BSIABriefing May2015_riskuk_may15 11/05/2015 12:49 Page 18
BSIA Briefing
ast August, the threat level faced by the UK from international terrorism was raised from ‘Substantial’ to ‘Severe’. According to the Joint Terrorism Analysis Centre and the Security Service, this means that a terrorist attack is now considered ‘highly likely’. Subsequent terrorism-related episodes occurring in Sydney, Paris, Copenhagen and Pakistan – and, in particular, the diverse locations that were targeted – served to highlight the importance of regular security reviews for businesses. Companies should not just be reviewing their security strategies, policies and plans in light of such incidents. In truth, they should be doing so on a continual basis. Very few businesses will actually be the direct target of a terrorist attack. It’s more a case of them preparing for the ‘overspill’ of an attack, such as having to evacuate their premises in response to a local threat episode. Assessing the risks faced by your business must start with the Risk Register, a key risk management tool that helps businesses identify the day-to-day risks they face and the best ways in which to counteract them. From that point onwards, contingency plans can be developed to detail how a business would react to each threat, whether it be locking down the building completely or evacuating all personnel. At the very heart of that contingency plan should be an understanding of the potential impact of each threat. Thinking on a broader scale, company security and risk managers should be asking themselves vital questions such as ‘What drives the business?’, ‘What can we cope without?’ and ‘What’s essential for the business to survive?’ Only then can organisations prioritise the ‘essentials’ that should be covered by detailed business continuity planning. As a business, it’s absolutely vital to know what you’re protecting yourself against. Today, we’re not just threatened by large-scale terror attacks but also ‘lone wolf’ or self-radicalised assailants who may not even be directly related to terrorist organisations but possibly suffer from mental health problems. In fact, today’s organisations are facing threats to their business continuity that can arise in any number of ways, whether from a planned attack, a bomb threat or even a flood or power outage within key buildings.
L
Looking for continuous improvement Should a security breach result in the evacuation of a facility, this may lead to members of staff having no access to their
Contingency and Continuity: Security in the Corporate Sector When it comes to businesses operating in the corporate sector, recent events around the world – among them the terrorist attacks in Paris and Sydney – have provided a stark reminder of the importance of deploying effective security measures. As Mike O’Neill explains, though, companies shouldn’t only be reviewing their security strategies, policies and plans in light of potential terrorist attacks. Rather, they ought to be doing so all the time company’s offices for a considerable amount of time. Ensuring continuity in such a situation shifts the focus from the business’ security measures to its IT facilities. Consideration should be given to this as part of the business continuity planning process. Organisations ought to review whether their IT facilities are adequate enough for staff to manage their work and securely access data from home if necessary. For those businesses operating across multiple sites, key roles should be prioritised to ensure that the individuals involved are able to work off-site, making it much easier for a business to remain resilient in the face of adversity and work towards a return to normality after an incident. Simply having plans in place isn’t enough. Businesses should routinely check and exercise continuity plans to ensure their relevance fits the purpose. It’s the smallest details that can make the biggest difference, such as ensuring that all members of staff’s contact details are regularly checked and updated when and where necessary. Staff should also take on key roles within the contingency plans. This doesn’t necessarily have to be a senior member of the team. In fact, it’s more beneficial if roles are assigned to those who are regularly at the office rather than the less readily available. It’s also essential to
Mike O’Neill CSyP FSyI CPP PSP: Chairman of the British Security Industry Association’s Specialist Services Section
17
www.risk-uk.com
BSIABriefing May2015_riskuk_may15 11/05/2015 12:50 Page 19
BSIA Briefing
assign deputies to each key role, ensuring that someone will always be on-site or otherwise readily available who knows the plans and will be able to react accordingly. Of course, terrorism isn’t the only potential security threat faced by businesses across the corporate sector. The changing nature of crime in the UK – from burglary and ‘smash and grab’ raids to insider fraud and data breaches – means that there has never been a better time for businesses of all sizes to conduct a comprehensive review of their security strategies, in turn ensuring that a robust plan is in place featuring procedures designed to help the business survive a security breach.
Commitment to security Research conducted in 2014 by the British Security Industry Association sought to gauge the extent to which security and business continuity is considered a ‘business essential’, while also enabling a better understanding of the security procurement process in a number of business sectors including transport and logistics, construction, education, retail, healthcare and local authorities. According to the results of this research, security and business continuity is indeed at the forefront of the ‘corporate consciousness’. Over 80% of respondents reported that security is considered an essential expenditure by the company’s Board, while almost 90% of interviewees confirmed that their business already has a comprehensive and strategic continuity plan in place. Perhaps reflecting this overall commitment to security, only 28% of respondents reported that their business had experienced some kind of security breach in the previous 12 months, with theft/robbery, cyber attack and data breaches cited as the top three risks. Despite this, and somewhat surprisingly, regular reviews of security arrangements don’t seem to be high on the priority list for many companies. While respondents to the BSIA’s research reported that they deploy a range of security measures – with CCTV, physical security, intruder alarms and access control
“Businesses should routinely check and exercise continuity plans to ensure their relevance fits the purpose. It’s the smallest details that can make the biggest difference” 18
www.risk-uk.com
among the most popular – only 20% of those questioned review their security solutions every three years or less. The majority of respondents reported that they never put their security contracts out to tender or review their current supplier list.
Choosing a security supplier For 80% of businesses, choosing a security supplier is the responsibility of either the Finance Department or the Procurement Department, a worrying trend brought about largely by the economic downturn wherein a focus on price and cost-cutting has, in many cases, taken precedence over the knowledge and experience of the traditional role of the inhouse security manager or director. With security measures often being selected on the basis of price alone, it must be said that the presence of an expert advisor can make all the difference when evaluating the suitability of a solution or otherwise reviewing the effectiveness of current security and business continuity measures. It can sometimes be difficult for a business to adequately identify the Risk Register under its own steam. As such, outsider knowledge provided by professional security consultants can prove to be invaluable. Security consultancies provide independent professional support to ensure that measures required by clients correspond to both existing and emerging threats while at the same time complementing an organisation’s particular environment and specific remit. Working closely with the host business, consultants help to design a security strategy that’s holistic in nature and complements the business’ operation in order to address the protection of people, buildings, assets and, ultimately, reputation. Security consultants can also act as the ‘project manager’, overseeing the implementation of security controls and ensuring that all of the necessary procedures are carried out to the required standard. When conducting its corporate security review, if a business does choose to employ the services of a specialist security business then it becomes absolutely essential they choose a reputable company that meets with the relevant standards for its products or services. Members of the BSIA’s Specialist Services Section offer a high quality service and have extensive experience in assisting businesses with their specialist and challenging requirements both here in the UK and on the international stage. Visit the BSIA’s website at: http://www.bsia.co.uk/sections/specialistservices.aspx for more information.
Project1_Layout 1 11/05/2015 12:02 Page 1
RUN Milestone Mobile AND WITNESS ANY MOMENT WHEREVER YOU ARE
Instant access to your video surveillance from your smartphone or tablet Compatible with all XProtect® video management software (VMS) and the Milestone Husky™ NVR series, the free Milestone Mobile app gives you secure access to your video surveillance system anytime, anywhere. Available in 27 languages, the app lets you conveniently view live video, as well as playback and export footage from your smart device. Discover how to expand your surveillance and security system capabilities with XProtect video management software at milestonesys.com Milestone will be exhibiting at IFSEC UK 2015. Visit our Booth no. E750 to learn more about XProtect® video management software and Milestone Husky™ NVRs! Milestone Systems UK Tel: + 44 (0) 1332 869380
POSSIBLE STARTS HERE
PrioritisingRiskManagementIssuesandRiskResponseREVISED May2015_riskuk_apr15 12/05/2015 12:00 Page 20
The Security Market: Solutions to Risk Prioritising risk management issues and organising a risk response are key remits for today’s security professionals. What, though, are the main elements underpinning each task? In the first instalment of an exclusive three-part series for Risk UK, Peter Speight and Peter Consterdine consider the Best Practice approach ecurity services, products and procedures are increasingly seen as servants of wider risk management issues. Certainly, today’s end users have learned to be suspicious of security solutions providers who emphasise products – notably technical security systems like CCTV – and services seemingly absent of any cognisance around identified risk issues. As is the case with all multinational and complex businesses, there’s a recognition that risks are an essential part of everyday life and somewhat unavoidable. Taking control of informed risks, though, is part of good business practice and allows for risks to be identified, analysed, evaluated and treated. Access control, intruder detection and CCTV systems all have their place as security solutions, but unless the complete systems are designed and installed based on a sound, risk-informed platform they will result in little more than an illusion of protection. Real protection can only be achieved when resources are carefully allocated to security’s most pressing needs. Systems and even manpower resources should be informed by both a full understanding of the host organisation’s risks and the Operational Requirement (OR) for the resource allocation. To establish the requirement for the four broad facets of security – namely manpower, technical systems, physical security assets and procedures (and, in particular, the proportions required of each) – in an integrated manner demands that in-depth audits and assessments are a prerequisite when it comes to developing risk-informed security strategies. The process of conducting these ‘operational surveys’ from which the site risk assessment and security audit reports will be produced – and which, moving forward, will frame the development of the security strategy and its operational plan – is designed to support the
S
20
www.risk-uk.com
business in providing a first class integrated security ‘solution’ aimed at protecting people, property and assets based on sound security risk management. One primary goal of these operational surveys, then, is the production of a security strategy document. This needs to begin with an understanding of the threats and hazards to the organisation, be they external/internal: threats (the ‘product of man’), hazards (natural events such as extreme weather and pandemics, etc), accidents (structural collapse, death on site) or technical events (malfunctioning systems, for instance). Assets at risk may then be identified and their vulnerability to the threats and hazards assessed so as to arrive at a comprehensive risk overview. Two factors are fundamental to the process of establishing risk profiles: the consequence (or impact) of a risk event occurring and the likelihood (or probability) will be estimated, in turn generating a risk rating or risk profile. The latter is usually illustrated in a management tool dubbed a Risk Matrix, illustrated by means of what’s commonly referred to as a Heat Map. That, in a nutshell, is the risk assessment and analysis process. Influencing both of these factors is the issue of vulnerability. For example, poor security controls may well affect the likelihood of a threat occurring while poor continuity arrangements could increase the consequence. It follows that a detailed and thorough understanding of current security arrangements – both good and bad – is absolutely essential.
The ERM Framework Enterprise Risk Management (ERM) is the process of planning, organising, leading and controlling the activities of an organisation in order to minimise the effects of risk(s) on its capital and earnings. That process is expanded to include not just risks associated with accidental losses, or traditional threats and hazards, but also financial, strategic, operational and other risks. ERM, then, may be defined as “an organisational-wide approach to developing techniques that assist in having the culture, processes and structures in place that are directed towards the effective management of potential opportunities and adverse effects.” Traditionally, organisations develop an ERM Framework based on – and consistent with – the internationally-recognised principles and
PrioritisingRiskManagementIssuesandRiskResponseREVISED May2015_riskuk_apr15 12/05/2015 12:01 Page 21
Prioritising Risk Management Issues and Risk Response
processes outlined by ISO 31000: Risk Management – Principles and Guidelines in order to manage change and uncertainty. The ERM Framework should apply to all operational and business unit levels, and assists in achieving the organisation’s strategic objectives by bringing a leading practice and a systematic approach to identifying, analysing, mitigating and reporting risk and control. Adopting an ERM process will lead to enhanced and proactive decision-making and improve the host organisation’s performance since it combines governance, risk and opportunity management, compliance and financial reporting. The next stage is to assess how the management of the four areas of security – the aforementioned manpower, technical systems, physical security assets and security procedures – either help or hinder the management of identified risks. This procedure, otherwise known as the security audit, is likely to expose vulnerabilities and engender a summary of recommendations. The conclusion to the investigative aspect should be the production of comprehensive risk matrix tables.
Risk management in focus At this juncture, discussions can be generated around priorities for addressing those risks where existing management actions, when set against risk tolerance and appetite, may leave the business exposed. These discussions and workshops will enable the construction of a security strategy document and the development of tasks designed specifically to achieve the desired security framework. The purpose of socio-political risk assessments is to highlight conditions in respect of the current socio-political climate that may or may not render a particular site and/or operation a vulnerable environment. The political segment concentrates on how affairs at home and abroad worsen or improve the possibility of, for example, terrorist activities. Additionally, there will be an overview around crime and social disorder both locally and regionally as well as the existing social conditions that could impact a given site. Notably, the risk issues addressed are those featuring in the National Risk Register and the regional Community Risk Register. Site risk assessments are conducted to outline what assets held by a site or business may be at risk and from what hazards, threats, accidents and/or technical issues, in addition to the severity of damage (referred to as ‘consequence’) that may flow from a given risk
event. In turn, this leads on to the likelihood of such an event occurring, the risk quantification/assessment (illustrated by means of that Risk Matrix) and, finally, the priorities for action and risk management. In parallel with the assessment of risk, the security audit identifies how the environment and current security arrangements either help or hinder the management of the identified risks. These are often referred to as impact factors. Impact factors may be internal – and, as such, within the influence of the business to control – or external and, that being so, broadly outwith an organisation’s ability to influence. Many external threats and hazards often sit within the high impact/low probability category and are captured by the accompanying sociopolitical risk assessment. Organisations usually feel there’s little they can do about such risks. They’re wrong. In truth, there are many strategies here that will help the business feel it has some control over its own destiny.
The Operational Requirement Based upon the risks identified during the risk assessment and the existing measures currently in place to mitigate those risks duly identified during the security audit, the next step is to develop a detailed OR for each security measure (CCTV and manpower, etc) required to mitigate the identified risks. The established OR will be based upon two alternative criteria: develop the best possible
Dr Peter Speight CSyP DBA MPhil MSc MIRM: Director of Risk and Consultancy at Securitas Peter Consterdine is Managing Director of Future Risk Management
“Systems and even manpower resources should be informed by both a full understanding of the host organisation’s risks and the Operational Requirement for the resource allocation” 21
www.risk-uk.com
PrioritisingRiskManagementIssuesandRiskResponseREVISED May2015_riskuk_apr15 12/05/2015 12:01 Page 22
Prioritising Risk Management Issues and Risk Response
*Next month: Requirementspull, the technology push, cyber threats and the resilience (and cyber security) of technology in today’s built environment landscape
OR given existing available resources and develop the OR based on a ‘greenfield’ site, starting with a clean sheet of paper and producing, in effect, a ‘Wish List’. Where appropriate, the OR will: • Set out the steps that must be taken to effectively mitigate the various identified security threats facing the organisation’s operational capabilities, employees, contractors, visitors, property and assets • Use technologies and innovation to produce cost-effective processes designed to mitigate the identified security threats • Ensure that all recommendations are, broadly speaking, aligned with any pertinent national and international security standards A well-written OR can be an effective vehicle for relaying the needs of the organisation’s security systems in an easily understood format that helps avoid the countless hours of time and other resources that would otherwise be wasted on speculating requirements. Research shows that the foremost reason why programmes or projects fail is due to a lack of detailed requirements at the outset. Efforts invested up front to develop a clear understanding of the requirements pay dividends in the positive outcome of programmes, not to mention the savings in both time and money arising from not having to realise corrective actions for putting a programme back on track (if that’s possible). Faced with the problem of potential intruders at a sensitive facility, the host business’ security manager might define the OR as ‘Build a wall’ whereas the real OR is ‘Detect, thwart and capture intruders’. Your wall may – or may not – ‘thwart’ intruders, but it would neither detect them or facilitate their capture. In short, the solution wouldn’t solve the problem. The robust capability gap to ‘detect, thwart and capture intruders’ includes no preconceived solutions and prompts us to analyse alternative conceptual solutions before choosing the best one. One way to ensure that you’re defining a problem rather than a solution is to begin the statement of the OR with the phrase: ‘We need the capability to…’ It’s nearly impossible to complete this sentence with a solution (‘a wall’), but far easier to do so with a problem (‘capability to detect intruders’).
“The robust capability gap to ‘detect, thwart and capture intruders’ includes no pre-conceived solutions and prompts us to analyse alternative conceptual solutions” 22 www.risk-uk.com
Capability gaps and requirements ought to address what a system should do rather than how to do it. This approach is sometimes referred to as capability-based planning. It’s a very simple yet powerful concept.
Requirements versus solutions When employing efforts to elicit and explain the OR using any of these methods, it’s imperative to steadfastly avoid requirements that define potential solutions or otherwise restrict the potential solution space. While it’s both necessary and useful to understand the current state-of-the-art within a given technology space and harbour knowledge about potential solutions that may already be in development, requirements are meant to simply define problems. Properly drafted requirements allow for a variety of solutions – each with their own advantages and disadvantages – to be considered as potential ways to address a problem. Solution-agnostic requirements prevent limiting and defining the outcome of product realisation. This is useful given that an open and honest review of a location’s security needs might show that a preconceived notion about a desired solution may turn out not to be the best one, or that modifications to existing products or services may be both necessary and useful to their end users. A requirement is an attribute of a product, service or system necessary to produce an outcome(s) that satisfies the needs of a person, group or organisation. Requirements, then, define ‘the problem’. In contrast, ‘the solution’ is defined by technical specifications. Defining requirements is the process of determining what to make before making it. The definition creates a method in which appropriate decisions about product or system functionality and performance can be made before investing the time and money to develop them. Understanding requirements early on removes a great deal of guesswork in the planning stages and helps to ensure that end users, product developers and/or systems integrators and installers are on the same page. Requirements provide criteria against which solutions can be tested and evaluated. They offer detailed metrics that may be used to objectively measure a possible solution’s effectiveness, ensuring informed purchasing decisions on products, systems or services that achieve the stated operational goals. A detailed OR analysis can also uncover hidden requirements as well as discover common problems across programmes and various operating components.
Project1_Layout 1 11/05/2015 12:02 Page 1
Improving your vision with our solutions. Working with you to deliver safe, secure and sustainable projects. At the forefront of design innovation, we’ve been providing safety and security for homes, education, commercial and industrial developments for almost 70 years. Our portfolio includes RoSPA approved, LPS 1175 certiďŹ ed and Secured by Design preferred security fencing and gate solutions, environmental noise barriers, storage, automated access control and decorative timber fencing, gates and landscaping features; all designed to give a service life well beyond our 25 year guarantee.
Timber and steel fencing
Vehicle and pedestrian gates
CPD training
Vehicle access and parking control
Access control
Cycle, recycling and fuel storage
Noise barriers
Pedestrian safety
Find out about our products and services including drawings, data sheets, Q40s and CPDs at www.jacksons-fencing.co.uk.
AR NT A
I CE LI
E
YEARS
E
SE
T
E E
E
E
YEARS
RV
FE
AT ME N
GU
GU
MONTH
AR NT A
RE
T
AU
M AT I
ON
TO
GU
Call 0800 41 43 43 to speak to an expert
AR NT A
www.jacksons-fencing.co.uk
NegotiatingContractsforSecurityServicesREVISED May2015_riskuk_apr15 12/05/2015 11:59 Page 24
Contractual Basics, Negotiations and Risk
Written contracts for security services are both difficult and important. They deal with issues of high risk, often for long periods of time, and their content may be complex and specialist in nature. In the first instalment of a twopart series for Risk UK, John Spratt covers negotiation procedures, Service Level Agreements, Key Performance Indicators and price
24
www.risk-uk.com
he negotiation of security contracts is too often lengthy and can test the goodwill of both sides. The process of negotiating and finalising the contract itself deserves special attention along with key terms which may prove difficult to negotiate. Let’s deal with both the process and those key terms. The seller will need to carry out an examination of the buyer’s business and security requirements both for the purposes of risk assessment and the subsequent preparation of assignment instructions. They’ll also need to review the detail of information about the employees of the outgoing provider. Accordingly, the beginning of the contract process will often be the buyer’s insistence on the seller entering into commitments of confidentiality by way of a confidentiality letter or what’s termed a non-disclosure agreement (NDA). NDAs are perfectly enforceable in law provided that they are well drawn. The next document to be recommended is a letter of intent or ‘Heads of Terms’ designed to set out in brief everyday language the key terms of the agreement which the buyer and the seller are in the course of negotiating. There should be a timetable attached setting out milestones to be achieved along the way towards contract signature. Letters of intent should be expressed to be non-binding. In this way, they can be safely used as a convenient vehicle for negotiating the key terms of the contract before drafting of the contract begins on a formal basis. If the buyer wishes to proceed by invitation to tender then this process itself dictates that a timetable is used. My experience tells me that
T
the same discipline should be employed in all negotiations of security contracts. It’s also important for each party to appoint a team of people to work on the contract process encompassing individuals from operations, finance, management, Health and Safety, Human Resources and legal. In the course of agreeing the timetable, the parties involved should pencil in one or two meetings within the process just in case they’re necessary for resolving any difficulties. A meeting conducted at the right time can save weeks of unproductive communications. Many of the issues which cause problems in bringing a contract to final signature are focused on legal aspects. The lawyers on each side should be permitted to talk to each other and resolve these legal issues. In my experience it doesn’t help for these issues to be negotiated by the commercial members of each team who will tend to adopt a strong defence of their company’s own position, but will not be qualified to find the ‘work-around’ required to bring the contract to signature. The first contract draft of the agreement can be provided by either the buyer or the seller. If it should be provided by the buyer, it may be an adaptation of a general purposes procurement agreement. Alternatively, the seller may provide their own contract. In either case, all-too-often the Terms and Conditions offered by one party to the other are one-sided in favour of that party and, in effect, challenge the other party to pick up every single point and ‘turn it around’ to achieve a reasonable position. There’s no harm in such an approach provided that both parties are aware of what’s achievable by way of negotiation and move to those acceptable positions without any undue delay or acrimony.
Services to be provided The contract must contain a detailed description of the services to be provided by the seller. The description should be on the ‘input’ basis, which means that all of the tasks which the seller is to perform are duly set out. The seller’s performance can then be managed against their contractual obligation to perform those services both diligently and promptly. The seller will only be liable to the buyer if they fail to carry out those services in the way that they’ve committed to carry them out, are negligent or in breach of statutory duty. This commitment by the seller is capable of insurance: the seller’s insurers will provide
NegotiatingContractsforSecurityServicesREVISED May2015_riskuk_apr15 12/05/2015 11:59 Page 25
Negotiating Contracts for Security Services
cover against claims set against the seller for losses suffered by the buyer as a result of the seller’s fault. Sellers will generally refuse to sign a contract wherein their services are described on an ‘output’ basis which means that the seller guarantees certain outcomes. The prime reason why the seller will not agree an output-based definition of services is that they will not be able to obtain insurance to cover the risk of failure to perform. The description of the services will be supported by a service level agreement (SLA) committing the seller to reach certain standards against key performance indicators (KPIs). SLAs should be as simple and easy to manage as possible, and ought to reward the seller for extraordinarily good performance as well as penalise them for any poor activity. In that way, the buyer can be sure that the seller and their members of staff will be motivated to perform well. The SLA will be monitored by key personnel appointed by each party often with the seller self-recording against the KPIs and reporting to the buyer. Most security contracts are for periods of over 12 months and often for three years. During the term, no doubt the buyer’s business will change shape and their requirements for security services will also change. On that basis, there should be a robust change control mechanism in the contract whereby the buyer can require the seller to change the services provided by serving a notice on the seller setting out the alterations required. This section of the contract should provide for consultation and fair adjustment of the price based on the changes noted. The seller will have relied upon the turnover in the contract over its whole term to arrive at their price, and will not welcome the buyer reducing the services under the contract. If the buyer wishes to reduce the services then frequently the parties will agree that the length of the notice of the required reduction will vary according to the percentage reduction of the services so that a substantial reduction should only be available on, say, three months’ notice. This will enable the seller to do their best to consult with their members of staff, redeploy them and avoid the expense of redundancy. Frequently, the parties will agree that, in those circumstances, the seller will be compensated for any redundancy payments that they cannot avoid. The parties involved should also be aware that reduction of the services may involve reduced staff facing safety risks. This should be taken into account. Sellers will object to any attempt by the buyer
to restrict them from providing security services either within a geographical area or to competitors of the buyer (whether named or otherwise). In sensitive situations, the seller will offer assurance to the buyer of ‘ringfencing’ staff on the buyer’s contract and in terms of matters arising around confidentiality.
Examination of the price At the outset of any longer term contract, the seller will incur significant expense by way of risk assessments, the preparation of assignment instructions, price calculations and management time for negotiation. Often, the seller will seek to defray this upfront cost by requiring a reasonable term of the contract (for example, three years). The seller will object to the buyer’s request to be able to terminate for convenience on, say, three months’ notice but, in my experience, ultimately the seller will be prepared to allow that term, duly relying on their own abilities to perform the Terms and Conditions of the contract to the buyer’s satisfaction and, in doing so, avoid early termination. The seller’s calculation of the price, and particularly so in security guarding contracts, will be based on the employment information provided to them by the outgoing service provider. They will seek the right to a price adjustment to the extent that the employee information is wrong. Over the course of a three-year contract the seller may be prepared to agree on their prices being fixed across the term by self-forecasting any increase in cost they anticipate. Alternatively, they may agree a best price at the outset of the contract on the basis that it will be capable of adjustment in the event of an increase in their costs caused by inflation or by dint of a change in the law (such as the move from licensing of security officers to the licensing of security companies themselves). Cash flow is always an important consideration for both buyer and seller. The seller will try to agree with the buyer that they may invoice at the beginning of each month, with the invoice to be paid at the end of the month. This means that they’re giving little credit to the buyer. However, if – for example – the buyer insists on payment 90 days from the end of each month, the seller is having to carry 90 days of the buyer’s cash flow.
*For the second article in this two-part series which appears in the June 2015 edition of Risk UK, John Spratt will examine liability issues, the TUPE Regulations and termination (or suspension) of security contracts
John Spratt: Corporate Partner at Spratt Endicott
“SLAs should be as simple and easy to manage as possible. They ought to reward the seller for extraordinarily good performance as well as penalise them for any poor activity” 25
www.risk-uk.com
TheRiskUKInterview May2015_riskuk_apr15 11/05/2015 16:47 Page 26
Preparing for Integration
During Risk UK’s recent discussions with Terry Sallas, managing director at systems integrator Reliance High-Tech, Brian Sims discovers that the nature of value required by end users from their security solutions providers is changing
Terry Sallas: Managing Director at Reliance High-Tech
26
www.risk-uk.com
he last three years have witnessed significant progress at Reliance High-Tech, the independent security systems integrator serving end user organisations across both the private and public sectors. In the utilities space, for example, the business now holds framework and supply agreements with a number of leading providers, among them EDF, Bristol Water, South West Water and Western Power Distribution (on behalf of whom the company now manages circa 900 UK sites). “Several years ago our presence in the utilities sector was minimal,” explained managing director Terry Sallas as we began detailed discussions at Reliance High-Tech’s Winnersh Triangle headquarters in leafy Berkshire. “We decided to focus on this area at the outset of the recession. It represented a good fit for us in terms of our offer.” A decision that has proven to be an astute move. Sallas duly informed Risk UK that there has also been significant progress in the corporate estates arena encompassing the worlds of finance, manufacturing and pharmaceuticals. “We work with Air Products across the UK and Europe and also supply Pfizer, Rubbermaid Newell and Morgan Stanley at European sites by way of our local service technology provider partners,” stated Sallas. Importantly, the business has invested heavily in quality systems, operational delivery and its customer service-focused
T
infrastructures, expanding into new offices in the Midlands and ploughing substantial capital into IT systems at the Pontefract and Wythenshawe Monitoring Centres, both of which serve as hubs for many of the new ITcentric offerings and services being developed. In the lone worker field, Reliance High-Tech now protects approximately 50,000 individuals across the public and private sectors. “The Digital Interview market is one that has really crystallised for us,” enthused Sallas. “When we last met for an interview, Brian, as you know we were targeting this market including Greater Manchester Police, the Metropolitan Police Service and the West Midlands Police as potential partners. Now, we’re upgrading interview suites across all of these estates. These three represent the largest Digital Interview estate in the UK. We also supply a number of other UK police forces, including West Lothian, Sussex and Cleveland Police with Digital Interview and traditional security solutions for their custodial facilities.” No doubt, then, that Reliance High-Tech – under Sallas’ forward-thinking leadership – has made strong choices when it comes to the markets it targets and the bespoke services offered within them, the business choosing to align itself with high-level and specialist technologies for high grade security and Critical National Infrastructure-style environments. Interestingly, and very much mirroring current trends, Sallas said: “Many end user customers are operating what you might call an holistic approach to security, encompassing not only physical security but also considering IT, data, information and people.”
High levels of data According to Sallas, Reliance High-Tech’s key customers and markets are characterised by a number of issues. As stated, they’re now increasingly holistic in their approach, requiring high levels of data and information from their chosen solutions. “Actionable intelligence will increasingly become a key deliverable and differentiator for the future,” outlined Sallas. End users also demand a great depth of proven security and IT expertise. Reliance HighTech’s project managers for its police servicerelated business work predominantly with the IT teams and must absolutely understand IT/security crossover issues around data and security software. “We’re finding that end users want standard and uniform technology across their sites, typically coupled with risk and security vulnerability assessments,” explained Sallas.
TheRiskUKInterview May2015_riskuk_apr15 11/05/2015 16:47 Page 27
The Risk UK Interview
“Access control systems are very important for assisting identity management programs among the corporates and universities.” Again mirroring current trends, Sallas pointed to an increased diversity of stakeholders involved in decision-making processes for security, and more so for corporate regimes where IT has a key influence in terms of the ultimate provider and overall spend. The ‘network issue’ is still alive and kicking, then. “Today’s end users are also requiring pragmatic partners,” urged Sallas. “Their priorities evolve on a continual basis. That being so, they need the breadth of resource to readily accommodate change, but also the flexibility such that they can address new requirements, ambiguities and uncertainties.” Perhaps the key point to note here is that the nature of value required by end users from their security solutions providers is changing. It’s no longer enough for companies like Reliance High-Tech to be able to only design and install security systems. That element of the equation will never cease to be crucial, of course, but it’s now equally as much about the advice given on future-proofing, cost and risk as well as demonstrable engagement with other key stakeholders across the estate. “Customers require you to have the ability to partner,” opined Sallas. “In some cases, that requirement is such that you need to work with large IT and technology organisations as security has now become part of a significantly broader agenda. Today’s specialist security integrator must be able to speak the right business language, stand their ground on subject matter expertise and collaborate towards a common end goal.”
scope, and notably so for the utilities providers. For their part, service solutions must now stretch beyond the traditional maintenance plans offered by the industry. Rather, they will need to be proactive in orientation while the nature of service issues will change. “Customers are going to need very specific service plans. Some of our service offerings will become market-specific and, in some cases, include other services such as lone worker solutions and asset tracking as standard features. They may also move towards being condition-based in nature.” A great many of the critical systems involved will need to be monitored remotely on a 24/7 basis with IT experts at hand. “Our police maintenance programs,” said Sallas, “are now as much about data, evidence storage and retrieval as they are concerned with hardware issues.” Clearly, Sallas is a firm believer that security solutions will become as much about the intelligence and data they can offer an end user customer as they are about providing the basics (ie safeguarding people, property and brand). Going forward, there will be an increased specialism in technology. “Analytics will really come into its own,” asserted Sallas. “Security integrators will have to be increasingly adept and capable of working with many specialist technologies in multiple areas and markets. Integration could continue to be a major issue for security installers and end users.”
Convergence and The Cloud Convergence is no longer the ‘New Kid on the Block’, of course, but it’s also not going away in a hurry. “We need to consider data storage, networks, language, technologies, licenses, server maintenance, skills and partners as well as data security,” affirmed Sallas. “In fact, the list of considerations could be endless.” Taking that discussion a stage further, what about ‘The Cloud’? “The Cloud will further impact the nature of what it is we do, affecting installations, commissioning, data, services and reporting. We’re investing in a suite of cloud services for our customers similar to Physical Security Information Management-centric solutions but more specific to clients’ own operational issues and providing live data and KPIs via bespoke portals and dashboards.” Not surprisingly, Sallas then points out that compliance and regulation is increasing in
“Today’s specialist security integrator must be able to speak the right business language, stand their ground on subject matter expertise and collaborate towards a common end goal” 27
www.risk-uk.com
CriticalInformationandDataManagementREVISED May2015_riskuk_apr15 12/05/2015 11:57 Page 28
Everything’s Under Total Control Higher education environments combine the technology requirements of large-scale enterprises with a unique set of demands around security. In a follow-up to last month’s Vertical Focus on the Education Sector, Brian Sims examines the data management solutions configured for Newcastle University and the University of the Arts London now boasts more than 200 students and, in time, will train upwards of 1,000 medics to support Malaysia’s Health Service. The worldwide footprint doesn’t end there, though. Newcastle University also boasts a presence in Singapore (by dint of Newcastle University International Singapore, or NUIS for short). Operated in partnership with the Singapore Institute of Technology, this bold venture has also experienced tremendous growth over the last few years.
Maintaining essential servers
lthough its scholarly origins as a renowned School of Medicine and Surgery date back to 1834, Newcastle University in the year 2015 is very much a modern day academic establishment offering a first class student experience in what is undoubtedly one of the UK’s most vibrant cities. Ample proof of its pedigree is outlined by the fact that Newcastle University has just been applauded as one of the very best there is in The Times’ most recent Higher Education World University Rankings – this highly-respected North East seat of learning sits comfortably within the Top 200 – while also occupying a simultaneous slot in The Sunday Times’ UK University Guide Top 20. With the opening of Newcastle University Medicine Malaysia (NUMed) four years ago, Newcastle became the first UK university to establish a medical campus overseas. NUMed
A
28
www.risk-uk.com
Being a modern civic establishment, Newcastle University runs over 1,400 networked PCs, operates 24-hour computer clusters and social learning spaces, administers a lecture recording system and also features an award-winning Language Resource Centre. As a direct result, between its UK and overseas campuses, Newcastle University maintains around 1,000 essential servers which help to deliver productivity, virtual learning and specialist applications. In days gone by, members of the dedicated IT Department had used Microsoft ISA load balancing technologies to ensure availability and enhance the fault tolerance of service delivery. However, given the discontinuation of Microsoft’s load balancing platforms and a planned upgrade to a new version of Exchange, the decision was taken to source an alternative solution that offered the raw performance and features needed to match continual growth. David Clark – infrastructure systems specialist within the Information Systems and Services team at Newcastle University – explained: “Although the initial focus was all about load balancing, the upgrade we were looking for was one that could potentially offer additional benefits around enhancing
CriticalInformationandDataManagementREVISED May2015_riskuk_apr15 12/05/2015 11:58 Page 29
Critical Information and Data Management
performance and providing a key resource to support other initiatives across the university.” According to Clark, the balance between performance and features afforded by A10 Networks’ Application Delivery Controllers (ADCs) rendered the company an early shortlist candidate. “We liked the look of the pricing model, which included all of the features within a single cost,” explained Clark. “This was important as we had to consider other features such as SSL Offload, compression and security enhancements for any future deployment.”
More robust platform In the end, Newcastle University deployed two ADCs in an active-passive failover scenario. The deployment offered a seamless migration from the existing Microsoft ISA load balancing solution with a system that could also load balance non-HTTP protocols such as Messaging Application Programming Interface traffic. On top of that, the installation allowed for a more robust platform for load balancing the Blackboard virtual learning environment. With the core load balancing requirement now duly satisfied, Newcastle University’s Information Systems and Services team members swiftly began to examine how the additional features could be used for improving application and service delivery. In practice, the ADCs are employed to deliver additional web-based applications for Newcastle University, including its Citrix XenApp and SAP Supplier Portal, while the platforms also provide SSL Offload to reduce the processing workload on application servers. “We’re making good use of the data compression features,” enthused Clark, “which have reduced the bandwidth associated with certain tasks by around 50%. What we appreciate most, though, is that the solution just sits there and does its job without requiring additional management time and resources. During failover tests, in fact, it has proven transparent to end users.”
“Between its UK and overseas campuses, Newcastle University maintains around 1,000 essential servers which help to deliver productivity, virtual learning and specialist applications” intensive graphic applications. The infrastructure spans two data centres and consists of Apache servers running on VMware that communicate with – and retrieve information from – the MySQL and Oracle databases on the back end. In recent times, the University of the Arts London began a new web service project designed to create an architecture capable of providing optimised content delivery for site visitors. University of the Arts London selected four AX 2100 new generation server load balancers for a higher performance and scalable solution. The balancers chosen feature Global Server Load Balancing (GSLB), URL switching and custom health checks. GSLB balances web servers across University of the Arts London’s two data centres to ensure high availability. URL switching delivers services hosted on the University of the Arts London domain based upon the contents of the URL. Requests are then directed to the relevant servers located in the private address space. In terms of custom health checks, these absolutely ensure that servers are available and, as previously stated, readily able to communicate with – and retrieve data from – the back end MySQL and Oracle databases.
Scaling web application delivery The University of the Arts London is recognised as a vibrant world centre for innovation, comprising six internationally-renowned colleges. In point of fact, it’s Europe’s largest university for art, design, fashion, communication and the performing arts. Operating in the digital age, the University of the Arts London leverages web technologies to provide a multitude of applications and services for its students and faculty. Presently, it administers more than 25 websites with interactive content, including bandwidth-
29
www.risk-uk.com
Project1_Layout 1 11/05/2015 11:59 Page 1
ALL WILL BE REVEALED... Join us at IFSEC where we’ll be announcing some exciting new developments. To celebrate, we’re giving away a host of prizes including thousands of pounds’ worth of Amazon vouchers, product discounts and much, much more. Simply find the card inserted in the June edition of this magazine, scratch away the panel, and bring it to the Vista stand to see what you’ve won – there’s a prize for every card! In addition, come along to see the new winning combination of qulu and HP. Working in partnership, we have developed a range of servers to support the new qulu 2.3 software. Features of this latest software edition include video wall, failover and integration with Paxton Access Control.
VISIT US AT: Stand D1300
HD CCTV FROM VISTA
g Web: vista-cctv.com
g Email: info@vista-cctv.com
g Tel: 0118 912 5000
LeisureandEventsSectorSupplementFrontCover May2015_001 11/05/2015 15:25 Page 1
May 2015
Security and Fire Management
Modern Sporting Spectacle Security Management in the Leisure and Events Sector Ground Control: Challenges Facing Stadium Security Teams Case Studies: Surveillance in the Barclays Premier League Pitch Perfect: Perimeter Protection Solutions Best Practice Health Conscious: Integrated Systems for Fitness Centres
Project1_Layout 1 11/05/2015 17:23 Page 1
Visit Axis at IFSEC: ExCeL London Booth E1000 June 16-18
Elephant proof. Our cameras are much tougher than they look. That’s because we don’t just give them a few strikes during testing, as you might expect. Instead, we subject them to about 30 heavy strikes – directly on their weakest spots. Don’t worry though, we keep them away from elephants. It’s just one of the tough tests Axis cameras face, so you can be sure you’ll always get the best image quality and high performance – no matter what’s thrown at them.
Learn more about Axis’ quality assurance work at axis.com/quality
LeisureandEventsSectorStadiumSecurity May2015_riskuk_apr15 11/05/2015 15:24 Page 2
Leisure and Events Sector: Stadium Security
Risk managers at today’s modern stadiums take full advantage of the latest security technologies for observing, anticipating and eliminating threats. Here, Adam Breeze discusses the challenges facing stadium security teams and those operating in other large entertainment venues and outlines the solutions being developed to meet them head on ll entertainment facilities pose security challenges, but sports stadiums top the list. These arenas, in which thousands of people regularly congregate, have to meet very demanding security and safety criteria. The only responsible choice for end users is to take advantage of state-of-the-art technology preferably combined into an integrated system featuring fire detection, video surveillance, access control, intrusion detection and PA/voice alarm solutions. Smart surveillance is now very much with us. This involves digitally analysing the signal from a CCTV camera using Intelligent Video Analysis (IVA) algorithms. IVA compares real-time video with predefined rules for detecting alarm situations or suspicious activity. Today’s algorithms are capable not only of motion detection, but also of detecting specific objects like abandoned bags and even suspicious behaviour such as loitering or straying into forbidden areas – all in real-time. During stadium operating hours, such smart surveillance systems may be combined with an access control solution (and an intrusion control system outside of those hours) to provide optimum security and early warning of any suspicious activity. IVA-enabled systems can be configured to trigger a recording only when events that violate the predefined rules are detected. This dramatically reduces the amount of recording disk capacity required and can generate significant reductions in running costs while allowing security personnel to concentrate exclusively on incidents that require human intervention or decision-making.
A
Ground Control Monitoring begins in the car parking areas so that potential troublemakers can be outlined before they enter. Security screening at the entrance may include body and bag searches designed to exclude the possibility of weapons and bombs being smuggled in and video capture of attendees. It can even include electronic visitor identity verification so that if trouble should subsequently arise inside the stadium, those involved may be immediately pinpointed and their names passed to those police officers on duty.
Provision of video evidence Besides the standard dome and PTZ cameras used to monitor stadium interiors such as the approach tunnels, restaurants and corporate hospitality suites, many stadium security teams now deploy vandal-proof megapixel CCTV cameras directed at the stands from pitch level. Just two or three cameras can monitor a complete stand and zoom in to identify individual offenders. Special directional microphones can also produce an audio record of the event to provide support for video evidence in a Court of Law. Thanks to the latest IVA software, CCTV cameras can even identify offenders by the colour of their clothing and track them throughout a facility, even to the car parking areas where Automatic Number Plate Recognition software is able to pick out the owners of specific vehicles. Digital data generated by today’s advanced IVA systems is also recorded for use after the fact as a forensic tool. To facilitate searching recorded video, the more advanced IVA algorithms serve a video management function, automatically generating metadata files sent together with the video footage to the recording medium. These files are much smaller and easier to search through than the digital video files of old. Manual search of video footage that may have taken days or even weeks can now be completed in seconds by scanning the metadata with smart search facilities. A venue the size of a stadium inevitably has multiple security, safety, communication and building automation issues to address. It’s fair to say that an integrated system can go a long way towards facilitating a safe and secure visitor experience while also contributing to reductions in overall running costs.
Adam Breeze: Strategic Marketing Manager at Bosch Security Systems
33 www.risk-uk.com
LeisureandEventsSectorCaseStudyBurnleyFC May2015_riskuk_may15 11/05/2015 15:14 Page 34
Leisure and Events Sector Case Study: CCTV at Burnley FC
Line of Sight
stablished back in 1882, Burnley Football Club is one of the longest-established worldwide. Set in the heart of the old Burnley mill town, its Turf Moor home has a capacity of 21,500 and enjoys average gates above 19,000, with anything up to 4,000 seats allocated to away supporters on match days. The club was promoted to the Barclays Premier League at the end of last season, in turn triggering a multi-million pound facilities and IT upgrade which included funds for changing the legacy analogue-based CCTV system to a hybrid IP and CCTV set-up by dint of Axis Communications’ network cameras and a Mirasys hybrid NVR system. A total of 64 new cameras were installed covering the stadium, turnstiles and concourses. The new system also provides total coverage of all 40 turnstiles through which fans pass on match days. Cameras trained on each turnstile capture images of the individuals showing their tickets at the turnstile. The new electronic ticketing system enables security staff to view images of the owner of a given ticket on-screen as fans pass through the gates. Those thought to be using the wrong ticket can then be tracked and positively identified via the network cameras. This additional layer of surveillance has reduced ticket fraud quite significantly as adults trying to enter the ground with concession or child tickets are identified and then stopped. Inside the stadium, during the first four months of the 2014-2015 Barclays Premier League season the ground safety team, working with Lancashire Constabulary (whose officers
E
Daren Lang: Business Development Manager for Northern Europe at Axis Communications
34
www.risk-uk.com
Network surveillance specialist Axis Communications has assisted the in-house management team at Burnley FC in delivering a state-ofthe-art ground safety system for Turf Moor which includes cameras rendering 1080p HDTV images. Daren Lang details the procedures and practitioners involved station themselves in the stadium’s Control Room on match days) have been able to positively identify a number of people committing public order offences or potentially placing other fans and/or players at risk. By way of example, two convictions have been handed down following pyrotechnicsrelated offences caught by the Axis Communications cameras within the first four months of deployment. Operating on three 10 Tb-capacity servers, the Mirasys system manages and enables the rapid distribution of video recordings in case any incidents should occur. Mirasys Spotter and Media Exporter software is used to rapidly recover and export relevant recorded images to DVD if the police need to take further action in terms of prosecuting an individual. A total of 3 Tb of video data is collected by the system on each match day.
Detailed views of supporters Hadrian Thorne, managing director of installer Thorne Access & Security, explained: “We selected the 6045-E PTZ dome and Q1765-LE cameras for the 1080p HDTV images they can deliver over long distances. The fact that operators can gain a detailed view of an individual sitting in the away supporters’ West Stand from a camera situated some 125 metres away that’s fixed on a pole just below the roof of the East Stand says it all.” Doug Metcalfe, stadium and operations manager at Burnley FC, added: “The cameras are capable of delivering positive identifications on a rapid basis such that we can act swiftly when it comes to catching perpetrators and remove offenders if they’re deemed to be jeopardising the safety of other fans.” The dedicated ground safety officer for Burnley FC at Turf Moor is Cliff Edens. “The cameras have proven their reliability for identifying individuals in the crowd,” enthused Edens, “pinpointing their location and helping us to act with confidence when it comes to warning or removing offenders depending on the severity of the incident in question.”
Project1_Layout 1 11/05/2015 17:24 Page 1
Intelligent solutions from Bosch Bosch Security Systems provides intelligent products and services to maximize the benefits of a connected security solution.
Come and see us at IFSEC 2015. Stand F700, Hall S5.
LeisureandEventsSectorPerimeterProtectionSolutions May2015_riskuk_may15 12/05/2015 14:20 Page 36
Leisure and Events Sector: Perimeter Protection Solutions
Mo Ali: Sales Manager for Sports Systems at Zaun
Pitch Perfect When deployed in the leisure sector, perimeter protection must be functional, safe for end users, low maintenance, represent good value and fit in with its environment. As Mo Ali duly discovers, there’s more to sports fencing than meets the eye he majority of specifiers and architects are quite surprised at how many questions we would ask before recommending a specific type and configuration of perimeter fencing for their planned sporting arena. The first consideration centres on how the space is going to be used and what sports are going to be played within it. Our most popular requests are for fencing around five-a-side football, basketball and netball pitches followed by tennis courts and hockey pitches. All require different markings and run-off areas around the pitch or court and appropriate goal areas. With good planning these can normally be incorporated into the perimeter. Think about the orientation of play. The safety and security specialist might want capacity for a full-sized football pitch, with smaller five-a-side variants at right angles. A single orientation of play might allow the reduction of side fences to just 1.2 metres in order to reduce costs and, at the same time, create a less ‘caged-in’ field of play. What’s the environment like? Do students alone use the pitch area? Will play be supervised? Where’s your pitch sited? Nearby busy roads, railway tracks, canals or rivers and utility stations can pose significant risks and be potential death traps during those times when balls inevitably escape the field of play. Five metre-high fencing will keep more balls within the sports arena than would three metre-high solutions. Netting canopies designed to catch balls are imperfect as they can quickly deteriorate, require a good deal of maintenance and provide pockets above the fencing where balls can be trapped and lure pupils towards net roofs that will not support their weight and where there’s a hard surface beneath. Cater for disabled end users by making all gates 1.2 metres wide rather than 800 mm and, typically, have them opening outwards (unless, of course, this risks them opening towards a ramp or stairway). Finally, place gates at opposite corners of the field and colour them differently such that they’re obvious as an escape route even in the hours of darkness.
T
36
www.risk-uk.com
LeisureandEventsSectorSecurityforFitnessCentres May2015_riskuk_apr15 11/05/2015 15:23 Page 2
Leisure and Events Sector: Security for Fitness Centres
ate at night or during the small hours when most of us are sound asleep, an everincreasing number of people across Britain are busily pumping iron, running on treadmills or pretending they’re taking part in the Tour de France while furiously pedalling their in situ exercise bikes. Welcome to the world of ‘The 24/7 Fitness Centre’. Satisfying the demands of today’s health conscious brigade, multi-location fitness chains are now springing up all over the UK and Europe. Sited in numerous settings, they enable members to continue benefiting from their membership deals and maintain their fitness regimes even while they’re away on business or on holiday. Managing membership status, access control and security, then, has become an additional challenge for risk professionals operating within the leisure sector. How might that challenge be successfully tackled, though? Scalability is a key consideration for any fitness centre chain looking to implement a security system designed to manage multiple sites. If the business plans rapid expansion over the coming years then it’s important to understand how many ‘users’ the chosen system is able to manage. Many integrated access control and security solutions widely available on the UK and European markets have a maximum limit set for numbers of users within either the hardware or software. This means that once membership numbers exceed the user threshold, you’ll be forced to implement a new security system or otherwise introduce individual systems for each site, in turn substantially increasing security outlays and ongoing maintenance costs. Be sure to choose a security system with the option of having ‘millions of users’. In this way, scalability will never be an issue for your company. It’s also very important to establish that your chosen system can manage changes and updates to all user profiles in real-time.
L
One intelligent system Why invest in individual, lower-grade security systems for every one of your company’s fitness centres when you could install a single solution that manages all sites? This type of system will afford provisioning if you open new fitness centres in the future. Having just one system also means that security can be managed by one administration team. There’ll be no need to employ security staff for every site. A quality security system should be able to manage membership access on a local, regional and national basis. Furthermore, most fitness centre groups offer varied levels of membership
Health Conscious How does a fitness chain offer 24/7 opening while retaining and maintaining high levels of security, a Duty of Care to its members and profitability for the host organisation? Tim Northwood provides advice on how leisure facility security and safety managers might select the right system for satisfying the business’ needs both now and into the future
so the system needs to cater for such a need as well as identify if a given member has access rights to just their local centre, a group of regional centres or all centres across the chain. Always allow for training costs and implementation time when evaluating the right system for your fitness centres. How long will it take your administrator to understand how to administer the system? What accredited training is offered by the manufacturer so that your administrators can fully understand the best approach to managing and controlling your security set-up? To simplify the learning process, opt for a solution employing intuitive, interactive schematic maps of all your sites such that your team members can simply access and control the security at any given site. An integrated security solution ought to deliver an administrator secure access via any Internet-enabled PC, laptop and/or mobile device. ‘Anywhere access’ is also beneficial for 24/7 fitness centres if a security alert should take place during unmanned hours.
The power of integration Run your fitness centres smarter and more efficiently by not wasting time and costs on administering different systems. Select a security regime that also exists to control and manage other aspects of your environment such as lighting, heating and cooling.
Tim Northwood: General Manager at Inner Range Europe
37
www.risk-uk.com
LeisureandEventsSectorSecurityforFitnessCentres May2015_riskuk_apr15 11/05/2015 15:23 Page 3
Leisure and Events Sector: Security for Fitness Centres
A scenario could be that, at 3.00 am, Joe The Bodybuilder leaves one of your centres. He’s the only one at your premises so, when he departs, Joe dutifully shuts the door behind him and everything’s secure. However, all the lights are still on: a complete waste of energy and costs for the business. What if, when Joe exits the building, the internal lights automatically turn off after 15 minutes if no-one else arrives on site? Then, when Sarah The Solicitor turns up at 5.00 am for an early morning workout, the internal lights automatically turn on when she enters her PIN code. This ‘cleverness’ can also be applied to security systems such as CCTV and, of course, your membership software. Most fitness centre businesses will run software that enrols members via an online portal from which fees and gym location/regional access are selected. To make administration highly efficient, the integrated security and access system needs to be able to dovetail with this solution at a software level. In this way, when any changes are made to the membership system they’re immediately reflected within the integrated access and security system. You’ve implemented a system that keeps non-members out of the premises on a 24/7 basis, then, but what about a Duty of Care to fitness centre members when resident on your premises? You cannot possibly vet every member, and you might encounter a number of situations on site such as a conflict between members that spirals out of control or a medical emergency at a time when the centre isn’t staffed. In short, you want to ensure that if an incident does happen there are facilities in place that will act as protection. The implementation of panic or help buttons that, when pushed, energise audio monitoring means that your designated Control Centre operators have complete visibility of your premises thanks to CCTV and can take the necessary emergency action to ensure Duty of Care for members.
Avoid lost membership cards Many fitness centre managers have opted for PIN codes rather than a physical membership card because cards can often be lost or stolen and replacing them is a costly business. When selecting a security system always ask how the system will prevent PIN code abuse (eg the PIN
“Good security systems should be able to identify when the same PIN number or credential is used at the same location twice within a set time period” 38
www.risk-uk.com
code being used by multiple people). Good security systems should be able to identify when the same PIN number or credential is used at the same location twice within a set time period or across multiple sites within a predetermined timescale. The system should be able to automatically suspend the member involved until the issue is resolved. PIN code management is particularly relevant during unmanned hours because it ensures that only your members can gain access and any unauthorised entry will be revoked as well as reported to an administrator who can then immediately access the system and check CCTV images to ensure that no unauthorised people have gained entry to the premises. If your gym attracts the kind of members who require a highly protective environment then you may wish to consider investing in a bespoke biometric access control terminal. Also, if freelance trainers pay the business a fee on attendance, look to select a security system that can deliver reports highlighting the number of hours they were at your facilities on a given day, week or month. Valuable insight on attendance patterns can save both cost and time when it comes to resolving any discrepancies that may arise. Such functionality may also be used to monitor and report on staff attendance patterns. Intelligent security reporting permits you to learn when your fitness centres run under and above capacity, in turn allowing measures to be put in place that ensure you can retain a high level of customer satisfaction and increase promotion or incentives that encourage members to attend at quieter times. How could you use member attendance information to your best advantage? The reporting functionality of any good integrated security system provides intelligent data that the host business might use for marketing and development purposes. System intelligence also facilitates a proactive approach towards marketing and sales. For example, you could set reports to analyse members who do use your Out of Hours facilities on a regular basis. This information could be used to deliver specific detail relevant to them, or perhaps they could be sent a feedback questionnaire on ways in which they feel the service may be improved for end users. Likewise, such reports could identify members who’ve stopped coming to the gym on a regular basis and may be at risk of cancelling their membership. Opportune e-mails encouraging their attendance might just increase customer loyalty and, ultimately, boost ongoing membership sales.
LeisureandEventsSectorCaseStudySouthamptonFC May2015_riskuk_apr15 12/05/2015 14:52 Page 40
Leisure and Events Sector Case Study: Southampton FC
Watching Over ‘The Beautiful Game’ The safety of both home and away supporters is paramount at Southampton FC’s St Mary’s Stadium. As Steve Hodges states, the solution is based on HD surveillance in tandem with a dedicated team of safety officers ince 2001, St Mary’s Stadium has served as the home of Barclays Premier League club Southampton FC. The purpose-built stadium can hold more than 32,000 fans, making it the largest football stadium in the South of England outside London. Mark Hannibal, the venue’s safety manager, recently sought to upgrade the stadium’s video surveillance system that’s used to monitor the seating areas, the club shop, entrances and car parks from an analogue camera-based regime to one that employs HD technology for improved image quality. Hannibal and his safety officer team decided to place their faith in Panomera MFS technology
S
developed by Dallmeier, particularly for safeguarding away fans in the Northam Stand. “We’d heard about this new technology at a conference organised by the Football Safety Officers Association,” explained Hannibal. Thanks to a patented sensor concept, MFS technology makes it possible to keep the entire Northam Stand in view at one time. Even when the security operators are zooming in on a given individual, the system continues recording the rest of the scene. This ensures that no incident is left unseen. Several IP appliances are in operation for recording the Panomera systems, as well as other DMX appliances capable of recording both analogue and IP cameras. RAID 6 ensures the highest possible availability of the data. Hannibal’s dedicated safety officers have several SeMSy workstations at their disposal such that police officers can access the camera images generated in rapid time. The entire system – including the workstations – was already preconfigured for plug and play flexibility and installed by Caldera Fire & Security.
Steve Hodges: Responsible Project Manager at Dallmeier UK
Project4_Layout 1 07/11/2014 16:05 Page 1
Securitas, a true focus on Security The skills of our people, alongside the best in technology produce total integrated solutions that safeguard your business.
0800 716 586 www.securitas.com
ISO9001QualityManagementSystemsStandard2015Update May2015_riskuk_apr15 11/05/2015 15:13 Page 2
ISO 9001 Quality Management Systems Standard 2015 Update
ISO 9001 2015: Assimilation, Adaptation and Change The Quality Management Systems Standard ISO 9001 was last revised seven years ago. The next update, which is scheduled to appear before the end of 2015, will see the document evolve and integrate with other standards and management systems. Andrew O’Hara recounts the main changes on the horizon rguably, the scheduled 2015 revision to ISO 9001 Quality Management Systems is more of an evolution than a revolution. The update will incorporate Annex-SL for a degree of familiarity, while all the basics of ISO 9001:2008 persist. The process approach so successful in the 2008 iteration – complete with its underlying ‘Plan, Do, Check, Act’ methodology – remains evident. However, we must be careful not to discount one or two fairly significant changes. For a start, there’s many examples of new terminology. ‘Product’ is now ‘Goods and Services’ and ‘Supplier’ becomes ‘External Provider’ while references to the ‘Quality Manual’ are removed altogether. It’s the new emphasis on ‘risk-based thinking’ that really captures the attention. David Sharp is managing director at Aletheia IMS, a company providing integrated quality management and airfield assurance for NATO, the UN and the US Government (among others). David’s extremely knowledgeable about ISO 9001. He explained to me that, previously, organisations had greater flexibility to develop and implement their own methodology around the standard, but that the update “appears to be becoming more formalised”. According to Sharp, there’s “a notable move to expanding risk knowledge and awareness throughout the entire organisation and not just from within the safety departments. For most, this presents itself in the form of Key Performance Indicators and objectives.” Of note is the change in focus away from a ‘Management Representative’ towards overall management interaction and responsibility. No longer will it be sufficient for the quality manager or CEO to be the only senior manager involved in the QMS. Rather, this shall become everyone’s responsibility, promoting a better understanding of Quality Assurance and encouraging staff to invest more in the process.
A
During our conversation, Sharp also stated: “As time progresses and the understanding of risk continues to increase, a traditional opinion of what a risk ‘is’, then, is changing. Now, it’s fair to state that the financial, reputational, competitor, regulator and legislator-centric risks are also being taken into consideration.”
New form of governance model This change in direction to encourage ‘riskbased thinking’ will force organisations not already doing so to concentrate wholly on risk management and risk-based models of governance. A greater emphasis on such thought will bring enhanced focus on achieving value for the company and its customers. Organisations are being encouraged to think about the ‘cause and effect’. The identification of risk and the control of risk is now a requirement of the new revision, meaning company management must understand how their business works – as well as the processes they have in place – so as to be able to anticipate risks before they become ‘undesirable’ events. This doesn’t mean a full risk management approach, but instead forces organisations – and particularly senior management – to take more responsibility around risk. While many businesses may already practice some level of risk-based thinking, the challenges within ISO 9001:2015 will include the ability to demonstrate such an approach within QMS.
Commitment to change Despite the three-year grace period, organisations are going to have to demonstrate their commitment to change and also begin to develop plans for its implementation. On a practical level, there’s no way that auditors and certification bodies can wait until 2018 and then complete all recertification. As a ‘starter for ten’, it would be good practice to familiarise yourself with the changes to ISO 9001 and start to align your business with the new requirements. In terms of the riskbased approach – which will have the biggest effect on the majority of organisations – it would be prudent to consider implementing a robust risk management plan if one’s not already in place. In short, examine how to address risk right across the business. Organisations are advised to remain fully compliant with the ISO 9001:2008 document while preparing for and implementing the changes needed for ISO 9001:2015.
Andrew O’Hara: Strategic Research Analyst at Gael
41
www.risk-uk.com
Project1_Layout 1 06/08/2013 12:13 Page 1
Security solutions for today’s challenging times
Consultancy Operational Consultancy Manned Guarding Training Information and Intelligence Communications Support Technical Systems Equipment
Global economic pressures are forcing organisations to review expenditure across the board. But, the security issues remain the same. So, do you cut your security? Pilgrims offers a complete and complementary range of security, communications and support services, backed by an unmatched commitment to the highest level of quality, efficiency and client care, to reduce costs not cover. Our expertise and global experience allow us to deliver robust, practical solutions for today’s challenging financial climate.
For more than ten years, Pilgrims has been supporting clients across the globe, protecting and enabling their businesses to continue in spite of threats from terrorism, serious organised crime and natural disasters. Our personnel are handpicked for their experience, skills, training and personality to match the requirements of our clients. This, combined with our continual exposure to the world’s hot spots and difficult regions, makes Pilgrims the ideal choice for advice and support. Pilgrims provides a global service, with local knowledge through our employment of local personnel, quality control, continual ongoing training and our relationships with specialists and local partners.
We can help you find the right solution. Call Pilgrims on: +44 (0)1483 228 786 www.pilgrimsgroup.com
CounterTerrorismHostileVehicleMitigation May2015_riskuk_apr15 11/05/2015 13:03 Page 43
Counter-Terrorism: Hostile Vehicle Mitigation Techniques
Intelligent Control and Monitoring in HVM ver the years, Hostile Vehicle Mitigation (HVM) techniques have evolved to counter ever-increasing threat levels. Security professionals now have access not only to stronger, more resilient roadblockers but also stylish surface and shallow-mounted solutions which make for aesthetically pleasing integrated security systems in high profile areas. In truth, HVM products now exist to secure virtually every type of location. As roadblockers and bollards have evolved, so too have the threats we face. Terrorists are becoming increasingly co-ordinated and brazen in their attacks, leading to more and more sites opting to install HVM products. Automated bollards and roadblockers have become a common sight in modern cities. However, HVM control systems have not progressed at the same rate. Most installations still rely on simple push button operation, in turn offering limited functionality and virtually no feedback for operators. This may not present a major problem in smaller installations – for example a single roadblocker controlled by a security officer stationed in an adjacent hut with a good line of sight to the unit – but serious issues can occur with large installations featuring tens or even hundreds of HVM units often working in banks of five or more. As we see the increasing convergence of modern technology with mobile phones and tablets acting as fully-featured media and control hubs, so end users are coming to expect a similar level of integration from security products. The big red push button is becoming an increasingly archaic technology consigned to old James Bond movies. The HVM industry is beginning to move forward with enterprising, innovative manufacturers introducing intelligent modular remote control and monitoring systems designed to bring HVM solutions right up-todate and implement a degree of future-proofing through adaptable modular design.
O
Interaction with end users Intelligent control and monitoring systems bring a much wider range of interaction to the end users of automated perimeter security solutions. A well-designed, fully-featured system can offer remote control of automated products via mobile phone, tablet or the Internet. It can provide detailed feedback on many aspects of a product’s performance and status and intelligently control banks of
Given the increasing convergence of modern technology, with mobile phones and tablets acting as fully-featured media and control hubs, end users are now coming to expect a similar level of integration from their security solutions. Is this expectation being mirrored in the world of Hostile Vehicle Mitigation products? Debbie Heald assesses the current state of play multiple units to ensure that security is maintained at all times. Remote control and monitoring via a range of devices offers a number of benefits to the end user. The most obvious is that of a more modern user experience. As stated, devices may be controlled via a tablet or mobile phone app or through a web interface rather than a button. The real advantages, though, become apparent as you scratch beneath the surface. Any device used for control can also be the recipient of monitoring data sent from the central system. This means that users can be immediately notified of damage to units or of pending service requirements via e-mail, SMS or push notification through a dedicated app no matter where they are in the world. Holders of verified mobile phones may securely request data on specific roadblocker or bollard arrays via a text message. This data can include elements such as – among others – unit status, the number of operations performed and ambient temperature. Having this data immediately available without even being on site can be of huge benefit to busy security, risk and facilities managers who can monitor roadblocker and bollard performance on an accurate basis.
43
www.risk-uk.com
CounterTerrorismHostileVehicleMitigation May2015_riskuk_apr15 11/05/2015 13:04 Page 44
Counter-Terrorism: Hostile Vehicle Mitigation Techniques
As soon as a unit is damaged the site manager can be notified directly rather than waiting for a message from on-the-ground operatives to filter back to the appropriate person. The decision can then be made as to whether to continue operating the array with one bollard immobilised or to lock the entire array and ensure continued security. Although larger sites do stand to benefit the most from intelligent control, smaller-scale installations can see a number of advantages. Functions such as service reminders are fully customisable dependent on site specifics while systems may be set to supply regular predefined reports as required. Fully-intelligent systems also have the ability to control individual units or arrays to a level that traditional control systems simply cannot. If one unit in an array is damaged or develops a fault then an intelligent control system will automatically assess which part of the array is immobile and present the operator with a range of options for continued use. Finally, modern control systems can be developed to be modular in nature. This can be of benefit to the end user as it means they don’t have to pay for functionality that isn’t required. It also means that, if increased functionality is required in the future, it may be quickly and easily added to the system.
Radar-based speed detectors Modular systems on the market currently include radar-based speed detectors (which can trigger events based on a user-specified speed) and a GSM module which adds in-built SMS and mobile network functionality. Virtually any site can benefit from the addition of intelligent control and monitoring, but larger installations with high numbers of roadblockers or bollards will see advantages. One recent project in the US featuring almost 100 individual shallow-mount automated bollards operating in ‘airlock’ arrays of up to 17 units wouldn’t have been possible without an intelligent control system developed in-house. The project uses an intelligent control system coupled with a standard push button control module for the security operatives on site. This allows for simple, traditional control combined with extremely detailed remote monitoring that feeds data from all of the units on a huge site to a single central monitoring station.
“Virtually any site can benefit from the addition of intelligent control and monitoring, but larger installations with high numbers of roadblockers or bollards will see advantages” 44 www.risk-uk.com
Maintain security at all times By way of another example, take a site where there’s a small roadblocker operated by a simple keypad. There’s no operative on location and no staff on site outside of office hours, but access is required around the clock. The intelligent monitoring system is able to notify site management and maintenance professionals at all times as to the status of the blocker. It can be set to send a text as soon as a fault or damage is detected and also relay periodic status updates and service reminders. Site management are even able to text a request to the system’s number to receive an immediate reply detailing the status of the blocker. This means that access – and security – can be maintained at all times with as little service disruption as possible. Looking to the future, we should expect to see increasing levels of integration between perimeter security technology and other elements of building and city infrastructure. Barriers will be linked to number plate recognition and mobile phones and integrated with building heating and lighting systems. There’s also no doubt that end users will expect their security systems to synchronise with the same control and monitoring hubs they use for all other systems. A modular intelligent control and monitoring system can provide all of this and more. Choosing the right system right now is an important decision that could have implications further down the line. It’s vital to select a product that’s as future-proof as possible and, ideally, one that benefits from good after-sales support. While off-the-shelf systems can be appealing in the short run due to their low price point, the support when they go wrong or when you need to upgrade can be non-existent. Look for a bespoke modular system designed and built in-house by a company that will support you five, ten or even 20 years into the future as the host business’ security and operational requirements morph and change. Debbie Heald is Managing Director of Heald
Project1_Layout 1 12/05/2015 13:47 Page 1
Your Business. Our Solution. Access Control readers designed for style and function.
Because everyone deserves peace of mind
www.tdsi.co.uk sales@tdsi.co.uk +44 (0) 1202 723 535
TheSecurityInstitute'sViewREVISED May2015_riskuk_apr15 12/05/2015 12:02 Page 46
Delivering Step Change at The Security Institute
always be the development of our members on their own professional journey.” Evanson also restated The Security Institute Board’s commitment to delivering Chartered body status within the shortest realistic timeframe, duly recognising that this particular status quo may not be achieved as quickly as some members perhaps envisage. “Achieving that coveted Chartered status is something that pans out over a number of years and, in most cases, involves a number of applications. I can think of at least one established professional body with tens of thousands of members that began the application process back in 1966 and only achieved its Royal Charter in 1989.” Evanson continued: “There are many criteria we have to meet if we’re to be held worthy of the Charter. We are working and will continue to work diligently on this. We’re doing all the right things as set out by the Privy Council, but there remains much ground to cover and a great deal of hard work to be completed.”
The Manifesto: “a game-changer”
In his first interview since becoming chairman of the organisation, Garry Evanson outlines his plans for delivering step change at The Security Institute. Brian Sims listens with great interest
Garry Evanson MSc CSyP FSyI: Chairman of The Security Institute
46
www.risk-uk.com
hartered Security Professional Garry Evanson – head of security and emergency planning at London’s iconic Westminster Abbey – has wasted no time in communicating his vision for the future of The Security Institute and the way in which the organisation will be run during his chairmanship. Having assumed the ‘hot seat’ at the Institute’s AGM in March, an open letter to members saw Evanson swiftly set out his key objectives. Most important of all, perhaps, the former lieutenant colonel in the British Army who served the Royal Military Police with such great distinction is anxious to reassure all Institute members that the organisation remains first and foremost for the benefit of its members and the wider profession. “Some of the actions we’ve taken over the past twelve months have been very much business-orientated,” asserted Evanson, “but I want to make the point that we’re a membership organisation run on sound business principles rather than a business that happens to be a membership body.” Evanson went on to comment that, while it’s important that The Security Institute continues to generate the financial surpluses that enable the organisation to meet its stated objectives, realising those surpluses must never become the primary aim. “We have a responsibility to the profession and to everyone within it,” said Evanson, “but of course our primary aim must
C
The excellent Manifesto for Professional Security issued by The Security Institute in November last year is, Evanson believes, “a genuine game-changer” for the professional body. “We have publicly adopted a position that looks out beyond our own narrow interests as a membership organisation and tried to offer something that will be of value to everyone working within our specialist sector, no matter their level at the present time.” Elaborating on that point, Evanson outlined: “In the past, we have perhaps been perceived as an organisation that concentrates only on senior people within the sector. Indeed, our aim during the first phase of our existence was to bring as many leaders as possible within the security profession into the ranks of membership. As my predecessor Emma Shaw stated at our AGM, though, the ‘future’ of The Security Institute effectively started in 2014.” The Manifesto is quite clear about The Security Institute’s commitment to education and encouragement for anyone with ambition to become the best that they can be. It’s about setting out career paths so that entrants into the profession can identify what they will need to learn and the skills they will need to acquire to progress upwards through the profession in all of its diverse areas. “We need to ensure that professional knowledge is readily available to individuals and organisations,” urged Evanson, “but, in order to perform the role within the profession which we intend to, we need to be much more
TheSecurityInstitute'sViewREVISED May2015_riskuk_apr15 12/05/2015 12:02 Page 47
The Security Institute’s View
inclusive in terms of who we allow to become a part of our organisation.” To this end, Evanson promises “a step change” in the way in which The Security Institute works with members of the security profession. “It has always seemed to me that our membership rules prevented us from working with members of the profession at those points when they most needed the help of a respected and established professional body in their corner. By focusing on senior professionals, we’ve been working with people who have, in the main, already met the challenges that lie ahead on the path to a successful career in security.”
Delivering the changes The Security Institute will be working on two broad fronts to deliver the step change Evanson promises. Education will be key. The Institute already enjoys a close working relationship with both Buckinghamshire New University and Leicester University to accredit and endorse certain courses at undergraduate and postgraduate levels. In time, the intention is to work with all universities and colleges running security qualifications and offer student membership of the Institute to all those taking courses through said institutions. “The key to success in any profession” explained Evanson – who served as group head of security operations at DeLaRue plc from 2007 to 2012 – “is having a solid educational foundation on which to build. A foundation that runs from entry level qualifications all the way through to doctoral level. We will actively seek links with educational institutions to promote security education qualifications and will also be ensuring that our own educational offerings are robust and developed in line with the evolving needs of security practitioners.” Later this year, The Security Institute will be launching a new Level 7 study path offering a post-graduate level qualification course to those already holding its Level 5 Diploma or who are otherwise academically qualified. The other key front for a professional body is, of course, membership itself. “Student membership will be one of the ways towards full membership and, eventually, fellowship of The Security Institute,” stated Evanson, “but we are conscious of many other people working in security at levels below management who aspire to build their careers and climb the ladder. We most certainly want to help these individuals further their careers and to establish a career-long relationship with them.” The Security Institute is able to welcome those individuals as associate members.
Alternatively, where the organisations employing them become corporate members of the Institute, they can then become affiliate members, each with an eye set firmly on developing their security career. “Somewhere out there are individuals just beginning their career in our sector who will eventually become the Chartered Security Professionals of tomorrow. We’re determined to give these people the best possible chance of doing just that.” Evanson firmly believes that, over the coming five years, the increasing visibility of private sector security providers in work formerly handled by the police service, the growing complexity and connectedness of everyday life, the burgeoning risks posed by those who seek to harm our society and the sheer ubiquity of security cameras and security providers are going to place security highly in the consciousness of the public at large. “When that happens,” explained Evanson, “people will begin to think about what we do as a profession being something they might point their sons and daughters towards as a longterm career. When they do, we will be there to answer whatever questions they may ask about the sector and about what it means to become a recognised professional within it.”
Fresh and invigorated purpose When asked for a concluding message to Risk UK’s readers about The Security Institute’s plans, Evanson paused for a moment’s thought before offering a definitive response. “We intend to be an organisation that has a place within it for everyone in this industry. You may be a senior professional at the top of your game who wants to become a Chartered Security Professional. You might be a senior manager who wishes to develop further or to put something back into the profession. You could be a lower or mid-career professional who wants the sense of community, common purpose and practical support that a professional body offers along with the chance to develop or keep your skills up-to-date. You may be a field operative aspiring to climb the career ladder, or perhaps a young graduate seeking to take your first steps in this profession. Whatever the scenario in play we’re there for you, and what’s more we’ll be there for you for the rest of your career.”
“Somewhere out there are individuals just beginning their career in our sector who will eventually become the Chartered Security Professionals of tomorrow” 47
www.risk-uk.com
InTheSpotlightASISInternational May2015_riskuk_apr15 11/05/2015 15:11 Page 1
Tactical Interviewing: Interrogation or Conversation with a Purpose? When focusing on corporate investigative interviewing procedures, are today’s organisations perhaps somewhat guilty of over-complicating the basic skills underpinning successful two-way communication? Corin Dennison examines the correct procedures that ought to be invoked wherein information sharing is every bit as vital as the omission of negative terminology
et’s play a game of word association. For each of the following words or phrases think of one word that springs readily to mind: Interrogation/Confession/Liar/Suspect/ Good Cop, Bad Cop. How many of your answers were positive or negative? Here are some suggestions I thought of in response: Torture/ Duress/Confrontational/Police/Trickery. While I’m not suggesting that, in our corporate worlds, we adopt or apply such methods within our interviews or corporate investigations, I would ask you how many times you’ve heard these words or phrases used in your own environment. Do these words facilitate conversation or act as a barrier? How do we face up to the challenges of applying consistent and ethical interview standards across a global estate? For many sector professionals investigative interviewing is seen as something of an art that, while taught, must be practised and developed over time if the procedure is to become effective and efficient. The world of interviewing is well serviced by a variety of applications and training models – Wicklander-Zulawski, REID, PEACE and Polygraph are obvious examples – but which one is right for you? This doesn’t include the self-trained expert. The type of person that has been heavily influenced by the ‘CSI effect’ having watched complete box sets of that enduringly popular crime drama. From my own perspective, I’m fortunate enough to have trained in all of these models
L
48
www.risk-uk.com
which are credible and well adopted in our environments, but I often question whether we may have over-complicated the basic skills of communication. In attempting to answer that question, perhaps we should begin by asking another one... What, exactly, is an interview? An interview is a conversation with a purpose. Whether applied in a compliance environment or the HR arena, unless we’re merely exchanging ‘chit chat’ it’s fair to suggest that most of our conversations have a purpose. For example, conversations involving the negotiation of a new salary, applying for a new role or quizzing an employee over an alleged compliance violation. All have a purpose.
How do we determine success? What, then, determines the ‘success’ of such a conversation? The answer is effective planning. Using a simple model you may have seen before, we can work through the particulars. Why? and What? Why are we seeking this conversation and what is the objective? You would be surprised how many times people come out of an interview failing to have achieved the objective(s) or even having asked the relevant questions. As part of an investigative process, an interview is often seen as an opportunity to exchange information, establish facts and secure an account. More importantly, though, it should be used as an opportunity to listen. Who? Who is going to conduct the interview or conversation? Do we give sufficient
InTheSpotlightASISInternational May2015_riskuk_apr15 11/05/2015 15:12 Page 2
In the Spotlight: ASIS International UK Chapter
consideration to competence, qualification and, more importantly, confidence? An effective interviewer should be an effective communicator, possibly a subject matter expert but definitely someone who’s familiar with the facts and the objectives. How many times in an interview environment is the interviewer more anxious than the subject being interviewed? Confidence can be a challenge and, equally so, can over-confidence. Where? Where will the conversation take place? Is a glass office a suitable location for a compliance interview, or maybe a coffee shop? You may smile but I’ve experienced both scenarios. The selection of a suitable venue can be tactical, but we also have to consider the practicalities of our own working environment at all times. When? Timing, they say, is everything. We should consider how this can impact on the success of our interview. Is a Friday just ahead of the weekend really appropriate? Or maybe just before lunchtime? Is your subject actually in the office or even available? How? In my opinion, the most important factor in interview engagement is the application. How are you going to achieve your objective(s) and purpose(s)? What’s the most effective method for a particular subject, and are you confident of being able to execute that method? What’s your definition of success? With the ‘How’, I always like to consider potential barriers. What might be a barrier to the interview or conversation taking place or being effective? For a global business, it’s fair to say that language is always a challenge, not only in terms of conversing directly but in the interpretation of what’s being said. It’s absolutely essential here to quality assess and confirm understanding. Another barrier is effective listening and actually hearing what the other person is saying, even if you don’t agree with what’s being said or the account doesn’t fit with your purpose. Work to the 80/20 model. In other words, 80% listening and 20% talking. When it comes to bias or pre-determined opinion, again we should revisit the objective. Why enter into a conversation or interview if you’ve already decided the outcome or made a decision? While bias is a natural human instinct, it’s one that’s often ‘detected’ by the other party during a conversation and will not facilitate easy communication.
Similar to language, tone is also hugely important. When you talk you want to be heard and, at the very least, acknowledged. Linked to listening skills, engagement is absolutely critical to effective communication.
Tell, Explain… and Show “Tell me something new.” In point of fact there’s nothing new here except to say that we’ve returned to the basics. A simple threestep process: ‘Tell, Explain... and Show’. Apply each to a conversation and to your ‘questioning technique’. Tell This is often referred to as the ‘free recall’ or account. “I will tell you the purpose or objective of the interview or conversation, imparting or disclosing some information that will facilitate the process. You tell me what you know or what you need to answer my question.” The question often asked by a subject in a compliance interview is: ‘What’s this about?’ Why avoid or deflect this question which would be an obvious barrier to achieving an answer? Explain Having entered into a conversation you may wish to add information or explain the context. Alternatively, you may ask the question: “Explain what you’ve just told me”. Again, this is a simple application of the questioning process to establish the necessary facts. Show As a demonstration of sharing information you may wish to show or share with the other party something relevant to the conversation, or otherwise ask them to show you. This is often referred to as a ‘challenge phase’. Some of you may now be questioning the application of such a simple model, particularly when applied to complex interviews or investigations, but let’s revisit the word association exercise and the barriers we face. Negative terminology is often used to apply pressure on a subject whether tactically or inadvertently, but this will impact on the success of an interview. The objective in most compliance interviews is securing a confession as opposed to an account. Any personal investment in that goal can cloud both the interviewer’s judgement and focus.
Corin Dennison CPP: Director of Profit Protection and CoE Investigations at the adidas Group
“When it comes to bias or pre-determined opinion, again we should revisit the objective. Why enter into a conversation or interview if you’ve already decided the outcome?” 49
www.risk-uk.com
Project1_Layout 1 12/05/2015 14:12 Page 1
solutions for a safer world
CONTRACT SECURITY SERVICES LIMITED CASH & VALAUABLES IN TRANSIT (CViT) SERVICE PROVIDER CASH PROCESSING & BANKING SERVICE (INCLUDING COLLECTION AND PROCESSING FROM CAR PARK MACHINES)
CASH CONSOLIDATION SERVICE SECURITY GUARDING AND MOBILE PATROL HEAD OFFICE: CHALLENGER HOUSE 125 GUNNERSBURY LANE LONDON W3 8LH T: 020 8752 0160 F: 020 8992 9536 E: info@contractsecurity.co.uk www.contractsecurity.co.uk
SALES: T: 01622 792639 F: 01622 882084 E: sales@contractsecurity.co.uk
DEPOTS: Brentford, London | Larkfield, Kent | Andover, Hampshire
solutions for a safer world
CERTIFYING
SECURITY
The leading certification body for Guarding Services. Appointed Security Industry Authority (SIA) Approved Contractor Scheme (ACS) Assessing Body. ISO 9001 and Product Certification for Key Holding and Response Services, Door Supervisors, Static Site Guarding and Mobile Patrol Services, Event Stewarding, Crowd Safety, Security Wardens, Cash and Valuables in Transit, Close Protection Services and Security Dogs. Contact us for a free no obligation quote.
Telephone : 0191 296 3242 www.ssaib.org
SSAIB
FIATechnicalBriefing May2015_riskuk_apr15 11/05/2015 14:27 Page 2
FIA Technical Briefing
he Corporate Manslaughter and Corporate Homicide Act 2007 states that an organisation will be guilty of the offence of corporate manslaughter if the way in which its activities are managed or organised causes a person’s death and amounts to a “gross breach of a relevant Duty of Care owed by the organisation to the deceased”. Firms found guilty of corporate manslaughter will be liable for an unlimited fine. The Act also allows the courts to call for a publicity order that requires the named organisation to publicise details of its conviction. The Corporate Manslaughter and Corporate Homicide Act followed on from the Regulatory Reform (Fire Safety) Order which became law in October 2006 (‘The Challenges of Implementing the Fire Safety Order’, Risk UK, April 2015, pp52-53) and has changed the way in which the fire safety of buildings is managed and enforced. From the building owner’s perspective, the major transparent change has been the removal of Fire Certificates. The Fire Safety Order places the onus of fire safety in buildings squarely on the shoulders of the ‘Responsible Person’. All fire precautions provided will be subject to maintenance and installed and maintained by a ‘Competent Person’, but how do you prove competence? Let’s define the word ‘Competent’. The dictionary says: ‘Competent, Adjective: Having adequate ability, knowledge or authority; Adequate, effective…’ It doesn’t mean the font of all knowledge, then, but rather just enough knowledge is necessary. Certainly, that means enough knowledge must be present so as not to perform a task in the wrong manner. My particular interest is active fire protection. Systems here are the fire detection and alarm solutions and extinguishing fire protection systems within a building. In the event of a fire, these systems will detect the fire, alert the Fire and Rescue Services and provide a means of extinguishing any blaze depending upon the type of system installed.
T
Qualifications and competence Many of our Association’s members supply and service portable fire extinguishers. This sector is one that’s often singled out for attack by the less scrupulous companies, the latter’s view being: “This fire extinguisher business sounds easy. Now, where should I start? All I need is a credit account with a supplier or distributor, or a VISA card to buy products off the Internet, a few customers and a couple of guys to work for me. Oh, hang on. I forgot the white van.” What don’t they need? Well, that’s easy, too. They don’t need to prove that they have any
Fire Protection Regimes for End Users: How To Avoid Lawsuits
Active fire protection systems rely entirely upon correct design, installation and maintenance regimes otherwise they will not work in the right manner. That’s why it’s so vitally important for organisations to employ competent contractors. Graham Ellicott outlines how end users might go about selecting the best company for the job at hand relevant qualifications, competence, scruples or even knowledge. Now, you may think I’m kidding here but believe me that’s exactly how some of these companies start up. Even more unbelievably, they do manage to source work. The attitude of this type of contractor is: “Let’s face it. Surely it can’t be that difficult? Anyway, what could possibly go wrong?” An example of contractors lacking scruples are those that ‘shine and sign’ fire extinguishers. In North America, ‘shining and signing’ describes the process where celebrities show up to a convention or at a book launch to radiate their personalities and then sign plenty of autographs for their adoring public. Try as I might I cannot condone this process instead of a proper service for a fire extinguisher. I guess you do receive radiant heat from a fire, but I’ve never yet seen a conflagration place its signature into a neatly decorative small notebook. Here in the UK, the phrase refers to those fire protection Graham Ellicott: Chief Executive of the maintenance companies Fire Industry Association whose operatives believe
51
www.risk-uk.com
FIATechnicalBriefing May2015_riskuk_apr15 11/05/2015 14:27 Page 3
FIA Technical Briefing
that the servicing of a fire extinguisher involves the removal of a yellow duster from their bag to be followed by a biro. The former is used to wipe the dust from the extinguisher while the latter is employed to sign the appropriate paperwork as evidence that the proper level of servicing has been carried out. I’ll not bore you with the detail but to ‘shine and sign’ misses out 99.999999% of BS 5306 Part 3 which deals specifically with portable fire extinguisher maintenance. As to what can go wrong, well when you consider that a fire extinguisher is a pressure vessel it doesn’t take much imagination to conclude that it could seriously injure its operator in the event of a malfunction that has been brought on by either flawed or otherwise seriously lacking maintenance procedures. Now, where did I put my dictionary? Ah yes, there it is. Found it… ‘System, Noun: Complex whole; Set of connected things or parts; Organised body of things...’ For active fire systems to work, they must be designed, installed and maintained in the correct fashion. I can hear some of you saying to yourselves: “If a few corners are cut there’s not going to be a problem, is there?” Wrong. Active fire protection systems are not designed to be abused. They rely entirely on correct design, installation and maintenance otherwise they will not work properly. That’s why it’s so important to use a competent contractor.
How to select a competent contractor, then, is alluded to by Government. You need one that belongs to a third party certification scheme. In many cases, such schemes are run in conjunction with a Trade Association or indeed a number of Trade Associations. Many of you will be tempted, though, by the other alternatives on offer, such as installers approved, recognised or registered by manufacturers. Do not succumb to this particular temptation. Remember… Everyone except a third party has a vested interest. Always look to have the work carried out by someone who expects to be checked by a third party – one that doesn’t work for the same company or for a supplier to the company. Third party certificated installers understand the importance of proven products that are correctly designed, installed and maintained. These companies are generally members of a Trade Association with an enforceable Code of Practice. This extra level of cover will mean that you, the client, can be confident that the work will be carried out to the highest standard with regard to quality of work on site and the highest standards of business integrity. More often than not, skilled third party certificated installers ‘get it right first time’ so there will be fewer problems on site. An added bonus is that product traceability is absolutely assured.
Choosing a competent contractor
Third party certification breeds Best Practice and means worthwhile Certificates of Conformity are issued. This will give confidence to the specifier, client and the enforcer that the job in question has been carried out to the very highest standards. In the event of a disaster scenario, lawyers will come looking for the person with the biggest pockets. It’s highly likely that the use of a third party certificated company would be seen as a basis for a sound defence in the event of a lawsuit. In the worse case scenario where someone is killed in a fire, the possibility of a breach of the Corporate Manslaughter and Corporate Homicide Act becomes a distinct possibility. Again, the use of a third party certificated company could be highly beneficial to the accused organisation defending such an action. Avoid the lawsuit. Don’t use the guys that ‘shine and sign’ and operate from the unmarked white van. Rather, make sure they’re clamped or towed away to the pound. The message is abundantly clear… Use only third party certificated installers for your active fire protection solutions.
How, then, do end users select a competent contractor? They’ll all tell you they’re the good guys, so where would you look for assistance in selecting the best solutions provider? Well, as a taxpayer why not refer to Government fire guidance documents which state: “Third party certification schemes for fire protection products and related services are an effective means of providing the fullest possible assurances, offering a level of quality, reliability and safety that non-certificated products may lack. This does not mean goods and services that are not third party approved are less reliable, but there is no obvious way in which this can be demonstrated” and: “Third party quality assurance can offer great comfort to employers as a means of satisfying you that goods and services you have purchased are fit for purpose and as a means of demonstrating that you have complied with the law.”
“Third party certificated installers understand the importance of proven products that are correctly designed, installed and maintained” 52
www.risk-uk.com
Certificates of Conformity
Project1_Layout 1 12/05/2015 13:48 Page 1
OxyReduct® fire prevention
REMOVING THE T H R E AT O F F I R E .
The new Library of Birmingham has chosen OxyReduct® to protect its valuable archives, the same as over 700 other businesses and organisations around Europe. No matter how good your fire detection, extinguishing or suppression system is, a fire has to start for it to work – so some damage is inevitable. In mission critical applications where any business interruption is unacceptable or where warehouse stock or archives are invaluable, a different approach to fire prevention is needed. OxyReduct® employs innovative technology that continuously reduces the oxygen level in a room by adding nitrogen to the air. The oxygen is reduced to a level in which combustibles do not inflame and an open fire is impossible. Importantly, people can enter the area of risk. Visit our in-house demonstration facility and experience a fire-free environment at first hand.
www.wagner-uk.com
SecurityServicesBestPracticeCasebook May2015_riskuk_apr15 11/05/2015 16:45 Page 54
A Problem Shared is a Risk Managed
ithin the business world it’s fair to say that most successful leaders and their companies have made mistakes, endured failures and, hopefully, learned much from such experiences. We all want to succeed. One way of ensuring that success is forthcoming is, wherever possible, to learn from the errors of others and avoid repeating them. Essentially, that’s the purpose of this article and, indeed, of what we do as a business. At Darwin Clayton, we draw on the experiences of our clients and our own in-depth knowledge of the security sector accumulated over time to protect companies’ interests in what is now a highly litigious landscape. In the security sector, by understanding a client’s business it’s possible to tailor cover to provide the most cost-effective protection and also add value by sharing Best Practice and, as stated, learning the lessons from poor practice. The claims experiences of clients and other security contractors can be highly educational. Most of the claims we see fall under three main areas of cover: employer’s liability, public liability and inefficacy/contractual liability. Let’s examine each of them in turn.
W
Tina Chittenden: Head of the Security Sector at Darwin Clayton
54
www.risk-uk.com
Employer’s liability in detail Security companies have a statutory duty to provide a safe working environment for their
In the second of two articles dedicated to essential selfprotection measures for today’s security companies, Tina Chittenden shares some invaluable insights relating to the most common causes – and real-life cases – behind insurance claims. Subjects including employer’s liability, public liability, inefficacy and contractual liability are all part of the mix employees. That responsibility also extends to your client’s premises, although you may not have complete control. It would also be advisable to look out for dangers such as slippery steps, malfunctioning gates, cramped Security Control Rooms with trip hazards or tatty old chairs and other items of furniture that may present a hazard. It’s no defence to plead that there was nothing you could have done about such working conditions. It’s your responsibility to work with the client to ensure that your members of staff are indeed operating in a safe environment. If some of these issues seem trivial then do bear in mind that the costs of overlooking them can be significant. Insurers recently paid out more than £65,000 to an employee who injured his back when a chair collapsed. The piece of furniture was known to be faulty. Despite this and other known facts – ie that the chair in question was the property of the security contractor’s client and the security officer, of heavy build, was carelessly swinging back and forth on it – the company was still held liable for its employee’s injury. It’s important to inspect the premises and to be mindful of the activities and duties of your staff on site. At the start and end of the working day, for example, security operatives are often responsible for unlocking or locking up. This may involve opening and shutting heavy gates and doors, sometimes in cold or otherwise inclement conditions and without assistance. In one case, an operative was crushed when a sliding gate came free of its runners. There was nobody else on site to assist the security officer and the injuries he received proved fatal. While this is an extreme and rather tragic example, the message here is salutary. In short, it’s the employer’s duty to identify risks on the client’s site and take the appropriate preventative action.
SecurityServicesBestPracticeCasebook May2015_riskuk_apr15 11/05/2015 16:45 Page 55
Security Services: Best Practice Casebook
Given its wide scope – covering injury to third parties and damage to property – it’s perhaps not surprising that a high proportion of claims are made against public liability insurance. Most tend to be for commonplace incidents, such as a barrier being brought down on a car or delivery vehicle. We’ve also covered claims for water damage where security operatives were the only people on site when a building interior or stock has been damaged and they are thus held responsible. For example, as the result of a tap having been left running in a kitchen and causing subsequent water damage. Common sense and staff training will limit the risks here, but random events and human lapses will happen. Where a trend emerges in claims, management should investigate the underlying causes and, with the support of their insurance provider, devise a plan of action which may include changes to work procedures, training or the company’s systems.
Efficacy: the main points Efficacy is an area of cover that needs to be tailored carefully for each industry. As a security company you are expected to carry out all duties in a safe and considerate manner, but you also run the professional risk of being liable for any losses suffered by your client as a result of a failure of service. The more usual scenario is a theft from the client’s premises where a security officer has either failed to carry out his or her patrols or missed an obvious opportunity to raise the alarm. The evidence of a security lapse can itself be all-too-obvious. In one case when a camera captured intruders moving freely about a building and – via a reflection on the CCTV screen – the security officer’s feet were seen to be ‘parked’ in a comfortable position throughout, no soundtrack was needed to complete the peaceful scene. The footage pretty much said it all and, as you might expect, the quite substantial claim was not contested. Fortunately, incidents like these are rare in a well-managed security company. Management teams that take a keen interest in how members of staff perform their duties – underpinned by surprise site visits, regular callbacks and other forms of checks to establish that procedures are being correctly followed – absolutely reduce the risk of failure. If companies cut back on supervision to shave costs on contracts, these types of claim will rise and so will the insurance costs.
Claims around extraneous duties As last month’s article (‘Securing The Security Companies’, Risk UK, April 2015, pp54-55)
intimated, in recent years we’ve seen a large increase in the number of claims arising from extraneous duties. The additional responsibilities clients outsource to their security contractors can sometimes be onerous. If your security guarding staff are the only people on site or otherwise available when these tasks need to be performed, it’s somewhat difficult to resist client requests. When clients make these demands, though, it’s essential to consider the scope of the new duties – and how they might impact on security guarding activities – and also assess any additional risks (and manage them). You should agree an appropriate charge and have the terms written into the security contract. An important distinction to make here is whether it’s the ‘function’ that’s being delegated or the ‘responsibility’. It’s more prudent to accept that security operatives will carry out the task, while the client’s staff remain responsible for managing this activity. Clients have faced large contractual liability claims after taking on extraneous duties such as setting thermostatic controls or adding weighbridge operation to gatehouse duties. In one unfortunate case, a security officer was instructed to override a faulty generator connected to a warehouse sprinkler system with consequences that, unfortunately, were somewhat predictable. Make sure you know what your members of staff are actually doing on site for each contract and be certain to share that knowledge with your insurance advisors. Keeping tabs on such a simple procedure could save your business a good deal of money, not to mention alleviating unnecessary stress.
“Management teams that take a keen interest in how members of staff perform their duties – underpinned by surprise site visits – absolutely reduce the risk of failure” 55 www.risk-uk.com
CyberSecurityandRiskAppetite May2015_riskuk_apr15 11/05/2015 14:20 Page 1
Sailing The Perfect Cyber Storm Confronting the so-called ‘Cyber World’ are many different types of organisation with dissimilar risk appetites. In the final instalment of an exclusive three-part series for Risk UK, Colin Lobley explains why this scenario serves to create a ‘Perfect Storm’ that affords ‘cyber’ such hype and, importantly, renders its management somewhat difficult
espite there being evidence and logical reasoning to the contrary that’s freely available, the hype around ‘cyber’ continues to exist. The $64,000 question to be asked is a simple one: ‘Why?’ Let’s explore why, when assessing two simple words taken together – ‘risk’ and ‘appetite’ – from multiple perspectives we derive the hype and confusion that we do and, more importantly, how we might tackle it. ‘Risk appetite’. Simple words to say, perhaps, but more difficult to address in practice. The point is that we all have different risk appetites, both as individuals and as companies. In this so-called ‘cyber’ world there are very different organisations out there with very different risk appetites. Those same organisations face vastly different risks but, alas, they’re all confusingly bundled under the heading ‘Cyber Risk’. That scenario serves to create a ‘Perfect Storm’ that gives ‘cyber’ its hype and makes its management so difficult.
D
Addressing ‘The Perfect Storm’
Colin Lobley: Subject Expert on Security Strategy and Risk Management
56
www.risk-uk.com
Cyber risk – when viewed through the operational and enterprise risk lens of a corporate – amounts to perhaps a strong breeze in meteorological parlance. That being so, businesses can set a sensible risk appetite and control the risk accordingly. However, in this world of interconnected business, if you were to add a few strong breezes together that all happen to be blowing
towards your company you will indeed realise the ‘Perfect Storm’. For its part, ‘The Cyber Wind’ blows towards companies from several quarters, including strong breezes emanating from Government, regulators and the insurance community as well as members of the public (ie customers). Government addresses the issue with two hats on. First, it has a defined role in terms of promoting UK plc. Government wishes the UK to be seen as a safe and secure place in which to do business, in turn maintaining and growing the UK’s economic role on the global scene. Second, the Government holds ultimate accountability for national security. Both roles naturally have exceptionally low risk appetites. They also rely on corporates for controlling large elements of the risk exposure. That’s Strong Breeze Number One, then. Strong Breeze Number Two comes from the regulators who, among other things, carry the responsibility to ensure market stability and that companies protect their customers in their given sectors. By inference, they too have a very low risk appetite, arguably lower than their regulated companies. A situation which, after months or years of persuasive tactics, eventually only leads to more regulation designed specifically to force through the level of risk control they would wish to see. Aside from a focus on personal data that’s governed by the Data Protection Act 1998 and ’policed’ by the Information Commissioner’s Office, regulators have yet to really show their teeth in relation to ‘cyber’. However, this is most certainly a strong breeze that could become a regulatory hurricane in its own right if and when the parties concerned choose to really flex their regulatory muscle over ‘cyber’. Data loss insurance is relatively mature in the UK but policies to cover operational losses from
CyberSecurityandRiskAppetite May2015_riskuk_apr15 11/05/2015 14:22 Page 2
Cyber Security and Risk Appetite
cyber incidents are not. In terms of our friend ‘cyber’, many insurance providers are steering clear saying that it’s ‘uninsurable’ (‘The Cyber Risk’, Risk UK, April 2015, p5) or that they’re unwilling to offer policies as it’s impossible to price the risk. Sticking with the weather analogy, this blows out a powerful message to the market as Strong Breeze Number Three – cyber risks are too uncertain to control and the incidents could well be massive in scale. Initially, at least, it would be logical to assume that customers have low risk appetite when it comes to buying secure services. As individuals, none of us wants to have our data stolen or our online transactions stopped for any period of time. However, real world research shows that not many of us really act with our feet. Customer satisfaction – and notably when linked to regulatory initiatives around treating customers fairly – becomes Strong Breeze Number Four.
Steering The Corporate Vessel Unfortunately, most companies find themselves in the midst of this ‘Perfect Storm’, duly being blown in all directions and left unsure as to which way they should steer the corporate vessel. While there may be no ‘silver bullet’ answers, I do believe that there’s a better and more logical process to go through based on traditional risk management principles. We need to be absolutely clear what we’re talking about here. There’s no such thing as ‘cyber’ risk. It’s simply too big and broad a bucket to be of any use and, that being the case, absolutely needs to be broken down into manageable component parts. Operational and Enterprise Risks What’s the likely impact (measured against corporate objectives) should your IT and information-enabled operational processes be affected by a malicious or non-malicious incident? What are the threats to those operational systems? How likely are they given your current controls? What’s your risk appetite? Is your exposure higher or lower? The answers to these questions will afford a baseline of required cyber security investment. Political Risks How important a stakeholder/customer is Government to your business? If it’s very important then investing more finances towards better control of cyber risks is necessary to show your support for Government policies and strategies and ensure continued good relations.
“‘The Cyber Wind’ blows towards companies from several quarters, including strong breezes emanating from Government, regulators and the insurance community” Regulatory and Compliance Risks How heavily regulated is your business? With what initiatives from the regulators do you need to comply? What legislation must you comply with? What are the impacts – when assessed against corporate objectives – if you fall foul of non-compliance? If they’re high then spend more on cyber security. Have you sourced a provider of cyber business impact insurance? Is the policy costeffective versus spending more on controls to reduce the likelihood and/or impact? If not then expend more resources on cyber security. Customer Satisfaction Risks What would be the impact if your customers become disgruntled with your organisation due to a cyber-driven operational incident? The higher the likely impact, the greater the investment needed in cyber security.
Remaining on an even keel While a cyber attack could – in the event of an exceptionally low likelihood ‘Perfect Storm’ – mean the end of your company or bring down an entire sector, so too might an extreme weather event plus any number of other things. No company, large or small, has the money to completely prevent those sorts of exceptionally high impact risks, but they do invest to minimise against lesser versions of these events. For example, buildings are designed to withstand strong gale force winds but not so a full-blown hurricane. Similarly, they can withstand ground tremors and minor earthquakes but not one that’s huge in scale. Balance sheets can survive a minor fluctuation in exchange rates but perhaps not the complete collapse of a given currency. Likewise, companies can survive one large cyber incident but will not survive a major cyber attack every month (or, indeed, a prolonged period of falling out of favour with Government, regulators or their customers). At the end of the day, managing risk is something of a balancing act. Take on too much and shareholders become twitchy or you suffer losses at a scale that’s significantly detrimental. Take on too little and shareholders are twitchy that you’re not pushing the boundaries in order to grow the business. By its very definition, then, managing risk is all about managing uncertainty.
57
www.risk-uk.com
TrainingandCareerDevelopment May2015_riskuk_apr15 11/05/2015 16:49 Page 58
If they are to succeed in what’s now a highly competitive economic landscape, today’s businesses need to be highly skilled, innovative and adaptive. By association, their members of staff require a wider variety of skills and tools to perform their roles to the highest standard. Angus Darroch-Warren reviews the importance of training and delivery methods designed to attain the best results
Investment in Training: The Key to Professionalisation T
he perennial debate focused on whether the security sector can be described as a ‘profession’ and those who work in it as ‘professionals’ will only be settled when the necessary traits associated with professionalism are in place. Those traits include certification based on competency, university-level training and education and the development of skills based squarely on sector knowledge. We’re steadily moving towards meeting these requirements and the Register of Chartered Security Professionals, recognised as the Gold Standard for practitioners, is a classic example of progress made to date. The continued drive for professionalism has also led to the development of a number of vocational security courses at both undergraduate and postgraduate levels, while the more enlightened private sector training companies now align their courses with the National Qualifications Framework and link them – through credit values – to recognised higher education establishments and their own academic programmes. Quality training in various security skill sets is an integral part of ‘professionalisation’ and, what’s more, absolutely key to business success. Indeed, many businesses already recognise that investment in training has a positive impact when it comes to improving staff knowledge and skills. However, some are less aware that good quality training has much wider-reaching benefits than simply teaching core operational skills or ensuring compliance with mandatory licensing requirements. In truth, the provision of good quality training for employees demonstrates that members of staff are highly valued by the business and plays an integral role in job holder retention, boosting staff morale at the same time as improving the organisation’s bottom line.
Knowledge and understanding
Angus Darroch-Warren BA (Hons) MSc CSyP FSyI PSP: Senior Consultant and Group Director at Linx International
58
www.risk-uk.com
Now more than ever before, security professionals are aware about the importance of having sound knowledge and understanding of their field at their fingertips. That said, it’s all-too-easy to overlook the importance of developing a versatile, transferable skill set alongside expertise in a chosen discipline.
In fact, transferable skills should be a key component of any rounded Curriculum Vitae, particularly so in a challenging economic climate where the ability to demonstrate viable transferable skills will, more often than not, deliver a significant competitive advantage. Examples of transferable skills include – but are in no way limited to – those centred on business management and finance, leadership, people management, evaluation and critical thinking, information gathering and research and, last but not least, communication. With increasing demands and fewer opportunities to take time out of work, it can be difficult to find windows for learning, notably in a sector like ours where irregular work schedules and plenty of travel are commonplace. Thankfully, the days in which the only way to gain a qualification would be to attend a college once or twice a week are now long gone. Many flexible learning options are available, with both distance and online learning gaining in popularity.
Good quality education materials When delivered in the correct fashion, distance learning can be as effective as traditional faceto-face teaching. Good quality learning materials, a high standard of support from tutors and appropriate and timely feedback on assignments are all essentials. Distance learning is used for a wide range of training, from short courses taking a few hours to complete through to postgraduate qualifications lasting a few years. Distance learning via e-learning is now increasingly in demand as all the relevant course materials and contact with tutors can be accessed simply by using the Internet. The Security Institute’s Certificate and Diploma in Security Management (‘Diplomatic endeavours’, Risk UK, March 2015, p59) are both delivered online and bear testimony – through the increasing numbers of learners undertaking these courses – to how quality elearning is now recognised and can bring tangible benefits to the candidates involved. From a practical perspective, distance learning courses often require a heavier investment in the development of learning materials than face-to-face training. Interactive elements, such as online videos, take time to
TrainingandCareerDevelopment May2015_riskuk_apr15 11/05/2015 16:49 Page 59
Training and Career Development
produce and can be costly to do so. It must also be remembered that high quality written materials remain the bedrock of any effective distance learning courses. Authors may need to learn new styles and/or develop new skills to ensure that educational materials are appropriate for a virtual learning environment. Maintaining the tutor-learner relationship must also be considered as the availability of tutors and their ability to respond to queries in a swift manner is essential when it comes to supporting learners. Therefore, it’s important to consider how and when learners might contact their tutor(s).
Face-to-face learning Given the wide-ranging benefits of distance learning, why should anyone choose face-toface learning? Face-to-face learning remains a popular method – the school and university systems are good examples here – while there are a number of advantages to such teaching that are difficult to replicate effectively within a distance learning programme. The first reason for selecting face-to-face learning as a chosen option is quite simple. Some people are just better suited to (or otherwise prefer) face-to-face learning. Different people learn in different ways and at varying speeds, and face-to-face teaching suits some learning styles more than others. Motivation is a big factor, too. It can be difficult to remain focused on distance learning, perhaps even more so when this is completed on a part-time basis. Life becomes a fine balance between studying and other priorities and sometimes this can and often does have a big impact on motivation and enthusiasm. One of the biggest advantages of face-to-face learning is the relatively shorter time in which training can be delivered. Focusing exclusively on learning can be an exciting and rewarding experience, while it’s much easier to maintain higher motivation over a shorter time frame. There are, of course, some skills that are easier to learn face-to-face than via distance learning. It would be very difficult to learn to deep sea dive without putting on a diving suit and jumping into the sea! From a security sector viewpoint, skills like security surveying, conducting investigations, interviewing and specifying security technology need to be taught using practical, hands-on methods such as scenario-based instruction. Learning by doing has proven to be a popular and effective delivery method, although this doesn’t preclude supplementing ‘classroom’ learning with some online teaching in aspects of theory (ie blended learning).
Face-to-face learning affords opportunities to learn informally as well as formally. Learners often learn from each other. Sharing individual experiences, anecdotes and informal opinions about topics can serve as useful pointers for discussion and knowledge. The spontaneous questions arising from group discussions often provide interesting learning points. Discussions in security management courses may bring up key learning points which can be analysed in relation to an individual’s working environment and the risk profiles of their host organisation.
Addressing perceived weaknesses During face-to-face training tutors not only have a chance to use interactive methods of learning such as scenario-based exercises, but they’re also able to express their enthusiasm about a subject in a more animated way. In addition, it’s easier for the tutor to gauge the level of understanding throughout the course as part of the assessment process. They simply need to look around and judge body language rather than assess the nuances of language used in e-mails or how someone sounds on the telephone. Spending time with the learner will allow for one-to-one sessions to address perceived weaknesses. This is something that’s not usually available when the focus is on a distance learning programme. Contrary to popular belief, training is actually more important during an economic downturn. Harsh financial climates put pressure on companies to boost efficiency. If they’re to succeed, businesses need to be highly skilled, innovative and adaptive. By association, their members of staff are likely to require a wider variety of skills and tools to fulfil their job functions. That being so, it’s vitally important to underpin staff members’ personal development with high quality vocational training.
“In truth, the provision of good quality training for employees demonstrates that members of staff are highly valued by the business and plays an integral role in job holder retention” 59
www.risk-uk.com
RiskinAction May2015_riskuk_may15 11/05/2015 16:43 Page 1
Risk in Action O2 Arena awards five-year event control contract to ISC Event, venue and premises security specialist Integrated Security Consultants (ISC) has been awarded a five-year contract to supply CCTV and radio channel controllers to The O2 Arena in London. Following a competitive tender process, the company has been chosen to provide both controllers and senior controllers for the complete range of events held at the internationally-renowned venue. Live music and events due to be staged at The O2 in the near future include concerts by Paolo Nutini and The Kaiser Chiefs. The popular venue in London’s Docklands is also set to host the Barclays ATP World Tour Finals and Strictly Come Dancing Live. Indeed, the 20,000 capacity venue is the UK’s second biggest indoor arena and now one of the busiest in the world. ISC’s personnel team will provide the ‘eyes and ears’ of the venue’s security operation, relaying information between front line security and stewarding staff and venue management as well as liaising with fire, medical and external security teams where and when necessary. In practice, ISC’s staff will monitor the movements of up to 60,000 people per day with The O2 Arena filling and emptying as many as three times on multiple event days. Importantly, the company has ensured continuity of service by welcoming the existing site controllers into its own dedicated team. “ISC is an industry leader in the event security field, recognised for its quality of service and ability to integrate security operations within a venue’s wider structure,” commented Paul Griffiths, ISC’s business development manager. “The O2 is one of the UK’s iconic buildings. We’re extremely privileged to be working in partnership with The O2 Arena team to provide them with this critical function, and we very much look forward to supporting and enhancing operations at the site over the next five years.”
Crossrail guarding to be delivered by Servest Group Servest Security – which is part of the Servest Group – has been chosen by joint venture ATC (Alstom, TSO and Costain) as the security guarding solutions provider for the final system-wide Crossrail project. The four-year contract will see Servest Security deliver security guarding and mobile patrol services to the second phase of this high-profile scheme. ATC will be fitting-out the necessary track and power equipment within the 21 kilometres of twin tunnels that stretch under the city of London. This work will be carried out within the tunnels and span the route covering Royal Oak, Pudding Mill Lane and Plumstead
60
www.risk-uk.com
PEL Services set to take care of fire alarm maintenance for the BRE Commercial fire, security and communication systems provider PEL Services has been awarded a three-year, fully-comprehensive contract for fire alarm service and maintenance at the Building Research Establishment’s (BRE) headquarters in Garston, Hertfordshire. The BRE is a world-leading, multi-disciplinary building science centre with a mission to improve buildings through research and knowledge generation. In fact, the BRE has been making a hugely positive difference to the built environment since 1921. Richard Tattersall, estates compliance manager at the BRE, told Risk UK: “We had been working with a single fire alarm supplier for 15 years and were looking for a more comprehensive agreement. PEL Services was successful in the tender process. The company is flexible when it comes to meeting our needs and we’ve been very happy with the level of service received.” For PEL, the awarding of this contract validates the business’ continual commitment to providing a high quality service and products that meet the most demanding of standards.
Portals. Servest Security has experience of protecting Crossrail, having already worked with the project for several years now. For this new contract, Servest has designed a bespoke security package for the complex needs of Crossrail (the largest construction scheme in Europe and the biggest infrastructure project undertaken in the UK). In essence, Crossrail is a 118-kilometre (73mile) railway line under construction in London and its environs. It should begin full operation in 2018 with a new East-West route across Greater London. Work began in 2009 on the central part of the line (a tunnel through central London) and connections to existing lines that will become part of Crossrail. “We’re delighted to have won this contract and look forward to working with ATC over the next four-year period,” enthused Michael Lamoureaux, md of Servest Security.
RiskinAction May2015_riskuk_may15 11/05/2015 16:44 Page 2
Risk in Action
Fike Safety Technology safeguards customers at Corey’s Sports Bar Management at Corey’s Sports Bar, a refurbished nightspot in Tamworth, has invested in fire detection solution from Fike Safety Technology (FST). Located in the town centre, the new bar opened at the end of last year and offers local residents music, entertainment and food seven days a week. FST-approved systems integrator Justice Fire & Security has designed and installed a fire safety solution based on FST’s popular Duonet single-loop intelligent addressable fire alarm system. “The technology built into the Duonet panel is designed to significantly reduce false alarms and provide the flexibility required for demanding environments such as nightclubs,” explained Steve Grant, installations manager at Justice Fire & Security. “This flexibility, combined with the benefits of FST’s multicriteria detectors, made Duonet an obvious choice for the project.” Forty devices including Multipoint ASD detectors, call points, sounders and beacons have been installed in the bar. These detectors provide high performance and flexibility through multiple choices of detection mode combined with an optional built-in 90 dBA sounder and strobe. Units can be set to a single mode or a combination for different settings. Each detector also has an in-built loop isolator as well as optional I/O for local control and switching. This single device can be used in all fire detection applications simply by changing its mode of operation. For example, the detectors protecting the dance floor have been programmed to a heat mode as the bar often deploys a smoke machine for effects. This flexibility also allows the system to be easily reconfigured if the layout of the venue should change at any point in the future. To aid evacuation in the event of a fire scenario, standalone strobes have been installed in the toilets as well as on detectors on the dance floor.
Affinity Water relies on Zaun’s Super10 for single mesh Security Rating 2 fence order Security fencing manufacturer Zaun has taken its initial order for the company’s HiSec Super10 system – believed to be the first single mesh to be certified to Security Rating 2 (SR2). Zaun will supply and install approaching 100 metres of the SR2rated HiSec Super10 along with a series of Super10 gates for security systems integrator Reliance High-Tech on behalf of client Affinity Water. The contract is Zaun’s first since Super10 was certified to LPS 1175 SR2 (Certificate Number: 1164a/01) by the Loss Prevention Certification Board (LPCB) and entered into Issue 7 of the LPCB’s Red Book. Affinity Water insisted on SR2 fencing to surround four enclosures at two sites to the north west of London. Zaun will install four metre-high, blue-coated Super10 fencing to surround a water tower and electric sub-station and a similar-sized loading bay together with single and double leaf gates at one site. Two similar enclosures rendered from three metre-high silver powder-coated Super10 will go in at another water station nearby. Reliance High-Tech, of course, is a leading security solutions provider to Critical National Infrastructure markets including the water, power generation and telecommunications sectors.
LOCKEN upgrades access control for critical base station site infrastructures ESB Telecoms (ESBT), a subsidiary of Ireland’s public electricity distribution company, has contracted LOCKEN to upgrade its access infrastructures. The contract – which covers the provision of 1,000 access systems for Global Systems for Mobile Communications base stations at 450 locations throughout the country – follows on from a pilot programme that allowed ESBT to ascertain the benefits of LOCKEN’s access control solution. Subsequently, ESBT decided to protect Points of Presence cabins in order to comply with Health and Safety regulations. Located in remote sites often exposed to wind and rain, ESBT’s facilities must be accessible to a 1,700-strong contractor crew, 95% of whom are external third parties. The LOCKEN solution is ideal for controlling access to infrastructure at such locations, ensuring thousands of access requests are granted each month. The LOCKEN solution is integrated with the ESBT extranet, significantly improving operational effectiveness by enabling the automatic transfer of data to LOCKEN’s advanced software suite. Similarly, work access authorisations generated from the ESBT extranet will automatically generate access rights via LOCKEN’s software.
61
www.risk-uk.com
TechnologyinFocus May2015_riskuk_may15 11/05/2015 16:46 Page 62
Technology in Focus Honeywell expands Performance Series IP NVR range with addition of eight and 16-channel models Honeywell has expanded its range of Performance Series IP embedded network video recorders (NVRs), giving end user customers more flexibility when designing customised IP video systems. Now available in eight or 16-channel models, the embedded NVRs are compatible with Honeywell’s equIP Series and Performance Series IP cameras, broadening options for IP-based surveillance systems. “Making the transition to IP cameras doesn’t have to be a big hassle or a big burden on customers’ wallets,” said Uli Hopfstock, product manager for the EMEA region at Honeywell Security Group. “Our range of embedded NVRs enables security installers to provide HD IP video surveillance solutions tailored to end user customers’ channel capacity needs at a cost-effective price point.” Customers can select from a wide range of IP cameras, including Honeywell’s recently released equIP Series S range. www.honeywell.com/security/uk
Financial institutions set to benefit from video-driven analytics and insight thanks to March Networks’ Searchlight4 March Networks has introduced the Searchlight4 for Banking. This videobased business intelligence solution provides banks with “exceptional insights” into customer service, operations and marketing, in turn helping them improve performance. Importantly, Searchlight4 for Banking delivers powerful search and investigation capabilities that enable financial institutions to reduce the costs associated with ATM skimming, cash harvesting and other fraudulent activities. Searchlight4 for Banking extends the benefits of integrated data by incorporating intelligent analytics – including people counting, queue length and dwell time – from March Networks’ MegaPX indoor analytics dome camera. Searchlight enables bank managers to identify potential fraud and reduce investigation times considerably with integrated video, audio and transaction data plus the ability to search across multiple sites on a simultaneous basis. Managers can easily view statistics on which branch, teller or ATM has the most withdrawals or deposits over a certain amount, for example, and pull up the recorded video for further review. In addition, the software can proactively alert managers or investigators to suspicious activity at an ATM which could indicate skimming or cash harvesting. The March Networks software makes it easy to review suspicious activities using synchronised video and audio. “Searchlight extracts relevant information from vast hours of recorded video and data and turns it into effective business intelligence,” explained Net Payne, chief marketing officer at March Networks. www.marchnetworks.com
62
www.risk-uk.com
Magic motion detectors from Siemens: ‘One Size Fits All’ Security Products from Siemens has introduced its field-proven Magic motion detector series to the UK market. The Magic PIR and Dual motion detectors are described as “an exciting new advance” in security that provide the “most reliable, convenient and cost-effective” solution for industry-leading catch performance and false alarm immunity. Suitable for commercial environments, the detectors perform well even under harsh conditions, such as in rooms with rapid and extreme temperature fluctuations that can create false alarms. Magic Mirror PIR and Dual models are offered in either 12 metre or 18 metre ranges and are optionally available with integrated anti-masking technology. The new Magic PDM-I12(T) and PDM-I18(T) make use of the patented Magic Mirror technology from Siemens, which “sets new standards” in detection sensitivity and enables an extremely compact design. www.siemens.co.uk/securityproducts
Axis introduces first model in new series of multi-sensor fixed domes Axis Communications’ new Q3709-PVE Network Camera has three 4K sensors that together provide a detailed 180 degree overview of a large area, outdoors as well as indoors, in an efficient one-camera installation. The cameras offer video with “unparalleled” streaming performance, smoothly capturing movements in high detail. As the first camera in the new Q37 Series, the Q3709-PVE provides situational awareness of large areas, making the camera ideal for city surveillance applications as well as logistics centres, airports and train stations. “An effective one-camera installation affording overview and image detail at the same time is an efficient way to ensure that surveillance needs are met in large open areas,” commented Erik Frännlid, director of product management at Axis Communications. www.axis.com
TechnologyinFocus May2015_riskuk_may15 11/05/2015 16:46 Page 63
Technology in Focus
Checkpoint Systems’ RFID upgrade kit for EVOLVE iRange antennas enables retailers to use single tag for inventory visibility and loss prevention
Smart+Guard helps end users to reduce call point vandalism, accidental damage and misuse The new Smart+Guard from Vimpex is a tough polycarbonate hinged protective cover that can easily be installed over a range of call points, emergency switches and other devices to provide protection from vandalism or misuse. Smart+Guard can also be fitted with an integral battery-powered alarm that, when lifted, emits an ear-piercing 90 dB alarm, warning the user that the device is for emergency use only and should not be tampered with. This alarmed version boasts a three-year battery life and incorporates a low battery warning LED. In its red form, Smart+Guard is commonly installed over fire alarm break glass call points to protect the break glass from deliberate misuse or accidental damage, subsequently reducing incidents of false fire alarms. Smart design and engineering provides installers and end users alike with an aesthetically pleasing but tough protective cover that’s both easy to install and retrofit. www.vimpex.co.uk
Securitech Software tackles real-time compliance automation With margins squeezed and regulation increasing, it’s vital that processes are streamlined and automated to maximise efficiency and enforce Best Practice. In the context of the highly regulated security sector, compliance activities can be split into two areas: external and internal. Securitech Software delivers software solutions that enable real-time compliance automation. In essence, these solutions automate all of the host business’ compliance processes that have traditionally been manual in nature. The software ensures all processes are adhered to, enforces auditability, makes certain issues are dealt with and, more importantly, that compliance is achieved in a way that reduces workload.
Checkpoint Systems has unveiled an RFID upgrade kit for its EVOLVE iRange P10 antennas, giving retailers a smooth migration to RFID by enabling the use of a single tag for both inventory visibility and loss prevention. In practice, the upgrade kit is fitted by Checkpoint Systems service technicians to existing or new P10 antennas. The P10 RFID leverages all the advantages of RFID technology while serving as a powerful solution for loss prevention at entrances/exits and a strong visual deterrent to would-be shoplifters. It supports differentiated alarms based on the quantity and/or value of the merchandise leaving the store and also Checkpoint’s patented Wirama Radar for superior tag-read accuracy, directionality and location. This enables retailers to place merchandise closer to exit doors while minimising the risk of false alarms. In addition to retailer advantages, consumers benefit because stores can monitor inventory more closely and replenish ‘true’ out of stocks, such that items they seek will be available on shelves when purchasing online through click and collect or buying directly in stores. www.checkpointsystems.com
Primarily aimed at security companies operating security guarding, mobile patrol, key holding and monitoring regimes, Securitech Software’s real-time compliance automation solutions remove manual form filling and document completion while encouraging the move towards paperless processing. The software also eliminates data integrity and availability issues – there’s ‘one version of the truth’. In addition, the Securitech Software solution enhances process and procedure control and enforces individual accountability for the practising end user while resolving those allimportant quality management issues. www.securitechsoftware.co.uk
63
www.risk-uk.com
Project1_Layout 1 07/04/2015 13:23 Page 1
Discover security at ifsec.co.uk/ Risk
The global stage for security innovation and expertise
Plan your travel to IFSEC International today by using our handy travel centre. Visit ifsec.co.uk/travel to book discounted travel and accomodation. Join the community: #IFSEC @IFSEC ifsecglobal.com/Risk Plus, year round news and insight on IFSEC Global.com and with key global events bringing the latest in security to new regions.
Organised by
Appointments May2015_riskuk_may15 11/05/2015 12:47 Page 65
Appointments
Garry Evanson CSyP FSyI The Security Institute has installed Garry Evanson BA MSc PgDip PGCE MCGI CSyP FSyI as its new chairman in place of Emma Shaw CSyP FSyI MBA FCMI, who now stands down after a hugely successful two years in office. Evanson is head of security and emergency planning at Westminster Abbey, a role he has held since February 2012. The Abbey, of course, is an iconic living Church, a designated World Heritage site and a ‘Royal Peculiar’ where the Dean is directly responsible to the Monarch. Prior to joining the world of private security, Evanson was a lieutenant colonel in the British Army, serving with the Royal Military Police. For the past decade, Evanson has also served as chairman of the Royal Military Police Association’s (RMPA) Hampshire branch based in Aldershot. The RMPA is the natural ‘home’ for serving and retired Royal Military Police (RMP) personnel who wish to retain their links to fellow servicemen and to the Corps. The Hampshire branch is part of the national RMPA network overseen by the RMP’s Regimental Headquarters located within the Defence Police School at Southwick Park in Portsmouth. From November 2007 through until February 2012, Evanson was group head of security operations at DeLaRue plc, the world’s largest integrated commercial banknote printer and passport manufacturer employing over 4,000 staff and producing more than 150 currencies worldwide. The company is a trusted partner of Governments, central banks and issuing authorities around the world and is listed on the London Stock Exchange.
Mike Haley Cifas – the UK’s Fraud Prevention Service – has announced the appointment of Mike Haley as the organisation’s new deputy chief executive. The appointment commences on 18 May. Haley moves to Cifas from his role as an associate director in Grant Thornton’s Forensics, Investigation and Recovery Division. He brings over 25 years’ experience of tackling and preventing fraud across the public, private and not for profit sectors to the role. Haley has considerable experience of directing investigations as well as developing prevention and detection strategies having led investigative teams in the NHS, the Ministry of Defence, the Office of Fair Trading, Her
Appointments Risk UK keeps you up-to-date with all the latest people moves in the security, fire, IT and Government sectors George Quigley George Quigley has joined KPMG as a partner to bolster the company’s rapidly-growing Cyber Security Practice. Quigley takes up this role after moving from BDO where he was a partner and led the business’ Technology Risk and Advisory Services Practice. He boasts over 20 years’ experience in technology risk and information security. That experience encompasses helping organisations to understand their security risk appetite and overall security exposure (including those issues specific to them in relation to their sector and profile and how this impacts their risk management frameworks). Over many years, Quigley has implemented technical security solutions and carried out a range of security testing. His experience also includes ISO 27001 and the Payment Card Industry Data Security Standard (PCI DSS). In addition to his dedicated security work, Quigley harbours significant experience in all areas of corporate governance and risk and control frameworks. Quigley is a Fellow of the Institute of Chartered Accountants in England and Wales and chairman of the IT Faculty at the Institute. He’s also a certified information systems auditor and a certified information security manager. At KPMG, Quigley will lead the cyber security team in the London region where he’ll be working with and supporting FTSE 250 firms, SMEs and emerging companies in banking. Majesty’s Revenue & Customs and the Solicitors Regulation Authority. Haley’s role as a director at the National Fraud Authority saw him develop multi-agency strategies to tackle a range of fraud types including mortgage fraud, identity fraud and mass marketing fraud, in turn placing the discipline of fraud prevention centre stage. Commenting on the appointment, Cifas’ CEO Simon Dukes said: “I’m delighted that Mike will be joining Cifas as he brings with him extensive knowledge of the fraud landscape and vast experience of working with partners across Government, industry and law enforcement. Indeed, Mike brings a degree of vision that will help us to prevent more fraud and build strong partnerships.”
65
www.risk-uk.com
Appointments May2015_riskuk_may15 11/05/2015 12:48 Page 66
Appointments
Paul Hopkin
Gordon Brockington G4S Facilities Management, the FM division of global security company G4S plc, has appointed Gordon Brockington as its new strategy and business development director. Previously group business development director at ESG and, prior to that, director for market development with Balfour Beatty Construction Services UK, Brockington has significant experience in both the public and private sectors having worked with central and local Government departments throughout the UK. His expertise stretches across business and market strategy, outsourcing, contract management and executive leadership within a number of industries. G4S FM’s interim regional managing director Darren Jones said: “I would like to welcome Gordon to the G4S Facilities Management business. With his extensive sector experience, Gordon’s well placed to help us deliver our growth strategy in both the public and commercial sectors as we look to strengthen our position in the UK, Channel Islands and Ireland FM markets.” Gordon Brockington stated: “I’m delighted to be joining the FM business at G4S. This is a hugely exciting opportunity and I’m very much looking forward to working towards increasing the business’ market share.”
David Ward The hugely successful Cross-Sector Safety and Security Communications (CSSC) initiative – a partnership between law enforcement agencies, local and national Government organisations and private sector businesses – has appointed David Ward (managing director at Ward Security) to the position of chairman for its newly-created Southern Region covering Kent, Surrey, Sussex and Hampshire. Operating across a wide range of sectors, the CSSC aims to help businesses remain safe and secure by providing information that will assist them to develop robust resilience and emergency preparedness plans. This is achieved by delivering accurate, timely and authoritative messaging and information on an ongoing basis and in times of major incidents. “We’re delighted to have David Ward on board as chairman of the CSSC Southern Region,” explained Don Randall MBE, chairman of the CSSC initiative. “His vast experience and deep understanding of the need for effective security across both the business and public sectors will be a huge benefit in helping to further establish CSSC within the community and oversee the initiative’s implementation.” David Ward added: “In addition to delivering a truly holistic security intelligence, communications and response infrastructure, CSSC also succeeds in realising the overall feeling of ‘security’ within the community which is hugely important.”
66 www.risk-uk.com
Paul Hopkin, author of the widely-used and referenced textbook entitled Fundamentals of Risk Management, has taken up the post of technical director at the Institute of Risk Management (IRM). As a result, Hopkin will now oversee the IRM’s dedicated and extensive programme of thought leadership, emerging risk analysis and risk practitioner guidance. Hopkin was head of risk management at the BBC between 1997 and 2000, after which he became director of risk management at The Rank Group until 2006. He then moved to Airmic and took on the role of technical director. Here, Hopkin co-authored the company’s Roads to Resilience research report. Between 2007 and 2012, Hopkin served as lead examiner for the IRM’s prestigious International Certificate in Risk Management. Speaking about his appointment, Hopkin told Risk UK: “This is a fascinating role to take on. I’m looking forward to helping the Institute deliver the leading-edge analysis and advice required by today’s risk practitioners.”
Sam Hodkin and Craig Bennett Showsec is gearing itself up for further expansion in the North of England with the appointment of two new area managers. Sam Hodkin (pictured, left) has been confirmed as the new area manager in Leeds while Craig Bennett (pictured, right) will take up a similar role in Sheffield. The two appointments represent another major endorsement for the company’s highlyacclaimed Management Development Programme, meaning that six graduates of the ground-breaking initiative have now progressed to become area managers. Alan Wallace, Showsec’s regional manager in the North of England (pictured, centre), commented: “This is another significant step in the company’s development throughout the region. We’re looking to expand our footprint all over the United Kingdom and Yorkshire is clearly an area where there’s enormous potential for progress.”
apr15 dir_000_RiskUK_jan14 07/04/2015 15:52 Page 1
Best Value Security Products from Insight Security www.insight-security.com Tel: +44 (0)1273 475500 ...and lots more Computer Security
Anti-Climb Paints & Barriers
Metal Detectors (inc. Walkthru)
Security, Search & Safety Mirrors
ACCESS CONTROL
Security Screws & Fastenings
Key Control Products
Empty Property & Lone Worker Alarms
Traffic Flow & Management
see our website
ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERS
FRONTIER PITTS Crompton House, Crompton Way, Manor Royal Industrial Estate, Crawley, West Sussex RH10 9QZ Tel: 01293 548301 Fax: 01293 560650 Email: sales@frontierpitts.com Web: www.frontierpitts.com
ACCESS CONTROL
ACT ACT – Ireland, Unit C1, South City Business Centre Tallaght, Dublin 24 Tel: +353 (0)1 4662570 ACT - United Kingdom, 2C Beehive Mill Jersey Street, Manchester M4 6JG +44 (0)161 236 3820 sales@act.eu www.act.eu
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES
UKB INTERNATIONAL LTD ACCESS CONTROL
APT SECURITY SYSTEMS The Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NY Tel: 020 8421 2411 Email: info@aptcontrols.co.uk www.aptcontrols-group.co.uk
Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com
B a r r i e r s , B l o c k e r s , B o l l a r d s , PA S 6 8
ACCESS CONTROL, CCTV & INTRUSION DETECTION SPECIALISTS
SIEMENS SECURITY PRODUCTS ACCESS CONTROL
KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk
Suite 7, Castlegate Business Park Caldicot, South Wales NP26 5AD UK Main: +44 (0) 1291 437920 Fax: +44 (0) 1291 437943 email: securityproducts.sbt.uk@siemens.com web: www.siemens.co.uk/securityproducts
ACCESS CONTROL & DOOR HARDWARE
ALPRO ARCHITECTURAL HARDWARE
ACCESS CONTROL
COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68
Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES ACCESS CONTROL MANUFACTURER
NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com
HTC PARKING AND SECURITY LIMITED 4th Floor, 33 Cavendish Square, London, W1G 0PW T: 0845 8622 080 M: 07969 650 394 F: 0845 8622 090 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk
ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERS
ACCESS CONTROL
HEALD LTD
INTEGRATED DESIGN LIMITED
HVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface Mount Solutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards, Security Barriers, Traffic Flow Management, Access Control Systems
Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com
Tel: 01964 535858 Email: sales@heald.uk.com Web: www.heald.uk.com
www.insight-security.com Tel: +44 (0)1273 475500
apr15 dir_000_RiskUK_jan14 07/04/2015 15:52 Page 2
CCTV
ACCESS CONTROL
SECURE ACCESS TECHNOLOGY LIMITED Authorised Dealer Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS
ALTRON COMMUNICATIONS EQUIPMENT LTD Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: cctvsales@altron.co.uk Web: www.altron.co.uk
AUTOMATIC VEHICLE IDENTIFICATION
NEDAP AVI PO Box 103, 7140 AC Groenlo, The Netherlands Tel: +31 544 471 666 Fax: +31 544 464 255 E-mail: info-avi@nedap.com www.nedapavi.com
CCTV
G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk
ACCESS CONTROL – BARRIERS, GATES, CCTV
CCTV/IP SOLUTIONS
ABSOLUTE ACCESS
DALLMEIER UK LTD
Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV
BUSINESS CONTINUITY
3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com
CCTV & IP SECURITY SOLUTIONS
PANASONIC SYSTEM NETWORKS EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: system.solutions@eu.panasonic.com Web: www.panasonic.co.uk/cctv
BUSINESS CONTINUITY MANAGEMENT
CONTINUITY FORUM Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org
COMMUNICATIONS & TRANSMISSION EQUIPMENT
KBC NETWORKS LTD. Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com
PHYSICAL IT SECURITY
RITTAL LTD
DIGITAL IP CCTV
Tel: 020 8344 4716 Email: information@rittal.co.uk www.rittal.co.uk
SESYS LTD High resolution ATEX certified cameras, rapid deployment cameras and fixed IP CCTV surveillance solutions available with wired or wireless communications.
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk
INFRA-RED, WHITE-LIGHT AND NETWORK CCTV LIGHTING
RAYTEC
TO ADVERTISE HERE CONTACT: Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk
Unit 3 Wansbeck Business Park, Rotary Parkway, Ashington, Northumberland. NE638QW Tel: 01670 520 055 Email: sales@rayteccctv.com Web: www.rayteccctv.com
CCTV SPECIALISTS
PLETTAC SECURITY LTD Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 0844 800 1725 Fax: 01788 544 549 Email: sales@plettac.co.uk www.plettac.co.uk
www.insight-security.com Tel: +44 (0)1273 475500
apr15 dir_000_RiskUK_jan14 12/05/2015 14:31 Page 3
TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR
COP SECURITY Leading European Supplier of CCTV equipment all backed up by an industry leading service and support package called Advantage Plus. COP Security, a division of Weststone Ltd, has been designing, manufacturing and distributing CCTV products for over 17 years. COP Security is the sole UK distributor for IRLAB products and the highly successful Inspire DVR range. More than just a distributor.
TO ADVERTISE HERE CONTACT: Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk
COP Security, Delph New Road, Dobcross, OL3 5BG Tel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 201 sales@cop-eu.com www.cop-eu.com
WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.
MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ
Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com
CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOS FRAUD DETECTION
AMERICAN VIDEO EQUIPMENT Endeavour House, Coopers End Road, Stansted, Essex CM24 1SJ Tel : +44 (0)845 600 9323 Fax : +44 (0)845 600 9363 E-mail: avesales@ave-uk.com
CONTROL ROOM & MONITORING SERVICES
THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS
NORBAIN SD LTD ADVANCED MONITORING SERVICES
EUROTECH MONITORING SERVICES LTD.
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.net Web: www.eurotechmonitoring.net
DISTRIBUTORS
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com
EMPLOYMENT
FIRE AND SECURITY INDUSTRY RECRUITMENT
SECURITY VACANCIES www.securityvacancies.com Telephone: 01420 525260
EMPLOYEE SCREENING SERVICES
THE SECURITY WATCHDOG Cross and Pillory House, Cross and Pillory Lane, Alton, Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.uk Telephone: 01420593830
sales@onlinesecurityproducts.co.uk www.onlinesecurityproducts.co.uk
IDENTIFICATION
ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PRODUCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.
ADI GLOBAL DISTRIBUTION Chatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RN Tel: 0161 767 2900 Fax: 0161 767 2909 Email: info@adiglobal.com
www.insight-security.com Tel: +44 (0)1273 475500
apr15 dir_000_RiskUK_jan14 12/05/2015 14:32 Page 4
COMPLETE SOLUTIONS FOR IDENTIFICATION
PERIMETER PROTECTION
DATABAC GROUP LIMITED
GPS PERIMETER SYSTEMS LTD
1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com
14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk
INDUSTRY ORGANISATIONS
POWER TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY
BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk
POWER SUPPLIES – DC SWITCH MODE AND AC
DYCON LTD
THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY
Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471 060 Fax: 01443 479 374 Email: marketing@dyconsecurity.com www.dyconsecurity.com The Power to Control; the Power to Communicate
SSAIB 7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org
STANDBY POWER
UPS SYSTEMS PLC
INTEGRATED SECURITY SOLUTIONS
Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
HONEYWELL SECURITY GROUP Honeywell Security Group provides innovative intrusion detection, video surveillance and access control products and solutions that monitor and protect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology with traditional analogue components enabling users to better control operational costs and maximise existing investments in security and surveillance equipment. Honeywell – your partner of choice in security. Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com Web: www.honeywell.com/security/uk
INTEGRATED SECURITY SOLUTIONS
INNER RANGE EUROPE LTD Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com
UPS - UNINTERRUPTIBLE POWER SUPPLIES
ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk
UPS - UNINTERRUPTIBLE POWER SUPPLIES
UNINTERRUPTIBLE POWER SUPPLIES LTD Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
TYCO SECURITY PRODUCTS Heathrow Boulevard 3, 282 Bath Road, Sipson, West Drayton. UB7 0DQ / UK Tel: +44 (0)20 8750 5660 www.tycosecurityproducts.com
TO ADVERTISE HERE CONTACT: PERIMETER PROTECTION ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS
Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk
GJD MANUFACTURING LTD Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk
www.insight-security.com Tel: +44 (0)1273 475500
apr15 dir_000_RiskUK_jan14 12/05/2015 14:32 Page 5
SECURITY
INTRUDER ALARMS – DUAL SIGNALLING
WEBWAYONE LTD CASH & VALUABLES IN TRANSIT
CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk
QUALITY SECURITY AND SUPPORT SERVICES
CONSTANT SECURITY SERVICES Cliff Street, Rotherham, South Yorkshire S64 9HU Tel: 0845 330 4400 Email: contact@constant-services.com www.constant-services.com
PHYSICAL CONTROL PRODUCTS, ESP. ANTI-CLIMB
INSIGHT SECURITY Unit 2, Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com
11 Kingfisher Court, Hambridge Road, Newbury Berkshire, RG14 5SJ Tel: 01635 231500 Email: sales@webwayone.co.uk www.webwayone.co.uk www.twitter.com/webwayoneltd www.linkedin.com/company/webwayone
LIFE SAFETY EQUIPMENT
C-TEC Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: http://www.c-tec.co.uk
PERIMETER SECURITY
TAKEX EUROPE LTD
Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takex.com Web: www.takex.com
FENCING SPECIALISTS
J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk
INTRUSION DETECTION AND PERIMETER PROTECTION
SECURITY EQUIPMENT
PYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix
OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com
SECURITY SYSTEMS
BOSCH SECURITY SYSTEMS LTD
CQR SECURITY
PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 01895 878088 Fax: 01895 878089 E-mail: uk.securitysystems@bosch.com Web: www.boschsecurity.co.uk
125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk
SECURITY EQUIPMENT
INTRUDER AND FIRE PRODUCTS
CASTLE INTRUDER ALARMS – DUAL SIGNALLING
CSL DUALCOM LTD Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 F: +44 (0)1895 474 440 www.csldual.com
Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042 www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity
www.twitter.com/castlesecurity
SECURITY SYSTEMS INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS
VICON INDUSTRIES LTD.
RISCO GROUP
Brunel Way, Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com
Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk
ONLINE SECURITY SUPERMARKET
EBUYELECTRICAL.COM Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com
TO ADVERTISE HERE CONTACT: Paul Amura Tel: 020 8295 8307 Email: paul.amura@proactivpubs.co.uk
www.insight-security.com Tel: +44 (0)1273 475500
Project1_Layout 1 05/02/2014 17:39 Page 1
Have you tried Integriti yet?
Sophistication is not about size The Integriti Security Management System is an IP connected access control and intruder security system that offers sophisticated centralised management for both small systems on a single site, or large systems distributed across the country or across the globe.
With a growing list of new installations take a moment to think of what you’re missing! The Integriti system offers an advanced suite of software, hardware and integrated solutions to deliver complete management of your entire integrated system.
Inner Range Europe Limited Units 10-11 Theale Lakes Business Park Moulden Way, Sulhampstead Reading, Berkshire RG74GB UNITED KINGDOM
integriti@innerrange.co.uk
a4 integriti 0ne page UK.indd 1
+44 (0) 845 470 5000 www.innerrange.com 4/12/2013 8:40 am