Risk UK December 2016 by Western Business Media Limited

FrontCover December2016_001 07/12/2016 17:02 Page 1

December 2016

www.risk-uk.com

Security and Fire Management

The Ten Commitments Key Skills for Excellence in Business Resilience Tackling Cyber Crime: The Role of Private Security Counter-Terrorism: Threat Mitigation Techniques FIA Technical Briefing: Conducting Fire Risk Assessments Business Sector Focus: Security Guarding Solutions

Project1_Layout 1 06/05/2016 13:46 Page 1

Simple & Easy Installation Integrated Security - Access Control

Inception is an integrated access control and security alarm system with a design edge that sets it apart from the pack. Featuring built in web based software, the Inception system is simple to access using a web browser on a Computer, Tablet or Smartphone. With a step by step commissioning guide and outstanding user interface, Inception is easy to install and very easy to operate.

Access Control

Automation

No Software Required

Multiple Devices

Security Alarm

Easy Setup with Checklist Prompting

IGNED

S DE

For more information, visit www.innerrange.com/inception. There you will ďŹ nd installation guides and videos to help you get the most out of your Inception system.

STRA

Send IP Alarms via the Multipath-IP Network

Visit www.innerrange.com or call 0845 470 5000 for further information

Contents December2016_riskuk_Dec12 08/12/2016 10:58 Page 1

December 2016

Contents 29 Security Guarding Solutions

Combating the Terrorist Threat (pp26-27)

Security Guarding is the theme of this month’s Risk UK Business Sector Focus. David Mundell discusses the technology used by today’s security officers (p29) and Carl Palmer centres on the topic of risk management (p31). In addition, Tim Drew considers developments in uniforms for security personnel (pp32-33)

35 The Security Institute’s View 5 Editorial Comment

Five key organisational areas determine whether an employee is an asset or a risk to the business. Richard Diston has the detail

6 News Update

38 In the Spotlight: ASIS International UK Chapter

UN and Interpol further co-operation. Conservatives signal Europol opt-in intentions. National Crime Agency targets ‘cyber’

David Clark outlines The Security Commonwealth, a voluntary association of independent security membership organisations

8 News Analysis: Security Company Financials

40 FIA Technical Briefing

Mitie Group, Securitas, G4S and ISS have all issued details of their latest financials. Brian Sims takes a look at the figures

Fire risk assessments are designed to minimise the probability of a fire episode. Will Lloyd recites the main elements involved

10 News Special: Cortech Open Innovation Events

42 Security Services: Best Practice Casebook

The Royal Victoria Dock in London was the setting for the final Cortech Open Innovation Event of 2016. Brian Sims reports on the latest smart integration techniques unveiled on the day

Richard Jenkins focuses on the NSI’s Guarding Gold standard as the ultimate hallmark of excellence for security companies

13 Opinion: The Ten Commitments

In association with the SSAIB, Risk UK begins its ‘Meet The Security Company’ series by talking with Avantguard Security

Phillip Wood outlines ten key commitments that today’s organisations can abide by in their ongoing quest to become genuinely resilient in all that they do

16 Opinion: Security’s VERTEX Voice As Peter Webster explains, there’s a growing trend towards avoiding TUPE that not only threatens the entitlements of employees, but also the financial well-being of service providers

18 BSIA Briefing James Kelly evaluates the work conducted by Tony Porter QPM LLB, the Surveillance Camera Commissioner, and assesses how his Code of Practice is helping to protect our civil liberties

20 Merger Talks: A Cyber-Physical Approach In the second of a two-part series of articles exclusive to Risk UK, James Willison offers a detailed review of the SRI’s latest research report from the perspective of security convergence

24 Security and Fire Safety in 2017 As we head towards 2017, James Somerville-Smith suggests that the focus will remain on what security and fire safety solution developers might offer end users to address their key concerns

26 Blasts, Ballistic Attacks and Forced Entry With the current threat level from international terrorism set at ‘Severe’ on the UK mainland, Peter Hatton examines the various mitigation techniques available to security and risk managers

44 Meet The Security Company

46 Cyber Security: Incident Response Physical security and resilience teams can play a far greater role in managing today’s cyber threats. Barrie Millett informs us how

48 Risk in Action 50 Technology in Focus 53 Appointments The latest people moves in the security and fire business sectors

56 The Risk UK Directory ISSN 1740-3480 Risk UK is published monthly by Pro-Activ Publications Ltd and specifically aimed at security and risk management, loss prevention, business continuity and fire safety professionals operating within the UK’s largest commercial organisations © Pro-Activ Publications Ltd 2016 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means electronic or mechanical (including photocopying, recording or any information storage and retrieval system) without the prior written permission of the publisher The views expressed in Risk UK are not necessarily those of the publisher Risk UK is currently available for an annual subscription rate of £78.00 (UK only) www.risk-uk.com

Risk UK PO Box 332 Dartford DA1 9FF

Editor Brian Sims BA (Hons) Hon FSyI Tel: 0208 295 8304 Mob: 07500 606013 e-mail: brian.sims@risk-uk.com Design and Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 429 2015 e-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 01322 292295 e-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 01322 292295 e-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton Chairman Larry O’Leary

Editorial: 0208 295 8304 Advertising: 0208 295 8307

3 www.risk-uk.com

EditorialComment December2016_riskuk_jul14 06/12/2016 15:53 Page 1

Wireless upgrades for any security system

Expand any security system with Ricochet® mesh technology Adding additional safety and security to new and existing security systems couldn’t be simpler. With Texecom’s Ricochet Wireless Expansion Pack, adding additional wireless devices is a quick and easy process. Each pack converts wireless devices into Normally Closed (N/C) relay outputs for direct connection to security control panel wired zones or CCTV triggering systems. • Enhance safety and security • Quick and easy to install

Any Control Panel

Ricochet Expansion Pack

Relay Interface Wireless Expander

Texecom products are designed and manufactured in the UK

EditorialComment December2016_riskuk_jul14 06/12/2016 15:53 Page 2

Editorial Comment

Compatible Ricochet Enabled Devices

Mind The Gaps he apparent lack of a widely recognised definition for any given ‘victim’ of terrorism is putting at risk the prospect of survivors receiving the emotional and practical help they so desperately need after being caught up in an attack. That’s according to new research conducted by Victim Support. While families bereaved by terrorism have automatic access to high quality care through the Government-funded Homicide Service – which, in fact, is delivered by Victim Support – British citizens who survive an attack abroad and suffer either psychological or less serious physical injuries are often “falling through gaps” in the system. Many are left struggling and only receive help after referring themselves. The new Victim Support report entitled ‘Meeting the Needs of Survivors and Families Bereaved Through Terrorism’ also finds that survivors can struggle to know where to turn for information and help in the days and weeks following a terrorist incident. A survey of Victim Support caseworkers who have supported (or continue to support) people directly affected by terrorism, as well as interviews and questionnaires with survivors and bereaved families, reveals the significant emotional and psychological effects of terrorism and the shortfalls in provision of care. 93.5% of survivors suffered effects including difficulties in sleeping, intense distress when reminded of the incident, anger, flashbacks and anxiety. 78.8% required emotional and psychological support, including from specialist services, but the waiting times for counselling or therapy via the NHS can feel too long, and deter some from even accessing such support. While post-traumatic stress disorder is relatively common among those who’ve experienced a traumatic event, it’s true to say that treatment isn’t offered by all NHS Mental Health Trusts in England. Other apparent shortcomings of the current system include financial hardships exacerbated by challenges in claiming compensation from the Criminal Injuries Compensation Authority and a lack of assistance when it comes to dealing with excessive media attention. In its detailed report, Victim Support makes a series of recommendations based on the findings of its own research with caseworkers, survivors and bereaved families. These also draw on the experiences of individuals and organisations that have a role in providing services to survivors and international examples of what Victim Support believes to be Best Practice. Those who are ordinarily classified as direct witnesses should be considered and treated as survivors by all agencies, in turn enabling them to access suitable support services. Also, a pathway of support ought to be mapped out and agreed upon by all agencies involved in assisting survivors and a Working Group convened immediately to co-design this pathway. While there are positive aspects to the current system, such as the support provided by Humanitarian and Survivor Assistance Centres, improvements clearly need to be made. Hopefully, this report will encourage all the agencies involved to work together on ensuring that everyone impacted by such harrowing events receives the absolutely vital assistance they so richly deserve.

Compact Pet Immune Detector

Compact Digital Detector

Compact Digital Quad Detector

External Detector

Digital Quad Detector

Digital Detector

Ceiling Mount Detector

Contact/Shock Sensor

Panic Button

Smoke Detector

Carbon Monoxide Detector

Brian Sims BA (Hons) Hon FSyI Editor

www.texe.com Sales: +44 (0)1706 220460

December 2012

www.risk-uk.com

NewsUpdate December2016_riskuk_nov14 06/12/2016 15:58 Page 1

United Nations and Interpol forge closer ties in combating transnational crime United Nations (UN) Member States have adopted a major resolution by consensus which is specifically designed to further enhance collaboration between the UN and Interpol against transnational crime and terrorism. The resolution debated during the 71st session of the UN General Assembly calls for the strengthening of co-operation between the UN and Interpol in tackling terrorism, including preventing foreign terrorist fighter travel and combating all forms of transnational crime. Addressing the UN General Assembly, Interpol’s Secretary General Jürgen Stock said: “The resolution marks an important step forward in our journeys. We move closer to supporting our vision of a safer world for the member countries of Interpol and, indeed, the Member States of the UN.” Stock continued: “Co-operation between the UN and Interpol in these crime areas is key to help bring about global peace and stability and achieve our common goals. It’s to support the related efforts of law enforcement agencies in Interpol’s 190 member countries that we seek to advance our joint collaboration. International police co-operation looks forward to Interpol’s continued co-operation with all relevant agencies of the UN system.” Addressing the threat of terrorism, Secretary General Stock said on the sidelines of the meeting: “Dangerous gaps still remain in global

screening efforts on foreign terrorist fighters, including against Interpol’s databases, while information sharing remains too fragmented at a time when we need to empower police on the front lines. The concern is what these fighters will do with the skills they acquired in battle and the networks which facilitated their recruitment when they leave conflict zones and eventually return home.” Enabling the exchange of police information across borders lies at the very core of Interpol’s mandate. In this respect, the resolution further encourages increased co-operation between the UN and Interpol in order to assist countries in effectively using Interpol’s policing capabilities that are readily available through its National Central Bureaus. Interpol harbours well-developed policing capabilities to assist its membership. The organisation also serves as a platform for the provision of capacity building, analytical support and 24/7 assistance to police and law enforcement agencies worldwide. The UN and Interpol enjoy a long-standing working relationship. Across the years, these two organisations have collaborated on many projects and initiatives to fight international crime and terrorism. Interpol became a permanent observer at the UN in 1997. In 2004, Interpol established its office of the Special Representative to the UN in New York.

Parliament notified of Conservative Government’s Europol opt-in intention Policing Minister Brandon Lewis (pictured) has notified Parliament of the Conservative Government’s intention to opt-in to Regulation (EU) 2016/794 of the European Parliament and of the Council on the European Union Agency for Law Enforcement Co-operation (Europol), in line with its right to do so under Protocol 21 to the European Union (EU) Treaties. The new regulation affords a legal footing to the new framework for Europol and replicates much of the UK’s own approach towards tackling online terrorism propaganda and cyber crime. In an explanatory memorandum, laid before Parliament on Monday 14 November, the Policing Minister put forward the Home Office’s intention to opt-in to the revised Europol framework outlined in the regulation. This regulation replaces the existing regulation that governs the operation of Europol on 1 May 2017. The decision will now be subject to Parliamentary scrutiny, after which time the European Commission will be notified of the UK Government’s intention. Europol is an agency which aims to strengthen and facilitate co-operation in preventing serious crimes and combating organised criminality, in particular where this affects two or more EU Member States. The UK has been a member of the agency since its creation in 1998, and chose to opt-in back in 2014 when the nation negotiated the right to choose the specific justice and home affairs matters of which it would be a part. A new opt-in decision is now required following changes to the legal framework underpinning Europol. Brandon Lewis stated: “The UK is leaving the EU, but the reality of cross-border crime remains. Europol provides a valuable service to the UK, and opting-in would enable us to maintain our current access to the agency until we leave the EU, helping to keep the people of Britain safe.”

6 www.risk-uk.com

NewsUpdate December2016_riskuk_nov14 06/12/2016 15:58 Page 2

News Update

Organisations “exposed to significant risk” due to lack of workplace recovery arrangements A “disconnect” exists between business continuity professionals and end users when it comes to workplace recovery. That’s according to a report just published by the Business Continuity Institute (BCI) and supported by Regus Workplace Recovery. The global study shows that, while only 12% of business continuity experts confirm their organisation lacks workplace recovery arrangements, 31% of end users claim their employers don’t have any arrangements in place, or that they’re unaware of them. The Workplace Recovery Report notes that even organisations with workplace recovery arrangements in place face risk and uncertainty when it comes to actual recovery plan implementation. One out of every five of those experts questioned feels “uncomfortable” that their organisation’s employees will execute their work area recovery solution as planned, while 17% of end users are not comfortable they can carry on services in the case of an area-wide event. Other top line findings of the report, the results of which were generated by an extensive online survey, include the following: *37% of end users are either unaware of (or

National Crime Agency targets international cyber crime network with 14 arrests During November, 14 people were arrested in the UK on suspicion of offences including laundering stolen money for international cyber criminals. The group is suspected to have laundered more than £11 million stolen using the Dridex and Dyre streams of malicious software (or malware). National Crime Agency officers believe the malware was developed and deployed by skilled cyber criminals in Eastern Europe. In use, the malware infects computers when the user receives and opens documents in seemingly legitimate e-mails, enabling criminals to subsequently gain access to their bank details. Investigators allege that the money would then be dispersed in smaller amounts to other bank accounts both here in the UK and in Eastern Europe. Those arrested are suspected to have laundered the criminal profits through hundreds of accounts at various UK banks using false identity documents as well as ‘money mules’ deliberately recruited and controlled by the crime group.

unable to provide) feedback on their firm’s workplace recovery arrangements *26% of end users and 16% of experts feel that their firm’s business continuity priorities are not fully consistent with end user priorities *75% of end users consider themselves to be ‘critical’, while 64% of experts believe only 20% of employees fall into this category *Nearly four out of every five end users believe that there’s a workplace recovery plan in place for them in the event of disruption *‘Work from home’ received less consideration as a workplace recovery approach from experts than from employees (26% vs 44%) *45% of end users are reportedly not happy about working from home for more than two weeks at a time *When deciding whether to work from an alternative location or from home, 32% of employees base their decision on the ease of reaching alternative sites, while 20% focus on access to key enterprise systems The success of a chosen strategy such as workplace recovery depends on its proper implementation by staff, led by a capable business continuity or resilience team. There are still gaps in awareness and implementation that need to be addressed. Crucially, the safety of employees remains a key priority for both workplace recovery experts and end users alike.

The operation was led by the National Crime Agency, which deployed 160 officers and executed 13 search warrants. The Agency was supported by police officers from the Metropolitan Police Service, Northamptonshire Police, the West Midlands Police and Essex forces along with representatives of Regional Organised Crime Units and Immigration Enforcement. Representatives from Moldovan and Romanian authorities were also present. Officers seized quantities of cash, as well as electronic devices including computers and mobile phones. These devices will now be subject to forensic analysis by the National Cyber Crime Unit. Multiple false identity documents were also recovered. Mike Hulett, head of operations at the National Crime Agency’s National Cyber Crime Unit, explained: “Cyber crime is an increasing threat here in the UK and internationally. It’s a threat that the National Crime Agency is determined to combat at every level. The National Crime Agency has received tremendous support from colleagues across law enforcement and the banking sector to close down this money laundering network. Together, we’ve made a hole in the system.”

7 www.risk-uk.com

NewsAnalysisMitieSecuritasG4SandISSFinancialResults December2016_riskuk_mar15 06/12/2016 15:54 Page 1

Mitie Group, Securitas, G4S and ISS report on strong and steady financial results compared to H1. Despite this progress, due to ongoing market uncertainties, underlying earnings for FY17 are expected to be below management’s previous expectations.

Changes on the Board

Operating profit before other items at FM solutions provider Mitie Group plc stands at £35.4 million (HY16: £58.1 million). Loss before tax of £(100.4) million (HY16:£45.1 million) is stated after other items of £128.1 million. There’s a rolling 12-month cash conversion of 107.9% (HY16: 91.4%) and a net debt as at 30 September 2016 of £231.7 million or 1.9 x EBITDA (HY16: £221.8 million or 1.5x EBITDA). Brian Sims reports on these results and those just issued by G4S, Securitas and ISS

8 www.risk-uk.com

here’s a healthy sales pipeline at Mitie standing at £9.3 billion (March 2016: £9.1 billion) and an order book worth £7.7 billion (March 2016: £8.5 billion). 94% of 20162017 budgeted revenue has been secured (HY16: 97%), with 65% of 2017-2018 forecasted revenue also secured (HY16: 68%). Performance in the first half of the year has been impacted by changing market conditions as clients adjust to rising labour costs and economic uncertainty. Short-term reductions in higher margin project work and discretionary spend have reduced profits in FM with a slightly weakened UK business confidence affecting clients’ investment plans. Long-term strength and the quality of Mitie’s services was reinforced by the awarding of new contracts with the Manchester Airports Group, Manchester health and justice partners, Network Rail, the Scottish Police Authority and the Scottish Fire and Rescue Service. In total, these contracts are valued at in excess of £170 million over the terms of the agreements. The award of Mitie’s largest security contract with Sainsbury’s – valued at an incremental £115 million over three years – serves to underline the opportunities available for the company’s risk-based technology approach. Improved performance is expected in the second half of the year due to enhanced revenue visibility from new contract awards and retentions, momentum in levels of project work and the anticipated incremental H2 benefits from restructuring programmes of £10 million

As previously announced, Ruby McGregorSmith CBE will step down as chief executive on 12 December after almost ten years in the role to be replaced by Phil Bentley. Speaking about this latest set of financials, McGregor-Smith commented: “The first half of this year has been difficult, but we’re certainly not alone in facing significant macroeconomic challenges. The steps we’ve taken to counter these impacts include the restructuring of both front line and support functions across FM. Second half performance is expected to improve with our new operating model as we adapt to market conditions.” McGregor-Smith added: “As I step down from the role of CEO, I would like to thank everyone at Mitie who has helped make this such an extraordinary place to work. Thank you also to our clients for their support over the past decade. Mitie is a great business, and I’m fully confident that it will move from strength to strength in the future.” Roger Matthews, chairman of Mitie, responded: “I would like to thank Ruby for the significant contribution that she has made to Mitie over her 14 years on the Board, the last ten of those years having been spent as CEO. Under Ruby’s strong and passionate leadership, our FM business has been transformed with the ability to provide a broad range of services to our blue chip client base. I wish Ruby every success for the future.”

Growth for Securitas Organic sales growth has continued to be strong in the third quarter at Securitas, driven largely by good portfolio development and extra sales remaining at relatively high levels. From July through until September, total sales (MSEK) stood at 22 316 (20 468), with organic sales growth at 7%. Operating income before amortisation is reported as MSEK 1 230 (1 121) on an operating margin of 5.5%. Earnings per share are at SEK 2.00 (1.88). From January to September this year, total sales are MSEK 64 447 (59 829). Organic sales

NewsAnalysisMitieSecuritasG4SandISSFinancialResults December2016_riskuk_mar15 06/12/2016 15:55 Page 2

News Analysis: Mitie Group, Securitas, G4S and ISS Financial Results

growth is 8%, with operating income before amortisation being MSEK 3 313 (2 956). Operating margin is reported to be 5.1%. Earnings per share are at SEK 5.32 (4.84), with free cash flow/net debt at 0.12 (0.23). Market dynamics in the US remain favourable for the company, while most of the extra security needs in Europe are short-term in nature and will reduce in the coming quarters. This fact, in combination with a few major contract losses and historically high comparatives, is scheduled to reverse the positive organic sales growth trend in Security Services Europe in the coming quarters, but Securitas expects this scenario to recover during the second half of 2017. “Our investments in protective services during recent years also resonate very well in the market,” explained president and CEO Alf Göransson, “while our efforts to optimise customers’ security spend allow us to presently grow faster than the security markets in the US and Europe as well as those in many of the Ibero-American countries.” Earnings per share improved by 7% in the third quarter and by 13% in the period from January to September, adjusted for changes in exchange rates. The operating income during January to September improved by 16% compared to the same period last year, again adjusted for changes in exchange rates. The operating margin was 5.5% in the quarter and improved to 5.1% for the first nine months of the year. Security solutions and electronic security continued to increase in line with the company’s expectations.

Revenues rise at G4S

operations have increased by more than 60% year-on-year for the first nine months, while the update mentions that the Group is “making good progress” on its portfolio programme. G4S CEO Ashley Almanza commented: “The strong progress made in the first half has been sustained and, for the first nine months, the Group has delivered revenue growth of 5.7% and double-digit growth in both earnings and operating cash flow. We still have a long way to go to realise the full potential of our strategy, and we’re encouraged by the Group’s progress and prospects.” Full financials for the 12 months to 31 December will be published on 8 March 2017.

Steady performance Security solutions and FM specialist ISS Group has published its Interim Report covering the first nine months of 2016, duly noting a “steady performance” and “extraordinary dividend” (at DKK 4.00 per share). Organic revenue growth stands at 3.6% from January through until September, with 3.3% growth recorded in Q3 (Q2 2016: 3.8%). Total revenue decreased by 1% in the first nine months of the year, and dropped by 1% in Q3 (Q2 2016: decrease of 2%), largely driven by currency effects which reduced revenues by 4% in the first nine months and by 3% in Q3. Operating margin stands at 5.5% (2015: 5.4%) and at 6.5% in Q3 (Q3 2015: 6.5%). Cash conversion over the last 12 months is 95% (Q2 2016: 97%). Profit before amortisation/impairment of acquisition-related intangibles increased to DKK 1,944 million in the first nine months (2015: DKK 1,764 million), while net profit increased to a total of DKK 1,569 million (2015: DKK 1,392 million).

Alf Goransson: President and CEO at Securitas

G4S CEO Ashley Almanza

G4S, the global integrated security business, presented at various investor conferences throughout November and, on that basis, the Group decided to provide a financial update on business for the nine months ending 30 September 2016. Since the start of the year, the Group has won new contracts with annual revenues of £1 billion and a total contract value of £2 billion. Revenues from continuing operations in the first nine months of 2016 were £4,821 million, up by 5.7% when compared with the same period in 2015. The combination of the Group’s strong organic growth and ongoing productivity programmes has produced double-digit growth in earnings and operating cash flow. The Group remains on track with its plans to reduce leverage to 2.5x ND/EBITDA by the end of 2017. Operating cash flows from continuing

9 www.risk-uk.com

NewsSpecialCortechOpenInnovationEvents2016 December2016_riskuk_mar15 06/12/2016 15:56 Page 1

COIE Series 2016: Smart Integration in London, Cheshire and Dubai created a direct path into the integration demonstration which featured a live link back to Cortech Developments’ headquarters in Cheshire as well as the business’ Middle East Office based in Dubai. The demonstration provided a comprehensive insight into how smart integration assists in meeting regulatory requirements and reducing risk and cost, while at the same time affording greater efficiency and situation awareness. This included the remote monitoring and control of technology across the two offices.

Security management

The Royal Victoria Dock in London was the setting for the final Cortech Open Innovation Event (COIE) of 2016. Hosted at The Crystal, one of the world’s most sustainable buildings, industry specialists gathered to progress their professional learning around the latest smart integration techniques and innovative technologies (the event content being accredited for CPD). Brian Sims reports

www.risk-uk.com

ark Thomas, director at Cortech Developments – the risk mitigation specialist and a company that provides integrated software solutions for high security environments and Critical National Infrastructure – explained: “I’ve gone on record before with my belief that we have a responsibility to educate our markets and empower organisations and people to think differently. Through the COIE Series we promote collective thinking and strategic engagement around risk mitigation and sustainable cost reduction.” In conversation with Risk UK – the Official Media Partner for the 2016 COIE Series – Thomas added: “At the very core of these events there’s a commitment to understand the challenges of the organisations our delegates represent and, of course, the challenges confronted by the wider industry.” The popular cluster groups that have formed such an integral part of recent COIE gatherings once again stimulated open discussion. Each group was facilitated by a technology expert in the form of a representative from each of the participating solution manufacturers involved including Cortech Developments (specialising in software integration solutions), CIAS (Perimeter Protection), FLIR Systems (Thermal Imaging), Securablinds (Security Protection Blinds) and Stentofon-Zenitel UK (Intercoms). The cluster groups stimulated collective thinking and engagement around many industry challenges, but importantly they

The value in the event was tangible for COIE London attendee Graham Kidd, risk commercial partner at Vaultex UK. “A great event,” enthused Kidd. “The live broadcast really showed the integration capability of a security management system, and we were able to see the sunshine in Dubai, too! We’re now giving serious consideration to the merging of our systems. It was a very professional, informative and thought-provoking presentation.” Meanwhile, Rob Marshall – security and environment manager at Cambridge University Press – commented: “The Cortech Open Innovation Event in London was well organised and very informative. I was particularly impressed with the live software demonstration which highlighted the benefits of interfacing with building, fire and security systems, such as intruder alarms, CCTV, access control, intercoms and perimeter systems, etc.”

NewsSpecialCortechOpenInnovationEvents2016 December2016_riskuk_mar15 06/12/2016 15:56 Page 2

News Special: Cortech Open Innovation Events 2016

Marshall added: “Due to the fact that we have multiple sites with various types of security systems both old and new, there’s a substantial benefit in bringing them all under the control of a security management system. This includes improved efficiencies as a direct result of Control Room security personnel being able to manage alarms and incidents both quickly and effectively.” In addition to his own security responsibilities, Marshall presides over the Environmental Management System at Cambridge University Press, and so was particularly interested to see how security management systems also interface effectively with Building Management Systems and Energy Management Systems alike. Marshall spoke of his desire to implement new organisational processes in the future. “Further education and value was obtained through the event’s guest speaker, James Willison, who delivered a very interesting, albeit concerning presentation on the risk of cyber-physical attacks on businesses. The result of this will be closer collaboration with my technology colleagues with a view to reducing the risk posed to our own security systems. Furthermore, when we’re investing in security equipment in the future, we will absolutely ensure suppliers provide evidence that they protect and secure their equipment.”

Point of difference The London gathering’s point of difference was also shared by COIE attendee Craig Jackson, physical security advisor for the DVLA. “Having attended several similar events during the course of 2016,” observed Jackson, “I thought I knew what to expect, but this was different. In addition to the usual opportunity to keep abreast of recent innovations in technology, the event also provided a great platform for networking with industry peers and sharing common issues while understanding individual concerns across the security industry.” In addition, Jackson outlined: “The live demonstration and guest speaker presentation were informative, but also challenging. That’s a good thing, as this has left me with lots of questions to be answered in my own workplace. All in all, the London COIE proved to be a valuable experience which I would highly recommend to my peers.” As Marshall and Jackson have alluded to, delegates were indeed afforded a thoughtprovoking presentation by guest speaker James Willison BA MA MSyI, the founder of Unified Security and vice-chairman of the ASIS European Convergence/Enterprise Security Risk

Management Committee. Willison’s presentation provided an eye-opening insight into the new world of ‘Security Convergence, The Internet of Things and Smart Cities’, duly focusing on the best response to be adopted by businesses at risk of cyber-physical attacks. Speaking to Risk UK on the day, Willison commented: “Everything in this day and age is connecting to the Internet including physical security, buildings, smart homes and cities, but the devices themselves are often not secure. The solution to this is creating unified teams working with various cyber and physical tools, frameworks and converged security products. Interaction between risk areas is the key.” Willison then added: “To counter cyberphysical threats we need a converged strategic approach through top management. Essentially, we’re talking here about the bringing together of different security functions and other departments such as HR, Legal and Finance to prevent, identify and respond to security risks right across the business.” Many delegates attending the event were left to reflect on an ever-increasing cyber threat as part of their existing risk strategy focus.

Interactive element From the manufacturers’ perspective, the interactive element and live demonstration that formed part of the event provided true benefit. Stephen King, managing director at Stentofon-Zenitel UK, explained to Risk UK: “The appeal of the COIE events is their genuine difference and educational value to the audience. The focus is on quality rather than quantity. From our own point of view, we’re able to engage with leading professionals from the industry. The presentations were thoughtprovoking and aligned perfectly with the interactive cluster groups, which themselves promoted detailed discussion and provided visibility of resolution.” Meanwhile, Carl Spencer (business development manager at FLIR Systems) concurred with this view. “The interactive nature of the event provides a focus and discussion on the challenges that organisations are facing on a day-to-day basis as to how risk can be mitigated through both people and technology,” explained Spencer. “Importantly, as a collective group of specialists we were able to address these challenges through the live demonstration and direct engagement. Ultimately, this reinforces the educational value of the COIE Series and provides organisations and individuals with the confidence to move forward on business cases that promote benefit and value.”

Mark Thomas: Director at Cortech Developments

*If you’re an end user, security consultant or main contractor interested in gaining a greater understanding of smarter interoperability and the mitigation of risk for workplace safety, high security and building efficiency, take some time to visit www.coie.uk.com

11 www.risk-uk.com

Project1_Layout 1 08/11/2016 20:39 Page 1

Joining the dots to bring business continuity into the digital ageâ&#x20AC;Ś

Cyber Security

Resilience

For more information contact our specialist Business Continuity team

email: enquiry.dcs@daisygroup.com or call: 0344 863 3000

Shadow

Planner BCM Software

we are www.daisygroup.com

OpinionTheTenCommitmentsforResilience December2016_riskuk_mar15 06/12/2016 16:04 Page 2

Opinion: The Ten Commitments for Resilience

he majority of us make commitments to others on a regular and routine basis. We may make promises or devise plans and perhaps we complete and finish them, or maybe we don’t. Whatever we say we’re going to do, and whatever approach we intend to take, it’s important to ensure that we follow up on our promises and commit to success. In thinking about the ways to improve the viability of today’s organisations, there are perhaps some ways in which we can make commitments that will indeed realise a genuine and tangible difference. What follows, then, are my Ten Commitments for Resilience (although let me state right here and now that they’re not written on tablets of stone).

Commit to understanding You cannot protect yourself or your organisation unless you understand what it is you are protecting yourself or your organisation against. If you analyse your organisation, you will probably find that there are many cases of activities that are taking place without true understanding of the reasons or rationale for them happening in the first place. This can be a prevalent issue in relation to risk management in particular. Whole organisations may base their entire risk registers on flawed or misidentified assumptions. In this commitment, the effective resilience specialist will ensure that the basis of their approach towards building a cohesive anticipation, response and recovery capability will be a solid understanding of what it is that they’re facing, and also, therefore, what their responses may be. Commit to learning No-one knows everything. All of us learn something new every day. It’s part of the human condition, and something that differentiates us from less developed species, leading to progress, improvement and change. In order to learn effectively, it’s fair to suggest that we need to understand the benefits of learning and the impact any lack of learning can have upon ourselves and our organisations. If we don’t take the time and effort to improve our knowledge, fill the gaps in our understanding and develop the capability to research, think and analyse, all we’re doing is merely watching things happen. On that basis, try to learn a little. Maybe watch a TED talk on YouTube or undertake a free online course in a subject related to your role or perhaps unrelated to your mainstream activity. Either way, commit to learning. It’s true that this really is the stuff of life.

Business Resilience: Abiding By The Ten Commitments The celebrated Italian American former F1 driver Mario Andretti once famously stated: “Desire is the key to motivation, but it’s the determination and commitment to unrelenting pursuit of your goal – a commitment to excellence – that will enable you to attain the success you seek.” With this in mind, Phillip Wood outlines ten key commitments that today’s companies can abide by in their quest to become genuinely resilient in all that they do Commit to flexibility When things impact upon us, we can stand tall and strong and try to let them bounce off us, or we can absorb them and consider how we may have to change in order to ensure that the future impact is less painful. Both methods are effective, but it’s better and preferable to think about maintaining a flexible approach, and especially so against a dynamic and changing risk background. As the world continues to develop in ways we may not like, we should also maintain the ability to develop our own skills and capabilities to flex and move appropriately. If we stand still in a world of change, there’s a good chance that our capability and adaptability will not be sufficient to cope. Commit to your future Despite the annual round of predictions that come up at the start of every New Year (which is always something to look forward to), we can only predict the future to a limited degree.

Phillip Wood MBE MSc: Head of the School for Management and Professional Studies and Head of Department for Security and Resilience at Buckinghamshire New University

www.risk-uk.com

OpinionTheTenCommitmentsforResilience December2016_riskuk_mar15 06/12/2016 16:04 Page 3

Opinion: The Ten Commitments for Resilience

If we cannot predict what’s coming, we should ensure that we’re as ready as we can possibly be by planning effectively. Base your thoughts on how you want your organisation to operate. Set your future path and commit to it, and then wait for the surprises. Commit to commitment Planning is important. It’s something we do that’s at the core of our organisational capability. In terms of resilience, it’s at the cornerstone of effective organisational anticipation, response and recovery. However, planning is pointless if it’s not supported by the commitment of the organisation and the stakeholders identified within plans themselves. Besides writing our ideas down on paper, we need to ensure that we’re able to translate them into a commitment by the organisation to follow them through. This commitment needs higher-level management, cultural capability and perhaps a significant amount of resource. A lack of commitment to making plans real will generally indicate that they’ll never work, and that will be a significant flaw in your overall capability. ‘Planning to plan’ means nothing. ‘Planning to do’ needs commitment. Commit to others Being capable in the world of resilience means that, having followed Commitments One to Five, we ensure that we’re able to bring in others – both internal and external to our organisation – and that we offer them a flow of information and support such that they can play their part. Committing to others means that we don’t expose our organisation, stakeholders and team members to any unnecessary risk. We should also try to avoid a blame culture when things do go wrong. The way to ensure that people feel included – and form part of a coherent team – is to really include them rather than just telling them. Sharing a team vision when you don’t want to share is probably not the best option for the development of a resilience capability. Teams thrive on teamwork, while even the greatest visions need someone to carry them out. Commit to precision The devil’s always in the detail. In the world of resilience, it can often be the case that we think

“By committing to humility, we should strive automatically to become the best we can possibly be, which is probably essential if we’re trying to develop an organisational capability” 14

www.risk-uk.com

about financial and economic loss in terms of what happens when something goes wrong. However, we can often lose significant amounts of economic capital – and, indeed, operational expenditure – by not being precise in our work towards Commitments One to Six. Identifying who needs to be involved and to what level, and accurately considering the number of hours and time that need to be allocated to them, is every bit as important as preventing loss by any other means. There’s little point in trying to save £50,000 per annum on loss prevention when you’re wasting more than that on imprecise resourcing and allocation of personnel to resilience roles. Commit to precision and the financial balance will inevitably shift. Commit to humility Similar to the idea around learning and understanding, we really do need to consider the fact that none of us knows it all. Sometimes, we will do things incorrectly. Sometimes, we will make mistakes. No-one is exceptional in that respect. We should always be in a situation where we recognise that we’re neither the best nor the font of all capability or knowledge. We should continue to understand that we’re no more or no less important than the perceptions of us held by customers, clients and stakeholders. By committing to humility, we should strive automatically to become the best we can possibly be, which is probably essential if we’re trying to develop an organisational capability in resilience or any other protective discipline where there are significant inherent challenges. Commit to improvement A commitment to improvement and the constant development of capability is something that we should all aspire towards in our normal everyday activities. We don’t become better or more effective by waiting for the competition or adversaries to outsmart us or reap the benefits of their own self-improvement while we spectate. Commit to excellence In summation, this is all about ensuring that we as individuals and organisations commit to excellence. Improvement and development are never easy, and can often be complicated and difficult. However, the responsibility of resilience disciplines is to ensure that we protect people, property, infrastructure and information by committing to excellence and considering all of the Commitments from One to Ten as part of an holistic whole.

Project3_Layout 1 13/07/2016 12:08 Page 1

OpinionSecurity'sVERTEXVoice December2016_riskuk_apr15 06/12/2016 16:01 Page 1

TUPE: Setting a Dangerous Precedent consult the workforce whenever there’s a proposed transfer, TUPE has undoubtedly exerted a significant impact on those providing security services. TUPE provides a basic legal framework to which companies can adhere. Any failure to comply can result in serious repercussions for those organisations found guilty of flouting the law. However, even when legal compliance has ultimately been achieved, it’s not unusual for employees to be viewed by some as commodities, or even as an inconvenience. It’s therefore no surprise that, if they’re not carried out correctly, many personnel transfers result in dissatisfaction and animosity between the various parties involved, in turn leading to a deterioration in the standard of service provided for the end customer.

The Transfer of Undertakings (Protection of Employment) Regulations – better known as TUPE – are designed to protect employment rights when employees transfer from one business to another. However, as Peter Webster explains, there’s a growing trend towards avoiding TUPE that not only threatens the entitlements of employees, but also the financial wellbeing of security service providers

www.risk-uk.com

hinking about the subject for any degree of time leads you to the conclusion that it’s hard to imagine life without TUPE. The TUPE Regulations were first passed in 1981 and, while the intention was as noble then as it is now, due to various ambiguities there were endless disputes and persistent uncertainties about whether, in various circumstances, TUPE applied when an organisation changed its contracted out functions. This resulted in a never-ending stream of litigation that involved trying to ascertain the relevance of TUPE. Despite the problems involved with enacting the 1981 version of the TUPE Regulations, it wasn’t until 2006 that they were duly overhauled to implement the European Community Acquired Rights Directive 2001/23/EC, later known as the Transfers of Undertakings Directive 2001/23/EC. The 2006 version of TUPE clearly states that employees of the previous service provider or owner automatically transfer to the new employer and must be given the same Terms and Conditions. It applies to companies regardless of their size and, despite some anomalies, it has, on the whole, succeeded in providing clarity on outsourcing, insourcing and the transfer of service contracts. It’s important to clarify at this point that, when the UK leaves the European Union, TUPE will exist in UK law, although the UK Government will have the right to amend it in whichever ways it sees fit. By creating protection from dismissal where the dismissal is by reason of the transfer, providing a framework for protecting existing Terms and Conditions as at the date of transfer and creating an obligation to inform and

Negative attitude The industry is a much better place for TUPE, as companies are not competing to exploit the workforce or trying to win contracts by undercutting wages and eradicating existing Terms and Conditions. However, there are those companies that adopt a negative attitude towards it. At best, they consider TUPE to be a necessary evil, while at worst it’s seen by some as an overzealous piece of red tape that only serves to make what could be a simple process that much more difficult. This stance gained traction a few years ago when, as part of its goal to make employment laws more flexible and less onerous on employers, the Conservative and Liberal Democrat Coalition Government took the view that the service provision change (SPC) element of TUPE was unnecessary and planned to radically change it and reduce its scope. A consultation on this proposal was undertaken, but in the face of significant opposition from businesses, Trade Unions and the employment law fraternity, the Government changed its tack and declared that it would not, after all, eliminate the SPC distinction. While those plans to abolish the SPC element of the TUPE Regulations could be considered to be a near miss, over the last few years there has emerged an equally worrying threat to the protection of workers’ rights and the operational health of security service providers themselves. This threat takes a number of different forms, all of which share the same intention of undermining the ethos of TUPE.

OpinionSecurity'sVERTEXVoice December2016_riskuk_apr15 06/12/2016 16:01 Page 2

Opinion: Security’s VERTEX Voice

One particular case was that of McCarrick versus Hunter in which the Court of Appeal held that the TUPE Regulations didn’t apply in those instances where a new client has taken over a given facility’s services even though the service remains unchanged.

On the dotted line Since then, other dubious activities have begun to chip away at how TUPE is applied to the point where service providers now need to thoroughly scrutinise the contracts they’re looking to sign. In recent months, there has been a sharp increase in the use of a clause in a commercial contract that tries to avoid TUPE altogether. One clause Corps Security came across stated: ‘The supplier warrants that it will undertake the services in such a way that none of the staff are specifically assigned to any or all of the services and that there’s no organised grouping of employees dedicated to carrying out all or any of the services.’ One way to comply with this would be to rotate personnel and make sure that no individual works on the same site for an extended period. This clearly is a case of trying to circumvent the ‘identifiable economic entity’ element of TUPE. Other contracts have stated that, if TUPE applies, the onus is on the security services provider to indemnify either the client or the company that takes over the contract if personnel have to be dismissed. The implications of this move are serious and farreaching for all in the security guarding sector. Put simply, if TUPE doesn’t apply then affected employees risk losing their employment and all accrued service rights. As for employers, they have the burden of being encumbered with a substantial unfair dismissal liability for which it’s unlikely that they will have made financial provision. If the matter goes to court, it’s then unlikely that a Judge would consider their lack of scrutiny as being a good enough reason for the contract to be overturned.

Narrow interpretation Previously, TUPE was rigorously applied in the true spirit of what it was originally designed to do. Now, we’re seeing instances of a more narrow interpretation of the regulations which is creating an uneven playing field and acting as an encouragement for organisations to try and avoid its implementation. Companies that are savvy enough to identify this kind of surreptitious behaviour will either decline the contract or amend it. Those that are not could be placing themselves at serious risk.

Even though instances of TUPE Regulations abuse are relatively rare, this is arguably more to do with the fact that we’re presently operating in a low unemployment economy. Generally speaking, companies are happy for TUPE to apply, but the examples mentioned highlight that instances of TUPE avoidance could gain further momentum if the nation’s employment situation were to change. Ultimately, there’s no genuine advantage for any security services provider in accepting the types of terms that these onerous clauses stipulate, as they simply create uncertainty and put the contractor in a highly precarious position. Although there will always be a minority of companies prepared to take a risk if they perceive there to be a competitive advantage in doing so, it’s most certainly up to the majority to take a stand and reject contracts that try to negate the use of TUPE. TUPE is designed to protect employees. Legal compliance with the regulations should be viewed as a bare minimum requirement. Prime Minister Theresa May has stated her intention to protect workers’ rights, and TUPE plays a fundamental role in achieving this objective. The Government should therefore recognise the value of TUPE, be rigorous in the clarification of its use and take steps to remove ambiguities and loopholes that are being exploited. The benefits of a rigorous TUPE application are numerous. Security companies that approach the issue with a policy of inclusivity, communication, consultation and Best Practice will be rewarded with a more motivated and engaged workforce. This, in turn, will ensure that high levels of productivity and service provision are maintained at all times. At the end of the day, that’s what the client – and quite rightly so – wants to see and expects.

Peter Webster: Chief Executive of Corps Security

*The author of Risk UK’s regular column Security’s VERTEX Voice is Peter Webster, CEO of Corps Security. This is the space where Peter examines current and often key-critical issues directly affecting the security industry. The thoughts and opinions expressed here are intended to generate debate among practitioners within the professional security and risk management sectors. Whether you agree or disagree with the views outlined, or would like to make comment, do let us know (e-mail: pwebster@corpssecurity.co.uk or brian.sims@risk-uk.com)

“The industry is a much better place for TUPE, as companies are not competing to exploit the workforce or trying to win contracts by undercutting wages” 17

www.risk-uk.com

BSIABriefing December2016_riskuk_apr15 07/12/2016 15:33 Page 1

Security and the Protection of Civil Liberty: A Consideration of CCTV The Protection of Freedoms Bill was introduced by (then) Home Secretary Theresa May in 2011 and created the Office of the Surveillance Camera Commissioner. Five years on, Theresa May has succeeded David Cameron as Prime Minister, while Tony Porter QPM LLB (the Surveillance Camera Commissioner for England and Wales) has submitted his third Annual Report to Parliament. Here, James Kelly examines the work of the Commissioner and how his Code of Practice is helping to protect civil liberties

James Kelly: CEO of the British Security Industry Association

www.risk-uk.com

tool, has been created to enable organisations to demonstrate observance of the Surveillance Camera Code of Practice, which provides a transparent window for members of the public to observe compliance. In addition, the Surveillance Camera Commissioner has introduced a third party certification scheme. This is operated by United Kingdom Accreditation Service (UKAS)accredited certification bodies: the National Security Inspectorate, IQ Verify and the Security Systems and Alarms Inspection Board (SSAIB). This scheme enables the outward demonstration of compliant systems to the public which will further increase public confidence that CCTV systems are properly operated in line with the Code.

Certification in focus he Protection of Freedoms Act 2012 passed into law regulations around the use and disposal of forensic data including biometrics, fingerprints, DNA and other materials, as well as the regulation of the use of CCTV. Introduced by (then) Home Secretary Theresa May, the Act created the Office of the Surveillance Camera Commissioner who would be responsible for the regulation of publiclyowned CCTV systems. The Act required a Surveillance Camera Code of Practice to be produced that would set out guidelines for CCTV, with the Commissioner responsible for encouraging compliance with that Code, conducting a review of the document and providing advice to Government ministers on whether or not the Code requires amendment. Last month, Surveillance Camera Commissioner Tony Porter QPM LLB submitted his third Annual Report to Parliament which outlines the year’s achievements, the outcome of the Code of Practice’s review and the progress made by the National Surveillance Camera Strategy for England and Wales. Many of the achievements highlighted in the Commissioner’s Annual Report will undoubtedly serve to enhance the general public’s confidence in the benefits of CCTV for the protection of civil liberties, rather than it being seen as an invasion of privacy (an argument put forward by some critics). One of these achievements, namely the self-assessment

Much of the work of the Surveillance Camera Commissioner has been focused on encouraging organisations that don’t have a statutory duty to comply with the Code, but who are operating Public Space Surveillance systems, to voluntarily adopt the Code and its defined set of guiding principles. Recently, BSIA member company FOUR Security partnered with Marks and Spencer (M&S) plc to help the famous High Street business become the first retailer to gain the Surveillance Camera Commissioner’s surveillance camera certification. Working in partnership with Clint Reid, head of corporate security at M&S, FOUR Security assisted the retailer to demonstrate compliance with the Code through audit by the SSAIB. The provision of a safe and secure environment for customers that shop in M&S’ stores – and, indeed, for the employees that work in them – is an absolute priority for the retail giant, with the business realising that adoption of the CCTV Code of Practice would provide transparency and consistency throughout its operations. There have been many benefits to M&S of implementing the Code, such as cost reduction though value management and the rationalisation of CCTV systems against both need and purpose. A reduction in the installation programme has also provided further benefits through reduced cost and minimised retail disruption. The standards

BSIABriefing December2016_riskuk_apr15 07/12/2016 15:33 Page 2

BSIA Briefing

outlined within the Code have been implemented throughout the organisation, from head office through to distribution centres and on to the retail stores themselves. The certification has also increased the profile of CCTV within M&S. It’s an important source of operational information. The increased awareness of M&S’ CCTV capability, taken together with the quality of its CCTV product, has resulted in managers being more willing to use the data produced to help them realise operational and commercial benefits. Clint Reid commented: “We’re pleased to continue our partnership with FOUR Security. We are also very optimistic about the potential improvements in protecting our people and working environment that gaining the Surveillance Camera Commissioner’s CCTV certification will bring.” Commenting on the retailer’s achievement, Tony Porter explained: “For a retailer of Marks and Spencer’s size to achieve full certification against the Code is no mean feat at all. They’re not required to comply with the Code and have done this voluntarily, which makes this achievement all the more impressive. Working in tandem with FOUR Security and the SSAIB, M&S has been able to demonstrate compliance with the Code across its vast estate. If an organisation of this size can achieve certification, there’s no reason why anyone else cannot and shouldn’t do so.”

Future recommendations While the Surveillance Camera Commissioner has already made great strides towards increasing public confidence – and, indeed, that of civil liberty groups – in the benefits of CCTV systems for the protection of both people and infrastructure, Tony Porter has also made recommendations to the Government following his review of the Code in February this year. The Surveillance Camera Commissioner recommends that Government should require all relevant authorities to publish their surveillance camera coverage in terms of its systems, numbers, completed privacy impact assessments, self-assessments, industry certification and outcomes of annual reviews, in turn highlighting the efficiency and effectiveness of their systems. This would help to promote the Government’s transparency agenda to the public and, in parallel, encourage further take-up of Surveillance Camera Commissioner toolkits and other compliance measures developed to raise standards. The Commissioner also suggests that the police service should publicise governance arrangements for ANPR infrastructure

including who ‘owns’ the system and how policy is formulated around its usage, while also ensuring widespread communication of its value across England and Wales by police forces. Further, Tony Porter recommends that Government should identify measures to encourage the use of a ‘Passport to Compliance’ (Operational Requirement and system certification) across relevant authorities. Its transparent use will save taxpayers money and also raise standards. This will be achieved by mandating in the Surveillance Camera Code (or the Protection of Freedoms Act 2012) full compliance to the recommendation for relevant authorities to publish their surveillance camera coverage. Members of the public (and those within civil liberty groups) will then be able to identify noncompliance that can be reported to the Surveillance Camera Commissioner. Another key recommendation from the Code’s review is that the scope of relevant authorities within the Protection of Freedoms Act should be expanded to cover all public bodies in receipt of public monies or that are publicly funded in any way. The train of thought here is that the Act should apply to any authority using overt surveillance in public spaces that has obligations under the Human Rights legislation and/or capabilities as outlined by the Regulation of Investigatory Powers Act. For its part, the BSIA would like to see private sector CCTV systems incorporated within the Code. Speaking earlier in the year, Simon Adcock (chairman of the BSIA’s CCTV Section) commented: “The extension of the Code to cover privately-owned cameras would encourage the adoption of Best Practice among installers, while also driving standards of system selection, installation and operation. Regulation would also promote the importance of high quality systems with proper installation and set-up.” The work of the Surveillance Camera Commissioner is enhancing the public’s perception of CCTV system usage in the UK. The Commissioner’s work to promote compliance with the Code of Practice and his encouragement of organisations that are not statutorily required to do so to aim for that compliance will continue to raise standards and reassure the public that surveillance cameras are indeed protecting their civil liberties.

Tony Porter QPM LLB: Surveillance Camera Commissioner

“Tony Porter recommends that Government should identify measures to encourage the use of a ‘Passport to Compliance’ across relevant authorities” 19

www.risk-uk.com

TacklingCyberCrimeTheRoleofPrivateSecurityPartTwo December2016_riskuk_apr15 06/12/2016 16:07 Page 20

Entering Merger Talks: A Cyber-Physical Approach to Security Management The Security Research Initiative recently launched its latest report entitled ‘Tackling Cyber Crime: The Role of Private Security’. Here, in the second of a two-part series of articles exclusive to Risk UK, James Willison continues his detailed review of the document’s content from the perspective of security convergence

www.risk-uk.com

onvergence – which is essentially the bringing together of all security functions to prevent, identify and respond to security risks – has been practised by some leading organisations since the birth of computer security back in the 1980s and, of course, predates that period depending on your understanding of technological security. Clearly, the combined efforts of the intelligence units, the military and the scientists at Bletchley Park in the UK enabled the Allies to overcome the evils of those who threatened freedom and peace in our existence during World War 2. When it comes to the subject of convergence in the Security Research Initiative’s (SRI) report, author Professor Martin Gill CSyP opens the discussion by arguing that convergence hasn’t been well understood to date, and he’s right. Spread of the convergence message has largely relied on volunteers in a variety of international security associations, among them ASIS International, ISACA, (ISC)2, ISSA and others such as The Security Institute here in the UK. In truth, the campaign itself was kick-started back in 2003 with the formation of the Alliance for Enterprise Security Risk Management (ESRM) by ASIS, ISACA and ISSA. The campaign duly recognised the interdependency of physical and information security and recommended the collaboration of all security functions for effective security risk management in today’s organisations.

Since then, some organisations have formed a single security function. Others have remained separate while practising an holistic approach towards security risk management. However, as the SRI survey duly indicates, just over 50% of respondents have separate cyber and physical security strategies. There are 27% operating in one security team, presumably with a single security strategy (although this isn’t stated). One can deduce that up to 47% do have a single security strategy. Later in the report, the figure of 56% is stated for those who think the best strategy is a single security team. In line with recent publications by WEF, NIST and the new work of ASIS, ISACA and (ISC)2 on standards and security conferences indicating that the ‘boundaries between the physical and virtual worlds are rapidly disappearing’ because of the Internet of Things, security professionals have to face up to the fact that they’re responsible for cyber attacks on their systems and information security professionals are accountable for physical attacks on theirs. Hence, please take heed of John Chambers’ warning that, unless you adopt a single security ecosystem, your organisation may be irrelevant in a few years’ time in this digital age.

Positive and negative Professor Gill helpfully presents both positive and negative views of convergence. It’s most interesting to understand why up to 40% of professionals questioned still resist the formation of a single security team. Of course, some of these colleagues have genuine concerns and others are very happy to work with other departments and practice ESRM. Hence the issue of confusion around exactly what convergence means has arisen. ASIS International, for example, doesn’t insist that companies should unite their teams into one, but does recommend an holistic approach towards security risk. It’s clear, however, that this isn’t always practised. Professor Gill begins with the negative aspects. The idea that convergence brings the risk of stagnation can be countered when one looks at any successful sporting team. It indicates more about the staff adopting such an attitude and who are perhaps looking for an easy life than it does the strategy itself

TacklingCyberCrimeTheRoleofPrivateSecurityPartTwo December2016_riskuk_apr15 06/12/2016 16:08 Page 21

Tackling Cyber Crime: The Role of Private Security (Part Two)

because, essentially, we’re advocating crossfunctional teaming here. Unlike some of their rivals, champions – and other successful teams – work hard and combine all of their skills to win. They interact really well and depend on each other to do their very best, as we saw in the Rio Olympic Games. Of course, other teams can do this and not win. My experience of some organisations is that there’s a new energy or fusion created whenever a given function’s properly united. The issue of downsizing and cost saving by the formation of a single department is a real concern for some respondents. This is understandable, but it’s interesting that some who actually do this find they need more staff and technologies as they discover new risks. This is something I’ve seen as an end result. There’s a finding in the SRI report that 71% think information security specialists tend to operate in silos, and that this is seen as a problem. It can really be an issue if the business isn’t aware of the risks, and so collaboration at any level – whether through better security awareness campaigns or crossfunctional teaming – has to be the way forward. It’s disappointing to note that 56% of the respondents think cyber security experts don’t want physical security specialists to be involved in cyber, but then the process of the awareness of the benefits of cross-functional teaming is relatively new. Convergence has always emphasised the need to retain specialist skill sets and not lose the valuable expertise each element brings to the team, but also encourages some cross-training for the benefit of the organisation and the individual’s own career pathway, especially so given the increasing blurring of threats caused by Internet-connected systems.

Alive and thriving Proceeding to discuss the positive aspects of convergence, Professor Gill begins by stating: “There’s little doubt that, in many instances, convergence is alive and thriving.” In fact, the most positive aspect is undoubtedly found in the answers to the question asked of the respondents: ‘What is your preferred way of organising security?’ 56% said that they favour a single team against 38% who prefer separate teams. The leadership of this team could range from the cyber or physical head to another expert, but it’s the total which is so utterly convincing at this point (and noteworthy). It’s really significant given that there has been some confusion about convergence and what it means. It does seem that, when the actual

question is asked about what individuals prefer to do, then the majority lean towards a teaming approach. It’s salient that this is more than half of those who actually practise convergence. This is the figure of 27% quoted earlier, although 31% report into the same person. We need to hear more Case Studies from those who practise a converged approach, such as Symantec and Barclays who have recently united their functions under one CSO. Both of these leaders clearly see the need for and value of an integrated security function and their example is certainly significant. Barclays’ CSO Troels Oerting comments: “What’s often overlooked, however, but remains important, is a lack of holistic management approaches and organisational silos. Security models have grown organically over many years, but haven’t been significantly adjusted to the changing realities. By integrating the duplicative functions, building Security Operations Centres and focusing on all aspects of security – ie ‘People, Processes, Technology’ – companies can direct, monitor and control the implementation of security and trust as a whole. This way, they can uphold maximum security for fewer investments.” The SRI report states: “Some noted that bringing together different types of people with different knowledge and skills sets, and with a different language and a different view of how security should be practised, is a skill all of its

James Willison BA (Hons) MA MSyI: Founder of Unified Security and Vice-Chairman of the ASIS European Convergence/Enterprise Security Risk Management Committee

“ASIS International doesn’t insist that companies should unite their teams into one, but does recommend an holistic approach towards security risk” 21

www.risk-uk.com

TacklingCyberCrimeTheRoleofPrivateSecurityPartTwo December2016_riskuk_apr15 07/12/2016 15:40 Page 22

Tackling Cyber Crime: The Role of Private Security (Part Two)

own. Only some organisations recognised this and had good strategies in place.” There are some excellent quotes in the report on the value of convergence, but perhaps the most helpful is Professor Gill’s own summary of interviewees’ perspectives on the positives of convergence and ESRM. “Provided with the opportunity to feed back on why convergence is important, some interviewees identified a range of advantages, among them a clear identification of security as an important entity in the business including at Board level, providing a form of rationalisation such as single risk assessments and a single budget (so avoiding duplication) and harmony rather than competition in the way in which security is practised and perceived.” Martin then concludes: “Despite a range of work that points to ways in which a convergent approach can be implemented, there’s still a need to better understand how it can work in practice, what the pros and cons of different models are and how managing different types of cyber and physical security can be harnessed by specialists to the best advantage.”

Developing the principles Many of us will agree with this, and urge colleagues to consider how we can develop the principles of convergence and ESRM to ensure that the digital world we now work in is going to be resilient and secure against both cyber and physical attack. Both are equally threatening. Separate or combined, they can be devastating. In point of fact, there are convergent models which we’ve developed that could be explored further given sufficient support from interested parties. While I have very little work experience with respect to the role of law enforcement and cyber crime (which Professor Gill covers in Section 5 of the SRI report, in fact), apart from my studies and research at Loughborough University, I was especially encouraged by the last section on physical security and security patrols having previously worked in this area for around 15 years. It was a commitment to increasing the value given to officers and their work which inspired me to seek to bring the field of cyber security to their doorstep and hope that the two can work much more closely together so that one golden day in the future we will see the two teams

“Some noted that bringing together different types of people with different knowledge and skill sets, and a different view of how security should be practised, is a skill all of its own” 22 www.risk-uk.com

sharing the same Control Room in a digital age and both will act together to achieve organisational resilience. In the decade of the smart building and smart city, this dream isn’t as fantastic as it might seem. It was great to see that 52% of respondents believe security officers could contribute to cyber security. Furthermore, some clearly see the opportunity for physical security suppliers and think that, unless they adapt, their future is bleak. One cyber security consultant states: “Any physical security supplier saying we don’t do digital security will go bust. Is this an example of a declining industry looking inwards and complaining that no-one is taking it seriously, rather than an industry acknowledging the world is changing and that we need to change with it?” Another interviewee, this time the head of resilience at a utilities provider, adds: “There are lots of opportunities for a bold security company to be a bit of a disrupter, and maybe they have to employ different people and pay more. The size of the prize is high. Any dinosaur that isn’t adapting might struggle justifying what they do with the current group of people.” It should be stated that the involvement of physical security patrols in cyber security is probably new to many people even though its nothing short of obvious if you’re prepared to think more strategically and tactically than previously. Hence, 55% do think that a patrol can identify cyber risks and threats.

Internet of Things Professor Gill concludes with a discussion on the Internet of Things and the risk of physical security devices on corporate and IT/SCADA networks. This area has been gathering interest partly due to media attention and public concern over smart grid security. Here, 60% of the respondents to the SRI survey think that physical security systems (ie IP video, BMS and access control) have cyber vulnerabilities and can be controlled by hackers. It’s a subject several colleagues and I have raised over the past decade that needs much more attention from manufacturers, organisations and end users alike. In his final thoughts on the survey, Martin makes some helpful recommendations for the convergent security world. “Convergence is alive and well. There are many who see it as the best way forward and some have very positive experiences of a converged approach. Proponents of convergence need to begin the process of advocating models of working and determining what’s appropriate for different types of organisation.”

Project5_Layout 1 07/12/2016 15:55 Page 1

f ireray

The world’s most trusted beam

f fe

T +44 (0) 1462 444 740 E sales@ffeuk.com W www.ffeuk.com

Fireray® 5000 - The only laser aligned motorised beam smoke detector system available on the market Single person install - Laser allows for rapid alignment of detector onto the reflector Simple line-of-sight - Laser helps installer to quickly and accurately determine path of beam

SecurityandFireBusinessSectorsPredictionsfor2017 December2016_riskuk_sep14 07/12/2016 15:35 Page 1

Security and Fire Safety in 2017 There has been an expanding spotlight on public safety over the past few years as natural disasters, industrial accidents and homeland security continue to affect societies around the world. As we look towards 2017, James Somerville-Smith suggests that the focus will remain on what security and fire safety solution developers might offer end users in order to address these concerns and duly render the monitoring of incidents a seamless process for security personnel

www.risk-uk.com

orldwide, consumers are becoming much more educated about the potential of technology and what it can achieve. Understandably, expectations placed upon today’s security and fire systems are high, but at the same time, consumers (ie end users) don’t want to trouble themselves with the detail of setting up the technology themselves. To effectively advise on the right security and fire approaches for the New Year ahead, there are several trends of which security and fire sector professionals would do well to be aware. The biggest opportunity for the security and fire market in the future will be integration. By combining different kinds of systems into a cohesive whole, solution developers can provide end users with considerable benefits that are greater than the sum of their parts. Integrating security and fire systems will be a necessary first step for all businesses in the near future. It allows security staff to have a complete overview of the site’s various alarm systems such that any alert may be crosschecked and verified. For example, if a fire alarm is triggered, the security team can immediately pull up video surveillance of the area in question and determine if the alarm is a false activation. This can all be done through one interface, in turn improving response times and saving on additional staff training. The next layer of integration is to add-in business and building systems. An entirely

connected infrastructure is especially useful for large enterprises with many staff, contractors and visitors to track. By integrating security with Human Resources and payroll systems, for example, an employee’s access rights can be automatically stopped as soon as they leave the company. Automating this kind of tedious administration task can be extremely beneficial for staff who can then instead focus on more pressing matters. As the demand for these integrated systems continues to grow, manufacturers are well placed to provide a competitive offering. Some already produce many of the products and systems needed to completely manage a building, from fire and safety provision through to HVAC and building management solutions. As the Internet of Things continues to grow and becomes a day-to-day reality, so more end users will be aware of the benefits of integrated solutions. There will be an increased demand for systems and devices that can work seamlessly together all under one ecosystem.

Mass Notification Systems According to a recent report, Europe’s Mass Notification Systems (MNS) market is expected to reach a value of $2,178 million by 2019. Compared to 2014, when the market’s value was $795.9 million, this huge jump may seem a little surprising. We would expect this growth to continue in the coming years, though, driven at least in part by the trend of leveraging fire systems as the platform for MNS. For their part, fire systems are a safe and reliable backbone for integration with many systems, especially Mass Notification. Given that fire systems have built-in functionality and scalability, as well as stringent international safety requirements, they’re the ideal platform for Mass Notification in public spaces like schools, colleges and hospitals and on military bases (to name but a few installations). Another key benefit of MNS is that they’re constantly monitored. If a system does encounter an error, it will immediately report back to the central station such that the issue can be fixed proactively without putting the site at risk. We fully expect more sites to move towards MNS and fire integration. We’ve seen a considerable rise in consumer products that follow the ‘Plug and Play’ philosophy. These devices set themselves up automatically via a wizard, making it easy for any consumer to set up new technology

SecurityandFireBusinessSectorsPredictionsfor2017 December2016_riskuk_sep14 07/12/2016 15:35 Page 2

Security and Fire Business Sectors: Predictions for 2017

without technical knowledge. These are now essential design factors, as consumers demand their devices to be as intuitive as possible. The same expectation is being applied to the business world. End users expect their enterprise-grade technology to be as easy to install and use as their smart phone at home. This is a trend that Honeywell as a business is particularly invested in. In point of fact, the Honeywell User Experience team focuses entirely on the design and usability of new products in order to deliver the most intuitive and enjoyable experience for end customers.

Mobile technology We’re already seeing businesses adopt mobile devices as a new platform for accessing live video feeds. Security staff can now view live footage while moving across the site they’re overseeing, in turn providing greater clarity when responding to a potential incident. This technology means that security personnel can spend more time being visible on site rather than having to monitor banks of screens. For both the security and fire industries, apps will also be a crucial medium for accessing information heading into 2017. Apps ensure professionals can perform tasks like annual inspections and maintenance as efficiently as possible, saving on the need to carry around heavy manuals and guides. From the consumer’s perspective, this allows greater peace of mind and less time spent on repeat trips by trained and competent technicians. Going forward, we fully expect to see additional technologies like geo-fencing play a burgeoning role in how these apps are developed. For example, geo-location can verify whether an authorised individual is actually on the premises, and so may then permit them to use the app and either arm or disarm alarms as appropriate. For larger enterprises with multiple staff this can be a considerable benefit as it directly empowers on-site employees to take control of a given situation. Increasingly, businesses require systems that are flexible enough to adapt to their changing needs. Any business may need to change the layout of their offices, for example, or introduce additional temporary security measures for specific areas when undergoing renovations. Even for a growing organisation making the move to a bigger building, the idea of investing in a whole new security system is no longer accepted as the norm. As a result, we expect to see a boom in customers demanding functionality they can ‘rent’ for a short period of time, or pay for as and when they use it. ‘Pay As You Go’-style

models provide businesses with more flexibility to try out different functionalities without the advent of a complete security system overhaul. Over the next two-to-three years, we would expect the industry and its end users to move towards these Software as a Service models powered by cloud technology.

Going wireless So far, we’ve focused primarily on trends in the enterprise and public markets. One important residential trend that security professionals should be aware of is the shift to wireless in residential detection systems. Wireless intrusion systems have improved drastically over recent years, and are now comparable to wired systems in terms of their functionality and reliability. With better performance, an extended product lifetime and quick and easy installation, many homeowners are making the switch to wireless when installing their first system. As such, we expect to see more end users looking for similar solutions for outside of the home as well. However, for many enterprise environments, a wired or hybrid intrusion system is still the more beneficial option. Installers can use existing wiring to run another wire. This is both simple and inexpensive. They can then deploy wireless peripherals into previously inaccessible or temporary areas. Industry professionals should consider the building’s existing offering, though, before attempting the switch to wireless.

James Somerville-Smith: EMEA Channel Marketing Leader at Honeywell Security Group

Delivering the right solutions As ever, the pressure is on for the security and fire industries to deliver the right solutions to their customers without stretching the budget. Although end users may well have an understanding of the kind of connected technology present in their homes, they still require guidance on how to choose the right solutions for protecting their business. At the end of the day, an experienced security professional – and one with knowledge of the sector and key trends – remains essential for ensuring that the end user chooses the right system for them. As an industry, we have a responsibility and a Duty of Care to be aware of how the market is shifting and then design our system solutions accordingly.

“‘Pay As You Go’-style models provide businesses with more flexibility to try out different functionalities without the advent of a complete security system overhaul. We would expect end users to move towards such models” 25

www.risk-uk.com

CounterTerrorismThreatMitigationTechniquesandSolutions December2017_riskuk_apr15 07/12/2016 15:34 Page 1

Blasts, Ballistic Attacks and Forced Entry: Combating the Terrorist Threat

With the current threat level posed by international terrorism set at ‘Severe’ on the UK mainland, meaning that an attack is highly likely, it has never been more important for risk and security professionals to be in a position to mitigate any danger to their organisations’ people, buildings and infrastructure. With this in mind, Peter Hatton examines the various mitigation techniques available to them

www.risk-uk.com

he threat level posed to the UK by international terrorism is set by the Joint Terrorism Analysis Centre, while the amount of security advice and guidance available from Government circles is plentiful. Just look at the excellent website of the Centre for the Protection of National Infrastructure. The advice is there but, ultimately, it’s the job of security and risk professionals to address the challenges that this level of threat brings. Following two strands of the Government’s CONTEST strategy, organisations need to ‘Prepare’ their organisations and ‘Protect’ their infrastructure from potential attacks launched by either known or unknown terrorist organisations, or perhaps more worryingly from so-called ‘loan wolf’ attacks. The most likely targets for any terrorist attack are iconic locations, key installations, VIPs or crowded places: any organisation or individual fitting into one of these areas either by function or association will be wholly aware of the need to mitigate against the ongoing threat. Person-borne improvised explosive devices (PBIEDs) and vehicle-borne improvised explosive devices (VBIEDs) have the potential to cause significant injury and damage. Not only can the blast be lethal for the perpetrators’ target, but flying debris – including shards of sharp glass – may well present a further collateral hazard.

Typically, VBIEDs carry a larger amount of explosives and, consequently, cause greater damage. Risk UK’s readers will no doubt remember the devastation caused by fertiliserbased explosives dating back to the early 1970s. In 1998 in Omagh, a device containing agricultural fertiliser (ie ammonium nitrates) was detonated, killing 29 people and injuring hundreds. In 1996 in Manchester, a device fashioned from a mixture containing agricultural fertiliser devastated the city. More recently, in June 2007 two car bombs were discovered in London and disabled before they could be detonated. The first device was left near the Tiger Tiger nightclub in Haymarket and the second in Cockspur Street, in the same area of the city. PBIEDs using homemade explosive devices have caused fatalities, injuries and damage on a massive scale both here in the UK and overseas. In 2005, the 7/7 suicide bombers targeted London with rucksacks packed with precursor chemicals (in particular peroxidebased explosives) and killed 52 people while injuring hundreds, many of them severely. Then, in November last year in Paris, we witnessed a series of co-ordinated terrorist attacks. Three suicide bombers struck outside the Stade de France. This was followed by several mass shootings, and a suicide bombing, at cafés and restaurants. Gunmen carried out another mass shooting and took hostages at an Eagles of Death Metal concert in the Bataclan Theatre. The attackers killed 130 people, including 89 individuals at the Bataclan. Another 368 people were injured, nigh on 100 of them seriously.

Mitigating the threat Do what you can to make your premises blast resistant, paying particular attention to windows. You could have the structure checked by a qualified security or structural engineer. You will need to balance the installation of physical barriers (for example, bollards) against outlined safety requirements. Organise and rehearse bomb threat and evacuation drills and train and rehearse your staff both in identifying suspect vehicles and receiving – and acting upon – bomb threats. A number of UK-based companies have developed innovative and new solutions for one

CounterTerrorismThreatMitigationTechniquesandSolutions December2017_riskuk_apr15 07/12/2016 15:34 Page 2

Counter-Terrorism: Threat Mitigation Techniques and Solutions

of the most difficult aspects of a building to protect: the windows. Mitigation from the threats outlined has traditionally been cost prohibitive, logistically inappropriate or otherwise unavailable. Until now, that is. These blast, ballistic and forced entry mitigation systems are UK designed and manufactured and provide an excellent protective solution which is configured to help realise a multi-layering approach to provide the best possible mix of protection, deterrence, detection and aesthetics. The most effective way for an organisation to protect itself against security threats is to use a combination of physical, personnel-based and cyber security measures. This multi-layering approach is what’s referred to as ‘defence-indepth’. The concept is based on the principle that the security of an asset isn’t significantly reduced with the loss of any single layer. Physical security requirements should ideally be considered during the construction phase of new builds, but the ever-changing threat picture means that the modification of existing facilities is now an escalating requirement.

Windows and glazed facades Windows and glazed façades can be difficult to secure. Windows are vulnerable from visual and eavesdropping observation, forced entry attack, ballistic attack and blast and associated fragments from explosive devices. How might we combine natural lighting and aesthetics suitable for the modern business environment, creating comfortable conditions for workers and their safety, while at the same time providing the highest level of security? Forced entry is the most common form of attack on windows both in the domestic and commercial settings. Blast and ballistic attacks are more likely to be terrorist-related. Large devices set off at crowded and/or iconic places, critical infrastructure sites and outside of buildings are very much the modus operandi of many terrorist organisations. Undoubtedly, bars and roller shutters do act as protection against forced entry, but can be unsightly to a facade. Using blinds with security properties is a much more desirable alternative in commercial settings. They afford end users a sense of well-being and are aesthetically pleasing to look at while fitting perfectly into both modern and retro buildings and settings. This type of protection is perfect for museums and other buildings housing expensive and sometimes priceless items. High-grade protection may come at varying costs. It can be difficult to justify a large financial outlay unless this is supported by a

“High-grade protection may come at varying costs. It can be difficult to justify a large financial outlay unless this is supported by a well-researched security risk assessment” well-researched and conducted security risk assessment. The detail contained within such a document will convince the budget holders of the importance of such a purchase. However, these products don’t provide any ballistic or blast protection and would require an add-on, such as blast-resistant film manufactured at 300 microns thickness and typically designed to protect from flying glass debris. This provides very limited protection against any sizable blast.

Ballistic protection In respect of ballistic protection, there are various solutions available including metallic shutters, which need to be in place to work effectively, and ballistic laminated glass. In the case of the latter, there are a number of considerations to be thought through before fitting them to buildings. Upgrading glass can be expensive and unsightly and could place a great deal of structural stress on a building due to the weight of the thicker material involved. This will inevitably add costs to any security mitigation project that may even be beyond the risk appetite harboured by an organisation’s strategic leadership. Risk and security managers should note that there’s an alternative in the form of a ballistic blind, which works as a normal horizontal and vertical blind, but provides ballistic protection to varying degrees depending upon the manufacturer. The advantage of this solution for the security and risk professional is the aesthetics, functionality and degree of protection provided along with economic value. When considering blast protection there’s the aforementioned blast film, which although extensively used, provides very limited blast protection when fitted to glass. At best, the film will maintain some of the integrity of the glass during a blast event. At worst, it will turn the window into a serious hazard. For a long time now, traditional blast curtains have been used by many organisations, but these seem to have fallen out of favour as they need to be drawn to provide any blast protection capability. Due to the thickness of blast protection glass, due consideration also needs to be given to any stress added to the building’s superstructure, and particularly so during retrofit procedures.

Peter Hatton MBE: International Sales Director (Security) at Abbey Group International (Securablinds)

www.risk-uk.com

Project3_Layout 1 06/12/2016 12:07 Page 1

We go the extra mile.

Axis Security – supporting customers every step of the way. • Our employees are highly trained, valued and rewarded • Our proactive management approach ensures service is continually improving • Our Intelligent technology ensures open lines of communication and transparency • Our prestigious, industry recognition includes 3 Security Guarding Company of the Year awards

T. 020 7520 2100 | E. info@axis-security.co.uk | axis-security.co.uk

SecurityGuardingTheModernSecurityOfficer December2015_riskuk_feb15 07/12/2016 15:39 Page 11

Security Guarding: Progress in Technology

Working on ‘The Technology Equation’ he security industry has become increasingly regulated, with a strong focus on officer welfare, Health and Safety compliance and further enhancements around operational efficiency. The result has been an increased professionalism duly matched by a rise in customers’ expectations. While all of this is undoubtedly positive news, in practice increased regulation also ramps up the amount, range and detail of information that a security guarding company is required to deliver to its clients. By and large, accurate and timely information is dependent on a security officer having the time and tools at hand to submit this information. Key to delivering that information is technology. Good, relevant and well-thought out technology can help make officers even safer, ensure that security companies are meeting their regulatory obligations and enhance operations, with the net result of further improving customer satisfaction.

Supporting mobile workers One of the new technologies helping us to achieve this utopian state is TrackTik. TrackTik is an Android-based patrolling system that prompts officers to complete safety reports, records completed tasks and stores visual evidence of patrols. This is a particularly important tool for the welfare of lone workers as it provides real-time information on an officer’s location, which is critical if there’s a concern as to their whereabouts or a quick response to an incident is required. It’s also important for due diligence as officers can prove that patrols have been undertaken. The technology’s ‘watch mode’ enables officers to capture live video footage of incidents which can be useful for evidence gathering subsequent to an event. The system uses RFID alongside mobile technology, which means a local server or specific software isn’t required. Real-time information can be monitored from a tablet, smart phone or laptop. Customers have access to a live dashboard that provides a centralised view of the entire security operation as well as all of the officers deployed. Another technology that contributes to our ‘Brave New World’ is FastField, a ‘reporting’ technology to create mobile forms that collect data according to pre-determined rules, validation and workflow. Officers have access to all forms through one fast and convenient app.

David Mundell discusses the new technology used by today’s security officers and how it helps to achieve Best Practice in safety and compliance, while at the same time enhancing operational efficiency for security companies and clients alike

The use of drop-down lists and data ‘look up’ tables means that forms are easy to complete and reporting is straightforward and accurate. At the point of mobilising a contract, security providers should discuss specific requirements with their customers and create bespoke forms accordingly, dividing reports by region, site or role. Reports can then be automatically emailed to the client’s chosen recipients, making the process more efficient and eliminating ‘paper’ from the process. For key holding, a technology known as MyTag helps to support a given security officer’s responsibilities and duties. It records the location of a building’s keys and assets and feeds this information into the FM system. Information is stored within the cloud, meaning that it’s live and accessible from anywhere. As regards technology that’s more bespoke, we’ve developed the electronic Daily Occurrence Book. Undoubtedly, this has made a significant impact on the speed and efficiency with which we record and report incidents. It has replaced a paper-based system. Information is now fully searchable and auditable, and may be readily exported to easily provide important analysis and trends. Incident recording isn’t only essential to make certain of compliance, but also in terms of ensuring that we learn from incidents to further improve our overall service. By using Smartsheet technology, we’re able to automatically share information across all key site contacts on a 24/7 basis.

David Mundell: Managing Director of Axis Security

www.risk-uk.com

Project1_Layout 1 05/12/2016 10:46 Page 1

Tel: 08707 508070 Fax: 08707 508066

Risk UK Offer Uniforms@PeterDrew would like to offer all Risk UK readers, SIA licensed companies, FM companies and end users of security services the following •

Free samples on a sale or return basis

•

Free artwork and design setup

•

Free dedicated buying portal

•

Discounted contract prices

•

Committed customer sales support

•

Same day dispatch, next day delivery

•

Branded stock holding available

•

2Q VLWH À WWLQJ VHUYLFH

To take advantage of this offer or for more information contact uniforms@peterdrew.com or call 08707 508070

Website: www.peterdrew.com Twitter: @UniformSecurity Facebook: facebook.com/ PeterDrewCorporateClothing

SecurityGuardingRiskManagement December2016_riskuk_dec14 07/12/2016 15:37 Page 35

Security Guarding: Risk Management

Merry Riskmas he emphasis placed on picture perfect festive celebrations has reached anxietyinducing levels in recent times. This time two years ago, CIS Security commented in Risk UK about what we call ‘Festive Frenzies’ (ie the crazed dash for the shops on Black Friday, which drives some shoppers to a complete lack of awareness of the aggression in their behaviour and even to assault in some cases). Thanks to the national media, who continually hold up a mirror to this kind of mania with plenty of coverage supported by undignified photos of consumers playing tugof-war with flat-screen televisions, many selfrespecting shoppers will now think twice before undertaking a similar elbow-sharpening Christmas present-buying mission, restricting themselves to more civilised online deals. Much to the relief, it has to be said, of on duty security officers. There are still a number of ways in which those same security officers need to step up their senses around this festive period. The security function in any organisation becomes concerned with weather issues, increased footfall or overly enthusiastic revelers at risk of becoming the targets for criminality. At the November City of London Crime Prevention meeting, chief superintendent Martin Fry of the British Transport Police provided an update which included information about the new Night Tube service. The fifth and last line, the Piccadilly Line, will become operational in the week before Christmas. While this will mean that more people can travel home safely, it also has the potential to keep party-goers out later, safe in the knowledge that they can journey home without having to spend extra money on a taxi. Security officers, though, may find that this elongates their busy period still further.

More risky patrolling We’ve been warned in the national media of a particularly cold winter ahead. Icy weather makes patrolling riskier and premises more incident prone. Add to that the carefree stumblings of the aforementioned revelers and you’re looking at a cohort of risks that show ‘red’ on the radar. Whether this will happen or not, we can be sure of more hours of darkness. Chief superintendent Mark Chalmers, who also attended the City of London Crime Prevention meeting, explained that ‘Operation Antler’ would be in place for the weeks leading up to Christmas. In essence, the police have

asked security officers on duty to be observant of those who may be vulnerable to either theft or sexual assault. While many people who celebrate Christmas enjoy everything about it, the pressures of the season can wear some individuals down, in turn driving them towards extreme measures. Unfortunately, it’s also a time to be on the lookout for signs of fraud in the shape of insider threats. This is an area of crime which is growing and has a low risk from the criminal’s own point of view. The increased volume of packages in the postal system, at least in part generated by people having gifts delivered to their place of work, creates more significant risks. Many corporate buildings have x-ray machines for incoming packages to mitigate the risks of unsolicited packages, while some don’t allow personal packages to be delivered at all in order to reduce the opportunities for crime and terrorism (not to mention expensive present pile-ups under desks which can become a target for thieves or even a fire risk, given all of the packaging that comes as ‘part and parcel’ of online shopping these days).

The festive season is now upon us. Is there any other time of the year that presents as many risks as this one for security professionals working in the retail environment? Carl Palmer examines the Christmas security landscape and the threats to be negated

Human behaviour Without trying to sound like the Grinch who wrote a huge risk register on Christmas, my message is that we do need to be thinking pretty carefully about how ever-evolving human behaviour affects our security regimes. We also need to be thoughtful about responding in effective, yet sensitive ways while safeguarding our staff and customers in a positive festive fashion. The festive season also presents opportunities for our business sector to shine in areas such as customer service, making the shoppers’ experience a happy one and, potentially, coming to the rescue of those who may need our support and assistance.

Carl Palmer: Executive Chairman at CIS Security

www.risk-uk.com

SecurityGuardingDevelopmentsinSecurityPersonnelUniforms December2016_riskuk_apr15 07/12/2016 15:36 Page 1

Uniforms for Security Personnel: A Quiet Evolution in Progress traditional tunic and peaked cap except at Government sites or as part of ceremonial dress. The demand for these traditional garments is now virtually zero. The look of the low profile officer contrasts sharply with the higher profile patrol or mobile officer. These officers are often required to have a distinct overt presence and be clearly identifiable to the public and their fellow officers and team leaders alike. Colours can be brighter and branding bolder. Coupled with the use of high-visibility clothing, this offers the maximum impact with the minimum of staff. Such a uniform has three other roles: to promote the corporate image of the company, be designed to work in adverse conditions and be easy to service and clean. This uniform can be as simple as a branded polo shirt with a high-visibility vest right through to a full corporate image that makes the best possible use of unique fabrics and designs.

Reacting to change

Over the past ten years, security guarding services have evolved in reaction to the demands of a changing market, public perceptions and, indeed, Government legislation. In parallel, the image of the security officer has also changed to reflect this development, as Tim Drew discovers

www.risk-uk.com

here were we with security uniforms a decade ago? How does the status quo then contrast with the look espoused in today’s corporate sector? Certainly, it’s easy to witness clear trends emerging, but to fully understand today’s market it helps to first look back at the origins of security uniform design. The UK has a unique heritage when it comes to uniforms. The traditional security uniform has its roots in the military and was heavily influenced by returning soldiers: an influence that can be seen in the Royal British Legion uniform. This military influence still exists in small pockets, but it has been almost completely replaced in the last decade or so by a more corporate image. From the perspective of the uniform worn there are now two distinct roles in security: the low profile, corporate uniformed officer wearing a formal suit and the less formal, but higher profile uniform worn by the mobile or patrol officer. The overall perception is towards one of customer support and safety, and away from overt crime prevention. The projected image on the High Street has moved to a low profile physical presence with the site officer supported by CCTV creating a relaxed retail experience for the shopper. As a result, we rarely see an officer wearing a

What impact do these changes in style have on the supply of uniforms, then, and how has the uniform market reacted to the change? We’ve already alluded to the reduction in the use of tunics, heavy fabrics, pilot shirts, NATO jumpers, fleeces and marks of rank and have seen the rise in the use of suits, classic shirts, cargo trousers, technical garments, polo shirts, softshell jackets and breathable outerwear. The uniform suppliers have re-positioned their supply chains to manufacture this new mix of corporate clothing and also adapted their selling systems to provide the new ranges. What can uniform suppliers offer today’s security companies and in-house teams as a solution to their uniform/workwear needs, and how do those companies know what solutions are available to them? The product supply breaks down into different types. Some suppliers only supply third party items from distributers while others – and especially so those operating in the corporate clothing sphere – manufacture their own goods. As security companies will buy a wide range of products, suppliers often rely on third party solutions. This applies to specialist items such as footwear and PPE. For the end user, then, the best value can often be found in the supplier who offers both third party products and a

SecurityGuardingDevelopmentsinSecurityPersonnelUniforms December2016_riskuk_apr15 07/12/2016 15:36 Page 2

Security Guarding: Developments in Security Personnel Uniforms

range of stock-supported garments manufactured in-house. The services available to security companies break down into two sectors: managed and unmanaged. Unmanaged services are usually provided through a web shop and supported by a traditional catalogue, although other methods like e-mail, fax and phone are still available. The buyer benefits from the large stocks held by the supplier and a next day service for stock items. This unmanaged service may be supported by a simple branding service such as embroidery and heat-sealing. Greater benefits can be gained by using a managed uniform service. It’s a common misconception in the marketplace that many security companies are too small to benefit from such a service. Given the advances in IT services, well-organised SMEs with as few as 100 members of staff would be viewed as valued customers and are missing out on a range of no cost services that would really benefit them. Armed with the latest IT developments, security uniform providers are pressing home the message that the future is about managed service provision. They’re waiting and willing to invest their time in assisting security companies.

The managed service Managed uniform services can be as simple as a dedicated web page with a secure login offering discounted prices through to a full wardrobe management service. The general market consensus is that security companies give their incumbent supplier eight out of ten for service, when in reality it’s eight out of 20: they don’t know about the extra ten services available from the top suppliers. Some suppliers will offer a total uniform pack to include any item that the customer provides free, including items like company Human Resources literature, safety manuals, ISO 9001 policy information, notebooks and any specialist items such as torches, stab vests, First Aid packs, needle-proof gloves, radios, lone worker alarms and specialist fire protection clothing, in turn realising a truly controlled ‘one stop’ shopping experience. There can be a next working day service, same day service, managed stock, branded stock, uniform packs, discounted fixed prices, outsize ranges, a dedicated web site, wardrobe management, free training, a dedicated account manager, on-site support, site roll-out management, free graphics, brochure design, garment design, garment testing, bid support, budget control, statistical analysis, monthly billing, consolidated invoices, parcel tracking, a

“Armed with the latest IT developments, security uniform providers are pressing home the message that the future is about managed service provision. They’re waiting and willing to invest their time in assisting security companies” made-to-measure service, a fitting service, a switching service and one-stop buying. In short, there are plenty of options available. Case Studies show that companies who switch to a managed service provider benefit from an improved image, faster turnaround times, lower costs, reduced losses and a considerable reduction in overhead, subsequently being able to release internal staff to manage and grow their business.

What about the future? What of the future for managed uniform services? This will continue to be a growth area as more and more companies look for support. Garments will further improve in quality and durability while the use of technical fabrics enhances the wearer’s experience. The biggest impact will almost certainly be created by improved web and IT services with the ongoing development of mobile wardrobe management and applications. Security companies seeking a smoother business path should look into a long-term relationship with a good uniform partner. Hopefully, you will find yourself engaged and buying a hat for the wedding. Just make sure that hat isn’t a military peaked cap, though. They are so last decade.

Tim Drew: Managing Director of Peter Drew Contracts

33 www.risk-uk.com

Project1_Layout 1 02/12/2016 10:46 Page 1

SURVEILLANCE SOFTWARE SSM - Smart Security Manager

SSM Enterprise is a new powerful video management software platform for managing & monitoring large numbers of cameras • GPS tracking of trains via Google Maps • Download video clips from a moving vehicle or train and automatically collate them back together in sequence (without having to wait for the vehicle to reach its destination) • “Help point” integration with SSM triggering video surveillance • Large scale event monitoring in over 1,000 sites for central HQ • Integrate with access, fire & intrusion • Face recognition security for staff offices

hanwha-security.eu

TheSecurityInstitute'sView December2016_riskuk_mar15 07/12/2016 14:54 Page 2

The Security Institute’s View

he natural starting point in managing human risk is the recruitment process. It makes a certain amount of sense to attempt to identify risks in advance of their ability to affect the business, but any attempts to reduce risk with profiling and psychometric testing at the pre-employment stage are unlikely to be effective. People are more complex than a scoring matrix and, if certain studies are to be believed, many successful CEOs demonstrate psychopathic traits that might technically render them unemployable even though these traits may be the basis of their success. It could also be argued that nobody joins an organisation as a ‘toxic’ employee. In reality, the process of becoming ‘toxic’ takes place over time in response to negative experiences of the working environment. There’s merit in performing due diligence during the recruitment and probation periods, including criminal records, probity and reference checks. These should be performed in conjunction with a solid on-boarding process to make the new employee feel welcome and part of their new cultural environment. Recruitment processes are often long in duration, and there’s clearly ample time to prepare a workstation for the new team member. This is an essential step in making them feel like they belong and that they’re supported, both of which help in reducing the risk that new employees present. Starting a new job and then waiting days for a desk, laptop, phone and network access are unlikely to reinforce an individual’s positive perceptions. These are all small elements in the grand scheme of things, so there should be no problem in making sure that they’re right. Certainly, if the cost of recruiting is high, both in terms of time and the financial investment involved, the first risk to avoid is that the new hire leaves within a month for another opportunity. A working relationship that doesn’t start professionally is much more likely to end in the same way.

Learning and development The next area where employee risk can be influenced is learning and development. Staff who receive appropriate investment in their development are generally more likely to remain with their employer than individuals whose progression is ignored. Trained staff are also more likely to be competent and able to contribute towards organisational aims. Within the UK, the new Apprenticeship Levy that comes into being in the New Year may well change the face of workplace learning and put

On Board With On-Boarding: An Elimination of Risk It’s often said that people are an organisation’s greatest asset. They can also be a company’s greatest risk, yet this latter statement assumes employees are the source of the most severe risks, with little consideration given to the role the organisation itself plays in their creation. As Richard Diston observes, in reality there are five key organisational areas that can have a significant influence on whether an employee is an asset or a risk to the business the subject of staff development firmly back on the Boardroom agenda. At this point, it should be noted that training and development undertaken grudgingly isn’t going to provide the same benefits as if it were approached as part of the organisation’s DNA. The risks that a company takes in using untrained and unassessed personnel are enormous. Aside from the legislative issues of failing to train staff (relating to compliance training such as Health and Safety inductions), there’s a real chance that any competitive edge will be blunted. If the CEO is the most competent person in the business, then by default this means that everyone else is less competent even though they’re transacting the majority of the work. A lack of staff development also sows the seeds of corporate failure because it links in so closely to the area of employee retention. Talented and knowledgeable staff walking out of the door is, of course, nothing other than a critical risk to any organisation. This can represent a loss of competitive advantage as the chances of those members of staff joining a competitor in the same commercial space while

Richard Diston MSc MSyI: Director and Principal Consultant at Ark Services (www.ark-services.co.uk)

www.risk-uk.com

TheSecurityInstitute'sView December2016_riskuk_mar15 07/12/2016 14:54 Page 3

The Security Institute’s View

in possession of recent ‘insider’ knowledge is entirely foreseeable. Organisations can reduce this risk by way of practical programmes for identifying and developing latent talent in the workforce and then putting in place strategies for succession planning. This can be a double-edged sword, though. Businesses without growth are unlikely to be able to provide opportunities no matter how good their internal staff development programmes. There’s certainly an element of balancing the needs of the business with the needs of the employees involved. This can be best achieved in an open and honest culture.

Management failures There’s an argument to suggest that many human risks organisations face are ultimately linked to failures of leadership and management. It’s fair to state that an organisation wherein there’s weak leadership, lack of vision and questionable ethics and values is unlikely to be any kind of hotbed for innovation nor a long-term commercial success. Conversely, where there’s a strong culture of professional management, human risk issues are identified early through meaningful appraisals and open communication. The employer then becomes a potential partner in a solution rather than a situational victim. Members of staff who are inspired and aligned with the values of the business may then inspire others. That’s the basis of a powerful team and a commercial force to be reckoned with in the outside world. Oversight in such places is more about identifying human risks linked to a lack of resources rather than being focused on a ‘Command and Control’-style hierarchical structure that seeks to ‘dictate out’ malfeasance or incompetence. Processes are more likely to be perceived as fair and ethical by employees even if they do fall foul of them. Evidence would appear to suggest that companies viewing employees as a ‘means to an end’ are creating substantial risks that may be beyond their control. Many cases of workplace homicide are linked to perceptions of ‘violence’ perpetrated by organisations against their own personnel, such as poorlyhandled grievance procedures or lay-offs. Fairness and respect are key influences that have been identified as being important in the

“Staff who receive appropriate investment in their development are generally more likely to remain with their employer than individuals whose progression is ignored” 36

www.risk-uk.com

reduction of retaliatory actions potentially being performed by personnel. Given the damage that a negatively motivated employee can perpetrate with their legitimate network access, culture is perhaps the most important mitigator of human risk in the workplace. That culture begins at the top.

Responding to failure The final and arguably most important area for managing human risk in today’s organisations comes from the response model to human failure that the host business employs. One suggestion would be to use systems theory to identify incubating risks present in precipitating events and support this with an HSG48 framework. HSG48 is the guidance document from the Health and Safety Executive that relates to human failures. It defines a clear investigative pathway for examining human failures, starting with the assertion that errors are either skills-based – which is a clear training issue – or down to mistakes (which are either knowledge-based or rule-based). This provides a solid foundation for examining the quality of the training that’s provided and the clarity and appropriateness of procedures. If the failure cannot be defined as an error, it’s considered as a violation under HSG48, which is either routine (regular rule breaking without sufficient reason), situational (task pressures led to the violation) or otherwise exceptional (abnormal circumstances led to actions outside of training and established rules). Such a model could become the basis of internal Best Practice and be a barometer for a wide range of human risk behaviours. Human beings are complicated, while organisations are even more so. The external risks present in doing business are subject to an undulating landscape of political, technological, legislative and market change. Organisations would benefit from managing their internal human risks as best they can as these at least may be within their scope of reach and control.

Project5_Layout 1 07/12/2016 15:50 Page 1

TITANUS® ﬁre detection

We are not just a resource. We are part of your team. FIRE HAS ITS OWN RULES. ACTIVE FIRE PROTECTION REDEFINES THE RULES. - manned guarding - installations and maintenance - monitoring and response - video analytics - investigations and consultancy - drone technology - cyber assurance

Late fire detection wastes valuable time for preventive measures! Intelligent fire protection starts in the earliest stage and insures a crucial time advantage. Earliest possible fire detection with TITANUS® technology can detect fires in the pyrolysis stage. TITANUS® is 2,000 times more sensitive Unipart Security Solutions Ltd is a provider of Total Security Solutions. Our culture is to encourage our people to take a different view to the traditional approach and evaluate the site’s entire security requirements. Our people are motivated to make a positive impact and create an environment where our customers’ property, people and assets are safe.

Standards like ours are a part of our culture, driven by a set of principles we call The Unipart Way. As a division of the Unipart Group, one of the UK’s largest private companies, our heritage is one of reliability and performance.

than a conventional ﬁre detector and has a very high resistance to false alarms. The essential time advantage for maximum protection of people, goods, assets and property – a solution proven in practice worldwide.

We EVe not just a resource. We are a part of your team.

www.wagner-uk.com

web: www.unipartsecurity.co.uk email: securityenquiries@unipart.com phone: 0843 504 0450

ONE STEP AHEAD

InTheSpotlightASISInternational December2016_riskuk_apr15 07/12/2016 14:52 Page 1

The Security Commonwealth: Working For The Common Good T

The Oxford English Dictionary states: “A Commonwealth is a voluntary association of independent (sovereign states) organisations/ representatives consulting and cooperating in the common interest of their (people) organisations/ members and in the promotion of common understanding (and world peace).” For The Security Commonwealth replace ‘sovereign states’ with ‘security membership organisations’ and ‘world peace’ with enhancing UK security, as David Clark outlines

David Clark CPP PCI PSP: Chairman of ASIS UK and The Security Commonwealth and Head of Security for the Francis Crick Institute

www.risk-uk.com

he Security Commonwealth is a voluntary association of independent security membership organisations/representatives consulting and co-operating in the common interest of their organisations/members and in the promotion of common understanding and enhancing UK security. The aim is for the Commonwealth to be the all-inclusive industry advocate for security issues in the UK, create lasting networks and alliances and promote and lead the security sector with integrity, honesty and education. Very clever, but why? The Security Commonwealth is the brainchild of The Security Institute and was set up last year in response to increasing demands for just such a body. The UK’s security sector is wide and diverse and consists of a range of highly complex disciplines, professions and specialisations. With decreased funding for police and Government security services and now a confirmed Brexit, more than ever before the UK’s security sector needs to come together as an alliance and reinforce the private sector’s ability to inform and support Government initiatives while enhancing the standing and professionalism of the sector as a whole. The Security Commonwealth has been established to co-ordinate the development and use of Best Practice, involving existing industry stakeholder organisations to: • establish a Commonwealth wherein all organisations come together on an equal and continual basis and discuss the development of common approaches towards joint challenges • create an awareness programme by working with key industry sponsors on developing key messages and something that can be used as a kitemark for all security interventions • set up a shared information service: this will be used by all member organisations to receive, share and disseminate information at the appropriate levels • show security to be the challenging, intellectually stimulating, exciting and publicserving discipline that it is • promote the Security Commonwealth to businesses through focused business engagement supported by a robust media and communications strategy, in turn building confidence and reassurance • promote Security Commonwealth awareness

to businesses through timely industry-focused information, disseminated to key individuals within the Commonwealth • encourage the gathering of like-minded professional security sector leaders in dedicated meetings to drive through associated security issues • share Best Practice and promote continuous improvement via the network • support industry engagement and development by creating a UK-wide communication network for professionals • champion professional recognition and continuing development around The Security Commonwealth • provide a strategic platform for the sharing of learning, knowledge and security experience • create a consultation and lobbying group to speak on behalf of all the Security Commonwealth organisations

Immense change ahead In days gone by, similar attempts have been made at creating something akin to The Security Commonwealth. The Security Alliance and the Joint Security Associations tried largely the same thing, but with limited success. These are times of immense and rapid change for the security profession and all of its practitioners. The nature of threats is evolving: accessible information technologies, global networks, the diversification of threats and disruptive technologies will all create risks for members of the public, society at large and, indeed, for businesses in equal measure. Now, increasing co-operation at a bilateral and multilateral level is the necessity and the norm. Complex threats require complex solutions and this demands far greater collaboration and co-operation from those responsible for the security of assets as well as the organisations that represent them. What has the Security Commonwealth achieved to date? Strategic meetings are held quarterly and these are well attended. Representation and support from Government agencies such as the Security Industry Authority (SIA) and the Office for Security and Counter-Terrorism (OSCT) is forthcoming. Topical security subjects are discussed and wide agreement is sought on a unified approach towards security.

InTheSpotlightASISInternational December2016_riskuk_apr15 07/12/2016 14:52 Page 2

In the Spotlight: ASIS International UK Chapter

The Security Commonwealth has already been involved in a number of consultations including that involving the Government’s counter-terrorism CONTEST review, the Home Office review of the SIA and the London Mayoral security and preparedness review for the capital.

Constituent members Membership of The Security Commonwealth consists of most of the major security membership organisations in the UK, such as ASIS UK, The Security Institute, the International Professional Security Association, the Association of Security Consultants and the Institute of Professional Investigators as well as sector-based membership organisations like the Sister Banks and the Pharmaceutical Industry Security Forum. Many other august organisations are involved covering all security disciplines including counter-terrorism, physical security, cyber security and more. Membership also includes representation from special interest groups such as the Security Awareness Special Interest Group, the Women’s Security Society, TiNYg and the Project Griffin National Executive. Industry representative organisations such as the British Institute for Facilities Management and the British Security Industry Association are involved, so too geographically significant organisations like London First’s Security and Resilience Network and the South Bank Business Watch. Membership is open to any security membership organisation that wants to play an active role in consulting on, informing and/or influencing UK security provision.

In 2017 and beyond Going forward, The Security Commonwealth must assess and inform the impact of Brexit on the UK’s security business sector. Brexit has caused just about all UK industries and industry leaders to sit up and take notice of the potential impact of Britain’s exit from the EU, and the security industry is no exception. Research shows that a number of Eurosceptics have suggested Brexit will compromise the UK’s ability to fight crossborder crime and terrorism, but the degree of reality in that statement will not be known one way or the other for some time to come. Despite the potential risks to UK security provision associated with Brexit, it will almost definitely mean change. These changes should be embraced and measures implemented that compliment whatever these changes might be. We do know that The Security Commonwealth

needs to be at the very forefront of any highlevel discussions and plans for the UK’s security sector now more than ever before. There must also be continued engagement with the newly-formed Joint Security and Resilience Centre (JSaRC). The Home Office has committed £11 million over the next four years to establish the JSaRC, which will provide a flexible capability whereby the Government and the security sector (encompassing both industry and academia) can work in partnership to respond to both urgent and longer term threats posed to the UK’s national security, while also seizing opportunities to support the growth of the security sector in general. JSaRC will act as the front door for the security sector to access the complex security machinery of Government. It will be Government’s primary means of co-ordinating industry support, refining requirements, understanding the industry offer and sharing strategic priorities. In parallel, dialogue with the OSCT’s Security Industry Engagement Team will be ongoing. There will soon be a new chair of The Security Commonwealth. This role is rotated among security membership organisation chairs. A new chair will be appointed from a Security Commonwealth member organisation during the early stages of 2017.

“Research shows that a number of Eurosceptics have suggested Brexit will compromise the UK’s ability to fight cross-border crime and terrorism” 39

www.risk-uk.com

FIATechnicalBriefing December2016_riskuk_nov14 07/12/2016 14:50 Page 1

The Importance of Fire Risk Assessments for Today’s Organisations Fire risk assessments are specifically designed to minimise the probability of the event of a fire by identifying the potential hazards and fire risks within a building. However, an assessment doesn’t just examine the structure of the building itself, but also the contents of the building as well as its layout and use. How does the use of a building affect the fire risk? How many people are in the building and how will they escape in the event of fire? What steps should be taken to minimise the dangers? Will Lloyd observes all the key points involved

or any business or public buildings such as shops, nightclubs, cafes, restaurants, offices, churches and even bus and train stations, a fire risk assessment is required. This list of buildings involved isn’t exhaustive, but as a rule, all non-domestic properties need to have a fire risk assessment conducted on the premises. It’s not optional. Rather, such an assessment is mandated by UK law. Fire risk assessments are stipulated in the Regulatory Reform (Fire Safety) Order 2005. This piece of legislation was designed to replace all previous legislation regarding fire safety, streamlining requirements in the UK. Employers and other responsible persons working for housing associations, schools and hospitals, etc as well as landlords must familiarise themselves with the legislation such that they understand the requirements. Simply put, the legislation states that a fire risk assessment must be carried out, but it also lists a whole range of other requirements. Who’s allowed to conduct a fire risk assessment? Who’s responsible in the event of a fire? Who looks after procedures for serious and imminent danger and for danger areas? What provision of information should be given to employees? How must the Regulatory Reform (Fire Safety) Order 2005 be enforced? It’s important to understand that failure to comply with the Regulatory Reform (Fire Safety) Order 2005 may result in prosecution leading to fines that could run to tens of thousands of pounds depending on the number of breaches involved. In some cases, the proven guilty parties end up with a prison sentence.

Points to be noted What does the legislation say in regards to fire risk assessments? It’s particularly important to note the following: (1) The responsible person must make a suitable and sufficient assessment of the risks to which relevant persons are exposed for the purpose of identifying the general fire precautions he/she needs to take to comply with the requirements and prohibitions imposed on him/her by or under this Order. (2) Where a dangerous substance is or is liable to be present in or on the premises, the risk assessment must include consideration of the matters set out in Part 1 of Schedule 1. (3) Any such assessment must be reviewed by

www.risk-uk.com

the responsible person regularly so as to keep it up to date and particularly if (a) there’s reason to suspect that it’s no longer valid or (b) there has been a significant change in the matters to which it relates including when the premises, special, technical and organisational measures or organisation of the work undergo significant changes, extensions or conversions, and where changes to an assessment are required as a result of any such review, the responsible person must make them. (4) The responsible person must not employ a young person unless he/she has, in relation to risks to young persons, made or reviewed an assessment in accordance with paragraph (1) and paragaph (5). (5) In making or reviewing the assessment, the responsible person who employs (or is to employ) a young person must take particular account of the matters set out in Part 2 of Schedule 1. (6) As soon as practicable after the assessment is made or reviewed, the responsible person must record the information prescribed by paragraph (7) where (a) he/she employs five or more employees (b) a licence under an enactment is in force in relation to the premises or (c) an alterations notice requiring this is in force in relation to the premises. (7) The prescribed information is (a) the significant findings of the assessment, including the measures which have been or will be taken by the responsible person pursuant to this Order and (b) any group of persons identified by the assessment as being especially at risk. (8) No new work activity involving a dangerous substance may commence unless (a) the risk assessment has been made and (b) the measures required by or under this Order have been implemented.1

‘Suitable’ and ‘sufficient’ The legislation calls for the risk assessment to be both ‘suitable’ and ‘sufficient’. The problem with this is that it seems there’s a degree of interpretation involved here. What might be suitable for one property certainly will not be so for another. This is why it’s important to tailor the fire risk assessment to each specific premises, and to update and review the assessment as and when any changes occur, such as when a room is re-purposed, the

FIATechnicalBriefing December2016_riskuk_nov14 07/12/2016 14:51 Page 54

FIA Technical Briefing: Fire Risk Assessments

occupants in the building change or the usage of the building changes (for example, if a retail outlet converts to being open on a 24-hour basis or the structure is purposefully converted in some way). Anyone can conduct a fire risk assessment as long as they’re deemed ‘competent’, but a recent investigation uncovered that many business owners lack the skills or knowledge to complete such an assessment unaided. Problems arise when the person carrying out the fire risk assessment doesn’t have the years of experience and the necessary ability to fully analyse the risks. What if risks or hazards should be missed? Not only is this potentially very dangerous, but could lead to an actual fire occurring in the building because the risks haven’t been properly assessed and minimised. Lives could be lost alongside vital services for the local community or the business world. This is why it’s absolutely imperative to make certain a fire risk assessment is right straight from the beginning. It’s far too easy to overlook hazards and risks, or fail to understand the impact of those risks and make insufficient recommendations to reduce them. A recent investigation carried out during a review of the Fire (Scotland) Act discovered that there was a huge lack of understanding of what’s required in a fire risk assessment: ‘Scottish Fire and Rescue Service statistics… highlight that, from a sample of 457 premises, 130 premises didn’t have a risk assessment carried out and, of the 315 premises that did, the fire safety measures in place were considered to be totally adequate in only one of those premises.’2 It’s the Fire Industry Association’s (FIA) recommendation that, in the instance of a ‘responsible person’ or ‘duty holder’ (as named by legislation) being unable to have the requisite skills, knowledge, experience and competence to produce a suitable and sufficient fire risk assessment, an independent fire risk assessor should be appointed. How, though, do you find a reliable risk assessor? The answer is simple: use only verified and certified risk assessors. Fire risk assessments are easy to do, but hard to do well. Almost anyone with a background in the fire industry can set themselves up as a ‘professional’ fire risk assessor and visit premises around the country giving out advice to building owners and businesses. That’s the

scary part – there are hundreds of companies claiming to be ‘expert’ risk assessors, but without any real grounds or certification to say that they are. The good news is that the number of certified (ie independently verified to be reliable and fully-trained) risk assessment companies has risen from zero in 2012 to 44 companies in the UK right now. While 44 may not sound like a particularly high number, that figure is likely to snowball over the next few years as a more educated public demand verification of the skills of the individuals they’re hiring to carry out fire risk assessment procedures.

References 1Regulatory Reform (Fire Safety) Order 2005: Section 9 http://www.legislation.gov.uk /uksi/2005/1541/article/9/ made 2Review of Part 3 of the Fire (Scotland) Act 2005 Report, Regulatory Review Group, 2015

Trend for certification This trend for certified fire risk assessors is one that’s following in the footsteps of the installation market: more and more installers of fire alarm systems across the UK are now certified (over 800 companies, in fact), so this is one trend that’s likely to continue in the industry for risk assessment companies as well. As it’s a legal requirement to carry out a fire risk assessment in any business or public building, it’s important the host organisation uses the services of a company that has been verified by a third party to have the correct skills and training in place. The easiest way to check is to use the FIA’s members’ register at www.fia.uk.com All members listed under the ‘Find a Member’ section are verified and certified by an independent body.

Will Lloyd: Technical Manager at the Fire Industry Association

“Anyone can conduct a fire risk assessment as long as they’re deemed ‘competent’, but a recent investigation uncovered that many business owners lack the skills or knowledge to complete an assessment unaided” 41

www.risk-uk.com

SecurityServicesBestPracticeCasebook December2016_riskuk_apr15 07/12/2016 14:53 Page 1

Security Guarding Services: Addressing The Buyers’ Challenge buying decision is, it must be recognised, often made on price. The widely-recognised Approved Contractor Scheme (ACS) operated by the Security Industry Authority has raised performance standards across the industry and helped inform buyers, evolving perhaps unforeseen over time into a points-based contractor comparator for end user customers. The danger of all ‘league tables’, though, is that ‘points’ don’t always tell the full story. When it comes to security guarding, an overreliance on ACS ‘scores’ being the principal indicator of future performance could be considered a somewhat one-dimensional perspective. The challenge, of course, is how to further enhance contractor selection.

As a wholly independent UKASaccredited certification body, the National Security Inspectorate is determined to shine a light on how security companies that maintain approval to Guarding Gold standards work to the ultimate hallmark of excellence such that the buyers of security guarding services can be confident in the selection of their solution providers. Richard Jenkins addresses the fine points of detail

www.risk-uk.com

here’s no doubt the security sector finds itself in a period of significant flux. No prizes for guessing that technology is playing a major part in changing how security services are delivered. Automated systems such as ANPR and facial recognition, in tandem with increasingly sophisticated video analytics, are reducing the reliance on traditional guarding solutions. Despite this, the need for a physical security presence is very much alive. Project Griffin and other emergency servicefocused initiatives are increasingly involving the private security sector to enhance the network of those safeguarding our communities. Contracts for retail environments, for example, are challenging security guarding companies to develop more sophisticated approaches as to how their officers might be best deployed to enhance the security and safety of the public, customers and members of staff alike. When it comes to developing the specification for these contracts, buyers of security services are often unsure as to the best way to assess and grade the standards and practices of one company over another. Where an incumbent operator is to be replaced, the fact that the existing team will TUPE across from one business to another makes it hard to ascertain which new organisation might provide the best value. After all, it will be the same people delivering the ‘new’ service. A change in management culture and new ideas around how to manage and deploy the team will of course play a part, but the final

NSI Guarding Gold The National Security Inspectorate (NSI) harbours a long-held belief that it’s possible to set and measure performance in practice that delivers high levels of reassurance for the buyers of security services. As an independent not for profit organisation, the NSI’s mission is to raise standards across the security industry in the interests of buyers, be they the purchasers of electronic security or fire safety systems or guarding services. The NSI sees British Standards, developed by the security industry for the security industry, as a robust basis of ‘self-regulation’ and as a benchmark to which the more progressive businesses in the sector will sign up. Contractors choosing a regime that harnesses industry expertise through independent audit are investing in a continual improvement cycle enriched with guidance from specialists who live, see and breathe Best Practice in the sector. The Guarding Gold scheme embodies all relevant British Standards and has come to be recognised as the hallmark of excellence for those organisations involved in many aspects of guarding, from transporting cash and valuables to key holding and providing site-based teams of security officers. The scheme uniquely encompasses ISO 9001, the Quality Management standard, such that buyers can immediately discern approved companies’ credentials and their commitment to quality. There are around 100 NSI Guarding Gold companies in the UK. All of them are routinely

SecurityServicesBestPracticeCasebook December2016_riskuk_apr15 07/12/2016 14:53 Page 2

Security Services: Best Practice Casebook

audited against the technical requirements of the guarding services and Quality Management standards. Subject to at least two audits each year, Guarding Gold companies’ focus is on continual improvement of business process, staff welfare, training and development, which together secure the service provided for their clients. Regular independent audit and detailed scrutiny of all these elements is an integral part of their management regime. Of course, the acid test for any kind of standard, approval or certification is the tangible benefit for clients. Approval should never be a ‘tick box’ exercise, but rather a process that drives value all the way through the organisation that’s being audited and, ultimately, delivers positive and sustainable results for those same clients.

Client-focused standards How guarding service contracts, assignment instructions for officers and policies for managing and training on-site teams are drawn up, communicated and followed are three areas that any potential client would find of interest when reviewing the suitability of a given company to provide guarding services. These are all audited in detail as part of the NSI’s Guarding Gold scheme. NSI Guarding Gold approval tests all three using the relevant British Standards, taking into account the activities that the company might be undertaking such as mobile patrols or key holding, for example. As far as the development of a contract is concerned, NSI auditors check eleven specific points included in every quotation and contract. These points are designed to protect the interests of both the client and the service provider and to make absolutely sure clear expectations are set at the start of the business relationship. Among other clauses, they include the obligation of the organisation to maintain confidentiality with respect to information obtained while tendering for or fulfilling a contract and arrangements for statutory holiday entitlements for security personnel. The requirements for critical processes and procedures, such as assignment instructions and incident handling, are not only explained for the purposes of providing good customer service, but also to protect the Health and Safety of officers, visitors and members of the client’s own staff. Operating instructions have to be clearly and fully described such that everyone assigned to that environment is clear as to the specifics of the location, the expectations of the client and any potential risks. It’s easy to understand why companies

should be able to demonstrate how, for example, amendments to assignment instructions are properly communicated. Security officers are usually based at a client’s site where supervision time can be limited. Assessing staff competence, engaging with individual officers to encourage constructive feedback on their role and managing their welfare all go towards building a team that’s motivated to deliver a good and safe service to the client. NSI Guarding Gold companies have to demonstrate that they undertake monthly welfare checks, that their teams have role and assignment-specific training and that the organisation maintains detailed training plans and records. Independent audit is the validation and assurance for buyers of compliance. A recent event hosted by the NSI brought together representatives of many of the Guarding Gold companies to determine how better to share the positive impact these exacting standards can have for clients. Using NSI Guarding Gold as a benchmark specification for potential contractors could provide them with guidance on selecting and assessing potential security contractors. It was clear from the discussions that approved companies feel strongly their operational effectiveness benefits from a cycle of continual improvement engendered by the NSI’s audit regime. The audit process becomes the focal point for benchmarking their activities and improving performance.

Richard Jenkins: CEO of the National Security Inspectorate

Security specialists Being specialists from the world of security, NSI auditors harbour a unique insight and understanding of how to audit activity and apply guarding standards. This is particularly pertinent when it comes to evaluating compliance to ISO 9001 in the context of the guarding sector, and in providing a ‘sixth sense’ when identifying any aspects needing remedial action in service delivery. By way of conclusion, there’s much work still to be done in the security guarding sector. British Standards embody Best Practice defined by the industry for the industry. NSI Guarding Gold affords buyers the strongest assurance in contractors who comply with the latest version of those British Standards.

“The requirements for critical processes and procedures, such as assignment instructions and incident handling, are not only explained for the purposes of providing good customer service, but also to protect officers, visitors and staff alike” 43

www.risk-uk.com

MeetTheSecurityCompanyPartOne December2016_riskuk_apr15 08/12/2016 10:59 Page 1

Meet The Security Company

This month sees the first in a brand new series of articles for the readers of Risk UK in which we shine the spotlight on SSAIBregistered businesses for the benefit of risk and security managers who purchase security guarding as well as systems-focused solutions. Answering our questions this time around is Tony Woolcott, the managing director of Avantguard Security

Risk UK: Can you give Risk UK’s readers a brief overview of how you see the security guarding market at the current time? Tony Woolcott: Currently, I view the security guarding market as being splintered with innovative and quality-driven companies competing against lowest price models. Since the introduction of the Security Industry Authority (SIA), there has been a lot of progress in removing undesirable individuals from the market, but very little progress has been made to improve the standards provided by security companies. I still see an industry riddled with bad practice. The Approved Contractor Scheme (ACS) is now the main industry specific accreditation, of course, but standards still vary drastically among ACS accredited companies. It’s difficult for buyers to differentiate between providers so they often revert back to price which drives down standards. Risk UK: Do you believe present margins in the sector are sustainable? Tony Woolcott: In general, I don’t believe that margins in the industry are sustainable. As a

About the Security Systems and Alarms Inspection Board Founded in 1994, the Security Systems and Alarms Inspection Board (SSAIB) is a leading certification body for organisations providing security systems and services, fire detection and alarm solutions, telecare systems and services, manned security services and monitoring services. The SSAIB is a Security Industry Authority-approved certification body in respect of the Regulator’s Approved Contractor Scheme and operates in the UK as well as the Republic of Ireland.

44 www.risk-uk.com

company, we’re selective about our client base and look to maintain good margins which are invested into good quality equipment and a nice benefits package for our team. Too often, everyone seems to be in a race to the lowest price and that’s not a race we want to join. Facilities companies are scooping up contracts on a national level with the intention of outsourcing various components such as security and cleaning. Frequently, we’re approached to provide sub-contracted services and it quickly becomes apparent that we would be third or fourth tier suppliers. By this point, the expected charge rates are so low that the contract would operate at non-viable margins. Security is still seen by many as something of a grudge purchase with low expectations around service delivery. There’s a lot of apathy among the buying public due to repeated bad experiences and, as a result, buyers don’t want to take a chance on paying higher rates and ending up with the same service. Risk UK: In terms of the end user customer, who are you being put in front of when tendering for work and are the knowledge levels among clients greater than they were, say, five years ago? Tony Woolcott: There’s a wide range of end users out there including security and risk managers, facilities managers, HR managers and purchasing managers. What has been more apparent since the recession is that many buyers have found security management added to their role following downsizing exercises. This often means that the buyer finds their time stretched which, in turn, can make negotiations for new contracts difficult if the buyer cannot give this process their full time and attention. However, long-term this is advantageous for us because we look to build a relationship with our clients that results in us ‘managing’ their security and removing the headache from them. Increases in the use of Supplier Frameworks and Approved Supplier Networks among larger customers have become more commonplace. Although this can open up bigger possibilities, it can also result in a great deal of time spent ‘jumping through hoops’ to gain a place on an Approved Supplier List with no guarantees of

MeetTheSecurityCompanyPartOne December2016_riskuk_apr15 08/12/2016 10:59 Page 2

Meet The Security Company: Avantguard Security Ltd (Part One) In association with the actual contracts at the other end. It also diminishes the ability to create tailored solutions that better meet a client’s needs. Supplier Frameworks are often quite restrictive, looking for a ‘one price fits all’ solution, but this is often unrealistic as contract requirements can vary quite drastically. Knowledge levels among clients vary from those who are experienced and know what to expect through to those who’ve never given any consideration to security arrangements and need a lot of guidance through the process. Knowledge of the SIA and the ACS remains low among most buyers, particularly with regards to their own responsibilities for ensuring that members of staff are licensed. Knowledge of the SIA is also still surprisingly low within the police service. When attending alarm activations and serious incidents, our security officers are never asked to provide their SIA licence details. It seems that door supervision is the area that attracts the main focus from SIA inspectors and the police. Risk UK: Are end user customers asking the right questions of you as their service provider, and is there now a desire for partnership working as opposed to security being seen as a necessary ‘bolt on’? Tony Woolcott: During the years that I’ve worked in the security industry, I have negotiated countless contracts where I’ve been given the keys to hundreds of buildings along with alarm codes, doors codes and security passwords. In all of those years, I’ve only once been asked to show my ID badge. Often, at a first meeting I’m provided with all manner of sensitive information about the vulnerabilities of a building before a client has even had the opportunity to investigate the legitimacy of my position. Trust is essential. Clients should be asking many more questions about potential suppliers before they hand over the keys to the kingdom. As a company, we’re rarely asked about SIA licences or the ACS accreditation. When the subject is raised, the question is usually posed in such a way that it’s clear the client doesn’t fully understand the situation. The question that’s regularly asked by the client is: “Does your company have an SIA licence?”. It’s an irrelevant question as there’s no such thing as an SIA-licensed business at the moment. A formal tender process is usually where the most appropriate questions are raised. This is when clients want to know about training, recruitment, screening, continuity of service and added value. This gives a quality provider the opportunity to really demonstrate what

they can offer as part of their service delivery, but often tenders are over 60% weighted on price so, despite the right questions being asked, the answers become irrelevant as far as the selection process is concerned. Risk UK: How do you define quality of service delivery? What do you feel should be the key elements of guarding service delivery ‘on the ground’, and what does ‘value add’ look like from your perspective? Tony Woolcott: Delivering a quality service in security is essentially quite straightforward. Deliver the service on time. Keep clients informed if there’s a problem with service delivery for any reason. Regularly update Job specifications and assignment instructions. Make sure you meet your KPIs. Maintain regular communication and meetings with the clients. Provide a full audit history and activity record for your clients containing the information that they want to see and in a format that suits their requirements. That must all sound a bit basic, but to be frank these are the most common concerns that we hear from potential customers who are looking to switch service providers. Unbelievably, it’s still apparently common practice for providers to not actually deliver a service, be that service in the form of an officer, a patrol visit or even responding to an alarm, but still actually charge the client as though they’ve received the service. During negotiations with potential customers, we’re frequently told that they’re well aware security doesn’t actually ‘turn up’ when it’s supposed to, but still they receive invoices month after month. In my mind there are two scenarios at play here. Either the provider doesn’t know if the service is being delivered so it’s down to bad management, or the provider knows full well that the service isn’t forthcoming, but chooses to invoice anyway. Essentially, that’s fraudulent practice. Delivering added value becomes straightforward when you already meet the basics. If you maintain regular communication with a client then you learn about their business and the problems they’re facing. It’s easy to start incorporating small additions to job specifications to meet the clients’ needs. With a workflow management system that provides a full audit history, the client has all the data and statistics available in a format that they can use. From our own perspective, added value is simply about using all of the time that our staff are based at a given site to best effect by filling their shifts with useful duties.

Name Tony Woolcott Job title Managing Director Time in the security sector I’ve worked in the security industry for 14 years. I’ve served as managing director of Avantguard Security Ltd for the last eight years Location of the business Avantguard Security Ltd is a local provider of security guarding services based in Littlehampton, West Sussex. We operate in West Sussex and East Sussex Areas of expertise Avantguard Security Ltd specialises in providing security guarding services for commercial and corporate buildings, industrial warehousing and manufacturing, food processing and educational establishments. We provide security officers, mobile security services, key holding and alarm response solutions Accreditations Avantguard Security Ltd holds SIA Approved Contractor status for the provision of security guarding and key holding services and is audited by the SSAIB. We’re SAFEcontractor approved and members of the Trading Standards ‘Buy With Confidence’ Scheme

Tony Woolcott: Managing Director of Avantguard Security Ltd

www.risk-uk.com

CyberSecurityResilienceandCyberIncidentResponse December2016_riskuk_apr15 07/12/2016 14:49 Page 1

Top-Down Approach to Threat Management understanding the threats when developing your response plans and capability. From a cyber point of view, my learning curve has been somewhat steep. Sometimes it has felt like a mountain to climb rather than a gradual curve. It’s amazing how cyber threats are developing. Similar in nature, in fact, as to how the terrorist threat has evolved. Atrocities that only a few of us would have imagined just a few short years ago are now occurring on a monthly or even a weekly basis. My own strong point of view on this is that it’s no longer possible to manage these types of organisational risks in isolation. The solution isn’t just down to the IT teams. We must and have to work together.

Knowledge and experience

For a number of years now, several securityfocused professionals have been championing the thought that physical security and resilience teams can – and, indeed, should – play a far more significant role when it comes to ensuring today’s organisations are highly effective and resilient against the threats posed by myriad cyber incidents and data loss. Barrie Millett is one of them

www.risk-uk.com

ooking back, in some respects I’ve been incredibly lucky over the years in being tasked to manage a number of key issues and events. Importantly, I’ve learned some significant lessons along the way while also making a couple of mistakes. Whether repatriating individuals from Beirut at a time of conflict, responding to terrorist atrocities in various countries, severe weather events or organised crime, the way in which I would lead the response has a direct link to effectively responding to and managing cyber incidents. Confronting all of those issues has enriched me as a person and also given me a totally different perspective as a leader. Testing, adjusting and adapting my leadership approach has enabled me to truly understand the risks we face, and then develop holistic business impact analyses and multifaceted response plans that truly support a given organisation’s strategy, enabling that company to respond effectively whatever might be thrown at it. Importantly, the secrets to success are not to work in silos and ‘Test, Test, Test’. To be a true resilience leader you have to think the unthinkable and be imaginative with

Those that head up physical security and resilience teams have a wealth of knowledge and experience that should be harnessed and not discarded by CIOs or CEOs. Very often, roles such as the Chief Security Officer or security director will lead on the preparations for – and response to – crisis situations. Let’s now take a look at some examples by way of demonstrating where these skills, experiences and lessons from high impact events can be harnessed in organisations’ responses to cyber-centric issues. Terrorist attacks are usually high impact events, often occurring without warning and imparting direct and indirect consequences on an organisation. These events always require multiple stakeholder interfaces both internally – involving, for example, Boards of Directors, employees and multiple business units – and externally (encompassing the Emergency Services, the police, other agencies and external service providers alike). Then there’s the prospect of criminal activity, whether it be petty theft or organised crime such as kidnap and ransom, fraud, counterfeiting or sabotage, etc. Again, there’s a requirement here for multiple stakeholder engagement in tandem with an in-depth investigation and response strategy. Facility denial of access can be due to multiple causes, among them a building fire, a bomb threat, the fact that access routes are blocked or that severe weather events are in play, etc. Here, a multiple stakeholder engagement strategy is required in addition to in-depth business continuity planning. As the response to such incidents requires a multi-team interface, they will have undergone

CyberSecurityResilienceandCyberIncidentResponse December2016_riskuk_apr15 08/12/2016 12:25 Page 2

Cyber Security: Resilience and Cyber Incident Response

a rigorous planning and testing process with exercise regimes that often include the participation of the Emergency Services and other agencies. That being so, the response will be as good as it can be, always bearing in mind some key learnings achieved that must be fed back into a continuous improvement life cycle – ‘Plan, Do, Check, Act’. Ultimately, we should all use this learning and experience to join up the preparation for – and the determined response to – cyber attacks. Cyber crime is exactly that, a crime. It’s a key point that should not be missed. Security Departments have been leading organisational response on criminal activity for years now, and such experience shouldn’t be lost.

Blind to reality Given the amount of statistical information available, it’s a real eye opener that some organisations remain blind to the threats and, in some instances, don’t have a comprehensive and holistic response plan in place. The human and physical interface consistently plays a key part in opening up vulnerabilities for adversaries to exploit by dint of them circumventing and inadvertently breaching controls. Yes, it’s fair to state that we’re all working hard to remain one step ahead of the criminals, but it’s worth remembering that the adversaries continue to innovate and exploit vulnerabilities. They only need to be lucky once. Government and society wants and needs assurances that systems and data are secured both physically and from a cyber standpoint. They don’t want excuses. They want action, and we must all play a part in its delivery. Personal experience has demonstrated to me that cyber and physical security response plans and capabilities need to be intrinsically linked. Togetherness inevitably breeds an understanding of the dynamics around emerging threats and how these continue to morph, helping to turn joint information into actionable intelligence that then delivers targeted defence and response plans. It’s absolutely imperative that we adopt the ‘big team approach’ in order to give us a chance of being successful, all the while working with law enforcement and other agencies such as the National Cyber Security Centre. We must gain a seat at the table and work to the designated command structures.

Change the rule book Engaging with operational teams, making sure they’re truly involved with ‘business as usual’ tasks and incident response plans and linking-

“Silo-style thinking and incomplete planning either internally or externally will seriously limit a given organisation’s resilience capabilities” in better with employees are all important steps forward that, if undertaken in an engaging way, will turn individuals into advocates for physical and cyber security. That ensures greater resilience. There has perhaps never been a greater need for us to change the rule book, venture into the heart of the organisation, feel the pain, understand the challenges and spend some quality time talking to people to ensure that what we’re engaged in and trying to achieve can be operationalised. In all of its myriad forms and aspects, security simply must be the enabler of the business. Developing a joined-up strategy with transparency at its epicentre and talking in a language that executive teams understand is nothing less than crucial. Not ‘bits and bites’style conversation, though. Rather, the talk needs to be in business terms and link to culture – risk, return on investment, enablement and impact on reputation and revenues, etc. Ultimately, there will be multiple paths to take. However, it’s important that we’re all aiming for the same destination and recognise that paths will have to join from time to time and dovetail neatly with the same resilience plan. Silo-style thinking and incomplete planning either internally or externally will seriously limit a given organisation’s resilience capabilities, not to mention increase costs and erode value.

At a time when the number of successful cyber attacks rises at over 25% a year, and the volume of sensitive files exposed in such attacks escalates above the 70% mark, the Cyber Rescue Alliance – a Membership Assistance Alliance that reduces the harm caused by cyber attacks – exists for the 40% of organisations that are “extremely concerned” about such developments taking place. The Cyber Rescue Alliance would welcome the opportunity to make this series of articles as interactive as possible for the readers of Risk UK. On that basis, do you have a ‘hot topic’ you would like to see covered? If so, please send an e-mail to: b.millett@ntlworld.com and we’ll endeavour to address the subject in future editions of the journal

Intrinsically connected The emerging challenges we face cannot be effectively addressed by individual institutions, organisations and teams working in isolation – the interdependencies and responsibilities are simply too great. We must connect our thinking, resources and activities in order to create a collaborative approach, building common understanding and direction at all times that overcomes the barriers to fashioning truly resilient organisations and a more resilient society. Chief Security Officers, security directors and their teams have a long and proud history of managing criminal activity and crisis events. As suggested, it’s absolutely paramount that we embrace this valuable experience. The price of failure is far too great for us to even contemplate not doing so.

Barrie Millett: Expert Advisor at the Cyber Rescue Alliance and Honorary Life VicePresident of ASIS UK

www.risk-uk.com

RiskinAction December2016_riskuk_oct16 06/12/2016 16:06 Page 1

Risk in Action: Best of 2016 Wisenet cameras ‘going mobile’ on Hull Trains for purposes of passenger safety enhancement Passengers on Hull Trains will now be feeling even safer following the decision to install video monitoring systems on the train operators’ locomotives and carriages. Wisenet systems are being included as part of a phased upgrade of the train fleet, with the engineering work carried out thanks to the assistance of Atkins Rail (commissioned by Angel Trains, owner of the Class 180 Adelante fleet operated by Hull Trains). Following on from a successful trial on one of Hull Trains’ Class 180s and its five carriages, Wisenet 2 MP SNV-6012M compact flat cameras and 5 MP SNF8010VM 360-degree cameras are being installed in up to 70 train carriages. A forward-facing SNV-6012M, which uses Wisenet’s Motion Artifact Reduction technology to deter motion blur, will be installed at the front of each DMU. “Railway-related accidents are extremely rare, but we’ve worked very closely with Angel Trains, Atkins Rail and Hanwha Techwin Europe to ensure that the mobile video monitoring systems are able to help us keep passengers safe, while anyone tempted to engage in anti-social behaviour will be deterred from doing so,” observed Paul Wood, fleet manager at Hull Trains. Both camera models are resistant to vandalism and conformant to the EN50121-3-2, EN-50121-4, EN-50155, EN-61373 and EN-609050-1 European Standards. As such, they’ve been certificated as electromagnetically safe for use on trains. With a rugged M12 connector, they’re able to withstand vibrations, making them ideal for monitoring passenger activity or, externally, the track ahead to provide video evidence of any incidents that occur. Images from the cameras are to be recorded on Wisenet SRM-872 NVRs. These NVRs enable Hull Trains’ safety and security personnel to review latencyfree HD images of fastmoving objects for investigation purposes.

Jacksons Fencing helps Eurotunnel provide a safe and secure perimeter at the Coquelles terminal Jacksons Fencing has successfully installed security fencing and associated gates at the Eurotunnel Terminal in Coquelles, France as part of the Anglo-French commitment towards securing key parts of the site against illegal and dangerous migration activity. Located just 12.4 km from the UK entrance to Eurotunnel in Folkestone and with a reputation for delivering certified and approved security fencing systems to other high profile sites of critical national importance, the family-owned business completed the project – which includes more than 40 pedestrian and vehicle gates – over an

www.risk-uk.com

Software security expert EyeLynx ready to supply bespoke video analytics and CCTV surveillance for Fire and Rescue Service Zaun Group company EyeLynx has been chosen to supply video analytics and CCTV surveillance as part of the Terms and Conditions of a fiveyear contract aimed at upgrading the access control and perimeter security systems for a county Fire and Rescue Service. According to the project specification, EyeLynx will provide its SharpView Corporate solution with built-in 100% resilience such that the client’s operator team members can record and manage Full-HD CCTV camera images. SharpView Corporate encompasses up to 23 Tb of internal storage and is pre-licensed for use with anything up to 64 cameras (as well as being scalable for deployments involving upwards of 1,000 cameras). The video cameras incorporate advanced video analytics for the HD images, providing superior detection of potential intruders. eight-week period, in turn meeting what was an extremely challenging deadline. The initial project involved 5 km of security fencing, the majority of which was originally specified to reinforce physical security measures already in place, with the remainder set to replace existing fencing. The contract was awarded to two principal contractors, with Jacksons initially responsible for 3.3 km of the fencing. However, due to the changing and escalating nature of the threat posed by people smugglers operating in and around the Channel Tunnel railhead at Coquelles, Jacksons Fencing has now installed a total of 8.5 km in four key locations across the site which harbours a 41.8 km perimeter. The project involved contracts manager Steve Hancock along with a 70-strong team.

RiskinAction December2016_riskuk_oct16 06/12/2016 16:06 Page 2

Risk in Action: Best of 2016

Warwick Castle ‘ramparts’ up fire safety with installation of WES+ delivered by Ramtech Electronics

Axis Group wins contract to provide security and reception services at Pinners Hall

At the prestigious Grade 1-listed Warwick Castle, Ramtech Electronics has provided its WES+ state-of-the-art, EN 54-compliant wireless fire alarm system. Merlin Entertainments, operator of Warwick Castle, runs a mix of relocatable shops and restaurants located around the 10th Century site. These retail units can be repositioned during major events, which meant that there were obvious benefits in choosing a WES+ wireless system as the Call Points and base station can also be moved without recourse to the specialist trades demanded by a wired system. The distance between the retail units and Warwick Castle would have made it impractical to install a wired system. These units, which are spaced up to 500 metres distant from each other, must be linked to the security team at all times. The WES+ system uses Category 1 receivers throughout, ensuring maximum signal reliability and non-interference with other technologies on site. The signal is capable of passing through all commonly used construction materials such as stone, brick, concrete and steel. Ramtech Electronics has also supplied a SIM card with WES+, allowing a text message to be instantly sent from the most distant retail unit to the security team in the Control Room at the castle if any of the fire points should be triggered. Each of the four commercial units has a separate base station and between 3-4 manual Call Points as well as automatic smoke and heat detectors for 24/7 cover. A separate base station allows each unit to have its own independent fire alarm system, which can be activated without resulting in the other three shops (which are away from danger) being evacuated.

BNP Paribas Real Estate, a specialist division of the financial services group BNP Paribas, has chosen two Axis Group companies to provide security guarding and Front of House services for the prestigious offices at 105 Old Broad Street in central London. Based in the very heart of the City of London, 105-108 Old Broad Street – also known as Pinners Hall – is a multipurpose commercial property that houses the offices and conference facilities of several large financial institutions. Axis Security was awarded the initial contract to deliver a 24/7 security guarding service at this location, duly employing six trained and Security Industry Authority-licensed security officers whose responsibilities include access control, loading bay services and organising the access of contractors and deliveries as well as site patrolling. Its sister business Acuity, the niche London-based five star reception services division of the Axis Group, was awarded the Front of House contract to provide three receptionists covering working hours from Monday to Friday. Steven Wadsworth, facilities manager at BNP Paribas Real Estate, informed Risk UK that the need for enhanced customer service was at the very heart of awarding the new contracts. “First impressions count,” explained Wadsworth. “Now, we have the receptionists and security officers working as a team to assist visitors and staff as they enter the building. The new arrangement very much fits with our own vision of what customer service looks like.” Appointing these sister companies has led to a better integration of services.

Hanwha Techwin Europe on track for London Midland stations project Train operating company London Midland has invested in the latest generation of IP network video surveillance technology in order to maintain a safe environment for passengers and staff alike at 14 of its stations. In excess of 300 Samsung-branded WiseNetIII IP network HD cameras have been installed at the stations by Babcock’s Rail business. “The knowledge we acquired as a Silver Partner of the Hanwha Techwin Europe STEP partnership programme enabled us to identify and recommend the WiseNetIII cameras that were most suitable to help the client meet its objectives,” commented Anthony Sykes, construction engineering manager for Babcock. Key to the decision around sourcing the cameras from Hanwha Techwin Europe was the fact that all of the selected camera models are PADS-approved. The issuing of the PADS Certificate of Acceptance follows on from a process during which the products were evaluated and tested to ensure reliability and compliance with Network Rail’s demanding safety standards. A combination of SNB-5004 box cameras, SNV-5084 domes and SNF-7010VM 360° surveillance models have now been installed at each of the stations.

www.risk-uk.com

TechnologyinFocus December2016_riskuk_sep16 06/12/2016 16:09 Page 1

Technology in Focus: Best of 2016 TDSi develops new version of the company’s popular EXgarde 4.5 integrated security software solution

Integrated security solutions manufacturer TDSi has introduced the latest version of its fully-integrated access control solution EXgarde 4.5. The new version includes full two-way synchronisation with Milestone Systems’ Access Control Module (ACM) as well as integration with ASSA ABLOY’s recently launched KS100 server cabinet electronic lock. Operators can now employ Milestone as the primary user interface, while at the same time maintaining full access control via the EXgarde software. Previous versions of EXgarde had already integrated with Milestone’s video surveillance software from the point of view of accepting data via the VMS, but version 4.5 also allows data from EXgarde to be shared the other way. Data is highly valuable and a vital asset which needs to be protected, so EXgarde 4.5 now integrates with ASSA ABLOY’s KS100 to physically safeguard servers. This offers the highest levels of security, even in a shared Data Centre environment. www.tdsi.co.uk

AMG Systems launches all-new range of unmanaged and semi-managed Ethernet switches and media converters

AMG Systems has just launched to market a completely new range of compact, industrial-grade one, two and four-port media converters, unmanaged and semi-managed switches. Designed and built in the UK, these ruggedised network devices are designed specifically for deployment in IP CCTV security applications where size constraints are under consideration and 24/7 reliability for high bandwidth external cameras is demanded by the end user. Andrew Pigram, sales and marketing director at AMG Systems, told Risk UK: “Since the majority of outdoor cameras are located beyond standard Ethernet’s normally restrictive 90-metre range, all the new units incorporate small formfactor pluggable slots for optical media or Ethernet, subsequently allowing data transmission up to distances of 120 km.” Pigram continued: “With the option of 100 Mbps or 1 Gbps speeds and 30 W of available power per Ethernet port, PoE and PoE+-enabled cameras or other network devices may be powered directly from the AMG switches or media converters. This eliminates the need for additional camera PSUs, power cables and installation expenditure for the end user customer.” The new semi-managed switches eliminate multicast flooding to local Ethernet-connected devices, rendering them ideal for larger CCTV applications where unmanaged switches are not sophisticated enough to handle multicast traffic, and where fully-managed switches demand an unwelcome overhead involving individual programming, additional cost and network complexity. All models can be quickly surfacemounted or simply clipped on to a DIN rail for rapid installation and servicing. www.amgsystems.com

www.risk-uk.com

Hochiki introduces range of Linear Heat Detection equipment Life safety systems manufacturer Hochiki Europe has launched a new range of Linear Heat Detection (LHD) equipment designed specifically to provide specialist high precision heat detection over large distances in more challenging environments. The LHD system affords early detection of fire and overheating in circumstances where other forms of detection wouldn’t be viable. Hochiki Europe’s LHD range offers both analogue and conventional products. The conventional Linear Heat Detection Cable (LHDC) is able to identify the zones in a fire condition, while the addressable LHDC can isolate the heat to within one metre. This fast response ensures facility owners and managers have adequate time to deal with outbreaks of fire before there’s any damage to infrastructure or specialist equipment or a threat to staff safety. www.hochikieurope.com/lhdc

Apollo Fire Detectors unveils new VADs designed to complement EN54-23 approved range

Apollo Fire Detectors, the independent specialist fire detector manufacturer, has added to its range of products with the launch of a new series of visual alarm devices (VADs). The devices have been created by Apollo Fire Detectors’ dedicated in-house design team, with two available in the ceiling category – namely a C-3-8.5 and a C-3-15 VAD – and one wall category W-2.5-7 VAD available to complement open category VADs in this range. The new VADs run on Apollo’s existing XP95 and Discovery digital protocols. For ease of installation, these loop-powered VADs are mounted on the ceiling and wall. The new VADs make use of a white flash colour, and are available in red and white body variants. To ensure that the devices meet and surpass the EN54-23 standard, Apollo Fire Detectors has specifically designed and developed a range of highly efficient lenses. www.apollo-fire.co.uk

TechnologyinFocus December2016_riskuk_sep16 06/12/2016 16:09 Page 2

Technology in Focus: Best of 2016

“Cost-effective modular cameras for exceptionally discreet surveillance” developed by Axis Communications The P1244 modular network camera features a thumb-sized sensor unit that’s connected via a cable to a small mains unit. It allows for versatile mounting options and is ideal for use in shops and banks, as well as integration within ATMs and ticket/vending machines. The high-performance HDTV 720p cameras are said to offer even better image quality in low and varying light conditions than their predecessors, providing improved video compression and analytics capabilities for today’s end users at an affordable price. “Better performance and a smaller size and price makes the P1244 an attractive product for customers who are looking for a cost-effective and highly discreet surveillance solution,” explained Erik Frännlid, director of product management at Axis Communications. The modular concept divides a camera into different parts: a sensor unit comprising a lens and an image sensor, a main unit that houses the processor, network and power connections and a cable connecting the sensor unit to the main unit. This allows for the installation of a small sensor unit where needed, while the main unit can be placed elsewhere. P1244 cameras comprise a sensor unit with a 102° horizontal field of view.

Vanderbilt’s Eventys CCTV range offers end users “more than they need for less cost than they would imagine”

Vanderbilt has announced the latest addition to its growing CCTV portfolio. The Eventys range has been designed to meet the need for a cost-effective solution that doesn’t compromise on either functionality or ease of use. The Eventys range offers variants of up to H.264+ IP compression efficiency and optimised codec technology alongside two NVRs. With a simple set-up procedure, these products offer “outstanding functionality and flexibility” and are ideal for either smaller or medium-sized installations. The Eventys IP cameras feature 1.3 MP to 2 MP resolution with both fixed and varifocal lens options. Powering and connecting the cameras is a simple and straightforward exercise thanks to the use of Power over Ethernet, which allows energy to be supplied via the IT network infrastructure. This is coupled with automatic IP address allocation alongside auto-device detection and connection for ‘plug-and-play’ functionality. The cameras are built into an IP66-rated weatherproof enclosure. Advanced CMOS progressive scanning allows them to obtain values from each pixel in the sensor and scans to produce a complete picture. www.vanderbiltindustries.com

www.axis.com

‘Out of the Box’ Wisenet Heatmap and People Counting cameras introduced for end users by Hanwha Techwin Europe The technology partnership established between Hanwha Techwin Europe and Facit has led to the launch of new Wisenet Heatmap and People Counting cameras. Each camera is supplied for the end user with a pre-loaded Facit Application that can be put to work straight ‘Out of the Box’. The Wisenet SNV-6013/FHM Heatmap camera is able to provide accurate, real-time information about customer in-store behaviour. It does so by displaying ‘hotspots’ within a store to indicate customer buying patterns, including dwell times. A time-lapse feature adds to the camera’s ability to provide valuable business intelligence, such as identifying any areas of a store where there

might be low activity in order to assist with product placement. The Wisenet SND-6084/FPC bi-directional people counting cameras offer retailers the opportunity to measure store efficiency between footfall and actual sales. They also identify the busiest days, times and seasons, helping to manage peaks and troughs of customer flow at checkouts. As is the case with the Wisenet Heatmap camera, the Wisenet People Counting camera boasts a web-based user interface for monitoring customer counts in real-time. www.samsung-security.eu

www.risk-uk.com

smart mockup_000_Benchmark_march15 08/12/2016 12:26 Page 1

BENCHMARK Smart Solutions BENCHMARK

Innovative and smart solutions can add value and benefits to modern systems for customers. With the technological landscape rapidly evolving, the Benchmark Smart Solutions project assesses the potential on offer from system integration, advanced connectivity and intelligent technology. Bringing together field trials and assessments, proof of concept and real-world experience of implementing smart solutions, it represents an essential resource for all involved in innovative system design. Launching in 2017, Benchmark Smart Solutions will be the industryâ&#x20AC;&#x2122;s only real-world resource for security professionals who are intent on offering added value through the delivery of smarter solutions.

@Benchmark_Smart Partner Companies

www.benchmarksmart.com

Appointments December2016_riskuk_jul15 06/12/2016 15:51 Page 1

Appointments

Tim Janes

The Business Continuity Institute (BCI) has announced that Tim Janes Hon FBCI will be the new vice-chairman of the Board of Directors at the organisation, as voted for by fellow members of the Global Membership Council. Janes takes over from James McAlister FBCI who becomes chair following the end of David James-Brown FBCI’s two years in charge. Presently a director at Risk Management Design in Australia and director/owner of Fulcrum Risk Services, Janes has previously served as one of the dedicated membership directors on the BCI’s Board and, indeed, as the representative for Australasia on the BCI’s Global Membership Council. He’s a pastpresident of the BCI’s Australasian Chapter. On taking up the new role, Janes told Risk UK: “This is an exciting time to be elected as the new vice-chairman of the BCI. We have a new executive director in office with David Thorp and great plans for enhanced member services and international growth.” Janes also stated: “Recent world events have shown how political, social and economic ‘certainties’ can be overturned. I think these conditions, when taken together, will present many opportunities for our profession to show how we actively help organisations to manage through unfamiliar and disruptive challenges. My goal is to assist the BCI in providing practical support for all members.” Janes is a specialist in business continuity, crisis management, operational risk management and disaster response. He holds an MBA gained at Imperial College London and a BA (Hons) from Oxford Brookes University.

Tom Brookes The British Fire Consortium (BFC), which is the second largest fire-focused Trade Association representing over 250 SME fire extinguisher and fire alarm companies, has just appointed Tom Brookes as its new chairman. The managing director of BAFE-approved company Lindum Fire Services Ltd, Brookes takes up the position after a 25-year career in the fire industry that has seen him serve as a Technical Committee member on no less than seven British Standards Institution (BSI) Committees, and most recently on the BSI Committee tasked with re-writing BS 5839-1. Brookes is the current vice-chairman of the Fire and Security Association, working

Appointments Risk UK keeps you up-to-date with all the latest people moves in the security, fire, IT and Government sectors Simon Jones

CNL Software, a leader in the sphere of Physical Security Information Management (PSIM) software, has expanded its global sales team with the appointment of Simon Jones to the role of sales manager (UK and Europe). Jones’ primary function will be to nurture the company’s existing customer relationships and both develop and expand the UK and European customer base in line with the company’s global growth strategy. With over 20 years’ experience in technical sales, Jones recently completed a five-year tenure at Reliance High-Tech, where he was responsible for integrated security sales into various high profile accounts, including some of the UK’s largest police forces. Jones harbours a detailed understanding of the Critical National Infrastructure market and the industrial Internet of Things sector, offering a unique insight into the challenges facing industries grappling with the exponential growth in data acquisition as well as challenges outside of traditional security applications that CNL Software is also addressing by way of IPSecurityCenter to create business value and, ultimately, drive innovation. “Simon brings a wealth of experience to CNL Software, not only technical, but also operational and cultural, having lived and worked extensively in Europe,” explained James Condron (vice-president of global sales and marketing at CNL Software). alongside industry specialists Pat Allen of Able Alarms and Steve Martin, head of specialist groups for the Electrical Contractors’ Association. Also a member of the Fire Industry Association’s WG5 Committee and a technical advisor for the City & Guilds 1853-03 NVQ, Brookes brings vast amounts of expertise and industry knowledge to the Consortium. Graham Newman, president of the BFC and BAFE director, said: “This is a crucial time for the fire sector, and I look forward to working with Tom on ensuring the BFC continues to offer members the support they need to grow their businesses. Tom joined the BFC back in 2004 and served on Council from 2008 before being elected as our new chairman.”

www.risk-uk.com

Appointments December2016_riskuk_jul15 06/12/2016 15:52 Page 2

Appointments

Andy Rainforth

Reece Ellis

Security solutions developer IDIS has announced the appointment of Reece Ellis to the position of regional sales manager covering the South of England. Reporting to Jamie Barnfield (senior sales manager for IDIS Europe) and based out of the company’s European headquarters in Brentford, Ellis is the latest addition of many in 2016 to support the continuing maturity of IDIS’ sales capability in the UK and the organisation’s sustained growth since the launch of its own brand business three years ago. Ellis will support existing national and regional integrators while also actively developing new partnerships and end user accounts. He will engage with strategic distributors within his region and support IDIS partners with joint IDIS Total Solution marketing initiatives and events. Consistently over-achieving on targets, Ellis brings to his new role over five years’ sales experience as well as an in-depth knowledge of both analogue and IP surveillance solutions. In his most recent roles at Norbain SD, Ellis was instrumental in developing key accounts and growing IP surveillance sales as well as providing product training and technical demonstrations for both installers and end users.

Richard Gates

ISD Tech, an agile life safety and security systems integrator, has appointed Richard Gates to the position of life safety project design engineer based out of the company’s headquarters in Camberley, Surrey. Reporting to managing director Nicky Stokes, Gates will be pivotal in supporting ISD Tech’s growing life safety services offerings, working closely all the while with both the sales and operations teams. Gates’ appointment follows ISD Tech’s 2014 expansion to include the design, installation, commissioning and maintenance of fire detection systems. Since then, the company has offered turnkey fire detection and alarm systems together with its established business in the delivery of integrated security solutions. Accredited by the independent fire protection industry body BAFE and fully-BS 5839 compliant, capabilities include the integration of fire detection and alarms, life safety systems, smoke detection (including VESDA systems for very early smoke detection), heat detection, disabled refuge Call Points and PA/VA systems. Gates’ remit is to ensure a continued customer centric approach featuring expert inhouse systems design and high quality services that have become ISD Tech’s signature. Ultimately, he’ll be directly responsible for ensuring compliant and technically robust life safety systems design and actively supporting ISD Tech’s dedicated operations personnel.

www.risk-uk.com

Grosvenor Technology has appointed Andy Rainforth as managing director for the business which specialises in global access control and workforce management solutions for end users. Having joined Grosvenor Technology as sales and marketing director back in 2014, Rainforth has been at the forefront of a period of change and is now taking the helm as the organisation begins to enjoy record access control solution sales. “Preparing Grosvenor Technology for growth has been a great process,” enthused Rainforth. “We’ve learned much about our NSI and SSAIB installer base and what they look for in an access control manufacturer. It has taken two years’ work on a commercial proposition and a product range that differentiates Grosvenor installers from the mass market fighting for the same ultra-competitive projects.” It’s an approach that’s proving successful for Grosvenor Technology, with the business witnessing sales of its Sateon access control platform in 2015-2016 grow by 244%.

Mark Wall

Mark Wall has joined Dahua UK and Ireland as area sales manager covering the Midlands and Wales. Wall has served in the electronic security industry for over 25 years now, starting out as an engineer in the family installation business before working in a commercial capacity for major CCTV and security solutions distributors. In terms of his new role, Wall stated: “Whatever sector of security I’ve worked in, it has always been my aim to provide customers with the ideal solution for their requirements. That task has just become easier since Dahua has one of the widest portfolios in the industry and is emerging as an international market leader.” Wall is extremely enthusiastic about the Dahua range in general and is already talking to distributors about ANPR and analytics. In point of fact, Wall embraces IP CCTV as a future-proof and scalable technology, and also sees the continuing benefits of Dahua’s considerable HD analogue and hybrid offerings for the market.

paper ad_Layout 1 04/06/2015 17:59 Page 1

thepaper

Pro-Activ Publications is embarking on a revolutionary launch: a FORTNIGHTLY NEWSPAPER dedicated to the latest financial and business information for professionals operating in the security sector

Business News for Security Professionals

The Paper will bring subscribers (including CEOs, managing directors and finance directors within the UKâ&#x20AC;&#x2122;s major security businesses) all the latest company and sector financials, details of business re-brands, market research and trends and M&A activity

FOR FURTHER INFORMATION ON THE PAPER CONTACT: Brian Sims BA (Hons) Hon FSyI (Editor, The Paper and Risk UK) Telephone: 020 8295 8304 e-mail: brian.sims@risk-uk.com www.thepaper.uk.com

sep16 dir_000_RiskUK_jan14 12/09/2016 14:42 Page 1

Best Value Security Products from Insight Security www.insight-security.com Tel: +44 (0)1273 475500 ...and lots more Computer Security

Anti-Climb Paints & Barriers

Metal Detectors (inc. Walkthru)

Security, Search & Safety Mirrors

Security Screws & Padlocks, Hasps Fastenings & Security Chains

ACCESS CONTROL

Key Safes & Key Control Products

Traffic Flow & Management

see our website

ACCESS CONTROL & DOOR HARDWARE

ALPRO ARCHITECTURAL HARDWARE ACCESS CONTROL

ACT ACT – Ireland, Unit C1, South City Business Centre Tallaght, Dublin 24 Tel: +353 (0)1 4662570 ACT - United Kingdom, 2C Beehive Mill Jersey Street, Manchester M4 6JG +44 (0)161 236 3820 sales@act.eu www.act.eu

Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk

ACCESS CONTROL – SPEED GATES, BI-FOLD GATES

HTC PARKING AND SECURITY LIMITED ACCESS CONTROL – BARRIERS, GATES, CCTV

ABSOLUTE ACCESS Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV

4th Floor, 33 Cavendish Square, London, W1G 0PW T: 0845 8622 080 M: 07969 650 394 F: 0845 8622 090 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk

ACCESS CONTROL

INTEGRATED DESIGN LIMITED ACCESS CONTROL

KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk

Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com

ACCESS CONTROL

SECURE ACCESS TECHNOLOGY LIMITED Authorised Dealer

ACCESS CONTROL

COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68

Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com

Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk

Custom Designed Equipment ACCESS CONTROL MANUFACTURER

NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES

UKB INTERNATIONAL LTD Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com

• • • • • ȏ •

Indicator Panels Complex Door Interlocking Sequence Control Door Status Systems Panic Alarms &HOO &DOO $΍UD\ 6\VWHPV Bespoke Products

www.hoyles.com sales@hoyles.com Tel: +44 (0)1744 886600

Hoyles are the UK’s leading supplier of custom designed equipment for the security and access control industry. From simple indicator panels to complex door interlock systems.

BUSINESS CONTINUITY

ACCESS CONTROL, CCTV & INTRUSION DETECTION SPECIALISTS

BUSINESS CONTINUITY MANAGEMENT

VANDERBILT INTERNATIONAL (UK) LTD

CONTINUITY FORUM

Suite 7, Castlegate Business Park Caldicot, South Wales NP26 5AD UK Main: +44 (0) 2036 300 670 email: tradeshows@VanderbiltIndustries.com web: www.vanderbiltindustries.com

Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org

www.insight-security.com Tel: +44 (0)1273 475500

sep16 dir_000_RiskUK_jan14 10/11/2016 16:09 Page 2

CCTV CCTV Rapid Deployment Digital IP High Resolution CCTV 40 hour battery, Solar, Wind Turbine and Thermal Imaging Wired or wireless communication fixed IP CE Certified Modicam Europe, 5 Station Road, Shepreth, Cambridgeshire SG8 6PZ www.modicam.com sales@modicameurope.com

CONTROL ROOM & MONITORING SERVICES ADVANCED MONITORING SERVICES

EUROTECH MONITORING SERVICES LTD.

Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.net Web: www.eurotechmonitoring.net

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS

ALTRON COMMUNICATIONS EQUIPMENT LTD

DISTRIBUTORS

Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: cctvsales@altron.co.uk Web: www.altron.co.uk

CCTV

G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk

CCTV/IP SOLUTIONS

DALLMEIER UK LTD 3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com

sales@onlinesecurityproducts.co.uk www.onlinesecurityproducts.co.uk

AWARD-WINNING, LEADING GLOBAL WHOLESALE DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.

ADI GLOBAL DISTRIBUTION SPECIALISTS IN HD CCTV

MaxxOne Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP Tel +44 (0)161 430 3849 www.maxxone.com

Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company also offers an internal technical support team, dedicated field support engineers along with a suite of training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online account, installers can order up to 7pm for next day delivery.

Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER. CCTV & IP SECURITY SOLUTIONS

PANASONIC SYSTEM COMMUNICATIONS COMPANY EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP UK Tel: 0207 0226530 Email: info@business.panasonic.co.uk

MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ

Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com

COMMUNICATIONS & TRANSMISSION EQUIPMENT

KBC NETWORKS LTD. Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS

DIGITAL IP CCTV

SESYS LTD High resolution ATEX certified cameras, rapid deployment cameras and fixed IP CCTV surveillance solutions available with wired or wireless communications.

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk

NORBAIN SD LTD 210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com

CCTV SPECIALISTS

UK LEADERS IN BIG BRAND CCTV DISTRIBUTION

PLETTAC SECURITY LTD

SATSECURE

Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 01788 567811 Fax: 01788 544 549 Email: jackie@plettac.co.uk www.plettac.co.uk

Hikivision & MaxxOne (logos) Authorised Dealer Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP Tel +44 (0)161 430 3849 www.satsecure.uk

www.insight-security.com Tel: +44 (0)1273 475500

sep16 dir_000_RiskUK_jan14 01/12/2016 17:38 Page 3

EMPLOYMENT

INTEGRATED SECURITY SOLUTIONS

INNER RANGE EUROPE LTD

FIRE AND SECURITY INDUSTRY RECRUITMENT

SECURITY VACANCIES

Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com

www.securityvacancies.com Telephone: 01420 525260

PERIMETER PROTECTION

IDENTIFICATION

ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS

GJD MANUFACTURING LTD Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk

PERIMETER PROTECTION

GPS PERIMETER SYSTEMS LTD

COMPLETE SOLUTIONS FOR IDENTIFICATION

DATABAC GROUP LIMITED

14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk

1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com

INDUSTRY ORGANISATIONS

POWER

POWER SUPPLIES â&#x20AC;&#x201C; DC SWITCH MODE AND AC

DYCON LTD Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471900 Fax: 01443 479 374 Email: sales@dyconpower.com www.dyconpower.com

TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY

BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk Twitter: @thebsia

STANDBY POWER

UPS SYSTEMS PLC Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk

THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY

SSAIB 7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org

INTEGRATED SECURITY SOLUTIONS

UPS - UNINTERRUPTIBLE POWER SUPPLIES

ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk

SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

UPS - UNINTERRUPTIBLE POWER SUPPLIES

HONEYWELL SECURITY

UNINTERRUPTIBLE POWER SUPPLIES LTD

Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com

Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk

www.insight-security.com Tel: +44 (0)1273 475500

sep16 dir_000_RiskUK_jan14 13/09/2016 12:28 Page 4

SECURITY

LIFE SAFETY EQUIPMENT

C-TEC CASH & VALUABLES IN TRANSIT

CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk

Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: www.c-tec.com

PERIMETER SECURITY

TAKEX EUROPE LTD QUALITY SECURITY AND SUPPORT SERVICES

CONSTANT SECURITY SERVICES Cliff Street, Rotherham, South Yorkshire S64 9HU Tel: 0845 330 4400 Email: contact@constant-services.com www.constant-services.com

Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takex.com Web: www.takex.com

PHYSICAL CONTROL PRODUCTS, ESP. ANTI-CLIMB

INSIGHT SECURITY FENCING SPECIALISTS

J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk

Units 1 & 2 Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com

SECURITY EQUIPMENT

PYRONIX LIMITED INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com

Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMS INTRUDER AND FIRE PRODUCTS

CQR SECURITY 125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk

BOSCH SECURITY SYSTEMS LTD PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 0330 1239979 E-mail: uk.securitysystems@bosch.com Web: uk.boschsecurity.com

SECURITY EQUIPMENT INTRUDER ALARMS – DUAL SIGNALLING

CASTLE

CSL

Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042

Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 @CSLDualCom www.csldual.com

INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS

RISCO GROUP Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk

www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity

www.twitter.com/castlesecurity

SECURITY PRODUCTS

EATON Eaton is one of the world’s leading manufacturers of security equipment its Scantronic and Menvier product lines are suitable for all types of commercial and residential installations. Tel: 01594 545 400 Email: securitysales@eaton.com Web: www.uk.eaton.com Twitter: @securityTP

ONLINE SECURITY SUPERMARKET

SECURITY SYSTEMS

EBUYELECTRICAL.COM

VICON INDUSTRIES LTD.

Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com

Brunel Way, Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com

www.insight-security.com Tel: +44 (0)1273 475500

Project1_Layout 1 05/12/2016 12:46 Page 1