Risk UK February 2017 by Western Business Media Limited

FrontCover February2017_001 07/02/2017 12:33 Page 1

February 2017

www.risk-uk.com

Security and Fire Management

Balancing The Books Strategic Alignment for Risk Management Budgets Video Surveillance: Camera Selection and Procurement Counter-Terrorism: Hostile Vehicle Mitigation Techniques Network Security: Resilience at the Executive Level Supplement: Fire Safety Management and Installation

Project1_Layout 1 22/12/2016 12:10 Page 1

Always a suitable solution with the DIVAR hybrid and network recorders At Bosch, we believe that video surveillance solutions should be as easy to install as they are to use. It’s the thinking behind our completely new portfolio of DIVAR hybrid and network recording solutions. Specifically designed for 24/7 operation, they offer the ability to create video surveillance solutions with professional security features. Solutions that can be tailored to fit the growing needs of small and medium businesses.

boschsecurity.com

Contents February2017_riskuk_Dec12 07/02/2017 15:26 Page 1

February 2017

Contents 31 Fire Safety Management and Installation The FIA, the FPA, Klaxon, Kentec and The Fire Safety Event all feature in our regular Fire Safety Supplement for end users

44 2017: The Breakthrough Year for PSIM? Data Protection in a Post-Brexit World (pp54-55) 5 Editorial Comment 6 News Update

Global integrators are now defining strategies for their ongoing participation in the PSIM space, as Keith Bloodworth observes

46 IT Risk Management in Financial Services As technology becomes more pervasive across financial services, so too do the associated risks. Chris Recchia responds

Ofqual report on security qualifications. IRM and CMA launch Competition Law Risk Guide. Robert Hannigan set to leave GCHQ

48 The Security Institute’s View

8 News Special: FPA Business Protection Portal

50 In The Spotlight: ASIS International UK Chapter

Brian Sims reports on the launch event for the Fire Protection Association’s new Business and Property Protection Portal

Christopher Aldous focuses on crowded spaces and how to secure them in the wake of terrorism episodes across Europe

11 Opinion: Matters of the Mind

52 FIA Technical Briefing

MHFA England’s Poppy Jaman calls on managers in the security sector to actively support the mental well-being of their staff

Nigel Joslin previews some key research work being carried out by the FIA in relation to combating waste recycling centre fires

14 Opinion: Security’s VERTEX Voice

54 Security Services: Best Practice Casebook

Peter Webster recently held talks with Alan Clamp, the SIA’s CEO, to discuss some of the security sector’s pressing issues

Mike White details the EU GDPR for security companies

17 BSIA Briefing

Nic Scott assesses the current threat posed by insider breaches

Mike Gilbert on post-Brexit co-operation to beat the fraudsters

56 Employees... Weakest Link on the Network?

James Kelly examines how physical security can help mitigate the potentially devastating impact of hostile vehicle scenarios

58 Training and Career Development

20 Balancing The Books

60 Risk in Action

Philip Strand seeks to encourage executive leadership teams to ensure that their risk management budgets and valuable assets are optimally balanced in support of strategic objectives

62 Technology in Focus

22 CCTV: What’s in Store for Retailers?

The latest people moves in the security and fire business sectors

CCTV is now offering retailers far more than just a way of deterring shoplifters. Nicholas Smith expands on the detail

65 Appointments 68 The Risk UK Directory

24 CCTV System Procurement for End Users What factors do security and risk managers need to take into consideration when procuring or upgrading a video surveillance system? Pom Chen outlines the key points to note

26 Halting Hostility in its Tracks Craig Mason offers salient guidance that will help practitioners determine their HVM measures for the host organisation

28 Access Control: A History Lesson Anne Frank House in Amsterdam recently received an upgrade of its physical security regime. Chris Northy-Baker reviews what has been done to protect the site from terrorism and criminality

ISSN 1740-3480 Risk UK is published monthly by Pro-Activ Publications Ltd and specifically aimed at security and risk management, loss prevention, business continuity and fire safety professionals operating within the UK’s largest commercial organisations © Pro-Activ Publications Ltd 2017 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means electronic or mechanical (including photocopying, recording or any information storage and retrieval system) without the prior written permission of the publisher The views expressed in Risk UK are not necessarily those of the publisher Risk UK is currently available for an annual subscription rate of £78.00 (UK only) www.risk-uk.com

Risk UK PO Box 332 Dartford DA1 9FF

Editor Brian Sims BA (Hons) Hon FSyI Tel: 0208 295 8304 Mob: 07500 606013 e-mail: brian.sims@risk-uk.com Design and Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 429 2015 e-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 01322 292295 e-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 01322 292295 e-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton Chairman Larry O’Leary

Editorial: 0208 295 8304 Advertising: 0208 295 8307

3 www.risk-uk.com

EditorialComment February2017_riskuk_jul14 07/02/2017 15:29 Page 1

Premier Elite Micro Contact-W

Actual size

The smallest wireless contact we’ve ever made. Discover the new ‘vanishing’ wireless contact from Texecom. So small it can be concealed within most uPVC window frames, the Micro Contact-W provides unobtrusive, discreet security. Protect windows, doors and valuable assets with ease, and upgrade any security system with Ricochet, the world’s most robust wireless security technology.

Outstanding features include: •

Small size

•

Cost effective

•

4-Year typical battery life

•

Three colour options

•

LED assisted setup procedure

•

EN50131-2-6 Grade 2

Texecom products are designed and manufactured in the UK

EditorialComment February2017_riskuk_jul14 07/02/2017 15:29 Page 2

Editorial Comment

Security Matters Don’t just stop at the front door The Micro Contact-W can be used to protect almost anything, including doors, windows, drawers and cupboards - the list is endless!

Window frame

Internal door

Office drawer

Filing cabinet

t the same time as the UK Government appoints a new ambassador to lead Brexit negotiations from Brussels, a Royal United Services Institute (RUSI) Briefing Paper has been published that maps out the threats and opportunities to British security and foreign policy as negotiation talks proceed. The Briefing Paper urges Government to ensure that security and foreign policy isn’t overlooked as Brexit negotiations concerning trade and other pressing matters are pursued. In addition, the detailed document calls for a new post-Brexit ‘special relationship’ with the European Union (EU) on security and foreign policy. This could be particularly important if uncertainty over the approach of the new Trump Presidency increases the need for strong European defence co-operation. Entitled ‘UK Foreign and Security Policy After Brexit’ and authored by RUSI’s deputy director general Professor Malcolm Chalmers, the Briefing Paper argues that the UK’s position as Europe’s strongest military and intelligence power – its ‘security surplus’ – shouldn’t be used as a bargaining chip in negotiations. Instead, RUSI calls on UK Brexit negotiators to make clear to their counterparts that there’s more to the relationship with the UK than haggling over migration rules and budget contributions. “After Brexit,” states the Briefing Paper, “the UK and the EU will continue to share fundamental interests and values, and the UK will continue to be a reliable defence and security partner. In considering how to handle the negotiations as they reach moments of crisis, any desire to punish the UK in order to deter further defections from the EU should be properly considered in the context of the broader relationship with the UK.” The Briefing Paper also points out that the UK’s position within the NATO command structure could be affected, with the post of Deputy Supreme Allied Commander, which is traditionally held by the UK, possibly being transferred to a European Member State remaining resident within the EU. There’s a clear message here that the UK’s ongoing role and influence within NATO cannot be entirely ring-fenced from the consequences of Brexit. In addition, the document suggests that the UK may “find itself faced with a European fait accompli on key issues” and that it will have to work hard to ensure its interests and views are not an afterthought to the results of any US-EU dialogue. In weighing up the prospects for Britain’s security and foreign policy, Professor Malcolm Chalmers outlines that the UK will need to balance its desire to use Brexit as an opportunity for enhancing its influence as a global power with its continuing interest in the overall security and stability of Europe. “The UK’s departure from the EU is likely to deepen the recent trend towards a security policy focused on national interest,” observes Professor Chalmers. “The cumulative effect will be a foreign and security policy that’s fundamentally different in emphasis than it was at the height of Blair/Brown internationalism in the decade after 1997.” Trump’s victory on an ‘America First’ platform may boost this trend, asserts Professor Chalmers, “casting further doubt” as to whether the post-1945 Western institutional order can survive.

Brian Sims BA (Hons) Hon FSyI Editor

www.texe.com Sales: +44 (0)1706 220460

December 2012

www.risk-uk.com

NewsUpdate February2017_riskuk_nov14 07/02/2017 14:46 Page 1

Ofqual report outlines actions taken over potential risks to security qualifications The Office of Qualifications and Examinations Regulation (Ofqual) has issued a comprehensive 28-page report entitled ‘Licence-Linked Qualifications Used in the Private Security Industry’ outlining the actions that the qualifications Regulator for England and Wales has taken in order to address concerns around potential malpractice in the private security industry. Ofqual has examined in great detail how awarding organisations are managing risks in the delivery of security industry qualifications covering a range of occupations, including door supervision and close protection. As a consequence, the Regulator found that some awarding organisations had inadequate arrangements in place with the training providers (also called ‘centres’) delivering their security qualifications. These deficiencies are thought to increase the risk of malpractice, and there’s evidence to suggest assessment malpractice occurring in some centres. In response, the Regulator has required awarding organisations offering security industry qualifications to tackle inadequate centre controls where they’ve been identified. Awarding organisations have also been required to address any weaknesses found in their approaches towards the design, delivery and awarding of qualifications that threaten

future non-compliance with the Regulator’s stated rules. Sally Collier (pictured), chief regulator at Ofqual, said: “The public rightly expects that those who gain qualifications to work in the private security industry have been rigorously trained and assessed. Our thorough review of this sector has given us a number of causes for concern. The actions we’ve taken re-emphasise the responsibilities awarding organisations have when it comes to qualifications delivery. Those responsibilities should never be underestimated, and are particularly important where the risks of failure could expose members of the public to potential harm.” In response to the Ofqual report, Alan Clamp (CEO of the Security Industry Authority) commented: “We welcome this report. It’s good to see Ofqual taking a close look at awarding bodies offering vocational qualifications. After a lengthy investigation, Ofqual has identified some areas for improvement for awarding bodies and will be following these up with further checks later this year.” Clamp added: “As noted in the report, the SIA already imposes a number of additional requirements on awarding bodies over and above those required by Ofqual. We will work closely with Ofqual to see if these can be further improved in order to provide additional reassurances about qualifications.”

Value of UK fraud breaks £1 billion barrier for first time in five years In 2016, the value of alleged fraud reaching UK courts broke the £1 billion barrier for the first time since 2011 due to a resurgence in so-called ‘super cases’. That’s according to the latest research conducted by KPMG Forensic. KPMG’s Fraud Barometer, which measures fraud cases with losses of £100,000 or more reaching the UK courts, has found that, while the volume of alleged fraud for the year has dropped by nearly a third, the value was up by over 55% on last year’s total of £732 million. 2016 saw £1,137 million worth of alleged fraud reaching trial in UK courts. Consequently, the average value of fraud has more than doubled to £5.2 million from £2.4 million. Fraud committed against businesses is up seven-fold, with internal fraud perpetrated by employees and management the most common type of fraud to hit businesses. The figures include over £900 million derived from just seven ‘super cases’ where the value of alleged fraud is £50 million or more. The surge in ‘super cases’, up from a figure of £250 million in the previous 12 months, may be a reflection of fraud becoming a more lucrative and practical proposition for those with the right skills and technology or those in senior commercial roles. Increased pressures both to deliver on targets in a highly competitive and uncertain environment and also preserve personal finances have seemingly made people more willing to disregard their moral compass and view fraud as a shortcut to success. The latest KPMG findings also show a picture reminiscent of recent economic fortunes. As the economy has slowly recovered from the financial crisis, businesses and individuals have shown an appetite to spend or invest more and some of that money is now falling into fraudsters’ sights.

6 www.risk-uk.com

NewsUpdate February2017_riskuk_nov14 07/02/2017 14:47 Page 2

News Update

IRM and CMA Competition Law Risk Guide focuses spotlight on director disqualification risk The latest risk guide published by the Institute of Risk Management (IRM) and the Competition and Markets Authority (CMA) features Case Studies with key learnings and examples of Best Practice to help risk professionals navigate UK competition law. In essence, the guide promotes a culture of compliance led from the top down. The updated Competition Law Risk Guide follows on from the first director disqualification because competition law was broken. The managing director of an online poster supplier gave an undertaking not to act as a director of any UK company for five years for their part in an online price-fixing cartel. Any director of a company that breaks competition law can be disqualified from acting as a director of a company – or from carrying out other specified roles in relation to a company – for a period of up to 15 years. The Competition Law Risk Guide has been developed as a joint IRM/CMA project, with the various contributors being senior figures drawn from across both organisations. In tandem with the updated guidance, the CMA has also published a one-page, 60second summary looking specifically at

GCHQ director Robert Hannigan announces decision to step down from office Robert Hannigan, director of GCHQ since 2014, has announced his decision to step down once a successor is in place. In an exchange of letters with the Foreign Secretary, Boris Johnson, Hannigan explained that his decision has been made due to personal reasons. Hannigan stated in the letter to Johnson that he’s proud of what GCHQ has achieved since 2014, not least setting up the National Cyber Security Centre and building greater public understanding of intelligence work. “I’m equally proud of the relentless 24-hour operational effort against terrorism, crime and many other national security threats,” observed Hannigan. Continuing that theme, Hannigan commented: “While this work must remain secret, you will know how many lives have been saved in this country and overseas by the efforts of GCHQ. Underpinning this effort is our world-class technology and, above all, our brilliant people.” Making his mark on the organisation, Hannigan has been responsible for initiating

director disqualification with advice for company directors and produced a series of animated videos explaining the main principles of competition law and how they affect businesses. Nicola Crawford CFIRM, chairman of the IRM, commented: “We welcomed the opportunity to work with the Competition and Markets Authority to produce this document for risk professionals on the risks of contravening UK competition law. Competition benefits us all. It creates free and transparent markets in which to do business in an environment where competition is fair and honest. The document offers detail on some very powerful and relevant Case Studies to highlight unacceptable business practices and show just how easy it can be to enter into difficulties if the risks are not properly understood and managed.” David Currie, the CMA’s chairman, stated: “I’m delighted that we’re working with the IRM again to put the spotlight on the significant risks companies and their directors face if they don’t play by fair rules in business. Company directors have a special responsibility to be well-informed about their company practices.” *Copies of the Competition Law Risk Guide are available online at: https://www.gov.uk/government/publications/ competition-law-risk-a-short-guide

the greatest internal change within GCHQ for 30 years, and feels that the operation is “now well on the way to being fit for the next generation of security challenges” posed to the UK in the digital age. Hannigan informed Johnson: “After a good deal of thought, I have decided that this is the right time to move on and allow someone else to lead GCHQ through its next phase of development. Like you, I’m a great enthusiast for our history and I think it’s right that a new director should be firmly embedded by the time of our centenary year in 2019. I’m very committed to GCHQ’s future and will of course be happy to stay in post until such time that you’ve been able to appoint a successor.” Hannigan has held numerous public service roles over the last two decades, encompassing positions within both the Cabinet Office and the Foreign Office. “They have all demanded a great deal of my ever-patient and understanding family, and now is the right time for a change in direction.” Responding to Hannigan’s resignation, Boris Johnson wrote: “You have led the renewal of some of our most important national security capabilities on which we continue to depend every day to save lives from terrorism.”

7 www.risk-uk.com

NewsSpecialFPABusinessandPropertyProtectionPortal February2017_riskuk_mar15 07/02/2017 14:47 Page 1

FPA portal addressing UK business continuity issues backed by senior Home Office advisor interest of the company, its staff and shareholders. That final point implies a strong focus on becoming resilient.”

Discretionary spend

On Wednesday 25 January, the Fire Protection Association (the national fire safety organisation) launched a portal that harbours the potential to revolutionise the UK’s provision of business resilience guidance. Held at the BT Tower, the launch event included an address by Peter Holland CBE, chief fire and rescue advisor to the Home Office. Brian Sims reports

8 www.risk-uk.com

usiness and property protection, which is distinct from life-safety, isn’t a Government responsibility. With the removal of the last of the local Acts for fire occurring back in April 2015, the final provision for legally mandating on property protection effectively disappeared and, with the focus now firmly on ‘evacuation before collapse’, the Building Regulations and fire engineering – by default – provide little or no assistance. With this in mind, the Fire Protection Association’s (FPA) all-new Business and Property Protection Portal uses Big Data and real-life statistical sources, allowing all businesses access to state-of-the-art, insurance-style underwriting tools designed to deliver an intelligently-generated risk report on any UK postcode and business type. Furthermore, those organisations choosing to subscribe (by logging on at http://www.thefpa.co.uk/services/businessand-property-protection-portal.html) will be able to have their own liveried website and reporting output which can be augmented with a specific library of bespoke resources. Commenting on the launch, Dr Jim Glockling – technical director at the FPA – informed Risk UK: “Responsibility for business and property protection and resilience-building is well defined within the job descriptions of all those who badge themselves as managing directors or CEOs. As defined by Companies House, the three key elements are to make profit, take care of your workforce and act in the long-term

Dr Glockling went on to state: “How much this is understood is difficult to quantify, but with the majority of surveys conducted investigating the uptake of business continuity planning within the SME market in particular showing that shockingly little is done, it’s probably safe to assume that this element of the job description is both misunderstood and neglected. It’s not always easy to break down the mental barriers for those who view business continuity as a discretionary spend.” The brain of the portal takes the UK postcode and simple data inputs on business and building type, subsequently querying crime, flood, fire, geo-environmental and many other datasets in order to determine critical risk factors. Emergency Services response times and geographical risk factors are among those key elements considered. A bespoke report of resource content specifically aimed at addressing the identified risks pertinent to the location, historic business loss statistics and business/building type is then produced, removing all superfluous advice. The scale of both Big Data input and availability of use is unique in the UK. The Business and Property Protection Portal could well revolutionise the UK’s approach to the provision of business continuity and resilience advice for all perils including fire, flood and criminal activity (including such occurrences as vandalism and cyber crime).

Commercial launch Last month’s launch event was attended by representatives of the UK’s Fire and Rescue Services and other not-for-profit organisations with an interest in business and property protection who may be seeking to host their own portal. The FPA is looking to administer and provide the data for all portals by way of ensuring integrity. In practice, the organisation’s own advice, documents or services could be added to the universal library for ‘triggering’. Prices for the not-for-profit sector will start at £1,250 for the inaugural year. A commercial launch will follow in the coming months, with appetite

NewsSpecialFPABusinessandPropertyProtectionPortal February2017_riskuk_mar15 07/02/2017 14:48 Page 2

News Special: FPA Business and Property Protection Portal

among those who promote property protection products and services anticipated to be particularly high. Speaking at the launch event, Peter Holland CBE (chief fire and rescue advisor to the Home Office) stated: “The portal will play a key role in helping to break down barriers preventing SMEs from engaging with those offering property protection services. The use of targeted Big Data and advice specific to their business, provided by an independent and authoritative voice such as the FPA, will help to prove the need for property protection.”

Unlikely to engage Statistics tell us that SMEs make up the majority of UK businesses, but studies have consistently shown many organisations populating this sector are unlikely to engage in business continuity planning. While we might be quick to sympathise with businesses that fail after a major event such as a fire, and indeed with the subsequently jobless workforce, in many cases the truth of the matter will be that this is an indication of business mismanagement at the highest level. Fires happen, floods happen, arson happens, accidents happen: they can all be prepared for in a manner that will prevent business failure if there’s the overriding will to do so. To the enlightened seeking assistance, the UK has some of the most highly developed products, services and standards for resilience building anywhere in the world supported by schemes that ensure through-life quality and function. The challenge rests in waking up businesses to their responsibilities and then providing assistance in the most palatable form possible for consumption. With the introduction of the FPA’s Business and Property Protection Portal, access to stateof-the-art, insurance-type underwriting tools is made available to stakeholders and the public to drive the intelligent delivery of risk control information to where it’s actually needed. Using these Big Data and real-life statistical sources, the quantity of guidance delivered may be minimised, while at the same time absolutely maximising its relevance. According to the FPA, most marketing of resilience-relevant products and services to business fails because a compelling case for the need isn’t presented to companies with the same degree of integrity of evidence that’s used to support other business investment decisions – but when it is, success can follow. Protective risk control measures will be delivered and duly implemented without the assistance of unfortunate hindsight.

Universal dataset By default, the new FPA portal is populated with a universal dataset of Best Practice, unbiased free resources designed to cover all perils including fire, security and flood. ‘Triggers’ are set against each resource that tell the system of its specific need to appear in any issued report. The inputs to the portal are simple, from business type (to standard SIC codes) through to postcode and ‘over-rider’ check boxes used to describe non-business and non-geographical factors such as heritage, construction, tall building and suppression issues. The brain of the system takes these simple inputs, queries the datasets to determine critical risk factors pertinent to the location, historic business loss statistics and ‘over-riders’ and produces a bespoke report of resource content specifically aimed at addressing the identified risks and nothing more. “Accepting that the FPA’s reach will only extend so far,” continued Dr Jim Glockling, “the system can be infinitely replicated to produce liveried websites and reports for all stakeholders promoting business and property protection guidance, products and services. Each of these implementations may also be associated with an additional library of resources – including services, products and guidance – that will, from that installation, be queried in addition to the universal dataset.” In conclusion, Dr Glockling observed: “The system therefore enables stakeholders in resilience to promote their products and services with the same intelligent targeting accompanied responsibly by the high integrity universal dataset to cover all perils. In short, then, it’s a total service.”

9 www.risk-uk.com

Project1_Layout 1 07/02/2017 06:51 Page 1

OpinionSupportingtheMentalWellBeingofSecurityPersonnel February2017_riskuk_mar15 07/02/2017 12:50 Page 2

Opinion: Supporting the Mental Well-Being of Security Staff

en million people experience a mental health issue each year in the UK, while work-related mental ill-health costs UK employers in the region of £26 billion on an annual basis due to lost working days, staff turnover and lower productivity. Even though we’re now talking far more about mental health in the public domain, the stigma still remains, and particularly so in the workplace. Mental Health First Aid (MHFA) is the mental health equivalent of a physical First Aid course and, for its part, MHFA England is leading on the goal of increasing the number of Mental Health First Aiders by providing participants with the skills and confidence to recognise the signs and symptoms of common mental health issues and effectively guide individuals in the direction of the right support. Despite all the good work that’s being done to normalise conversations around mental health, the aforementioned stigma does still exist, which makes it hard for people to feel that they can talk openly about their mental well-being in the workplace. It’s vital, then, that more is done to encourage discussions about mental health between colleagues and also between staff and their managers. We all have mental health just as we have physical health, but it can seem more difficult to spot the signs of mental ill-health. In February 2015, Business in the Community launched a report around mental health in the workplace and MHFA training was one of two key recommendations made to businesses. MHFA England works with employers who are taking a ‘whole organisation’ approach towards mental health, including training staff in MHFA. Today, businesses across a range of sectors are educating their staff in MHFA and raising awareness of mental health in the workplace.

Investing in mental health Why should the security and risk management sector consider investing in employee mental health? For one thing, it allows organisations to retain skills through a reduction in staff turnover. Almost a third (31%) of staff members questioned for a MetLife survey said that they would consider leaving their current role within the next 12 months if stress levels in their organisation didn’t improve. Companies can also cut sickness absence. Mental health issues such as stress, depression or anxiety account for almost 70 million days lost to sickness each year, the most of any health condition. According to the Department of Health, sickness absenteeism costs the UK economy somewhere between £70 billion and £100 billion per annum. In parallel,

Matters of the Mind Mental ill-health in the workplace is a growing issue, with Office for National Statistics figures stating that one-in-six working age adults experience depression, anxiety or stressrelated issues at any one time. Now, Mental Health First Aid England’s Poppy Jaman is calling on managers in the security sector to support the mental well-being of their staff presenteeism can be reduced. Mind, the mental health charity, states that the annual cost of mental health-related presenteeism (people coming to work and underperforming due to illhealth) is £15.1 billion or £605 per employee here in the UK. Focusing on the mental health of employees also demonstrates a commitment to Corporate Social Responsibility. Work-related mental illhealth costs UK employers £26 billion every year through lost working days, staff turnover and lower productivity. A detailed BUPA study conducted in 2014 revealed that many business leaders still admit to prejudice against people with mental health issues in their organisation. Organisations can decrease the likelihood of grievance and discrimination claims from unhappy staff. Grievances – ie concerns, problems or complaints that employees raise with their employers – are on the rise.

Understanding the law Today’s companies can ensure compliance with legislation by understanding the law. If a mental health issue has adverse effects on someone’s ability to perform day-to-day tasks, this is considered a disability protected under

Poppy Jaman: CEO of Mental Health First Aid England

11 www.risk-uk.com

OpinionSupportingtheMentalWellBeingofSecurityPersonnel February2017_riskuk_mar15 07/02/2017 12:50 Page 3

Opinion: Supporting the Mental Well-Being of Security Staff

*For more guidance around how to approach and respond to a colleague who’s experiencing a mental health issue download the free Line Managers Resource at www.mhfaengland.org/ workplace/line-managersresource/ **To find out how employers can support the well-being of their staff and demonstrate their commitment to World Mental Health Day, visit www.mhfaengland.org and download the free MHFA England toolkit entitled ‘Take 10 Together’

the Equality Act 2010. Employers have a duty not to discriminate and to make reasonable adjustments in the workplace. It’s vitally important to ensure a healthier workplace. On average, employees take seven days off work each year for health reasons. It’s estimated that mental health issues account for 40% of this figure, yet up to 90% of current employees feel unable to be honest about this being the reason for their absence. In terms of improving staff morale, 60% of employees say they’d feel more motivated and more likely to recommend their organisation as a good place to work if their employer took decisive and proactive measures to support mental health and well-being. A determined focus on this issue can actively increase engagement and commitment among staff. “Supporting mental health in the workplace isn’t just a corporate responsibility,” explained Dr Justin Varney, national lead for adult health and well-being at Public Health England. “Staff who have positive mental health are more productive, while businesses that promote a progressive approach towards mental health can see a significant impact on business performance. It’s about good business, too.” Last, but by no means least, there’s a strong link between levels of staff well-being and motivation and performance. Taking a positive and proactive approach towards mental health in the workplace can help you grow your staff and your organisation.

World Mental Health Day World Mental Health Day 2016 ran on Monday 10 October, the theme for the event being ‘psychological and mental health First Aid for all’. The basic premise was to make MHFA a global priority on a par with physical First Aid. Across the world in 24 countries, no less than one million people have been trained in MHFA skills. MHFA England has instructed almost 150,000 of these individuals, its mission being to train one-in-ten of the population. To help tackle the stigma around mental health, we called on everyone to ‘Take 10 Together’ and have a ten-minute chat with an employee, colleague or friend to start a conversation about mental health and find out more about MHFA. It might seem a little daunting to start a conversation about this

“World Mental Health Day 2016 ran on Monday 10 October, the theme being ‘psychological and mental health First Aid for all’. The premise was to make MHFA a global priority” 12

www.risk-uk.com

subject, but it’s important to remember you don’t have to be an expert. There are some practical tips if you would like to start a conversation on the topic in your own workplace. First of all, choose a setting. Make a cup of tea or coffee or grab a cup of water. Whichever you choose, it’s a great way to ask someone a quick ‘How are you?’ and see if they would like a private meeting. Give yourself plenty of time so that you don’t appear to be in a hurry. Ten minutes may be enough, but if you need longer then take the time. You don’t want to be disturbed so turn your phone off or set it to silent. Remember that meeting outside of the workplace in a neutral space might feel less intimidating. Keep the chat positive and supportive, exploring the issues and how you may be able to help. Keep your body language open and non-confrontational. Be empathetic and take your ‘interviewee’ seriously. Be certain not to offer glib advice such as “Pull yourself together” or “Cheer up”. Also, it’s important to take into account cultural differences in communication styles such as how much eye contact is deemed appropriate.

Useful questions to ask Salient questions to ask will include: “How are you feeling at the moment?”, “How long have you felt like this – is it an ongoing issue?”, “Who do you feel you can turn to for support?”, “Are there any work-related factors which are contributing towards how you’re feeling?” and “Is there anything we can do as your employer to help?” Give the person your full focus and listen without interrupting. Listen to their words and tone of voice and observe body language, all of which will give clues as to how they’re feeling. Once you’ve started the conversation, make sure you keep it going. Follow up with the individual concerned and ask them how they’re doing. Reassure them that your door is always open, and really mean it when you say so. It’s particularly essential to keep in touch with an employee who’s off sick. In addition, offer reassurances that there are lots of sources of support, with some of them possibly being available via the Human Resources or Occupational Health Department, employee-assisted programmes or by way of on-site counselling. If you work in a company with limited support services, it’s also appropriate to encourage the person to visit their GP for guidance around accessing the excellent NHSfunded programme that runs under the banner ‘Improving Access to Psychological Therapies’.

Project1_Layout 1 07/02/2017 06:52 Page 1

FOCUS ON…

protecting people, premises and proﬁts. Our security solutions do much more than protect your manufacturing premises. With AXIS Camera Station software, you can manage your system remotely and even add smart features such as audio communication, access control and analytics. And that’s just a start. It’s all designed for simple set-up to make your job easier, so you can focus on productivity.

Choose an Axis recorder pre-installed with AXIS Camera Station. Discover more at www.axis.com/products/video-recorders

OpinionSecurity'sVERTEXVoice February2017_riskuk_apr15 07/02/2017 14:45 Page 1

SIA Regulation: A Meeting of Minds

As the key driver behind regulation in the private security sector, and with its new licensing system now up-and-running, the Security Industry Authority is presently under the spotlight like never before. Peter Webster recently met with Alan Clamp, the SIA’s CEO, to discuss in detail some of the major issues of the day and the direction in which the industry is heading

www.risk-uk.com

irst impressions count and Alan Clamp, the man in charge of the Security Industry Authority (SIA), cuts an impressive figure. As someone who has put forward his opinions of the Regulator on many occasions, I welcomed the invitation to meet him and discuss a range of subjects currently affecting the security industry. Throughout the course of our candid and, at times, often vigorous debate, the SIA’s CEO remained both open minded and genuinely interested. Just as importantly, this is an individual with a clear grasp of the challenges faced by the SIA. The first topic that I wanted to address concerns the ongoing problems associated with the SIA’s new licensing system, which was finally launched on Wednesday 6 July last year. Although it promised to allow individuals to register for accounts and apply for or renew their SIA licences online, change their personal details remotely and consent to link to their employer (who could assist with the application process), to say the new system hasn’t quite lived up to expectations would be something of an understatement. Alan Clamp acknowledged that this situation has been unacceptable and, without making excuses, offered assurances that the issues are being dealt with. Although the system now works well in simple cases, queries submitted via an individual’s account still seem to be addressed more quickly than those submitted via a business. This has created a huge logistical and operational burden for security companies. The general consensus of opinion appears to be that the time taken to resolve simple issues is too long.

The conversation then turned to a particular bugbear of mine – the proposed introduction of the statutory licensing of private security businesses. Despite the fact that huge amounts of administrative duplication and expense would be required to implement business licensing, some of those in the industry – including the SIA – still see it as the way forward. I suggested that the SIA’s claim to want a ‘private security industry so committed to improving standards and protecting the public that it needs minimal regulation’ cannot be reconciled with its support of business licensing, but it was hard to gauge Alan Clamp’s thoughts on this particular matter. The SIA has claimed that business licensing would afford enterprises more responsibility for the individuals that they employ, and achieve a reduction in the regulatory cost and burden on the private security industry as a whole. Having crunched the numbers, we estimate that business licensing would cost Corps Security around £50,000 per annum, and with no indication of the corresponding reduction in the individual licensing costs. For those companies that don’t currently pay their employees’ SIA licence fees, the costs will come as a huge shock, with the additional bureaucracy, time, inconvenience and uncertainty an expense that would probably be difficult to pass on to customers.

A better way Despite all sorts of desperate attempts by the pro-business licensing brigade to find reasons for implementing it, I remain unconvinced and spelled out exactly why to the SIA’s CEO. My argument centres on the view that the Approved Contractor Scheme (ACS) already raises performance standards and assists the private security industry in developing new opportunities, albeit with lots of room for improvement in scope and effectiveness. I was pleased that Alan Clamp was receptive to the idea that the ACS could be an excellent basis for an initiative that could help to raise industry standards. I suggested that, in order to drive Best Practice, encourage companies to gain more ACS points and improve levels of service, a tiered system should be employed. The SIA could then publish details of the different companies within each tier rather than their individual scores. It could be as simple as having Bronze, Silver and Gold designations and would offer competitive advantage, drive

OpinionSecurity'sVERTEXVoice February2017_riskuk_apr15 07/02/2017 14:45 Page 2

Opinion: Security’s VERTEX Voice

up standards and afford end user service buyers a better idea of what to look for in a solution provider. In addition, I suggested that the SIA should be doing more to raise awareness of the ACS among end users and turn it into a real quality mark. This would enable those end users to gain an insight into whether a security services provider merely meets the basic criteria for approval or exceeds it. Although all participating companies understand the points system and what has to be proven to achieve each point, there are still many improvements required to the system itself, not to mention the auditing process. With what I would tacitly consider consensus, I was then thrown something that in common parlance is referred to as a ‘curveball’. The SIA’s CEO asked me how I would feel if business licensing was made a first step on the ACS ladder. Given that this would avoid duplication and negate the additional administrative and financial burden of business licensing, I have to say that the idea struck me as sensible, workable and potentially beneficial. It’s definitely something worth exploring.

Security’s image problem Our conversation soon evolved into a discussion about raising the overall perception, status and professionalism of the security industry. This is one of the biggest challenges we face. Although the industry’s image has significantly improved since the SIA’s individual licensing system came into force, regulating who can – and, just as importantly, who cannot – become a security operative, there’s clearly much more work to be done. At this point, Alan Clamp voiced his concern that there should be clear demarcation between what a Regulator like the SIA does and the role of a trade body. I replied that there’s a need for clarity from the SIA on the level and type of regulation it believes is required. I went on to state my belief that we do indeed need a vocal, vociferous and dynamic Trade Association, especially so for the security guarding sector, in order to deal with the issues beyond the SIA’s remit. This is something that, in my view, we’re sadly lacking at the moment. We did agree that a thriving business sector employing an estimated 350,000 professional and licensed operatives, with tens of thousands of additional people engaged in support, management, consulting, installation, technical and engineering roles, deserves more respect among wider society. The negative perception of private security, often fuelled by national media coverage, harms the whole industry.

This respect must be earned, though, and, returning briefly to the ACS, some form of independently verified performance-based accreditation would go a long way in demonstrating to both existing and potential customers alike that, in the majority of cases, contracts are fulfilled and customers satisfied with their services. It would lend credibility to what we, as an industry, do on a daily basis.

The personal touch The success, perception and reputation of the security guarding sector is inextricably linked with the people working in it. We discussed how pricing pressures are the result of attempts to turn security guarding into a commodity purchase as well as the security sector’s own inability to demonstrate the value it brings and the important role it plays. As an industry, we struggle to attract high quality individuals to perform roles that are fundamental in terms of keeping people, property and assets safe. We agreed that this was, in part, down to the low rates of pay that operatives receive for the work they transact. The impact of the National Living Wage is being felt with differentials being eroded. Alan Clamp and I exchanged a number of opinions on this matter. For my part, I explained why employers should pay the rates defined by the Living Wage Foundation’s (LWF) Living Wage wherever and whenever possible. Although its supporters will claim that the National Living Wage reduces poverty and increases productivity among businesses, the LWF Living Wage could do so much more. We certainly need to compete head on with other industries in order to be considered an attractive career choice. It was refreshing to hear the Regulator’s CEO acknowledge the fine work that some specialist security services providers are doing in terms of training and career development progression. He shares my own view that, if things are to really change in this respect, we’ll need to raise the profile of the industry at a macro level. The task ahead of the SIA shouldn’t be underestimated. It’s up to the security industry as a whole to question and hold our regulatory body to account. That said, we must also work together. Alan Clamp’s willingness to engage in debate and discussion should be welcomed and, more importantly, built upon.

Peter Webster: Chief Executive of Corps Security

Alan Clamp: CEO of the Security Industry Authority

*The author of Risk UK’s regular column Security’s VERTEX Voice is Peter Webster, CEO of Corps Security. This is the space where Peter examines current and often key-critical issues directly affecting the security industry. The thoughts and opinions expressed here are intended to generate debate among practitioners within the professional security and risk management sectors. Whether you agree or disagree with the views outlined, or would like to make comment, do let us know (e-mail: pwebster@corpssecurity.co.uk or brian.sims@risk-uk.com)

“Despite the fact that huge amounts of administrative duplication and expense would be required to implement business licensing, some still see it as the way forward” 15

www.risk-uk.com

Project1_Layout 1 07/02/2017 16:26 Page 1

TITANUS® ﬁre detection

FIRE HAS ITS OWN RULES. ACTIVE FIRE PROTECTION REDEFINES THE RULES.

Late fire detection wastes valuable time for preventive measures! Intelligent fire protection starts in the earliest stage and insures a crucial time advantage. Earliest possible fire detection with TITANUS® technology can detect fires in the pyrolysis stage. TITANUS® is 2,000 times more sensitive than a conventional fire detector and has a very high resistance to false alarms. The essential time advantage for maximum protection of people, goods, assets and property – a solution proven in practice worldwide.

www.wagner-uk.com

BSIABriefing February2017_riskuk_mar15 07/02/2017 08:45 Page 2

BSIA Briefing

cross the past 12 months, a range of terrorism-related threats have confronted the authorities in European nations, among them the use of explosives and automatic rifles, not to mention bladed weapons and vehicles. On Thursday 14 July last year, as Bastille Day revellers prepared to make their way home following a firework display on the city of Nice’s renowned Promenade des Anglais, a 19-tonne lorry was seen hurtling erratically towards the crowds. With Tunisian-born French resident Mohamed Lahouaiej-Bouhlel at the wheel, the vehicle was driven directly into the crowd of pedestrians at high speed in a determined bid to cause large-scale fatalities. During that attack, 86 people were killed. Fast forward to Monday 19 December 2016 and a Christmas market in central Berlin was the scene of another devastating terrorist attack involving a heavy goods vehicle (HGV). Anis Amri, allegedly linked to Islamic State, drove a black Scania articulated truck through a crowded market in the Breitscheidplatz, killing 12 people and injuring at least 50 in the process. The truck had a run-up of 80 metres or so before crashing into market stalls and shoppers outside the Kaiser Wilhelm Memorial Church at around 8.00 pm. These incidents are not the first of their kind, of course. The failed terrorist attack at Glasgow International Airport back in 2007 was also a vehicle-centric episode. What has been significant about the recent attacks is the deliberate use of HGVs as weapons. Alan Meyrick, senior risk analyst at G4S Risk Consulting, explained: “It’s evident that the main focus of such attacks is public open spaces and temporary events, such as markets, outdoor music shows and festivals. Typically, these are sites that have limited permanent perimeter security in place and are considered ‘soft targets’, thus increasing the likelihood of mass casualties.” Meyrick continued: “It may be the case that, in the future, Government offices, specific businesses, diplomatic Embassies and elements of the Critical National Infrastructure are targeted. That said, many of these sites already have robust Hostile Vehicle Mitigation (HVM) measures in place specifically designed to mitigate such an attack, in turn suggesting that vehicle-related terrorism will remain largely aimed at members of the public.”

Physical security barriers The Centre for the Protection of National Infrastructure (CPNI) is swift to point out that vehicle-borne threats can range in nature from

Best Practice in Effective Hostile Vehicle Mitigation The attacks carried out across Europe throughout 2016 served to highlight the ever-changing modus operandi of terrorist organisations. Attacks involving heavy goods vehicles – such as those witnessed in Nice and Berlin – demonstrate the need to plan and prepare for such eventualities. Here, James Kelly examines how physical security solutions can help mitigate the devastating impacts of a hostile vehicle scenario the desire to realise basic acts of vandalism right through to sophisticated or aggressive attacks by determined criminals or terrorists as witnessed in France and Germany. The mobility and payload capacity of a vehicle offers a convenient delivery mechanism for a large explosive device, although as stated the vehicle itself may be used as a weapon1. The relative ease of obtaining a vehicle to use in an attack is also an added factor to consider. It’s believed that the attack in Nice was carried out with a lorry hired from a rental company. Preventing these attacks absolutely requires carefully considered planning of the necessary physical security barriers in addition to the surrounding streetscape. “HVM in various forms, is – and has been – the initial ‘go to’ product to stop attacks such as those in Nice and Berlin, as well as Vehicle Borne Improvised Explosive Device (VBIED) attacks like the one at Glasgow International Airport ten years ago,” explained Meyrick. “HVM in different forms, including bollards,

James Kelly: CEO of the British Security Industry Association

www.risk-uk.com

BSIABriefing February2017_riskuk_mar15 07/02/2017 08:45 Page 3

BSIA Briefing

concrete planters, concrete benches and other physical architecture will be used.” Of course, if it’s decided that HVM is required for a given location, it’s essential that detailed thought is given to the security and operational requirements of the site. Considering these requirements at the earliest stage of the project design will help to reduce the need for expensive remedial action should the wrong products be selected2. Often, however, there may be sites that require more mobile or temporary forms of HVM. The area where the incident took place in Nice, for example, was pedestrianised for the Bastille Day celebrations, but would otherwise be a busy road. Alan Meyrick observed: “More mobile forms of HVM include water or sandfilled barriers that are lifted into place to provide some, but not wholly guaranteed protection. Rudimentary temporary solutions may also include the use of other vehicles – emergency vehicles, potentially – and boulders, concrete blocks or other heavy objects that can be moved relatively easily at reduced cost.” The Department for Transport and the CPNI also advise that traffic calming measures may be deployed to limit hostile vehicle approach speeds. The application of horizontal deflections such as chicanes, that are enforced to prevent circumvention, can help to negate the effectiveness of a penetrative vehicle impact by reducing approach speed. Deploying vertical deflections such as road humps isn’t as effective as they provide only a negligible speed reduction against a determined attack.

Primary issues to consider

References 1Centre for the Protection of National Infrastructure, ‘HVM Design Advice on Physical Security and Physical Defences’ (https://www.cpni.gov.uk/ hostile-vehicle-mitigation) 2Centre for the Protection of National Infrastructure and the Department for Transport, ‘Traffic Advisory Leaflet’ (March 2011), https://www.gov.uk/ government/uploads/system/ uploads/attachment_data/ file/4389/1-11.pdf

www.risk-uk.com

“The primary issues to consider when procuring HVM will be around the cost of installation and suitability of the solution,” added Meyrick, “which makes careful selection of the products to be used an imperative. Remedial work postinstallation is likely to be costly. Concerns around existing infrastructure and utilities, existing hardware and hard landscaping, the proximity to points of egress or access, as well as integration with the existing streetscape and how it impacts pedestrians and vehicular movement are all key considerations.” All of this would demand careful assessment, potentially involving Government agencies and end user-focused discussions with a CounterTerrorism Security Advisor or a member of the

Register of Security Engineers and Specialists to ensure compliance. On the standards front, there are a number of standards that provide a benchmark for HVM equipment and guidance for the installation of products. The British Standards Institution’s PAS 68 Impact Test Specifications for Vehicle Security Barriers is the most relevant for HVM. It has become the UK standard and the security industry’s benchmark for HVM equipment against which any solutions should be tested in conjunction with PAS 69 Guidance for the Selection, Installation and Use of Vehicle Security Barrier Systems, which provides product installation advice. Alan Meyrick explained: “There are other standards used within the industry, including the International Workshop Agreement IWA14:1 Vehicle Security Barriers: Performance Requirement, Vehicle Impact Test Method and Performance Rating that covers impact resistance for vehicle security barriers.” As discussed, preventing vehicle-borne attacks through active HVM demands careful planning and the consideration of a number of factors. This will require collaboration between a wide range of stakeholders to ensure that the solutions chosen meet the varying security and operational requirements of the site.

Talking to consultants “An experienced security consultant can carry out a bespoke security-focused and practical site assessment that considers the existing architecture and the most appropriate HVM measures,” outlined Meyrick. “No ‘one size fits all’ design is going to be available. Each case would need an individual assessment to establish how HVM would work in collaboration with existing security measures.” According to Meyrick, as is the case in relation to all security assessments, any solutions or products suggested must be commensurate with the risks identified. “An initial site assessment would establish the business or organisation’s key risks,” said Meyrick. “Measures such as HVM and Crime Prevention Through Environmental Design (CPTED) would be core elements regarding the mitigation of vehicle-related terrorism, with CPTED considering environmental manipulation that assesses terrorism, access control and protestor management issues.”

“The primary issues to consider when procuring HVM will be around the cost of installation and suitability of the solution, which makes careful selection of the products to be used an absolute imperative”

Project1_Layout 1 09/01/2017 16:45 Page 1

Access Control CCTV Lone Worker Security Loss Prevention Solutions Fire Solutions Perimeter Security Transit Security IP/IT Security Business Continuity Risk Management

13th â&#x20AC;&#x201C; 14th March 2017 Radisson Blu Hotel, London Stansted At the Total Security Summit, everything is covered. Meet with the most experienced suppliers, learn from industry gurus and connect with peers over the course of this two-day Summit, which is complimentary to attend for security professionals. For more information, please contact Nick Stannard on 01992 374092 or email: n.stannard@forumevents.co.uk

Totalsecuritysummit.co.uk

RiskManagementBudgetsTheValueofStrategicAlignment February2017_riskuk_sep14 07/02/2017 12:47 Page 1

Balancing The Books In the first instalment of a regular series of articles produced by CornerStone exclusively for the readers of Risk UK, Philip Strand looks to encourage executive leadership teams to ensure that their risk management budgets and valuable assets are optimally balanced such that they actively support their organisations’ efforts to achieve stated strategic objectives

ne of the popular tenets of risk management persisting today states that: “One should never spend more on security than the value of the asset(s) being protected.” This tenet was duly supported throughout the 1990s and early 2000s by many security scholars analysing newfound vulnerabilities in the budding computer networks of Governments, businesses and other ‘modernising’ organisations. Throughout the 2000s, discussion of the economics of security risk management has evolved, but primarily in the direction of security as a ‘public versus private good’ and the (debated) benefits of inter-organisational information sharing. Until now, discussions of risk management expenditures have remained largely limited to comparisons with the financial values of the assets facing the risks. As a basic principle, and particularly so within commercial and capitalistic environments, it makes sense that there should be a correlation between ‘asset value’ and the value of the resources allocated to protecting those assets (ie the risk management budget). However, this simplistic perspective fails to acknowledge the fundamental purpose of having and protecting assets at all. To make rational decisions, risk managers must acknowledge right from the outset that organisations seek to control assets only so that they can achieve stated objectives. Risk managers are allocated budgets for the sole purpose of ensuring that an organisation’s

assets are available for achieving those strategic objectives, as and when required. Objectives, assets and risk management budgets are thus mutually-dependent: one has no reason to exist without the other two. While popular tenets espousing the importance of financial considerations may not be wrong, they do paint an incomplete picture from a risk management perspective.

Strategic alignment While most leaders appear to be relatively adept at determining which assets they need to achieve their objectives, calculating the value of those assets isn’t necessarily a straightforward exercise. Asset value may, in some cases, be subjective, while an asset’s ‘criticality’ vis-à-vis a strategic objective may be debateable. Accurately determining how much time and money should be allocated to the protection of an asset also becomes difficult without a clear understanding of how each asset contributes to the organisation’s objectives. To complicate matters further, some risk management professionals may be prone to forgetting that their organisation’s assets don’t require protection for their own sake. When the criticality and purposes of assets are unknown, unclear or forgotten, then risk managers are at risk of becoming susceptible to incorrectly prioritising the resources at their disposal and setting up their companies and/or executive leaders for failure. Accurately determining the risk management budget is a difficult, but essential part of strategic alignment. Encouraging business leaders to value assets in terms of the strategic objectives they support improves their ability to allocate appropriate amounts of resources for protecting those assets. When properly aligned, risk management budgets can smooth out annual loss expectancies, reduce the chances of organisations exceeding their risk capacities and lessen the resources that organisations must hold in reserve to cover incidents.

Informing budget decisions The process of aligning your organisation’s risk management budget with its assets and strategic objectives should begin with an information-gathering exercise. The following five steps constitute a simple process for ensuring that you have all the information required to ensure that there are direct links between these three points:

www.risk-uk.com

RiskManagementBudgetsTheValueofStrategicAlignment February2017_riskuk_sep14 07/02/2017 12:47 Page 2

Risk Management Budgets: The Value of Strategic Alignment

Identify your strategic objectives Naturally, the first step in the strategic alignment process is to identify your organisation’s strategic objectives. Strategic objectives are fundamental statements of what your organisation intends to achieve. In commercial organisations, strategic objectives are normally related to financial goals. In other organisations, strategic objectives may relate to social or political goals. Strategic objectives should be stated in clear, quantifiable terms that include specific targets such as the maintenance or gain of market shares, the stability or growth of financial earnings, compliance or leadership regarding regulatory issues and the maintenance or development of your organisation’s reputation. The strategic objectives declared by your organisation become drivers for all of your resource planning. Identify the operations, business functions and/or projects necessary for achieving your strategic objectives The second step in the strategic alignment process is to identify how your organisation will achieve its strategic objectives. Typically, an organisation’s day-to-day operations and business functions are sufficient to keep the organisation viable in the short term. To make substantial gains, strategic projects are often commissioned to evolve the organisation beyond its current capacities and level of performance. Any combination of operations, functions and projects, however, could be considered essential to achieving the organisation’s strategic objectives. Identify the minimum resources required to carry out strategically-relevant operations, business functions and projects The third step in the strategic alignment process is to determine the minimum quantity and value of assets required for conducting operations, delivering business functions and executing projects. Assets may include human resources, equipment, supplies, buildings, workspaces, information and even reputational factors that might be necessary for success. Assets’ values should be calculated in terms of the time and money it would cost to replace them. In most cases, calculations should also be made to understand the opportunity costs – in terms of time and money – that would be incurred if these assets ceased to be available. Identify your organisation’s risk capacity In the fourth step, it becomes possible to

calculate your organisation’s risk capacity. This calculation is a purely mathematical exercise to determine the total amount of loss that can be sustained before the unavoidable failure of a strategically-important operation, business function or project. Risk capacity is determined as a function of the total amount of resources available to the organisation – including available credit, savings and even the sale value of non-critical assets – minus the minimum amount of resources required to carry out operations, functions and projects (as identified in Step Three). Due to the fact that organisations may have different requirements for – and access to – different assets, risk capacity must be calculated for each asset individually.

Dr Philip Strand PhD MBA: Senior Risk Consultant at CornerStone

Determine your organisation’s risk tolerance Finally, with a clear understanding of the criticality and availability of strategic assets, executive leaders can decide how much risk they’re willing to take on board. Security risk mitigation measures normally come at a financial cost, so it’s probable that your organisation will not be able to mitigate all risks equally. In these cases, both assets and risks will require to be prioritised. Executive leaders will need to issue statements of risk tolerance to help guide the organisation’s operational-level leaders charged with identifying and implementing risk controls. Statements of risk tolerance must be quantifiable (ie ‘Our organisation-wide employee turnover is not to be more than x% in any given 180-day period’), while the degree to which an executive decision is ‘risk averse’ can be determined by comparing risk tolerance statements to the organisation’s risk capacities. It’s noteworthy that risk tolerances don’t have to be defined within the boundaries of an organisation’s risk capacity. There may be circumstances that compel leaders to accept the possibility of losing more assets than their organisation can functionally afford to lose. In these situations, executive leaders are essentially ‘betting everything’ on the belief that catastrophic risks will not come to fruition. Only when risk management budgets and valuable assets are balanced can leaders be confident they’ve maximised their chances of achieving an organisation’s strategic objectives.

“Encouraging business leaders to value assets in terms of the strategic objectives they support improves their ability to allocate appropriate amounts of resources for protecting those assets” 21

www.risk-uk.com

RetailSectorSecurityVideoSurveillance February2017_riskuk_mar15 07/02/2017 12:48 Page 1

CCTV: What’s in Store for Retailers? These new hemispheric models allow retailers to deploy fewer cameras across a store without sacrificing coverage. The megapixel quality permits detailed recognition of faces and actions to be captured and stored at evidential quality to act both as a deterrent and ensure successful prosecutions.

Acts of employee fraud

Until recently, CCTV technology has been widely adopted by security and risk professionals operating in the retail sector primarily as a loss prevention tool. However, advances in the technology – such as new higher resolution megapixel imagery along with the switch to IP-based systems – are offering retailers across the world more than just a way of deterring shoplifters. Nicholas Smith has the detail

22 www.risk-uk.com

CTV – or video surveillance to give it a more accurate name – started its lifecycle mainly as a method by which individuals could remotely view dangerous environments, and predominantly those within the realms of explosive device testing. Today, most cameras are deployed on private property, which makes estimating the exact number in operation rather challenging. Globally, analyst firm IHS estimated that, in 2014, there were 245 million video surveillance cameras installed. It’s fair to suggest that a significant percentage of those cameras will be associated with retail environments. Having lots of cameras may, in theory, seem like a good idea, but for operators trying to view a store or track a theft suspect, such ‘camera overload’ makes Control Room functions potentially more challenging. Older CCTV systems demanded PTZ cameras, with trained operators remotely moving the focus point via a joystick in the Control Room. However, these mechanical items could be more prone to failure. Also, when a camera’s pointing in a certain direction, it’s missing the recording of occurrences in another area – the commonly known ‘distraction crime’. Newer types of high resolution hemispheric cameras and lenses are now being deployed that capture an entire 360 degree scene which can be viewed, zoomed in on and studied in real-time. These ‘digital PTZs’ don’t disrupt the ongoing recording of the location. This allows a single hemispheric camera to cover multiple aisles or even an entire store from a ceiling vantage point.

According to the British Retail Consortium, acts of shoplifting cost UK retailers £613 million in 2016. A much harder number to gauge is the total for employee fraud. The most common activity is a till operator, potentially in concert with a dishonest customer, going through the motions of a till sale while pocketing the money or scanning or ringing up an item of a lower price. Another issue is an employee secretly using a special machine to clone a customer’s debit or credit card for fraudulent activity. To combat this type of issue, a number of retailers are using higher resolution video with an independent zoom capability allowing a single camera to offer a complete overview of multiple Electronic Points of Sale (EPoS), cash registers or high value stock areas displaying medicines, alcohol and tobacco. A number of solution vendors offer integration with the leading EPoS manufacturers, allowing the capture of sales data to be embedded within video. In turn, Control Room operators are able to quickly check if, for example, a pack of chewing gum scanned and rung up at the tills isn’t actually a bottle of expensive champagne or some other higher value item. In the era of the ‘mega retailer’, the overriding driver is almost always towards cost reduction. Having a dedicated CCTV Control Room for each store is an expensive option and, as such, many organisations are looking at more efficient solutions. One way in which retailers are changing their perspective is through the concept of decentralised video. In the original CCTV idea, each camera was, in effect, a ‘dumb’ device that simply sent raw video to a Control Room. In a decentralised architecture, more image processing, recording logic and decisions are made in the camera itself. This is in complete contrast to legacy CCTV systems, where the camera typically has no real intelligence and relies on decision-making and image processing taking place at the ‘core‘ of the network via centralised software or DVR. As the camera can store video within the device and only needs to send that video to a

RetailSectorSecurityVideoSurveillance February2017_riskuk_mar15 07/02/2017 12:48 Page 2

Retail Sector Security: Video Surveillance

Easier integration The common IP platform allows easier integration of video surveillance within leading building management, alarm and remote monitoring systems, permitting retail business owners to generate real-time video to be viewed instantly by operations desks, third party alarm monitoring providers or even key holder staff via PCs, smart phones or tablets. Video can be immediately relayed based on triggered alarms such as fire, burglary or environmental sensors for humidity, temperature or noise. This technology shift allows retailers to establish centralised 24/7 Control Rooms that can monitor a number of stores and better respond to any suspicious incidents that have been called in by a particular branch. This shift is also useful for non-traditional retail spaces. Certain video surveillance cameras offer flexible mounting technology, with this ‘FlexMount’ capability allowing two separate lenses via a flexible two-metre cable to be installed within a highly discrete housing. This innovation allows for cameras to be deployed within confined spaces such as at ATMs, kiosks and vending machines to provide unobtrusive high resolution monitoring from multiple vantage points. The video can be stored locally within the device for dispute resolution, for example when a claim arises that a machine didn’t dispense the required cash or goods. An operator can have video transmitted wirelessly on request via Wi-Fi or cellular data networks for mobile sales applications and ‘Hotspot’ monitoring. Security isn’t the only area where video is deployed. The combination of high resolution video and audio allows for dual use, notably in the realms of skills training and customer service monitoring. Head office professionals or even third party training providers can deliver

“With many video surveillance systems including bidirectional audio capability, retailers are also exploring how to integrate multiple functions in an effort to reduce cost and complexity” real-time video and audio coaching as well as monitoring customer interaction with perfect lip-synchronised audio. For some retailers, this is replacing the expensive and time-consuming practices like ‘Mystery Shoppers’ which, although useful, are entirely subjective and allow for little replay and coaching. With many video surveillance systems including bi-directional audio capability, retailers are also exploring how to integrate multiple functions in an effort to reduce cost and complexity. As each camera is connected to an IP network, this can also act as a conduit for the PA via a linked speaker to replay local announcements as well as central messages. Each camera may also be linked to Help Points to allow managers to quickly aid customers or raise the alarm in the event of Health and Safety issues. Should an incident arise, police officers can quickly view and copy video and audio files without removing cameras or recording devices, thus ensuring that each site is covered by CCTV at all times. The overarching trend in retail video surveillance is that cameras and their associated processing software are becoming smarter. Increasingly, several innovators are building-in video analytics technology to generate statistics around the movement of people within a retail environment. This includes people counting technology (which is useful for calculating footfall in multi-tenant retail sites) and heat mapping to help analyse the effectiveness of promotional activities.

Nicholas Smith: Business Development Manager (UK and Ireland) at MOBOTIX

Photograph: Fotolia

central repository at the discretion of the operator, retailers no longer require an expensive and complex monitoring station or dedicated wiring across a given store. In addition, each retail outlet can be instantly viewed from another location over any IPenabled network connection. The use of low bandwidth codecs such as H.264 and MxPEG ensures that the volume of video data transferred to a head office location either for viewing or archive is kept to an absolute minimum. For retailers with multiple branches, this decentralised camera approach simplifies the local site requirements with the benefit of allowing a more efficient use of centralised security and management resources.

www.risk-uk.com

VideoSurveillanceCCTVCameraSelectionandProcurement February2017_riskuk_apr15 07/02/2017 12:37 Page 20

CCTV System Procurement: Best Practice Advice for Security and Risk Managers You’re looking to enhance security coverage within your premises, or to secure your site’s perimeter. What factors do you need to take into consideration when initially procuring or upgrading a video surveillance system, and how can those systems be used to solve basic security issues? Pom Chen investigates

www.risk-uk.com

ooking back in time, CCTV lived up to its name: it was literally a closed circuit, a narrowcast channel on its own primitive ‘network’, which usually consisted of ‘traditional’ analogue-style TV images running over coaxial cables. Cameras were plugged into a multiplexing video recorder, and later a DVR. Surveillance video sat on its own, separate from all other security operations, let alone other parts of the business or a given organisation’s operations. To do anything truly useful with these analogue video images – other than present them as they were, as raw footage – required their conversion to digital pixels, making good use of a converter specifically designed for the purpose. That conversion to digital was the start of a revolution in surveillance technologies. Now, surveillance video has left the ‘closed circuit’ behind. The advent of digital and Internet Protocol (IP)-based video means that security images can now be integrated with other technologies, including access control and intruder alarm systems. In today’s world, surveillance solutions are not just limited to connecting with other security technologies, and they’re not only used for traditional security purposes, either. When CCTV is integrated with other security elements like access gates and doors or alarm systems, it allows end users to work with a full surveillance solution. That means being able to acquire information about who’s in a building or

on a site, and importantly when. Such information is about movement throughout a premises, including about which areas are busiest: invaluable detail for the Marketing Department at a retailer, for example. What’s more, CCTV systems can integrate with building functions like heating and lighting, ensuring energy is used in the most efficient way possible, and not wasted when an office is empty. Smart technologies make for smart solutions, but they also open up a whole world of options and possibilities, all of which may initially seem complex or confusing. Procuring or upgrading a CCTV system today, then, isn’t necessarily as straightforward as it may have been in the past. There’s more to take into account than just ‘place camera and record’. So what sort of things do you need to think about when choosing which surveillance solution is right for your organisation?

Installation partner Selecting the right installation partner is very important. Reputable camera manufacturers will usually have in place a training programme for installers and integrators. The aim is to ensure that they’re fully cognisant of the systems they’re installing, as well as those systems’ underlying technologies. Major CCTV companies launch new and improved products on a regular basis, as well as introducing software and firmware updates alongside their hardware kit. As a result, dropping behind on the latest developments can be a real hindrance for an integrator or installer. Any lack of current knowledge on their part could mean that the potential of new technologies isn’t fully explored. On that basis, end users should talk to their current and prospective installation partners about training programmes or approach preferred manufacturers directly to ask for their list of fully-qualified integrators. An important factor to consider when looking at your potential surveillance system is where and when images need to be obtained. That’s because there are very different requirements for night-time or dark scenes than there are for well-lit interiors. There’s absolutely no point in using high quality cameras and recording equipment if the images they produce are less than clear for the operator.

VideoSurveillanceCCTVCameraSelectionandProcurement February2017_riskuk_apr15 07/02/2017 12:37 Page 21

Video Surveillance: CCTV Camera Selection and Procurement

Trained operatives manning Control Rooms and making decisions based on the images on their monitors will be much more effective if they can see clearly what’s happening in a scene. Similarly, those investigating an incident rely on top quality images in order to make assessments and sometimes to prosecute major criminal cases. Be aware of your site’s needs. In the past, dark scene recording relied on either exterior illumination – ie some lights – or the use of infrared (IR). IR is lighting that’s not on the visible spectrum, but can be recorded using an IR filter on a camera. We’re now all aware of IR through various nature documentaries as well as it’s deployment in reality shows, not to mention in some of our own domestic video technology. IR has been used for some time and, indeed, with a degree of success in CCTV systems, but it has its own issues.

Technological developments Technology now allows IR LEDs to be in-built within cameras, protecting them from the elements. Typically, this is for dome-type cameras used outdoors – the domes are ruggedised to prevent vandalism and the ingress of moisture. However, the ‘bubble’ of the dome itself can provide an IR issue, where the illumination from the LEDs reflects back to the camera, creating picture distortion or even ‘white out’. That’s not great for system operators, alarms or investigators. Thankfully, recent developments mean that cameras are able to ‘illuminate’ scenes that appear almost pitch black without the need for additional IR lighting. Similarly, issues often arise when placing a camera to record, for example, an exterior doorway from inside a dark building. You’re keen to see who’s coming in, but the massive contrast between the lighted outdoors and the much darker interior obscures faces. This issue can be addressed by selecting cameras that offer a very Wide Dynamic Range, which enables a given camera to adjust for these variances in scene lighting and present an image which provides the required detail. You cannot help but have noticed that everything in the home entertainment world is moving towards High Definition (HD) images – and beyond. HD is now standard for TVs, tablets and smart phones, while 4K images will soon be the norm. The surveillance world tends to follow in the footsteps of the broadcast and consumer spheres, with demand driven by the everyday users of video technology. What does this mean for CCTV, though? Increasingly, professional services such as the

police and the law courts expect high quality images when they’re looking to prosecute. Insurance companies are not too far behind. To future-proof your system, it makes sense to record high quality video where possible.

Storage and compression With high quality images, of course, there comes a ‘however’. The higher the quality of the image, the more information is recorded, which usually means there’s a much higher price to pay in terms of storage. A month’s worth of 4K video from a 50-strong camera system will sit comfortably on a standard hard drive. In the past, this has been a cost not just in terms of the actual storage medium, but also when it comes to rack space and energy in the form of cooling servers, etc. It’s a cost which can be forgotten amid all the practicalities of establishing a video security solution. Pleasingly, there’s a ‘however’ to the ‘however’, though. Developments in terms of video image compression, among them H.264+, have achieved remarkable results, and now mean that pin-sharp 4K images can be recorded and kept by risk and security-focused professionals without excessive storage expansion costs or complications. With any surveillance solution, it’s fair to say that it’s worthwhile investigating the specifics of the storage and compression set-up, as these could have a significant impact on the future costs and effectiveness of your system. Integrators and manufacturers will be able to talk you through your specific requirements and options, ensuring that you can use the available technology to its fullest potential.

Pom Chen: Technical Manager for Hikvision (UK and Ireland)

“End users should talk to their current and prospective installation partners about training programmes or approach preferred manufacturers to ask for their list of integrators” 25

www.risk-uk.com

CounterTerrorismHostileVehicleMitigationandHolisticSecurity February2017_riskuk_apr15 07/02/2017 08:47 Page 1

Halting Hostility in its Tracks Vehicle-borne threats range from vandalism to sophisticated or aggressive attacks by determined criminals or terrorists. The mobility and payload capacity of a vehicle offers a convenient delivery mechanism for a large explosive device, although the vehicle itself may be used as a weapon. Here, Craig Mason offers guidance that will help security and risk management practitioners determine the vehicleborne threat, assess site strengths and vulnerabilities and identify options for HVM measures

www.risk-uk.com

ecurity is a core business issue and should be firmly embedded in management systems and processes. Everyone’s responsible for security in a company, not just the security specialists. In parallel, the ownership of risk must be unambiguous and aligned with both budgetary authority and accountability. The management of security risk should complement and mirror the application of corporate governance principles. Risk is defined as: ‘A future uncertain event that could influence the achievement of business objectives and statutory obligations’. This applies to every area of business activity including security. Such risk arises from the random nature of events, imperfect or incomplete knowledge, human behaviour, resource and/or time constraints and a lack – or failure – of control systems. It’s assessed in terms of likelihood and impact using qualitative and quantitative methods and judgement borne of both group and individual experience. Within that generic definition, risk has a more specific meaning when set in the security context. Security risk is perceived as a threat of compromise to the confidentiality, integrity and/or availability of assets and, that being the case, typically defined as a combination of threat and vulnerability. Threat means the likelihood of a potentially compromising event taking place. Vulnerability is the feature or characteristic of an asset that could be exploited in an attack.

In most cases, it will not be possible to reduce the level of risk to zero without stopping the operation, changing the way in which a particular activity is carried out or placing intolerable financial or obstructive burdens on the business. Therefore, the objective of any risk management programme should be to reduce risk to levels that are ‘as low as reasonably practicable’. A fundamental principle of physical protection is that it should be based on the current evaluation of the threat. This evaluation is formalised through a dedicated threat assessment process. A design basis threat is derived from this threat assessment. To define the design basis threat, the set of threats described in the threat assessment is refined to take account of other issues and the particular requirements of planning for hostile vehicle mitigation (HVM) design. To make the transformation from threat assessment to design basis threat, rigorous analysis and decision-making will be essential.

HVM: the objective Any HVM solution has a specific objective at its core: to prevent adversaries from successfully breaching the perimeter line and completing a malicious act (and thereby achieving their purpose). A clear description of this threat is an essential prerequisite for both assured and effective HVM regimes. Ideally, intelligence would provide sufficient information for the specification of design and performance requirements for an HVM system to help ensure that this objective is met. However, intelligence is often limited, while threats are inherently dynamic. Any HVM system designed for today’s threat may not be effective against that posed tomorrow. This must always be borne in mind by the practising risk or security manager. In the absence of a sufficiently detailed and accurate description of the threat, it’s somewhat difficult to determine with precision the amount of protection that would be appropriate and effective for a given business in order to prevent unacceptable consequences from an adversarial attack. Given the potentially severe ramifications of a perimeter line breach and some malicious acts and the high costs of providing HVM, uncertainties about the threat are unlikely to be acceptable to a business’ management team who shoulder responsibility for deciding how much protection

CounterTerrorismHostileVehicleMitigationandHolisticSecurity February2017_riskuk_apr15 07/02/2017 08:47 Page 2

Counter-Terrorism: Hostile Vehicle Mitigation and Holistic Security

is appropriate. Without a well-specified description of the threat, it may be very difficult to determine with confidence whether protection applied is adequate or sufficient. The design basis threat provides a basis for confidence that the HVM system developed is appropriate and effective. It provides both a basis for HVM design and a consistent criterion for assessing the adequacy of a system. It also affords a baseline standard against which the need for changes in other areas of physical protection can be evaluated. In practice, the design basis threat can permit the customisation of HVM systems to address unique features of the host business. It can also help in avoiding the application of excessive degrees of protection for a business, while at the same time ensuring that the host organisation – for which a malicious act could result in dire consequences – receives the degree of protection required. Viewed in this context, the use of the design basis threat approach towards HVM can help to reduce the chances that might otherwise exist of incorrectly establishing the requirements for the physical protection of a business that’s under a state of fear, uncertainty or doubt.

Risk-based performance In order to be truly effective, HVM solutions must be designed to provide the type of performance necessary to protect against the specific risks faced by the host organisation. When deciding on risk-based performance requirements, it’s important to remember that the objective is to fulfil the agreed protection objectives and reduce associated risks to an acceptable level. Bear in mind that it’s not always possible or desirable to implement the highest level of protection possible, and particularly so where this isn’t justified by the level of risk (since this will result in unnecessary expenditure for the company). It’s likely that various levels of performance will emerge in accordance with the nature and severity of each risk. For example, one risk may require a building to benefit from an extended stand-off, while another might call for a specific product. In this case, the highest level requirement should be taken forward into the design process. It’s also important to capture the different types of performance requirement that emerge from different risk scenarios. In a further example, while two protection objectives may require the same level of HVM, this could be set against very different attack methods: for instance, entry via ramming versus that due to a Vehicle-Borne Improvised Explosive Device (VBIED).

“To define the design basis threat, the set of threats described in the threat assessment is refined to take account of other issues and the requirements for HVM” Risk-based performance requirements will provide the element for all subsequent risk mitigation activity, helping to ensure that it’s properly focused and cost-effective, thereby delivering the required level of protection for the host organisation.

HVM selection process The design basis threat should form the basis for determining the kind of vehicle security barrier used. For example, if the design basis threat identifies organised crime groups, the installed barriers should be ram-resistant in order to defend against ram raiding. If, on the other hand, the design basis threat identifies stationary VBIEDs, the location of the vehicle security barrier should allow for the aforementioned stand-off (ie distance) between the perimeter line and any vulnerable structures inside the site. If the threat is from moving (ie suicide) VBIEDs intent on driving through the perimeter line, the vehicle security barrier should be tested and certified to PAS68/IWA14 so as to be able to resist vehicle penetration. PAS68 has been prepared to address the needs of organisations who want assurances that vehicle security barriers will provide the level of impact resistance required at a given site. Many systems are available that are either promoted or considered suitable for use as vehicle security barriers. As their characteristics differ in both function and form, a comparative means of assessing their performance is required. PAS68 identifies impact test methods, tolerances, test vehicle type and vehicle performance criteria that need to be met in order to conform. As highlighted in risk-based performance, care should be taken not to over protect. Of course, the natural inclination of the security and risk-focused professional is to rigorously provide insurmountable obstacles to threats at all possible levels. However, the practical application of this approach is expensive and can adversely affect business operations. HVM system design must always be commensurate with the built environment and encompass close consideration of underground services. System installation will need to consider the presence of any existing underground services as a risk. Striking them realises significant dangers and costs.

Craig Mason MSyI: Business Development Executive at Heald

www.risk-uk.com

CaseStudyPhysical AccessControlattheAnneFrankMuseum February2017_riskuk_apr15 07/02/2017 08:46 Page 1

Access Control: A History Lesson way of the Operational Requirements will be important. Also, understanding how a site operates on a day-to-day basis is fundamental.

Security concerns

Anne Frank House is the writer’s house and biographical museum dedicated to Jewish wartime diarist Anne Frank who hid within the property to escape Nazi persecution during World War II. In 2013 and 2014, the Anne Frank Museum (opened on 3 May 1960) received 1.2 million visitors, becoming the third most visited museum in the Netherlands after the Rijksmuseum and the Van Gogh Museum. Recently, the celebrated site received a security upgrade. Chris NorthyBaker outlines what has been achieved

www.risk-uk.com

ate last year, I was invited to give an overview on current security issues as part of the ATG Access International Conference held in Manchester. Having prepared my presentation, like most people I moved to change the content several times in order to ensure it captured the salient points which the audience would appreciate. Thankfully, the presentation was received very well and generated several interesting questions. On the second day of the ATG Access International Conference, there was one particular presentation that really captured my attention. It was a Case Study about Anne Frank House (and the Anne Frank Museum), which I had visited some 30 years previously. The story was so fascinating in terms of how the engineers worked overnight to install the security bollards without disrupting visitors or the occupants of nearby properties. After discussing matters on the day with the project manager and the director of engineering, this quickly became a project to research and write about. Installing physical security measures to protect Critical National Infrastructure postconstruction can sometimes be a costly and disruptive exercise. Stakeholders involved in retrofit physical security projects are normally concerned about the effects on daily operation, revenue impacts and leaving vulnerabilities within a given site’s security. There are multiple ways of minimising potential disruption when embarking on this type of project. Engaging with the project stakeholders early on in the process as well as thoroughly understanding the client’s needs by

The Anne Frank Museum in central Amsterdam is located on a canal called the Prinsengracht, very close to the Westerkerk. Security concerns had been voiced by the local Jewish community that this significant and modern historical monument could become a terrorist target. Those concerns were further substantiated after counter-terrorism advisors identified that daily queues for entry to the landmark museum regularly exceeded a kilometre or more. This meant that the visitor attraction presented a ‘crowded places risk’, in addition to being classed as a building of national importance. The Counter-Terrorism Section of the Dutch Police Force had decided to investigate certified, impact-tested (PAS 68) perimeter protection solutions on behalf of Amsterdam City Council. Once the initial research stage had been completed, physical security manufacturers were approached by Amsterdam City Council directly to devise a solution. The heritage site presented some sitespecific challenges due to its location and also the building design. It was imperative for Amsterdam City Council to source a product solution exhibiting a slim profile such that the measures installed blend with the surrounding heritage environment. The security product chosen also needed to have achieved almost no penetration when impacted. The distance available between the perimeter line and the infrastructure was minimal. Only 400 millimetres of excavation depth was available due to buried utilities infrastructure. To redirect services and major pipes can be incredibly costly and very disruptive, none more so than in an area surrounded by canals. Redirecting services wasn’t an option for the Council. In addition to the depth restraint, the utility companies wanted the security bollards to be relatively easy to remove so they could access respective ducts if a problem occurred. To install perimeter security measures once selected within an extremely crowded area during a peak tourist season was logistically very challenging. Full consideration of how this task could be tackled was needed from the security product supplier before the eventual solution was chosen. Finally, due to Amsterdam’s high volume cycling population, there’s potential for impact

CaseStudyPhysical AccessControlattheAnneFrankMuseum February2017_riskuk_apr15 07/02/2017 08:46 Page 2

Case Study: Physical Access Control at the Anne Frank Museum

from bicycles causing aesthetic damage to the perimeter security bollards. That being so, considerations around long-term durability needed to be made. In the end, special sleeves were designed complete with an anti-skid coating, all the while aiming to reduce the visual impact of any bicycle knocks.

Traditional option After being in contact with ATG Access for a couple of years throughout the research process, Amsterdam City Council chose the company to meet its retrospective security objectives head on. The business proposed two shallow foundation bollards, both of which met the security level required: one rectangular in shape, the other circular. Amsterdam City Council selected the more traditional round bollard as it was considered to be more sympathetic with the heritage surroundings. The product chosen boasts a slim profile with a diameter of just over 200 mm and a depth requirement of only 176 mm. Once the project had been awarded to ATG Access, the company designed the layout of the shallow foundation bollards in separate arrays of three in order to comply with maximum lifting weights specified by the utilities companies for emergency removal if required. The layout drawings were provided to the client by way of ATG’s CAD engineers showing an individual part number marked on each shallow foundation base. This complied with the manufactured shallow foundation bases which had part numbers laser cut into the bases. The numbers alongside directional arrows, also laser cut into the plates, were all designed to make the product installation straightforward and minimise any disruption. Installation of the selected security measures was organised for night working to prevent any disruption to the building and visiting members of the public during normal business hours. This was made possible due to the product selection: shallow foundation bollards.

‘Jersey Barriers’ in use No fewer than 28 shallow foundation bollards were ordered, manufactured and delivered to the project’s main contractor in Amsterdam in a period of just eight weeks. Robert Ball, ATG’s director of engineering and innovation, travelled to Amsterdam seven days prior to the security installation to train the main contractor ahead of the arranged nighttime installation. Ball then subsequently returned to Amsterdam with the region’s export manager to project manage the night-time installation and complete the task at hand.

“Installation of the selected security measures was organised for night working to prevent any disruption to the building and visiting members of the public during normal business hours” All 28 bollards were installed in three night shifts which included re-instating previously installed ‘Jersey Barrier’ products each night such that the public space was operational and fully secure each morning. Proof of the pudding is always in the eating: the Anne Frank Museum remained open throughout the installation, while visitor numbers were unaffected. This was a small project in terms of product volume and commercial revenue in comparison with other global projects executed by ATG Access. However, as a direct result of this extremely well-managed project and capturing the Operational Requirements at Levels 1 and 2, ATG Access has now built a great rapport with Amsterdam City Council which may result in further joint security projects. The project attracted significant local press coverage in Amsterdam, with a great deal of interest generated in physical security counterterrorism measures implemented for what’s such an iconic national monument in the Netherlands. Considering the terrorism events that took place in Nice, France, the Dutch Police and Amsterdam City Council have shown a proactive approach towards protecting their national assets and infrastructure.

Chris Northy-Baker BSc (Hons) CSyP FSyI FInstLM: Principal Owner at the CNB Security Consultancy

Retrospective security What’s perhaps important about this project is that it clearly demonstrates the hostile vehicle mitigation marketplace isn’t always to be found solely in the conventional critical infrastructure sectors and involve power stations, airports, financial institutions and military bases, etc. It also provides an excellent example of a successful retrospective security solution. It’s worth looking at specific marketplaces and considering the potential for security measures at cultural centres, museums, national monuments and crowded spaces in general. It must be said that a great many stakeholders in this sector dismiss hostile vehicle mitigation protection as they feel it will detract from the appearance of the local environment or create a ‘fortress’ mentality. For their part, security solution manufacturers should continually educate and remain flexible towards designers, architects and local authority planners in order to prove that they can blend globally-certified security products with the local streetscape.

www.risk-uk.com

smart app_Layout 1 07/02/2017 17:21 Page 1

Push Button offerings from Safety Technology

Interchangeable button colours Broader variety of applications Indoor & outdoor models

• • •

12 operating labels supplied Custom labelling available Quick & easy installation

½ www.sti-emea.com info@sti-emea.com § 01527 520 999

Security and Fire Management

BE SMART! Read Risk UK Magazine on your tablet or smartphone using the FREE app

Rely on

ş STI

FireSafetySupplementFrontCover February2017_Layout 1 07/02/2017 12:36 Page 1

FIRE SAFETY Management & Installation

Fire Protection and Prevention with Technology and Innovation Special Supplement in association with:

FireSafetySupplementFIA February2017_PSI_may15 07/02/2017 08:50 Page 1

FIRE SAFETY

EN16763 sets out minimum level of expertise required in fire safety services A new standard has just been published, but unlike other standards this one doesn’t specify technical aspects such as how a fire safety product should be designed or maintained. Instead, EN16763 ‘Services for Fire Safety and Security Systems’, focuses purely on service delivery. Fire Industry Association chairman Martin Harvey reviews the fine detail lmost five years in the making, EN16763 explores every part of the service – from planning through to design, commissioning, installation and handover to the client. ‘Services for Fire Safety and Security Systems’ clarifies what should be the expected level of service at each individual stage, in turn bringing a new benchmark of quality to the fore in the fire industry. Although this new standard isn’t mandatory by law, it’s incredibly necessary. At present, there’s no way of determining the quality of service that a company provides prior to purchasing. This standard aims to improve the quality of service delivery by specifying the level of competence, knowledge and understanding of a company and the individuals employed by that business. The idea is that, by having certain service levels specified, it gives buyers greater confidence in terms of what they’re purchasing. Why, though, would it be necessary to specify

“If a postman who had a liking for DIY suddenly decided that he could commission a sprinkler system or install a fire alarm, there’s no education requirement to stop him from doing that”

the minimum levels of service that should be expected? It’s all linked to education. Education across the whole of Europe and, in particular, the level of education required to do the jobs that we do in the fire industry. The standard sets out the minimum level of education and experience that should be required in order to service a life-safety system – something that has never been specified before. Currently, in the UK there’s no formal qualification for the fire industry. If a postman who had a liking for DIY suddenly decided that he could commission a sprinkler system or install a fire alarm, there’s no education requirement to stop him from doing that. There are no guidelines or even a baseline of education that’s expected. The only vague hint at anything in this direction is that the Regulatory Reform (Fire Safety) Order 2005 states the individual must be ‘competent’, but there’s nothing to define what that is. By law, there’s no minimum education

www.risk-uk.com

FireSafetySupplementFIA February2017_PSI_may15 07/02/2017 08:50 Page 2

“EN16763 lays out a Europe-wide benchmark of quality that should be expected and maintained throughout the industry. It sets out all the prerequisites for the level of skills, knowledge and education that should be expected”

requirement and no formal guidelines on what ‘competent’ looks like in each area of the fire industry, particularly in the services sector. When that notion is the same all across all of Europe, there’s a real need to create a uniform achievable baseline from which everyone can work. This new standard effectively aims to expel those without the correct education and experience from the industry in order to balance out the level of service provided by the wide range of companies in the market, in turn raising the level of professionalism in the industry even higher. This not only affords buyers confidence in what they’re procuring, but also gives them a better idea of what level of service to expect. In a nutshell, EN16763 lays out a Europewide benchmark of quality that should be expected and maintained throughout the industry. It sets out all the prerequisites for the level of skills, knowledge and education that should be expected. It’s all about hitting quality standards for fire safety systems surrounding who’s actually doing the work and whether they’re doing it correctly. With a life-safety system, it really isn’t acceptable that, in 2017, people are able to claim that they’re able to do the job without a certain level of expertise behind them. That level of expertise is exactly what this standard aims to define. The message here is very clear – education is key. This is a real opportunity to raise the quality of services in the fire and security industries across the whole of Europe. While there isn’t a

www.risk-uk.com

formal qualification in the UK for fire at the moment, this is an important first step towards formalising the industry in this way. There’s a need for that at this moment in time. That’s why the FIA and many other industry professionals have striven to create this new standard such that we can set out the level of education and experience that individuals must have in order to do the jobs that they say they can do. As for the impact on companies, there’s now a huge need for them to comply with this standard as, in time, it may become written into the BAFE certification schemes. If BAFE and the certification bodies do adopt this standard (all signs point to them saying: ‘Yes’, they probably will), then the certification bodies will have to turn up and inspect the business. However, that inspection will have to change to cover the criteria in this standard which calls for a higher level of knowledge, skills and understanding. There’s plenty of ways in which they could do that kind of inspection, but they’re all very time consuming: sit down for an hour and carry out a written test of each individual’s knowledge or enact an interview process in which the auditor asks about an individual’s experience in the industry and every job they’ve transacted over the past 20 years. When some companies have hundreds of employees, it really doesn’t seem a viable or efficient option. A much more efficient way of proving competence for this standard would be through a qualification. In this way, auditors could simply check that everyone holds the correct

FireSafetySupplementFIA February2017_PSI_may15 07/02/2017 08:50 Page 3

FIRE SAFETY

qualifications for the jobs they’re doing and simply check them off – much quicker and much, much easier. What the industry really needs now is to launch a qualification. It’s the best thing for the industry to move forward like this. That’s not to say that there aren’t many people that have gained their skills, knowledge and competence over many years. You absolutely cannot say everyone out there without formal training is bad, but there are those without training who have done some fairly shocking things, breaching the Regulatory Reform (Fire Safety) Order 2005 in the process. Having a qualification would help to solve this issue. It would help uniform the level of service across the whole of the UK – the whole of Europe, perhaps. It would even out the field and increase the knowledge of our service engineers, allowing them to perform their jobs better, and at the same time afford them confidence in terms of the decisions they need to make on a daily basis. Certainly, when we’re dealing with life-safety equipment, one failure is one failure too many. On top of that, a formal qualification would help companies meet this new standard, while giving employers more confidence about the

“A formal qualification would help companies meet this new standard, while giving employers more confidence about the quality of the engineer that they’re employing”

quality of the engineer that they’re employing. For job seekers and school leavers, EN16763 provides a clear careers roadmap by pointing out the minimum criteria which individuals should have to enter the industry. It has been said time and time again that the industry is fresh out of new blood and new faces coming into the sector. There’s a huge gap to fill, and this new standard is pointing to a need for a formal qualification within the fire industry in order to bring new people in and also to bring companies up to the new required standard as set out in EN16763. Many industries are suffering from not attracting new young people. Right now, in terms of the fire sector, that’s because our industry is so ‘invisible’. It’s quite hard to see how to start and where a career in the industry might lead. Combine the roadmap as set out in ‘Services for Fire Safety and Security Systems’ with an actual qualification and, suddenly, the door will start to open. People will be able to see a career path for them and in front of them. EN16763 is the breath of fresh air that we need for 2017. Hitting high levels of customer satisfaction through specifying minimum levels of service, it sets out a roadmap of the education required for each job role. Going forward, it really will be down to the industry itself to embark on this road and make sure staff are put through formal training if and when it becomes available.

www.fia.uk.com

www.risk-uk.com

Project1_Layout 1 07/02/2017 06:53 Page 1

By Appointment to Her Majesty The Queen Supplier of Fire Detection Equipment Kentec Electronics Ltd. Dartford

Now Available

Syncro XT+ Addressable Multi Area Extinguishant Fire Control Panel The Syncro XT+ provides addressable detection over 1 or 2 loops with 16 Zone LED Indicators and is available with up to four extinguishant release control units built in Fully approved to EN12094-1, EN54-2 and EN54-4 Contact us for more information +44 (0) 1322 222121

For our full range of products visit www.kentec.co.uk

Life Safety System Specialists

FireSafetySupplementKlaxon February2017_PSI_may15 07/02/2017 17:27 Page 1

FIRE SAFETY

Audible and visual protection Pulse Alert Technology from Klaxon Signals is an award-winning beacon warning system which produces a light output that can protect most rooms with just a single device “All buildings deserve the latest fire evacuation technology, all fire alarm systems should be able to be upgraded and everyone deserves to feel safe and secure”

odels in the Sonos Pulse range of EN5423 compliant beacons and sounder beacons are designed to ensure that all personnel, including those individuals with sensory impairments or working in sensory depriving conditions, are notified of fire emergencies. Featuring Pulse Alert Technology, Klaxon’s EN54-23 compliant beacons enable buildings to be evacuated much quicker, make evacuation requirements clear and unambiguous and allow personnel to feel safe. Relying on audible fire alarm notification alone disadvantages those people with hearing impairments or those working, or living in sound-reducing conditions. Even something as simple as wearing a pair of headphones could prevent someone from hearing an audible fire evacuation warning. To evacuate everyone from a building, fire systems need to signal effectively using light as well as sound. EN54-23 specifies the minimum performance requirements for Visual Alarm Devices. Klaxon’s

Sonos Pulse beacons produce a light output that can protect most rooms with the installation of just a single device. Optical systems disperse light evenly, ensuring the most efficient distribution of light to maximise effectiveness. Klaxon’s Pulse Alert Technology affords all of the benefits an EN54-23 compliant system can bring, while at the same time answering all of the design challenges. Featuring the latest high-power LED technology, Pulse Alert Technology contains advance LED drive circuitry, further improving efficiency, light output performance and longterm device reliability. Sonos Pulse LED circuits are designed to exceed five years of continual operation without degradation of light output. As a company, Klaxon firmly believes that all buildings deserve the latest fire evacuation technology, that all fire alarm systems should be able to be upgraded and that everyone deserves to feel safe and secure.

Installation EN54-23 specifies three different classification categories for Visual Alarm Devices: Wall, Ceiling and Open. Wall and Ceiling mount categories are specified at designated mounting heights and particular coverage pattern areas, as detailed by EN54-23. Open classification allows the manufacturer to specify the coverage volume and coverage shape and doesn’t restrict mounting height. Pulse Alert Technology has been designed to exceed the requirements of both Wall and Ceiling classifications, providing system designers with simple device performance specifications. Wall Classification Wall-mounted devices provide a rectangular prism of light. Wall classification devices with Pulse Alert Technology can be mounted up to 3.1 m in height and cover an 11.3 m x 11.3 m area

Ceiling Classification Ceiling-mounted devices provide a cylinder of light. Ceiling classification devices with Pulse Alert Technology can be mounted up to 3 m in height and cover a 15 m-diameter area

www.risk-uk.com

Project1_Layout 1 07/02/2017 15:03 Page 1

Co-located with

Fire returns to the NEC The Fire Safety Event (FSE) will help fire and safety professionals to achieve and maintain the very highest standards of fire safety management.

New Fire Safety events

The Fire Safety Event offers visitors the opportunity to: • Hear talks from key industry figures at our free to attend seminar theatres • See the latest fire safety products and services from our range of exhibitors The first of our new fire safety events for 2017 is uniquely co-located with the well-established and widely respected Health & Safety Event and Facilities Management Exhibition.

Free seminar programme: 21 March 11:00 12:00 14:00

Warren Spencer - blackhurst budd solicitors - prosecutions under the RRO Fire Safety Order Ian Moore - Fire Industry Association - Public and private sector collaborations - The future for fire safety? Bob Bantock - National Trust - Emergency response and salvage in Heritage premise

22 March 11:00 12:00 13:00 14:00

Stewart Kidd - former bafsa general secretary - Mandatory fire suppression systems for large storage occupancies Roy Smith - on behalf of asecos - live demonstration of protecting against chemical explosions Dr Carl Hunter - Constant Monitoring of Gaseous Systems & Room Integrity – Together Stephen Adams - Bafe - how to meet your fire safety responsibilities

23 March 10:30 11:00 12:00 13:00 14:00

Matt Wrack - general secretary Fire Brigades Union - state of the union address Jon Hall - former chief fire officer Gloucestershire frs - protecting against flooding risks Jonathan Herrick - West Midlands fire service - evacuating the public from your buildings Tom Gilbert - tall building network - Common failings when evacuating tall buildings Niall Rowan - ASFP - passive fire protection compliance

The Fire Safety Events’ exhibitors include companies such as:

For information on exhibiting / visiting visit: www.firesafetyevents.com

FireSafetySupplementFireProtectionAssociation February2017_PSI_may15 07/02/2017 08:51 Page 1

FIRE SAFETY

Fire Alarm and Detection: Best Practice Jimmy Phillips and Mike Floyd of the Fire Protection Association look at the management, use and maintenance of fire alarm and detection systems

ire alarm and detection systems can form a valuable part of a property’s fire protection strategy. Nonetheless, when FPA fire risk assessors visit properties, it’s all too common to find systems that are poorly managed and/or maintained. Such cases leave people and assets badly exposed, can invalidate insurance policies and, in many instances, fall foul of the law. The FPA would always recommend appropriate training from a recognised provider for key members of staff. What follows may provide a useful starting point or refresher for those tasked with managing fire alarm systems.

System management

FPA Handbook The FPA has published an 87-page Handbook on Fire Alarm and Detection Systems, which is available free to download as a PDF for FPA members or otherwise to purchase via its website at: www.thefpa.co.uk/shop The Handbook includes more information on the management and maintenance of systems, as well as detail on system selection, design and operation. The FPA also runs two and five-day training courses covering similar subjects at its headquarters in Moretonin-Marsh. For more information on the above contact the FPA via e-mail: technical@thefpa.co.uk

In any premises subject to the requirements of the Regulatory Reform (Fire Safety) Order 2005 or equivalent legislation, a responsible person or duty holder must carry out a fire risk assessment that considers the safety in case of fire of all ‘relevant persons’. A relevant person is any individual who is (or may be) lawfully on the premises or any person in the immediate vicinity who’s at risk from a fire on the premises. Particular attention needs to be paid to those at special risk, such as disabled people and those with special support needs, and must include consideration of any dangerous substance likely to be on the premises. The person with day-to-day responsibility for the system, not necessarily a competent person, is now termed ‘premises management’ to remove the confusion with the former title of ‘responsible person’ which had been used in the previous edition of the British Standard and is used in overarching legislation in England and Wales as described above. This person may be the first point of contact on fire alarm problems for any staff or service contractors. They may also keep the log book up-to-date, including false alarm entries. Evacuation arrangements and warnings will have been determined from the building’s fire risk assessment.

Evacuation arrangements A single stage of evacuation (‘one out, all out’) is the most reliable signal to give in a building, as no confusion should arise in the subsequent

response procedure. In some cases, a general evacuation warning – that is, a warning for everyone immediately to leave the building – may be inappropriate and a delayed or staged evacuation, perhaps by floor or defined area, may be adopted. For those places where a general audible alarm isn’t thought to be immediately desirable, such as hospitals and department stores, the alarm may be transmitted to a permanentlystaffed control point or discretely to pagers held by key members of staff where trained individuals can assess the warning required and then pass on the instruction to staff or the Control Room as appropriate. In taller commercial buildings, which have been designed with reduced stair capacity, the evacuation signal may be ‘phased’. This requires the fire alarm system to give a clear message to individual floors in sequence in order to avoid overloading the staircases. A voice message system is the preferred arrangement in such cases as an ordinary sounder tone may ‘bleed’ into additional areas, causing confusion as to when to evacuate.

Servicing and maintenance BS 5839-1 provides the current guidelines for a servicing and maintenance regime of automatic fire detection and alarm systems, which has been in place since the 2002 edition. Many organisations continue to service systems to the previous guidelines which, in point of fact, don’t guarantee compliance with the current standard. A maintenance regime may include: • a weekly test • monthly user requirements (where generators are used as a form of standby power) • a quarterly inspection of vented batteries • a periodic inspection and test of the system (not exceeding six months) • an annual service which may be undertaken across two six-monthly services or any other pattern that ensures not more than 12 months pass before any device receives attention Further guidance on the completion of these tasks can be found via the FPA’s Training Department or its Publications Department.

www.risk-uk.com

Project1_Layout 1 07/02/2017 15:02 Page 1

Evacuate everyone

EN54-23 Approved Fire Beacons ns 6RQRV 3XOVH DQG 1H[XV 3XOVH GHYLFHV FRQWDLQ 3XOVH $OHUW 7HFKQRORJ\ .OD[RQÂ·V (1 FRPSOLDQW YLVXDO QRWLÃ&#x20AC;FDWLRQ IRU ZDOO DQG FHLOLQJ PRXQW GHYLFHV 3XOVH $OHUW 7HFKQRORJ\ SURYLGHV YLVXDO QRWLÃ&#x20AC;FDWLRQV WKDW DUH XQPLVVDEOH DQG XQPLVWDNDEOH HQVXULQJ WKDW HYHU\RQH LV QRWLÃ&#x20AC;HG RI D Ã&#x20AC;UH HYDFXDWLRQ HPHUJHQF\

Seminars .OD[RQ FXUUHQWO\ UXQ D FHUWLÃ&#x20AC;HG (1 &3' VHPLQDU IRU &RQVXOWDQWV ,QWHJUDWRUV DQG (QG 8VHUV 3OHDVH FRQWDFW XV QRZ WR ERRN D Â´OXQFK DQG OHDUQÂµ (1 &3' 6HPLQDU

EN54-3 Sonders & Beacons Nexus 105/110/120 Sounders +LJK RXWSXW VRXQGHUV FHUWLÃ&#x20AC;HG WR (1

Sonos Sounder Beacon (OHFWURQLF VRXQGHU EHDFRQ FHUWLÃ&#x20AC;HG WR (1

Tel: +44 (0)1706 233879 ZZZ NOD[RQVLJQDOV FRP Ã&#x20AC;UH

FireSafetySupplementKentec February2017_PSI_may15 07/02/2017 14:52 Page 1

FIRE SAFETY

Extinguishing the myths about IT fire protection Fire prevention is one of the most neglected areas of Data Centre planning, but attitudes may be changing as more IT professionals become aware of the enormous risks posed to a business by fire

The Syncro XT+ control panel

ccording to the latest report on Data Centre downtime recovery costs, the average cost of unplanned IT downtime is about £600,000. Indeed, the penalties for a crippled IT system can include the costs of time-consuming manual operation of automated features by extra staff added to the ‘reputational damage’ to an organisation in terms of brand value and customer loyalty. For example, it’s estimated that, in 2013, the unplanned maliciously-caused downtime for no more than an hour of a global Internet commerce and cloud computing company was £4 million. A further sobering thought is the calculation from industry studies that 43% of businesses forced to close by fire never reopen.

Gas extinguishing systems offer protection for people and property In a recent arson attack on a Danish company, its IT room and data survived unscathed thanks to the triggering of a fire suppression system, which flooded the room with a blend of inert gases allowing the servers and network to continue as normal within an hour. The extinguishing effect of inert gases is achieved by displacing the oxygen in the air. Assets are protected by the slow response that is typical of inert gases. In this case, nitrogen is not poisonous and is particularly well-suited for protecting highly frequented areas, while argon and carbon dioxide, which is heavier than the surrounding air, pervades the ground-level flood area quickly and thoroughly making it more suitable for less frequented areas. The extinguishing gases CO2, nitrogen and argon are referred to as inert gases. They’re

Kentec’s arrival at Bergen’s new airport terminal A new life-safety system based around Kentec’s Syncro XT+ addressable extinguishing control panel technology is being installed in the new 4 billion Kroner (Euro 407 m) terminal at Norway’s Bergen Flesland International Airport. Bergen Flesland’s new terminal will treble the airport’s capacity and include a new dedicated train line connecting Flesland to Bergen city centre. The terminal building itself will be scalable, featuring all core functions, including check-in, baggage, storage systems, security control and departure and arrival halls on two separate levels. Norwegian firm Brannslokkesystemer AS was commissioned to design and install a Novec 1230 extinguishing system, controlled by a Kentec Syncro XT+ network comprising of 11 multi-area addressable extinguishant control panels with loop-powered status indicator units and using Apollo communications protocol. Brannslokkesystemer AS imports, designs and assembles automatic gas extinguishing systems for the marine and land-based market throughout Norway. www.kentec.co.uk

colourless, non-conductive and don’t leave residues. They’re slow to react and don’t usually result in any chemical interactions with the fire or other materials. These pure gases, which are available in our natural environment and recommended for use in extinguishing systems, are derived largely from the air we breathe and, if released, don’t adversely affect the environment. For procurement they have the advantage of being vendor neutral and are available worldwide. This technology is specified in environments where system continuity is critical and fire prevention management of the highest reliability is essential, as most fires cannot be sustained with less than 15% oxygen (a phenomenon of physics central to the development of inert gas automatic fire extinguishing systems). First to be compliant Only in recent years has the design and functionality of the control panel for fire protection extinguishing systems been defined by its specification within a common standard. A proven leader in this technology is Kentec, the first company to introduce an EN120941:2003-compliant extinguishing panel. Since 1985, the business has specialised in comprehensive systems for extinguishant control together with the design and manufacture of a wide range of extinguishing control panels. EN12094-1 became a harmonised standard in 2006, and Kentec was the sole manufacturer able to apply the CE mark showing compliance with the Construction Products Directive to any type of fire control panel. Leading-edge multi-area addressable extinguishing panel The latest Syncro XT+ addressable multi-area extinguishant control panel, fully approved to EN12094-1, EN54-2 and EN54-4, provides addressable detection over 1 or 2 loops with 16 Zone LED Indicators and is available with up to four extinguishant release control units built-in. The extinguishant control modules on the panel have a comprehensive set of inputs and outputs to monitor and control the extinguishing system whether it be gas, aerosol or another. A simple programming interface means that the panel can be programmed to meet the clients’ specific requirements. This latest product further enhances Kentec’s position as one of the world’s leading innovators of extinguishant control module technology.

www.risk-uk.com

Project1_Layout 1 07/02/2017 06:52 Page 1

The key to fire systems competency

BOOK NOW! thefpa.co.uk

FPA Training C14 Fire Detection and Alarm Systems The practical route to understanding the installation and maintenance of detection and alarm systems and the relevant legislative requirements You will be able to clearly demonstrate to customers and/ or employers evidence of training matched against: • the National Occupational Standards in Systems • relevant British Standards (BS 5839 Part 1, plus parts 6, 8 and 9; BS 6266) • BAFE SP203 for Fire Detection & Alarm Systems • relevant legislation and guidance • a sector competence matrix agreed by sector employers

Next course dates: Dates: Venue: Cost:

20-24 March 2017 5-9 June 2017 Moreton in Marsh £1,000 + VAT

Delegates may also choose to attend the first two days only as an introductory course. This is priced at £520 + VAT ECA members will receive discounted FPA member price (£1,000 + VAT), please quote your ECA membership number when booking.

To book this course or to find out more about any FPA courses please call 01608 812 500, email training@thefpa.co.uk or go to the FPA website at thefpa.co.uk

thefpa.co.uk | 01608 812 500

FireSafetySupplementFireSafetyEvent February2017_PSI_may15 07/02/2017 08:52 Page 1

FIRE SAFETY

Fire safety returns to the NEC in Birmingham The Fire Safety Event’s content director Mark Sennett introduces the show, which boasts an unparalleled line-up of free educational content and an exhibition playing host to major fire safety manufacturers and industry associations

The Fire Safety Event is also visiting the SECC in Glasgow on 3-4 May when more than 4,500 fire industry professionals will gather to enjoy even more Keynote sessions and browse 30 exhibition stands. The show takes place as part of Scotland Works, which will feature content and exhibitions on Health and Safety, cleaning, facilities and maintenance. In addition, The Fire Safety Event runs at Manchester EventCity on 10-11 October. Upwards of 3,500 delegates will enjoy access to education theatres and 30 exhibition stands. The show is colocated with the longestablished Health and Safety Show North

safety trainer Roy Smith will stress the need for the safe storage of flammable substances by carrying out live demonstrations of chemical explosions. Dr Carl Hunter is going to explain why it’s essential to constantly monitor gaseous systems and room integrity. BAFE’s CEO Stephen Adams will inform delegates how they can meet their fire safety responsibilities. n 21-23 March, fire safety finally returns home to the NEC in Birmingham after more than four years away. The Fire Safety Event will attract more than 6,000 installers, end users, fire safety managers, consultants, risk assessors, insurers, facilities managers, Health and Safety professionals, manufacturers and Fire and Rescue Services who will enjoy an unparalleled line-up of free educational content. The Fire Safety Event is co-located with the long-established Health and Safety Event, Facilities Management and Maintec exhibitions. It will feature 20 fire sector companies, among them Advanced, FirePro, Coltraco Ultrasonics, Patol, BT Redcare, the SSAIB, Sigma, Asecos, Evac+Chair, the Institute of Fire Safety Managers, BAFE and the Association for Specialist Fire Protection. Sponsored by Advanced, the Keynote Theatre will boast the most high-profile collection of fire industry experts ever assembled at a free-toattend event in the UK.

On 21 March, solicitor Warren Spencer, who has prosecuted more than 100 cases under the Regulatory Reform (Fire Safety) Order 2005, will review key prosecutions that he has been involved with under the FSO. The FIA’s managing director Ian Moore will discuss the pros and cons of public and private sector collaborations in the fire sector, while the National Trust’s Bob Bantock will explore emergency response and salvage operations in heritage premises. He’ll give particular focus to the devastating fire at Clandon House.

Focus for Day 2 On 22 March, former BAFSA general secretary Stewart Kidd is set to highlight the need for mandatory fire suppression systems in large storage occupancies, while well-known fire

Keynote Theatre on Day 3 The final day of The Fire Safety Event takes place on 23 March. The Keynote Theatre presentations will be opened by Fire Brigades Union general secretary Matt Wrack who’ll deliver a ‘State of the Union’ address looking at the impact of austerity measures on the Fire and Rescue Service. Former chief fire officer of Gloucester Fire and Rescue Service Jon Hall will demonstrate ways of protecting buildings from flooding, while West Midlands Fire Service primary authority manager Jonathan Herrick is scheduled to examine safe evacuation methods from buildings. Tom Gilbert from the Tall Buildings Network is going to highlight common failings when evacuating tall buildings and Association for Specialist Fire Protection chief executive Niall Rowan will conclude the line-up by explaining key steps for ensuring passive fire protection compliance.

Fire and Evacuation Theatre

In addition to the Keynote Theatre, The Fire Safety Event will also boast a second theatre focusing its attentions on Case Studies from numerous manufacturers. The Fire and Evacuation Theatre will cover presentations from companies including Advanced, C-Tec, BT Redcare, the SSAIB, Patol, Coltraco Ultrasonics, Evacusafe and Evac+Chair. The sessions will focus on topics such as evacuation from the World Trade Center building during 9/11, smoke control, fire doors, wireless technology, suppression systems in hospitals, creating the perfect risk assessment, eliminating false alarms and fire system installer competency. For more information or to register to attend the Fire Safety Event on 21-23 March at the NEC for FREE visit www.firesafetyevents.com

www.risk-uk.com

smart mockup_000_Benchmark_march15 08/12/2016 12:26 Page 1

BENCHMARK Smart Solutions BENCHMARK

Innovative and smart solutions can add value and benefits to modern systems for customers. With the technological landscape rapidly evolving, the Benchmark Smart Solutions project assesses the potential on offer from system integration, advanced connectivity and intelligent technology. Bringing together field trials and assessments, proof of concept and real-world experience of implementing smart solutions, it represents an essential resource for all involved in innovative system design. Launching in 2017, Benchmark Smart Solutions will be the industryâ&#x20AC;&#x2122;s only real-world resource for security professionals who are intent on offering added value through the delivery of smarter solutions.

@Benchmark_Smart Partner Companies

www.benchmarksmart.com

PhysicalSecurityInformationManagementTrendsfor2017 February2017_riskuk_sep14 07/02/2017 12:49 Page 1

2017: The Breakthrough Year for PSIM? In contrast to other security systems, Physical Security Information Management’s (PSIM) greater capability and capacity for value creation will likely drive its growth. Will 2017 be the breakthrough year for PSIM, then? As Keith Bloodworth observes, it will be the year that many of the global integrators begin to define cohesive strategies for their ongoing participation in this growing market

44 www.risk-uk.com

uring a 12-month period where national security has been shown to be relatively powerless against the evolving threat of small terror cells, the need for large-scale CCTV coverage of both public and private space has arguably never been greater. At a time when almost all police and mass transit operations are facing reduced budgets for security operations, meaning fewer boots on the ground, there has been an increasing focus on the use of technology, with digital ‘eyes’ as a force multiplier for police and security officers alike. These ‘eyes’ on the street work 24/7/365 and with a low cost of maintenance and little intervention required. They may not prevent attacks, but they can assist investigations and the apprehension of offenders. With an enhanced requirement for CCTV, however, comes the need to rapidly retrieve footage from both public and private systems along with the problem of integrating legacy systems which, in many cases, is best served by a PSIM solution. This isn’t in itself a Safe City solution, but it is a surveillance solution that forms a vital part of a much wider Safe City programme. PSIM is a smart way in which to connect vast numbers of DVRs/NVRs/CCTV systems from multiple different vendors to retrieve video of interest for distribution to operatives requiring specific information. Significant in 2016 was the growing number of law enforcement agencies around the world

who now acknowledge that the best solution comprises public/private co-operation as well as the use of phones, drones and whatever technology affords them access to video most accurately and/or with the greatest speed. With market analysts across the board predicting very high growth in the PSIM market – on average about 25%, but some as high as nearly 35% CAGR – the question isn’t whether or not PSIM has a value proposition, but rather how do systems integrators engage and work with the PSIM vendors? At present, there’s only a limited number of real PSIM-‘enabled’ integrators who can handle everything from sales enquiries through to implementation and maintenance support. The challenge for system integrators has been the large, complex one-off solutions that require ongoing maintenance and development, where not just security and facilities are involved, but increasingly business process as well. Those who’ve been working with PSIM are seeing the benefits of their investment through increased revenues, enhanced margins and, indeed, improved customer relationships.

Predictions for 2017 Many of the higher end VMS and access control system manufacturers have added third party integration capability to their solutions, partly due to market need and also in order to compete with entry-level PSIM players who mainly offer a ‘Common Operating Picture’ without much in the way of added intelligence, custom GUI designs or workflow. Entry-level PSIM vendors are finding it harder to demonstrate additional value to the market as the integrated solutions from mainstream VMS companies have an increasingly good offering at that level. We predict the demise of some of the ‘pseudo’ PSIM vendors in 2017, as well as an increase in the entry-level PSIM market share taken by VMS vendors. We also expect to see ongoing and significant growth for enterprise-level PSIM vendors, wherein PSIM is a customised, mission-critical solution for the client complete with tailored user interfaces, workflows and standard operating procedures. Here, PSIM is widely recognised as a requirement of all highend integration programs, notably so in the Critical National Infrastructure protection, mass transit, oil and gas and nuclear markets. The overall acquisition trend continued during 2016, resulting in more major

PhysicalSecurityInformationManagementTrendsfor2017 February2017_riskuk_sep14 07/02/2017 12:49 Page 2

Physical Security Information Management: Trends for 2017

consolidation taking place. Larger global players led on the acquisition front, particularly of IP-based vendors, with good examples being Konica buying Mobotix, Honeywell acquiring Xtralis and Axis buying 2N, an emerging IPbased intercom vendor, as well as Cognimatics (a video analytics specialist in retail solutions). M&A activity has been on the rise for some time. This last year has given the security world one of its largest upheavals. JCI has tied-in with Tyco, creating a seriously large global player and, potentially, one of the few truly global system integrators. From the end users’ point of view, it’s good that these leading market players are buying exciting new technologies, in turn making them more accessible through their larger distribution networks. It may seem odd that Securitas, for example, has bought an integrator (Diebold) as the former is best known for its security guarding business, but perhaps it’s time that such companies invested in supplying high value technology solutions that could supplement the guarding element of their offer, in turn realising more value for their client base.

PSIM and analytics 2016 saw the return of several highly promising technologies which failed to deliver to the security market the first time around. Most notably, video analytics is back, especially embedded in the camera for live detection or as a forensic tool to retrieve video clips needed for post-incident investigations. Where this becomes interesting is in the use of mixed technologies from multiple vendors to build an end user application, as required and defined by the client. This is how PSIM and other third party vendors, and notably those focused on analytics, can offer huge reductions in operations, cost and time by allowing automation in event identification and process. Analytics used on their own are not a solution, but as part of a wider, more encompassing operation, they can add detection and tracking as well as identify episodes from vast amounts of video data generated by multiple vendor solutions. A major development in the last 12 months has been the mixed use of security assets to support business operations. CNL Software has previously deployed rail transit solutions with operational as well as security benefits, but in 2016 we saw this strategy adopted by port and airport end users as well. Now, mobile phones and tablets are used to communicate with and from the Control Room, managing operational incidents in the field such as accidents,

equipment maintenance and logistics, etc. In this way, security assets are used to support business operations and pave the way for even further investments in security technology as it’s supporting the business mission. This ‘business’-critical element will remain the domain of enterprise PSIM vendors.

Double-edged sword Users of multiple numbers of Control Rooms are now looking for them to be aggregated and managed from a central command facility, maintaining both local and centralised operations. Such an approach is set to grow as a specialisation in the next few years. It’s already a complex market for high-end Command and Control solutions, but a perfect replacement for expensive bespoke solutions. Fast emerging in the first responder community is the use of low cost drones, which can be deployed and used as fast and geoflexible CCTV cameras for incident management of all types. However, this evolving technology needs to be managed in order to provide the required information on the situation as the right time and technology is now demanded in the Control Room for identification and bidirectional use of this geo-located video – hence the need for even smarter PSIM solutions with the ability to take the workflow elements out of the field and place it in the hands of operational staff. The issue for many Control Room operators is that drones can also find themselves in the hands of the criminals, so detection and elimination responsibilities will fall within their remit. One of the major benefits here for PSIM is its ability to rapidly change and add new technologies in a fast-changing world. In 2017, enterprise PSIM will continue to raise its game in those areas that were once the preserve of defence contractors and semimilitary companies. Further expansion into C2i will see greater levels of intelligence, including tracking, slew to cue, the aggregation of sonar and radar, mass communications, 3D, federated systems and custom-built applications such as incident management for specific verticals. That being the case, such developments will both define and confirm the requirement for PSIM in those verticals where security hugely impacts business efficiencies.

Keith Bloodworth: CEO of CNL Software

“The challenge for system integrators has been the large, complex one-off solutions that require ongoing maintenance and development and where not just security and facilities are involved” 45

www.risk-uk.com

TechnologyRiskManagementintheFinancialServicesSector February2017_riskuk_apr15 07/02/2017 15:13 Page 1

IT Risk Management: Foundations in a Technology-Driven World

As technology becomes more pervasive across financial services, so too do the associated risks. Failing to manage these risks can create front page news, as well as an unwelcome and often material financial, customer and reputational impact. Regulators are responding accordingly, with many in EMEA paying particular attention to the risks associated with technology. Chris Recchia reviews how financial services firms should respond

www.risk-uk.com

he financial services industry is rapidly evolving. Customer demands are changing, a wave of innovation is hitting the sector and new disruptive technologies emerging that will inevitably change the marketplace quite dramatically over the next decade. The pace of change makes financial services an exciting place to be, but also raises many challenges for those managing risk. The recent Deloitte study ‘IT Risk Management Survey for Financial Services: Foundations in a Technology-Driven World’ involved IT risk professionals across EMEA. Risk UK’s readers will be interested to discover some of the key themes that emerged. Let’s take a look at them. Technology is an integral part of business strategy, operational and financial processes and regulatory compliance. Ineffective management of IT risk, therefore, has a significant impact on the management of risk across other domains. The consequences of ‘getting it wrong’ can severely impact an organisation’s reputation, customer confidence and loyalty, driving IT risk management firmly up the Board agenda. In response to this, Board members are increasingly challenging management on the robustness of their approach towards managing IT risk. Given the aforementioned pace of technological change, the Board should ensure sufficient attention is paid to ‘forward-looking’

execution risk (ie the ability to deliver on an ever-increasing order book set against a backdrop of strategic change), as well as the threats and opportunities posed by emerging disruptive technologies. As the strategic importance of IT increases, the execution risk to the wider organisation becomes very real. This risk can be compounded by management decision-making that often has unintended consequences on the cost and complexity of the IT environment. Those in governance and oversight roles should ensure that organisations are equipping themselves with the tools, techniques and resources to reduce this execution risk. Organisations that do this well tend to have close alignment between IT risk functions and the wider business risk teams, making sure that everyone involved is on the front foot in terms of understanding new technologies and business strategy alike. They also tend to invest in delayering and automation of the IT control environment, simplifying the landscape and building automated controls into business processes specifically designed to support risk-based and proactive forms of decision-making.

IT risk operating model A practical and consistent approach towards risk management is fundamental in terms of embedding an effective operating model. Driving consistency through the use of common risk management processes and tools should allow for further integration of risk teams across different risk domains. Combined risk teams with a broad set of skills, knowledge and experience will be well placed to redefine and respond to a more complete and relevant set of risk scenarios that span multiple risk domains. In order to do this, they will undoubtedly need to leverage resources and capabilities from across Group functions, not just IT, and both design and implement a consistent set of optimised risk management services. While the ‘three lines of defence’ model makes perfect and rational sense on paper, it must be said that successful implementation isn’t without its challenges. This has led to senior management time being spent on resolving day-to-day challenges, eroding the

TechnologyRiskManagementintheFinancialServicesSector February2017_riskuk_apr15 07/02/2017 12:41 Page 2

Technology Risk Management in the Financial Services Sector

value provided by the IT risk function to IT itself and, indeed, the wider organisation. There are a number of ways in which IT risk operating models might be enhanced in order to drive value creation: • driving a clear and succinct accountability model to show what’s performed in each line of defence and, critically, delineate the accountabilities of front line risk and control owners • leveraging opportunities to share resources, methodologies and expertise across business areas to increase the effectiveness and efficiency of common risk management activities such as management testing and issue remediation • using specific data analytics and metrics to inform and underpin the identification and management of emerging risks • developing an internal thought leadership capability to act as an advisor to the business on the risks posed by emerging technologies, such as automation and Artifical Intelligence • refocusing IT risk functions themselves to enhance proactive risk management activities rather than reactive risk administration

Evolving risk landscape As technology accelerates business automation and innovation, the risk landscape is also rapidly evolving. Risks are emerging from previously unknown sources. Competing corporate priorities such as cost reduction or increased innovation often create pressures that create risk, aside from the more common sources of risk such as poorly-controlled IT operations, change and security processes. Effective and efficient risk identification is critical to ensuring that resource and attention is prioritised in the right places. This is often made challenging by the complexity and scale of many financial services organisations, illustrating the importance of gaining agreement at senior levels on the most pressing risks that need to be managed. In many ways, though, risk identification is just the tip of the iceberg. IT risk is often the risk that the typical Board member may be the least well-equipped or informed to understand and oversee. Metrics and key risk indicators can be established to effectively monitor risks, but also as a key tool for communicating IT risks to senior management in the kind of language that they readily understand. Business risk exposure is increasing due to the heightened strategic and operational dependence on IT, but risk appetite isn’t increasing at the same pace. The significant increase in risk exposure demonstrates just

“Driving consistency through the use of common risk management processes and tools should allow for further integration of risk teams across different risk domains” how critical effective IT risk management is to an organisation. Organisations should be looking to review their internal and external risk exposure on a regular basis, and review their risk appetite at a granular level for each area of IT risk. Risk appetite may increase for a number of valid reasons. On that basis, it’s important that a common view is held across the organisation such that informed decisions and prioritisation calls can be made as and when necessary. Returning to the topic of metrics, defining a consistent set of key risk indicators, metrics and thresholds provides an objective assessment as to whether IT risk is within appetite. Ensuring that there are leading and lagging indicators in the population will support the establishment of proactive risk management capabilities, enabling corrective actions to be instigated before risks materialise in to what may well become serious issues. The IT risk function has developed organically over the last decade and now needs to think more strategically about its people. In order to meet the growing demands being placed upon it over the next five-to-seven years, the IT risk function will need to develop and nurture a pipeline of talent that has operational IT and business knowledge – as well as risk and control experience – in equal measure. As the environment becomes increasingly complex, risk-focused staff will have to assess, analyse and respond to the new landscape alongside business risk management teams. Consideration should be given to the additional skills required to manage IT risk in the future, and how they differ from the skill sets management have at their disposal today. Without a pipeline of talent to deliver over the longer term, risk functions will lag behind their organisation in developing the risk skills, knowledge and market exposure needed to manage risk. It’s critical that organisations don’t fall foul of the ‘corporate memory’ gap, wherein third parties are relied upon within business as the usual roles designated with providing skills, services and continuity are not in existence in-house. This creates an extremely challenging environment in which to manage IT risks efficiently, effectively and, ultimately, in a way that adds value to the business. It is, however, a challenge that should be tackled head on and not ignored.

Chris Recchia: IT Risk Management Leader and Partner at Deloitte LLP UK

www.risk-uk.com

TheSecurityInstitute'sView February2017_riskuk_apr15 07/02/2017 12:39 Page 1

Maintaining Effective European CoOperation on Counter-Fraud Post-Brexit which £144 billion relates to the private sector and £37.5 billion to the public sector. Fraud in general also seems to be on the rise. Back in September, Financial Fraud Action UK reported that, in the first six months of last year, financial frauds had risen by 53% on the same period in 2015. Fraud is a problem that isn’t confined to the UK and, therefore, it’s likely that other countries in Europe are also experiencing significant and increasing levels of this form of criminality. The impact of globalisation and the rise of the Internet over the last decade means that many frauds and fraud types cross national boundaries and, as such, represent a common threat that needs to be addressed. Without robust action, jobs are at risk, public services may be adversely impacted, businesses could experience cash flow problems and individuals might suffer great hardship and anxiety.

Speaking at Lancaster House in London on Tuesday 17 January, Theresa May outlined the UK Government’s approach to enacting Brexit and withdrawing the UK from the European Union (EU). Key among the Conservative’s plans is a commitment for the UK to leave the EU’s Single Market, with MPs and Peers having a final vote on the proposed deal. As Mike Gilbert observes, post-Brexit cooperation must extend to the ongoing battle against fraud

www.risk-uk.com

ther elements of the Prime Minister’s speech included detail around the fact that the UK would not be a full member of the customs union, but would hope to strike some sort of tariff-free deal, while also continuing to co-operate over matters such as crime and counter-terrorism. Inevitably in this type of politically-charged environment, much attention in the national media is given over to the differences that exist between the two sides in the negotiations and how they might be reconciled in a way which suits both parties. It’s important to remember that, whatever the eventual outcome of the complicated Brexit negotiations, the UK still has much in common with the rest of Europe. We share a common geography and have shared values that are reflected in our respective cultures, attitudes to commerce and, importantly, our approaches to law enforcement and security. We must never lose sight of these similarities when considering shared problems which include the need to tackle fraud and corruption. Both types of crime cause significant loss to nation states, corporate business and individuals alike. An assessment of fraud losses undertaken jointly by the University of Portsmouth and PKF Littlejohn, published in May last year, estimates that fraud is costing the UK £193 billion on an annual basis, of

Working in collaboration No matter the outcome of the Brexit negotiations, those resident within – and operating from – the UK will need to work with their colleagues in other European countries to tackle this significant and growing issue. That work should continue to include the sharing of information and intelligence on the new and emerging frauds, those suspected of committing them and how such crimes can be countered cost-effectively. Leaving the EU without an agreement on these matters might have a negative effect on combating fraud. In a presentation at the University of Portsmouth in December last year, London First – the not-for-profit organisation whose mission is to make London the best city in the world in which to do business – noted that immediate access to the Secure Information Exchange Network might be at risk. It also noted that, if it were outside the EU, the UK may lose direct access to databases such as the Europol Information System and would be unable to lead operational EU projects such as the European Cyber Crime Task Force. Leaving the EU might also have implications for the protection of personal data, as currently laid out in the Data Protection Act 1998. Crossborder investigations often involve personal data. Thus, if such data exchanges are to take place as at present, then the UK post-Brexit will

TheSecurityInstitute'sView February2017_riskuk_apr15 07/02/2017 12:39 Page 2

The Security Institute’s View

need to be recognised as offering an adequate level of protection if current information flows are to continue as they do at present. For its part, the UK Government will need to come to a view on the implementation of the new EU General Data Protection Regulation in the UK post-Brexit if counter-fraud operations are not to be disadvantaged in some way. Fraud is a high-volume crime and the police and other law enforcement agencies within the UK don’t have the resources available to them to investigate many of the frauds that have occurred. Consequently, many organisations within Government and commerce employ civilian specialists to investigate frauds on their operations and report the results of these to the police service when and where relevant. The impact of Brexit on these civilian investigations will depend on the nature of the fraud. For small and localised frauds (such as a travel expense fraud), which can be examined using information held by the organisation commissioning the investigation, the impact on civilian fraud teams is likely to be minimal. This is because such investigations may be carried out without the need for sharing data with others and within UK law and the organisation’s own Terms and Conditions of employment.

More complex scenario However, the situation arising where a civilian investigation demands information from other UK persons or organisations, for example where contract or grant fraud is suspected, is a little more complicated. If UK legislation post-Brexit incorporates some form of information sharing power, as currently enacted by Section 29(3) of the Data Protection Act 1998, then again the impact of leaving the EU on investigations may well be minimal. The main impact is likely to be on trans-border and cyber fraud where more than one legal jurisdiction is involved. While full participation with Europol requires membership of the EU, Europol’s main website notes that it works with many non-EU Member States (Australia and Canada, for example) and other organisations. It also reports organised fraud as one of the five major threats that it’s currently working to combat. Therefore, some form of operational agreement with Europol post-Brexit will be needed if the effectiveness of the fight against fraud is to be maximised. Tackling fraud effectively means fashioning an environment whereby it’s deterred, either by fear of detection and prosecution or because the economic conditions are such that the cost of committing an act of fraud outweighs any benefits that flow from it.

Some groups within society, such as organised criminals, are thought to have a predisposition towards fraud and related criminal activity, and are thus likely to commit acts of fraud irrespective of the outcomes which flow from the UK’s decision to leave the EU. Consequently, any dilution in the transnational response to tackling fraud from this sector post-Brexit could lead to increases in the incidence of fraud from this group and any resulting losses. However, a significant number of frauds are ‘one-off’ occurrences committed by otherwise law-abiding individuals and organisations who are driven to it by personal circumstance or because they believe that they can ‘get away with it’. The incidence of fraud from this group is thought to be more susceptible to deterrence mechanisms and economic conditions. A prosperous economic climate undoubtedly helps to minimise the risk of fraud from this group by removing some of the motivations. For example, high employment rates supported by a National Living Wage and a prosperous economy, wherein the demand for goods and services is robust enough to generate sufficient cash flows and profit for business and commerce, can reduce benefit and corporate fraud risks quite substantially.

Maintaining robustness If Brexit leads to an economic downturn, and thus a rise in interest rates, inflation and unemployment, the number of frauds from this group may rise. To counter any potential increase in fraud risk, it’s absolutely essential that any postBrexit counter-fraud regime enacted in the UK’s public, private and voluntary sectors is at least as robust as it was found to be pre-Brexit. In summation, then, fraud levels within the UK are both significant and increasing. The Government needs to ensure that, in a postBrexit landscape, the UK’s ability to tackle instances of both domestic and transnational fraud is strong. If the Government doesn’t do so, then public services, business, commerce, charities and individuals alike could well face severe hardship as a result of increasing levels of fraud loss. The extent to which any enhanced degree of counter-fraud robustness can be achieved is, as yet, somewhat unclear.

Dr Mike Gilbert MSyI ACFS: Counter-Fraud Consultant and a Member of the Chartered Institute of Public Finance and Accountancy and ISACA

“The Government will need to come to a view on the implementation of the new EU GDPR in the UK post-Brexit if counter-fraud operations are not to be disadvantaged” 49

www.risk-uk.com

InTheSpotlightASISInternational February2017_riskuk_apr15 07/02/2017 14:50 Page 1

Security in Crowded Spaces Given the recent spate of terrorist attacks in France, Belgium and Germany, not to mention the inquest currently being conducted into the Sousse atrocity in Tunisia (an episode that led to the deaths of 30 Britons), the focus for many in the security world is upon crowded spaces and how to secure them from the various threats they face. Christopher Aldous reviews the key points involved for the readers of Risk UK

nfortunately, for many the term ‘crowded spaces’ focuses thoughts almost solely in the direction of stadiums and sporting events, but the associated areas that make such events an experience – such as fan zones, camping sites, hotels, restaurants and bars – are mostly forgotten by the planners. The $64,000 question, then, is how should a crowded space be defined? The following has now become an accepted way in which to correctly define such a space: ‘A location or environment to which members of the public have access that could be considered potentially liable to terrorist attack by virtue of its crowd density.’ With the above description in mind, the management teams at stadiums who have developed robust operational security supported by architectural design and introduced technical security controls to protect occupants have pushed the risk of attack further out to the crowded zones supporting a given event. Now, the operators of those aforementioned fan zones, hotels, restaurants and bars, etc have to consider the impacts upon their business operations, while for their part policing organisations need to re-examine their public space controls. It’s worth unpicking the terminology used within the definition, specifically ‘location or environment’. This implies either a specific site or sites that create an environment. If your business falls within an area designated as part of a fan zone, or is located on a major pedestrian route that services the main event then, by default, it too becomes part of a crowded space. As major stadiums deflect risk from terrorist attacks outwards to businesses in the locality, those businesses may well benefit from the rise in customers, but the buildings and infrastructure housing and servicing them were likely not designed to counter the higher levels of risk engendered. That being so, what can be done to mitigate the risk?

Developing operational plans

Christopher Aldous BSc (Hons) CPP PSP: UK Chapter Secretary for ASIS International and Director of Design Security Ltd

www.risk-uk.com

Security is seen by many Boards of Directors and senior management as little other than a financial ‘hit’ on the bottom line, yet if planned correctly and coupled with a clear understanding of what security – ie physical, technical and procedural – is offered by the built environment, it’s fair to state that operational plans may be developed that can

provide cost savings and enhance the business’ operation and, indeed, brand reputation. For businesses likely to become more crowded during major sporting events, what are the likely impacts? It’s important to consider the legislation a business must comply with in order to provide a safe and secure environment for customers and employees. Next, there should be a risk assessment conducted in order to identify what specific security-related risks impact upon the business operation and the probability of those occurring. Advice imparted by security design experts that’s independent from equipment suppliers and available at the earliest stages will help the host business to understand its legislative obligations and the specific threats such that its formulated plans effectively address them. This is key to specifying only what’s needed and avoiding any unnecessary expense. Businesses should review what measures they currently have in place and consider how those solutions would operate should an incident occur. It’s imperative not to make the mistake of rushing out and purchasing CCTV or other security services until such time that there’s a full and complete understanding of what the business is trying to achieve from a security standpoint.

Complication can lead to failure Developing large-scale and ‘wordy’ plans isn’t a great idea. In my experience, complicated plans typically fail. It would be advisable prior to events to have discussions with your members of staff around dealing with situations, advising them on how to spot suspicious activity prior to or during an event, and perhaps when it’s about to end. You and your staff are best placed to decide on what’s suspicious as you see the ebb and flow of visitors/customers and, subconsciously, will label behaviour as being ‘normal’ or suspicious’. If a given individual’s behaviour is deemed to be suspicious, ensure that all staff understand how to report it. Remember that our policing services cannot be everywhere. They would much rather investigate a suspicion than have to deal with the aftermath of a major incident once it’s already played out. It’s also important to understand the behavioural aspects, as the way in which people experience security will impact on the business’ operation and brand in a number of ways. Using behavioural insights and

InTheSpotlightASISInternational February2017_riskuk_apr15 07/02/2017 14:50 Page 2

In the Spotlight: ASIS International UK Chapter

integrating security within the business plan can add value to the organisation by making the experience more welcoming for compliant target market segments, and at the same time less welcoming for non-compliant segments. For example, by targeting the unwelcome behaviour of rowdy and/or aggressive fans the environment becomes more welcoming and feels safer for wider market segments and demographics, such as families, females and both younger and older fans, thereby increasing the revenue potential for the business. Another positive aspect of an increased security posture designed to mitigate terrorist actions is that other lower level crime, such as person on person crime and vandalism, etc within the designated crowded space will generally be reduced due to the significant police and private security presence. It’s noted that crime doesn’t stop. Rather, it merely moves to those areas that are less well policed and secured. If your business operation is on the fringes of an event, it’s highly likely that the incidence of crime in these locations will rise. Develop your resilience plans on that basis and consider how that planning could impact upon your staff and customers alike. Not all security risks can be dealt with directly by a business, so the business’ operation should seek to transfer risks to the Organising Committee if the event size has warranted the creation of such an organisation. Discussions with the business’ insurance supplier should also be undertaken to ascertain if they still provide suitable cover given the increased security threat environment. Operational considerations during an event also need to be thought through by the business. If the venue is within an area that has additional security controls in place, then this could impact upon the way in which staff shifts operate. It’s possible that some staff may not want to be subjected to increased surveillance and so resign from their roles or fail to attend, in turn impacting business operations. Deliveries to the business operation are also likely to be delayed or interrupted due to increased searches and screening of vehicles entering and leaving the designed sites. Road closures may be enforced so it would be beneficial to understand them and ensure delivery companies are made fully aware.

Mutual aid agreements Businesses would do well to develop operational resilience plans and, as part of such plans, consider the option of mutual aid. In essence, a mutual aid agreement identifies resources that may be shared or

borrowed from other organisations during a crisis. Agreements should be legally sound and fashioned in a written format such that all parties understand what’s required of them. Resilience planning ought to be based around ‘worse case’ scenarios, but there are many incidents where a full emergency response will not be required. It may be helpful as a business to establish a system that assists you in classifying your key areas of concern. This way, you can focus your resources and enact a graded response. Some areas to consider are potential injuries that may be sustained by – or even the possible death of – employees or those visiting your business premises, structural damage to the building/facility (which could be caused in a number of ways), business interruption (ie loss of power, water or communications) and the community impact (ie loss of staff or a reduced recruitment population, etc). Once you’ve ‘tabled out’ your areas of concern, look to assign an indicator of magnitude for severity: Level 1 – Negligible business impact, Level 2 – Minimal business impact, Level 3 – Moderate business impact and Level 4 – Major business impact. This form of planning will undoubtedly assist your business in developing suitable responses.

“It’s imperative not to make the mistake of rushing out and purchasing CCTV or other security solutions until there’s a full and complete understanding of what the business is trying to achieve from a security standpoint” 51

www.risk-uk.com

FIATechnicalBriefing February2017_riskuk_nov14 07/02/2017 08:48 Page 1

Fires in Waste Recycling Centres: The Need for Protecting People and Property Fires in waste recycling centres are often wild and dangerous, and can produce a range of noxious gases. The worst part is that they may be extremely difficult to extinguish and, with budget cuts to Fire and Rescue Services nationwide, the need for protecting people and property in surrounding areas by preventing such fires from starting is becoming even more pertinent. Nigel Joslin previews some key research work being carried out by the Fire Industry Association

hese days, barely a month passes, it seems, without us switching on our TVs only to be confronted by another news story about a fire raging in the midst of a town due to a recycling centre going up in flames. The real problem here is that, once such a fire takes hold, it can have a severe and lasting impact on the local environment. You need only picture the kinds of items populating the average waste pile – wood, plastics, scrap metals, paper and old cardboard boxes – to realise that the harmful gases created when such materials burn is going to be damaging to all aspects of the environment and may well condense into our water system. As a result, the Environment Agency recently put out a statement saying that there was a need to reduce the amount of time that these fires burn, limiting that timeframe to four hours (ie once the fire starts it must be extinguished within a period of four hours). However, many waste fires burn for much longer than this due to the sheer size and scale of the blaze. The Waste Industry Safety and Health (WISH) Forum, which exists to represent those who manage scrapyards and recycling centres, responded to the Environment Agency’s statement with its own document-come-press release. In it, representatives argue that four hours’ burn time is unrealistic. In reality, fires can burn for much longer than this. Indeed, the WISH Forum suggests the target that the Environment Agency has set is unattainable. The need to reduce the burn time of such fires is becoming more and more apparent, but how is this going to be achievable? The Fire Industry Association (FIA) operates a number of different Working Groups conducting research into a range of fire-related matters. The Working Group on Firefighting Foams has decided to address this matter and find out if there’s a faster way in which to extinguish fires in waste recycling centres. If the research is successful, the conclusions may well shed some light on how best to control such fires, reducing their impact on the environment and helping firefighters and site owners alike to extinguish blazes that much more quickly.

Science and technology The science and technology behind recycling centre fires and how such blazes should be tackled isn’t really that well understood.

www.risk-uk.com

There’s a need for greater research, not so much into how and why recycling centre fires take place, but rather around their characteristics when they’re burning, and what the best approach is in terms of strategy and tactics for extinguishing them. With funding from the FIA, we’re running our own research project looking at what technology’s available in terms of firefighting chemicals, such as wetting agents, which might assist in putting out waste recycling centre fires. Normally, the Fire and Rescue Service will turn up and turn on the water, but perhaps there’s a better way of approaching matters. Maybe it would be better if the water was replaced by something like a Class A foam? The research project will look at the effectiveness of different foams and wetting agents over plain water. The prediction from the research group is that wetting agents may perform better in certain conditions, but the research aims to narrow down which wetting agent performs best and under what conditions and, most importantly, why. The two bodies, namely the Environment Agency on one side and the WISH Forum on the other, are each basing their statements on their own knowledge and experience. Clearly, there’s a divergence of opinion there, which merely serves to highlight that more work needs to be done. Everything’s still in its infancy. We don’t really have a consensus on what needs to happen going forward.

Research in phases Research by the FIA’s Working Group is now progressing, with the aim of completing the practical lab tests in a time period of around six weeks. The project is being conducted in three phases, the first being a literature survey designed to look into any previous research from the past 30 to 40 years that covers labscale testing of the effectiveness of wetting agents versus plain water. It’s important to see and compare the conclusions that others have previously made such that the FIA’s research can develop any current ideas and help industry professionals understand the science behind why a wetting agent might be more effective than just water alone. We want to understand at an almost molecular level why a wetting agent might perform better than water in a fire outbreak so

FIATechnicalBriefing February2017_riskuk_nov14 07/02/2017 08:48 Page 54

FIA Technical Briefing: Addressing Fires in Waste Recycling Centres

that there’s not just evidence from test work, but also scientific theory to underpin why it’s better. We’ll examine all the literature and evidence of the past before we move on to our laboratory tests. The second and third stages of the research involve carrying out small-scale lab tests on the different wetting agents and foams to find out which ones provide the most coverage and which saturate materials faster. The prediction is that those wetting agents and foams providing the widest coverage and which are quicker to penetrate and saturate a material on a swifter basis are more likely to extinguish a fire on a quicker timeframe. Anecdotally, the previous tests carried out on behalf of the WISH Forum only used water. Foams and wetting agents were seemingly never considered. Prior tests only looked to discover how certain materials burn and how long it takes for them to be extinguished by dint of using water. Water can be very effective, but sometimes it’s totally ineffective. You can look back over past real-life incidents where there have been incidences of fires in recycling centres. Sometimes the sprinkler system has worked wonderfully well, and put the fire out, but on occasion the whole building has been burned down to the ground even when a sprinkler system has been in place. The system simply hasn’t been able to control the fire. In some instances, it can be the case that fires are just too large in scope and severity and totally overwhelm the sprinkler system.

Reduced burn times Undoubtedly, there’s a gap in current knowledge that needs to be fully investigated. The FIA Working Group’s research hopes to bridge this gap by bringing a full report to bear on the effectiveness of wetting agents and foams when it comes to fires in recycling centres. If it does in fact transpire that wetting agents are better than water, then of course this would be an improvement, reducing the burn time of fires and making the maximum time limit of four hours as set by the Environment Agency more achievable. Of course, the benefits of reducing fire burn times are not just environmental. You might be able to reduce the size, and therefore the cost, of your sprinkler system if you’ve a medium in

place that’s more effective. If we were to discuss the insurance industry, it’s fair to say that practitioners within would be very interested to learn about a more effective method of extinguishing fires. There are certainly benefits to be had from taking the time to understand how wetting agents might work. We might even find that they have their own shortcomings. Conversely, we may also discover ways in which they may be improved over and above the wetting agents currently available on the market as the chances are the latter have already been formulated for a different application. They probably haven’t been formulated for fires at waste tips. They’ve likely been formulated for occurrences such as forest fires. If there’s a particular wetting agent that works better than the others, then we can go on to develop that further if we can discover exactly why it works more effectively than the rest. What is it about those chemicals in that particular agent or foam that has a certain efficacy or effectiveness? Once we fully understand the answer to this question, then this gives us a lead to investigate how we might improve the formula to make it better still. To be frank, this would be beneficial in so many ways.

Nigel Joslin: Chairman of the FIA’s Working Group on Firefighting Foams and Technical Specialist (Foam) at the Angus International Safety Group

“There’s a need for greater research, not so much into how and why recycling centre fires take place, but rather around their characteristics when they’re burning and the best approach for extinguishing them” 53

www.risk-uk.com

SecurityServicesBestPracticeCasebook February2017_riskuk_apr15 07/02/2017 12:46 Page 1

Data Protection for Security Companies in a Post-Brexit World

The European Union’s General Data Protection Regulation is due to be enforced on 25 May 2018, which doesn’t leave a great deal of time for security companies in the UK when it comes to preparation. Mike White assesses what those companies are now required to do and, in parallel, outlines the potential implications of any proven noncompliance

www.risk-uk.com

ast your mind back for a moment. What were you doing on 14 April last year (it was a Thursday, by the way)? Struggling to remember the detail? Me too, to be fair, but in the labyrinth of the European Parliament they were approving the sign-off of the European Union’s (EU) General Data Protection Regulation (GDPR) following four years of painstaking preparatory work. To quote the EU’s own website on the subject (www.eugdpr.org): “The GDPR will enter into force 20 days after its publication in the EU’s Official Journal and will be directly application (sic) in all Member States two years after this date. The enforcement date is 25 May 2018, at which time those organisations found to be in non-compliance will face heavy fines.” “We will have triggered Article 50 by then and be sat in the Departure Lounge so the GDPR will not apply to UK plc!” I hear you cry. Not so. On 24 October last year (via Karen Bradley, the Secretary of State for Culture, Media and Sport), the UK Government indicated that it will abide by the regulations post-Brexit, so the clock is ticking for security businesses to ‘get their corporate act together’ and not face potentially game-changing fines. Let’s take a look, then, at what those businesses are now required to do and, in parallel, assess the potential implications of any proven non-compliance. The Information Commissioner’s Office (ICO) has published guidance on the matter. Indeed, the Information Commissioner’s website

(www.ico.org.uk) is periodically updated to reflect current news and information so, for the uninitiated, it’s well worth visiting. There are several key points for businesses to consider, one of the most notable being that the all-new GDPR will enforce tough penalties with proposed fines of up to 4% of a business’ annual global turnover or €20 million, whichever is the greater. The definition of personal data will become broader. Previously, personal data was defined as that data relating to a living individual identifiable (a) from that data or (b) from that data and other information in the possession of – or likely to come into the possession of – the data controller, and included any expression of opinion about the individual and any indication of the intentions of the data controller or any other person in respect of the individual. The EU’s GDPR expands the definition of personal data such that data privacy will encompass other factors that could be used to identify an individual, such as their genetic, mental, economic, cultural or social identity.

Compliance necessary If a business isn’t resident within the EU, it will still have to comply with the Regulation. NonEU controllers and processors dealing with EU subjects’ personal data must comply with the GDPR. Although enforcing regulation beyond the EU’s borders will be a challenging task, those providing products or services to EU customers – or processing their data – will face strong sanctions if a breach is reported. The GDPR will also bring in special protection for children’s personal data. If information is collected about children (defined here in the UK as anyone aged under 13 years) then parental consent will be required in order to lawfully process their data. In addition, the rules for obtaining valid consent will change. Consent documents must be laid out in simple terms, and it’s likely that the consent in focus will be required to have an expiry date. Where the consent is for processing a child’s data, the privacy notice and the consent must be written in language a child can understand. To be clear, silence or inactivity will not constitute or imply consent. Unless there’s positive consent, then consent is deemed to be withheld.

SecurityServicesBestPracticeCasebook February2017_riskuk_apr15 07/02/2017 12:46 Page 2

Security Services: Best Practice Casebook

The introduction of data breach notification regulations and changes in liability will have a profound impact on the supply chain. With some sector-specific exceptions, there’s currently no obligation to notify the authorities of data breaches. The GDPR will bring in a breach notification duty across the board. This will be new to many. Not all breaches will have to be notified to the Regulator: only ones where the individual is likely to suffer some form of damage, such as through identity theft or a confidentiality breach. Where the breach puts individuals’ data at risk, the data subjects must also be informed. Regular supply chain reviews and audits will be required to ensure that they’re always fit for purpose.

‘Right to be forgotten’ Rules for dealing with subject access requests will change. In most cases, organisations will not be able to charge for complying with a request and will have just a month to comply, rather than the current period of 40 days. There will be different grounds for refusing to comply with subject access requests – manifestly unfounded or excessive requests can be charged for or refused. If any request is to be refused, policies and procedures will need to be in place to demonstrate why the request meets the refusal criteria. Then there’s the introduction of mandatory privacy risk impact assessments. These can help in identifying the most effective way in which to comply with data protection obligations and meet individuals’ expectations of privacy. An effective assessment allows organisations to identify and fix problems at an early stage. The GDPR will contain conditions under which a privacy risk impact assessment will always be required such as in high-risk situations (for example, where a new technology is being deployed in the business). The current EU Directive doesn’t include clauses related to privacy by design, but under the GDPR, data controllers will have to implement appropriate measures to ensure that processing protects the rights of the data subject, that only the minimum personal data will be processed and that the data isn’t disclosed more widely than is necessary. Parties will need to document their data responsibilities even more clearly, with the increased risk levels likely impacting negotiations on security standards, risk allocation and pricing. Since the GDPR will apply to data processors, security companies should be aware of the risks involved in transferring data to countries

that are not in the EU. Non-EU controllers will need to appoint representatives in the EU.

Data portability The right to data portability is new in the GDPR. This is an enhanced form of subject access whereby organisations have to provide the requested data electronically and in a commonly used format. Many will already provide this, but if paper printouts are used, or an unusual electronic format, procedures must be revised and any necessary changes made. Some organisations will need to appoint or – as a minimum – designate a Data Protection Officer who takes responsibility for data protection compliance. On the road to compliance, security companies need to prepare for data security breaches and establish clear policies and wellpractised procedures to ensure they can react quickly to any breach and notify of such in time. Establish an accountability framework. Ensure you have clear policies in place proving that you meet the required standards. Establish a culture of monitoring, reviewing and assessing data processing procedures. Aim to minimise data processing and the retention of data and build-in safeguards. Check that members of staff are trained to understand their obligations. Auditable privacy impact assessments must be conducted to review any risky processing activities and then appropriate steps taken to address concerns. Embrace privacy by design. Ensure privacy is embedded into any deployed new process or solution. This should be thought about early on in the process to enable a structured assessment and systematic validation. Also, analyse the legal basis upon which the company uses personal data. If you do rely on obtaining consent, review whether or not your documents and consent forms are adequate and check that consents are freely given, specific and informed. You will bear the burden of proof. In parallel, check your privacy notices and policies. The EU’s GDPR specifically requires that information provided should be in clear and plain language. Policies need to be transparent and easily accessible. If the business is a supplier of specific services to others, consider whether you have any new obligations as a processor.

Mike White MSyI MIPSA MInstLM AMIRM: Head of Risk, Compliance and Assurance (UK and Ireland) at G4S and Board Director of The Security Institute

“On the road to compliance, security companies need to prepare for data security breaches and establish clear policies and well-practised procedures to ensure they can react quickly to any breach and notify of such in time” 55 www.risk-uk.com

NetworkSecurityResilienceattheExecutiveLevel February2017_riskuk_apr15 07/02/2017 14:48 Page 1

Employees... Weakest Link on the Network?

Which aspect of the corporate network is the most difficult to defend? Anti-virus tools, firewalls, ‘honeypot’ deception technology and realtime recovery solutions all play a vital role as part of the multi-layered ecosystem that keeps your company data safe. However, there’s one area of the network for which an overarching security tool doesn’t exist: employees. Nic Scott looks at the threat posed by ‘insiders’

www.risk-uk.com

he people who work within your organisation are the most likely conduit for the transfer of data beyond the confines of the corporate network, whether intentional or not. In fact, 70% of all data breaches can now be traced back to ‘the insider threat’. Rarely does a day go by without a highprofile ‘phishing’ or ‘whaling’ attack hitting the headlines. For those unfamiliar with the concept, phishing is a targeted e-mail pretending to be from a familiar business (such as your bank) of which you’re a customer or a co-worker. These e-mails are sent with the specific intention of tricking unsuspecting individuals into opening malicious links or sharing sensitive documents. The more high-profile the target, the bigger the ‘fish’. For this reason, hackers deliberately dedicate a great deal of their time and energy to crafting attacks aimed specifically at highprofile members of the C-Suite. These attacks are often referred to as episodes of ‘whaling’. In the case of whaling, the masquerading web page/e-mail will take a more serious executive-level form. The content will be configured to target an upper manager and, likely, that person’s role in the company. The content of a whaling attack e-mail is often written as a legal subpoena, customer complaint or executive issue. Whaling scam emails are designed to masquerade as a critical business e-mail, appearing to be sent from a legitimate business authority. As stated, their

content is tailored towards upper management, and usually involves some kind of falsified company-wide concern. Once contact is made, the victim may be tricked into opening a file attachment that contains embedded code allowing the hacker to take over their computer and browse their files. Once infected, the victim could have valuable personal data stolen or company information thwarted. Just imagine all of the sensitive information that might be housed on the computer of someone in a high ranking position of a FTSE 500 company, and how that data could be used against them or the company. The wrong kind of information leaving the organisation could cost people their jobs or even put a company out of business. Recent ‘phishing’ or ‘whaling’ victims have included Snapchat, Seagate and Austrian aircraft company FACC, which promptly fired its CEO after the organisation lost no less than €50 million ($55.8 million). With no specific tool to protect staff from being duped into revealing sensitive information, those in charge of IT security for their companies must adopt a more creative approach. While cyber security is increasingly permeating the mass consciousness, it’s still far from ubiquitous. There’s plenty of information available to those who are interested in researching safe online behaviour, but many employees working in departments other than IT simply lack the time and incentive to do so.

Price of a catch According to The Ponemon Institute, the average price tag for mitigating breaches is $4 million. The financial incentive for organisations to do more about shoring up their IT security is readily apparent, then, but in truth this is also part of the problem. IT Departments focusing on potential losses may be exhibiting an effective strategy for garnering Boardroom investment, but this is unlikely to change executives’ personal working habits. For other members of the team, abstract profit and loss statements can appear distant and unimportant. How, then, can the IT Department protect the organisation against those who seek to target employees? Combating ‘the insider threat’ requires a different kind of approach that focuses on the actions of employees in real-time. The Global State of Information Security Survey 2016, conducted by PwC, discovered that 53% of organisations have employee security

NetworkSecurityResilienceattheExecutiveLevel February2017_riskuk_apr15 07/02/2017 14:49 Page 2

Network Security: Resilience at the Executive Level

awareness and training programmes in place, but the fact remains that many of these programmes are ineffective. Many standard training materials are videobased or centre around day-long Workshops. While they might work well in the short term, they tend to be forgotten very quickly as workers slot back into their usual routines. ‘Soft’ approaches to cyber crime that focus solely on awareness miss a crucial component. In order for employees to be involved in cyber crime prevention, they need to feel responsible. Simply repeating a key message about the importance of cyber security may tick boxes from a basic compliance perspective, but it doesn’t create a tangible response should a threat appear. In short, you need to give your employees a shock. Think about it like this: malware and ransomware are successful because they catch businesses unaware, as do Distributed Denial of Service attacks. Why, then, do we think that the best way to educate people on these myriad threats is to have them watch a series of videos? The police and the military undergo real-life training exercises to put academic learning into practice, so why not do the exact same for enterprise information security?

Shoal responsibility The premise of incorporating shock tactics into a security strategy is the idea that only by experiencing an attack or breach can members of staff fully fathom how cyber crime works (ie both quickly and without warning). However, there’s an important distinction to make here. Shock tactics are not about fingerpointing or intimidation. They’re not to be confused with the infamous tactics that some companies allegedly implement against their theft, like surrounding people with videos of former colleagues caught in the act. Making an example of your employees or singling anyone out for criticism will simply damage morale and reinforce any resistance to cyber security. Instead, shock tactics must make the issue feel real. This can be done privately, and with anonymous examples used for broader communications. There’s no need to embarrass anyone as part of the process. How can this be made to work in your business, then? As data is the key commodity in cyber crime, you could test whether employees would ‘take the bait’ by simulating a phishing attempt. A simple, but effective measure is a series of targeted phishing attacks on liable departments, or even the entire company, carried out by white hat hackers. This approach exposes system vulnerabilities

“The premise of incorporating shock tactics within a security strategy is the idea that only by experiencing an attack or breach can members of staff fully fathom how cyber crime works (ie both quickly and without warning)” without actually compromising information. Afterwards, the phished employee(s) would be informed that it was really a training exercise. If this tactic exposes a wider vulnerability to phishing, you should continue to carry on the attacks on an ad hoc basis. Make sure you don’t shame individual employees, but do make a point of debriefing them and always report the results internally to broaden awareness. Consider the addition of tools designed to provide real-time feedback when an employee is phished. Persistent reminders should ensure that employees think long and hard before clicking on any links.

Opening the honeypot Other tactics could involve hiring third party security consultants introduced as IT support, visitors or even building cleaners. Their task would actually be to test how easy it is to penetrate the physical and cyber security of your business and access sensitive information. This makes the threat more visceral, highlighting the truism that cyber crime isn’t just something that exists in the ether. Again, employee debriefing here is absolutely vital. In computer terminology, a honeypot is a computer security mechanism set to detect, deflect or, in some manner, counteract attempts at unauthorised use of information systems. Generally, a honeypot consists of data (for example, in a network site) that appears to be a legitimate part of the site, but is actually isolated and monitored and seems to contain information or a resource of value to attackers, who are then blocked from access.

Nic Scott: Managing Director (UK and Ireland) at Code42

www.risk-uk.com

TrainingandCareerDevelopment February2017_riskuk_apr15 07/02/2017 12:38 Page 1

Security Industry Authority-Licensed Staff: Coping With The Shortfall Our activity here was prompted by initial evidence from the SIA about the diminishing number of licence holders. There has been a drop in renewals of nigh on 20% over the past three years, with many individuals who’ve not renewed being those who obtained an SIA licence for the 2012 Olympic Games. This decrease is worrying, with clear implications in terms of the level of security service provided for events and venues, especially on peak days such as Bank Holidays, but also at weekends and for large-scale, one-off events. The Government also needs to be aware that the security service considered to be an extended arm of the police in Westminster’s eyes is diminishing significantly in number and thus cannot be seen to be as strong a deterrent in the face of an increased terrorist risk.

Answering the questions

Changes and progression made within any business sector are, to a large extent, driven by market forces, which is precisely why the direction now being sought in the world of security could be absolutely critical to the way in which events are managed in the future. Mark Harding elaborates on this key theme

*If you’re an end user purchaser of security services or a supplier of security personnel you can have your say by completing the UKCMA benchmarking survey which can be found online at: www.fsoa.org.uk/survey

www.risk-uk.com

hile there are major concerns in the security industry around the shortfall in qualified professionals, and notably so when it comes to Security Industry Authority (SIA)-licensed personnel, we undoubtedly have the capacity to rise to that challenge and deliver the standards of service required. This isn’t solely about what the industry can provide, though. Commercial organisations must decide what product they want. They’re the drivers. They can have the strongest influence upon the development of security standards going forward. Unless we find the right solutions to shape our future, the prospect of having to charge premium prices for qualified security personnel during peak periods or even events being cancelled due to a shortage of available SIAlicensed staff may not be too far down the line. That’s the reason why the UK Crowd Management Association (UKCMA) is presently working alongside the Football Safety Officers Association on a project which is supported by the SIA and aimed at benchmarking the current state of the industry. The survey we commissioned has received an excellent response post-launch, and that will help in presenting a clearer picture. We’re canvassing both solution purchasers and suppliers for information that will help to determine the way in which we move forwards.

As an industry, we need to find the answers to many questions. Hopefully, armed with the results of the survey, we can then begin to make informed decisions. For instance, why are people not entering the industry in the numbers that they were just a few short years ago, and why are we not retaining those who do decide to pursue what is, broadly speaking, casual employment rather than permanent work? The distribution of – and demand for – services is largely restricted to evenings and weekends, as well as large-scale events and peak periods, so there’s not a consistent and sufficient workload to maintain permanent, full-time positions. At the UKCMA and Showsec, we’re committed to delivering training and development programmes which enable those who join the industry to acquire all the necessary qualifications and fulfil their potential. As if we’re not already faced with enough challenges, the Government’s decision to introduce an Apprenticeship Levy in April this year has presented us with another one which could well impact upon training opportunities. We all fully acknowledge that the Apprenticeship Levy may work in some areas of the industry, but the reality is that it’s not suitable for a casual or diverse workforce, many members of which have other jobs and don’t have a permanent contract. In broad terms, the apprenticeship ‘tax’ will effectively be 0.5% of a company’s salary bill, so in the case of a £10

TrainingandCareerDevelopment February2017_riskuk_apr15 07/02/2017 12:38 Page 2

Training and Career Development

million wage bill, that’s £50,000 to be found. Companies could reduce their staffing numbers or make cutbacks on training, while they may also deliver training that’s not as relevant to security requirements so as to maximise money from the apprenticeship scheme. The UKCMA has already moved to highlight the point that this will create a financial burden which could adversely affect staff development: the exact opposite, then, of the Government’s aim. In addition, it will not solve the shortfall of qualified people in the industry. At the UKCMA, we’ve been active in pushing the boundaries within the industry which resulted most recently in the creation of a fitfor-purpose security qualification as an alternative to the NVQ at entry level for new recruits. The UKCMA helped sponsor and develop the National Occupational Standards from which followed the Event Security Officer Level 2 qualification. This was an in-depth process engaging the whole of the industry, but it was also widerranging to include other stakeholders and organisations, one of them being the Sports Grounds Safety Authority. When it eventually came to experts within the industry creating the qualification, the rationale behind it was that private security staff don’t work at one central point. Rather, they undertake a variety of roles and acquire different skills. An NVQ is better related to a single point of work, whereas the Event Security Officer Level 2 qualification now offers an alternative with a much broader scope of skills requirements far more in line with what’s happening at venues and sports grounds. The new qualification engages music events, so it covers ingress and egress at venues, as well as other aspects of movement and activity within a crowd, while also allowing staff to undertake Front of Stage pit area training.

Setting high benchmarks By dint of Showsec working closely with academic institutions, and in particular the University of Derby Corporate, we’ve nurtured a Management Development Programme (MDP) which is producing results. As we now prepare for a twelfth intake of MDP graduates, this programme has achieved a 75.6% pass rate since its launch eight years ago, paving the way for many individuals to go on and achieve even higher levels of excellence. Initially, that was the development of a Foundation Degree in Applied Professional Studies in Crowd Management, but more recently a Bachelor of Arts Degree has also been introduced for senior management.

“In broad terms, the apprenticeship ‘tax’ will effectively be 0.5% of a company’s salary bill, so in the case of a £10 million wage bill, that’s £50,000 to be found. Companies are either going to reduce their staffing numbers or make cutbacks on training” Twelve members of our management team have now obtained a BA Degree at the University of Derby Corporate. An additional 56 have gained or are working towards the Foundation Degree. Just as significant to the business is the fact that six graduates from the MDP are now operating in the role of area manager. Others are gaining the experience and expertise needed to follow in their footsteps in the future.

Importance of technology As is true of most industries, technology is playing an important part in career development. It’s also influencing the requirements of our purchasers. At Showsec, the online e-Learning platform we’ve developed plays a big part in the delivery of training modules to our workforce. What makes it so effective is our ability to monitor activity and provide an audit trail. We know that we delivered 32,000 training qualifications in 2016. Good examples of that monitoring came in the immediate aftermath of the terrorist attacks in Paris and Berlin when we asked our staff to refresh their counter-terrorism training. More than 1,200 did so after the Paris incidents, while a further 215 revisited the module postBerlin, which is reassuring for both our workforce and, indeed, our client base. We can also use the e-Learning platform to enhance the delivery of services through eBriefings about events and the implementation of crime reduction strategies which can help to minimise policing costs for event organisers. Of course, technology can also influence the purchasing strategies of clients and help them to reduce their costs. For instance, two people manning an access point could be replaced by automated access control, while there are other ways in which cameras and GPS solutions may be used to help cut back on manpower costs. There are different demands in terms of what commercial organisations want as a service, and as an industry we simply must respond. By obtaining a clearer picture of the current situation through its survey, the UKCMA can use the evidence gained to help shape the future and make security more attractive as an industry in which to work and fashion a career. Maybe then the industry can plug the gap created by the shortfall in qualified staff.

Mark Harding: Managing Director of Showsec and Chairman of the UK Crowd Management Association

www.risk-uk.com

RiskinAction February2017_riskuk_oct16 07/02/2017 07:09 Page 1

Risk in Action English Heritage sings the praises of Morley-IAS’ dedicated life-safety system at Rievaulx Abbey Rievaulx Abbey was constructed by a group of 12 Cistercian monks way back in 1131 in a remote valley near the River Rye, deep in what’s now the picturesque North York Moors National Park. As one of the most complete and atmospheric historic ruins in England, it’s not surprising that there has been a year-on-year increase in the number of people taking time out to walk around and explore the Rievaulx Abbey site. In order to build on that popularity, English Heritage constructed a dedicated Visitor Centre that includes a museum displaying previously unseen artefacts such as medieval stone carvings, chess pieces and gold coins. There’s also a retail outlet for gift and souvenir hunters. Protecting the nation’s historical buildings and monuments, and those visiting them, requires a meticulous approach to life-safety. When it came to this aspect of the development, English Heritage called upon the services of Shipley-based Rosse Systems to specify, install and commission a solution. Rosse Systems designed a BS 5389-compliant Category L1 solution, which deploys automatic detectors throughout all areas of the buildings on site – including roof spaces and voids – with the aim of providing the earliest possible warning. This set-up is based around three networked Morley-IAS DX Connexion (DXc) panels from Honeywell. Although beam detection was briefly considered for the installation, it was decided that single point smoke detection would be the most suitable option. Complementing the Morley-IAS DXc1 panels, System Sensor S200 Advanced optical smoke sensors were also selected. Static or blinking red, amber and green status indications are available for end users.

Security boosted at City of Glasgow College thanks to Tyco Security Products’ CEM Systems AC2000 access control solution CEM Systems was recently chosen by FES as the access control solution provider for the City of Glasgow College. The company’s AC2000 access control solution and range of intelligent readers now form an integral part of the security system designed to restrict access to offices, circulation areas, classrooms and student accommodation. The City of Glasgow College is home to 32,500 students and 1,200 members of staff. It’s a busy environment requiring a flexible security solution that can be extended and upgraded to meet growing requirements.

www.risk-uk.com

Intrepid puts its best surveillance foot forward on behalf of UGG Since UGG’s first stores opened in London back in 2008, Intrepid Security has supplied and installed invisible loop EAS tagging systems on site, providing premium protection for the company’s celebrated merchandise. Indeed, Intrepid has gone on to realise intelligent security solutions across a number of standalone UGG stores in both the UK and Europe. Recently, when the time came for the in-store CCTV systems to be upgraded, UGG’s IT director James Reid approached Intrepid for a solution that would not only improve images, but also provide consistency across all sites. Paul Massey, Intrepid’s technical operations manager, explained: “UGG was looking to upgrade the estate with quality HD digital pictures and increase storage capacity within the new DVRs, while determining to use the same RG59 coax cable structure as the currently installed analogue systems.” This is where High Definition-Transport Video Interface (HD-TVI) CCTV technology comes into its own. TVI reduces installation time and cost by using existing installed coaxial cables, while supporting HD video signals (1020p/720p). For this project, CEM Systems’ AC2000 access control system and hardware were chosen due to myriad features and what FES describes as “virtually limitless expandability”. At the City of Glasgow College, the AC2000 VIPPS (Visual Imaging and Pass Production System) allows end users to design professional quality ID passes which can include text, logos, graphics, photographs, barcodes and signatures. In parallel, the AC2000 AED (Alarm Event Display) provides a dynamic and real-time graphical view of all alarms and events that occur on the AC2000 system. College management has also implemented the AC2000 Smartcard Utility application which represents a convenient and flexible approach towards smart card keys.

RiskinAction February2017_riskuk_oct16 07/02/2017 07:09 Page 2

Risk in Action

Thames Water turns to the Zaun Group for securing critical remote site with latest protection systems Thames Water Utilities Ltd, commonly known as Thames Water, is the private utility company responsible for the public water supply and waste water treatment in large parts of Greater London, the Thames Valley, Surrey, Gloucestershire, Wiltshire, Kent and several other areas of the UK. Thames Water presently supplies 2.6 billion litres (570 million imperial gallons) of drinking water per day while treating 4.4 billion litres (970 million imperial gallons) of wastewater in the same 24-hour period. The company’s 15 million customers comprise 27% of the UK’s population. Now, the UK’s largest water and wastewater services company has opted for the latest intrusion detection system mounted onto the most intruder-resistant perimeter fencing in order to protect a key asset on its estate. Thames Water commissioned Zaun to secure the compound at a Kent site. The remoteness of the location means that early detection and notification of any attempted intrusion is essential. On that basis, Zaun invited electronic and electrified perimeter security system expert Harper Chalice to supply its FenceSecure perimeter intrusion detection system (PIDS), a CPNI-approved solution for the protection of Governmentspecified sites deemed to be CNI. Thames Water has often turned to Zaun to deliver 100% British full turnkey security solutions of integrated perimeter fencing, CCTV and access control systems. Zaun Group company Binns Fencing installed Zaun’s ArmaWeave fencing system, and had to hand-dig the trench to install the 3 metrehigh fencing as there was no access for mechanical diggers. The work was part of AMP6, with no less than £200 million allocated to security alone in order to bring Thames Water’s estate up to the required Defra standards.

Historic Leeds Castle bolsters defences with specification of bespoke SmartWater forensics In a clear warning to potential thieves, the management team at one of the UK’s most historic buildings, namely the 12th Century Leeds Castle in Kent, has partnered with crime-fighting specialist SmartWater to protect key assets around the 500-acre estate. A castle has been on the site since 1119. In the 13th Century, it fell into the hands of King Edward I, for whom it became a favourite residence. Then, in the 16th Century, Henry VIII used the location as a residence for his first wife, Catherine of Aragon. The castle today dates mostly from the 19th Century and is built on islands in a lake formed by the River Len to the east of the village of Leeds. It has been open to members of the public since 1976. SmartWater scientists have created a unique clear water-based forensic formula registered to the estate that has been applied to important assets. The solution is invisible to the naked eye, but glows yellow under ultraviolet light. Forensic scientists only need a speck of the solution to be present to identify exactly from where a specific item was stolen. Signage is displayed around the estate warning off any would-be thieves.

Speedy, convenient and secure access guaranteed at Haggerston School courtesy of Delta Security’s newly-installed sliding gate Speed, convenience and security of access for visitors, pupils and staff at a secondary school in Hackney have all been improved with the installation of a new sliding gate, specified and installed by local CCTV and access control specialist Delta Security. The school, which plays host to more than 950 students, also attracts a large number of visitors from local sports clubs keen to use the facilities within its multi-user games area. At peak times, the number of visitors can reach more than 100 per hour, hence the need for a new and fast-acting access gate. Delta Security was appointed to review the needs of the school and propose a suitable gate solution, paying particular attention to the reliability of the motor. The new gate uses the latest CAME BXV gate motor to deliver the performance level required, while also offering excellent value for money. Simon Walden, business leader at Haggerston School, informed Risk UK. “The gate installed previously had repeatedly failed, obliging school staff to open them manually, adding time pressure to their already busy schedules. The new gate is highly reliable, robust and easy to operate.” Walden outlined that Delta Security’s advice was both professional and extremely valuable. “The engineers showed excellent attention to detail, as well as great commitment to completing the installation on time and to budget. A significant amount of preliminary work ensured the right solution for us.”

www.risk-uk.com

TechnologyinFocus February2017_riskuk_sep16 07/02/2017 07:10 Page 1

Technology in Focus IndigoVision introduces 4000 Series of ‘faster, bigger and better’ NVRs for security and risk managers

IndigoVision’s latest NVRs have been designed to feature Distributed Network Architecture, thereby allowing security and risk management professionals to easily expand their on-site recording requirements. Models also contain IndigoVision’s innovative SMART.guard technology. SMART.guard introduces five layers of security-focused consideration – with an eye on cyber, digital watermarking, NVR failover, RAID resilience and fault monitoring – in a bid to afford the ultimate in data protection. The latest NVR-AS 4000 designs on the Large Enterprise, Enterprise and Compact appliances include all of these bespoke features and more. For its part, the Large Enterprise NVR-AS 4000s can record images from up to 600 security cameras per NVR, boasts a massive 3 Gbps of throughput and up to 1.5 PB of storage (which IndigoVision states is an industry first). The Enterprise NVR-AS 4000 is available in both Windows and Linux OS and can record images from up to 200 cameras. IndigoVision asserts that this statistic doubles the performance of its nearest rival with 2 Gbps of throughput and up to 112 TB of storage. www.indigovision.com

‘Best in Class’ functionality EasyLobby Solo visitor management system developed by HID Global

Secure identity solutions specialist HID Global has unveiled its new EasyLobby Solo visitor management system for end user organisations seeking a simple yet robust solution to automate management of the daily flow of visitors. The affordable offering includes ‘Best in Class’ functionality based on HID Global’s proven enterprise-class EasyLobby Secure Visitor Management solution for larger organisations. “Today, many organisations are seeking to transition from manually checking visitors in and out using paper-and-pen log books to a streamlined solution that increases security by better managing who’s entering and leaving the premises,” explained Nils Wahlander, senior product marketing manager for physical access control at HID Global. “Our new EasyLobby Solo solution addresses this need and goes a long way towards immediately setting a tone of professionalism by establishing a positive first impression for visitors.” EasyLobby Solo makes it possible for organisations to smoothly transition from a multi-stage guestbook process to a digital solution managed from a single workstation. In addition to facilitating a more professional image and increasing security, the solution provides easy registration and check-in, also making it possible to quickly generate visitor reports to satisfy compliance and audit requirements. Additional EasyLobby Solo features include the fact that it’s a standalone solution with an embedded database, eliminating the need for access control integration, external database connections or enterprise pre-registration tools and set-up. The system is easy to configure, learn and use with intuitive registration. www.hidglobal.com

www.risk-uk.com

New push button offerings from STI herald evolution of the StopperSwitch Series

The indoor and outdoor push buttons within the StopperSwitch Series from Safety Technology International have undergone some exciting new changes for 2017. The aesthetically appealing, low/high voltage push buttons can fit any standard UK-type switch socket box and are quick and easy to install. There are three types available: keyto-reset, momentary and pneumatic. Indoor models are supplied as a dual mount, specifically designed to fit either flush or surface onsite installations. For their part, outdoor models are supplied with a weatherproof back box. Further options have been introduced which now include a ‘Standard Function Marking’ label sheet with 12 prevalent operating labels for a variety of uses, all ready for self-assembly. Custom labelling is also available for customers upon request. www.sti-emea.com

Specialist fence toppings devised by Binns Fencing adapted for use in utilities sector projects

Binns Fencing has created a new configuration of its Flexible Steel Topping (FST) system to mount on utility compound perimeter fencing with razor wire without posing any risk to the public. The system has already been supplied to two gas sites in northern England. The innovative solution uses a cranked bracket to lift a coil of razor wire up in front of anyone who tries to climb the fence as an additional deterrent and obstacle to the topping’s existing anti-climb credentials. At the very heart of FST – which is fully-tested for use in the UK’s high security prisons – is a steel mesh arch, curved back over the top of a steel fence and fixed to a flexible steel bracket that’s designed to move when individuals attempt to climb it. www.binnsfencing.com

TechnologyinFocus February2017_riskuk_sep16 07/02/2017 07:10 Page 2

Technology in Focus

Wisenet X Series cameras featuring Wisenet 5 chipset “define the new standard” for Hanwha Techwin

Hanwha Techwin has launched its Wisenet X Series of cameras with an embedded proprietary chipset. The Wisenet 5 chipset is said to be “the most important component developed to date” by Hanwha Techwin’s core technologies. Lee Man-Seob, president and CEO of the Hanwha Techwin Security Business Group, said: “The Wisenet X Series is our first product range to use this single chip solution. Our new 5 MP and 2 MP camera line-ups will redefine industry standards, not only due to exceptionally sharp images, but also as a result of much faster image processing and upgraded functions.” The Wisenet X Series offers 150 dB WDR, image stabilisation using gyro sensors and “razor sharp” images on a 24/7 basis with improved low-light performance. Using WiseStream II, the second generation of Hanwha Techwin’s compression technology, the Wisenet X Series delivers an “extremely bandwidth-friendly” camera range. With the release of the Wisenet X Series, Hanwha Techwin is meeting market demand in all areas of video surveillance. By adding the Wisenet X Series to the recently released Wisenet Q and P Series, the company has duly established a full line-up, from entry level models to high-performance products. www.hanwha-security.eu

Hikvision highlights Turbo HD integration with Milestone Systems’ XProtect Device Pack 8.9 Hikvision has announced that its family of Turbo HD analogue solutions can now be integrated with Milestone Systems’ XProtect Device Pack 8.9 VMS software. As a result of working with Milestone Systems to achieve optimal interaction between disparate manufacturers’ devices, Hikvision’s Full-HD analogue encoder DS6700HQHI-SATA Series can now be fully integrated with Milestone’s XProtect open platform networked video management software (VMS). While the Hikvision encoder supports HDTVI signal input, this means that Hikvision’s entire Turbo HD range of cameras can be supported to provide an integrated Milestone Systems-controlled, Hikvision-based system.

Maxxess launches Big Data intelligence platform and powerful visitor management capability for end users

Maxxess is offering a first look at the future of visitor management with eMobile, an operations intelligence platform that allows organisations to manage, monitor and connect employees on the move while delivering powerful Big Data intelligence. A new module within Maxxess eFusion, designated Visit-Point, is operated via a web browser, and allows employees to book meeting rooms and input details of required attendees. The system then sends out an invite alerting attendees to required credentials such as ID cards or passports. This is now becoming a particular requirement for visitors to larger enterprise and Government facilities. Maxxess is extending the power of its operations intelligence platform, eMobile, with feature-rich new dashboards that turn security system, Point of Sale and IT network software data into intelligence. In practice, eMobile uses a unique processing architecture that constantly analyses and profiles such data and cross references it with human behaviour in order to provide several signals and indicators that alert security and operations staff about any abnormal activity. www.maxxess-systems.com

“Hikvision’s Turbo HD is now among the analogue Full-HD encoders to be integrated within Milestone Systems’ VMS software,” outlined Jens Berthelsen, partner alliance manager at Hikvision. “This is a major step for Milestone customers who can now access Hikvision Turbo HD device support and functionality to help enhance their security installations’ overall performance.” The Hikvision Turbo HD analogue solution enables existing coaxial cable-based CCTV systems to be upgraded to HD surveillance with a simple and cost-effective installation. The Turbo HD family features a full range of analogue cameras offering 5 MP resolution. www.hikvision.com

www.risk-uk.com

paper ad_Layout 1 04/06/2015 17:59 Page 1

thepaper

Pro-Activ Publications is embarking on a revolutionary launch: a FORTNIGHTLY NEWSPAPER dedicated to the latest financial and business information for professionals operating in the security sector

Business News for Security Professionals

The Paper will bring subscribers (including CEOs, managing directors and finance directors within the UKâ&#x20AC;&#x2122;s major security businesses) all the latest company and sector financials, details of business re-brands, market research and trends and M&A activity

FOR FURTHER INFORMATION ON THE PAPER CONTACT: Brian Sims BA (Hons) Hon FSyI (Editor, The Paper and Risk UK) Telephone: 020 8295 8304 e-mail: brian.sims@risk-uk.com www.thepaper.uk.com

Appointments February2017_riskuk_jul15 07/02/2017 08:44 Page 1

Appointments

Steven Thompson

International Airport Review has appointed Steven Thompson to the publication’s Aviation Advisory Board. Thompson serves as development manager for specialised protective services at Securitas UK, and is directly responsible for nurturing the company’s offer within the dedicated aviation services sector. Thompson brings unparalleled expertise to the Aviation Advisory Board role, having held senior positions in both the UK and abroad. His focus on security contingency and public services infrastructure protection includes border control, transportation and construction. During his career, Thompson has managed both day-to-day operations and contingency mobilisation support during industrial action in both the private and public sectors. Thompson has become highly respected in the specialised protective services sector for providing robust, short notice contingency resilience deployments and solutions. His experience in the aviation, maritime, canine, fire and safety disciplines is expected to prove invaluable in further enhancing Securitas’ expertise in these specialist areas. Thompson commented: “Airports need to focus on more diverse resilience plans incorporating the possibility of infrastructure and security failure. They should also have the ability to deploy a robust strike resilience action plan during industrial unrest or unforeseen establishment shortfalls realised by pandemic flu or outbreaks of other forms of sickness.” Thompson went on to state: “Securitas’ riskbased approach will prove particularly effective under such circumstances.”

Craig Mason Heald, the East Yorkshire-based innovator in the arena of hostile vehicle mitigation (HVM) solutions for end users, has appointed Craig Mason to the role of business development executive at the company. Mason has 30 years’ experience of working on high profile projects for organisations including BNP Paribas, Qatar 2022 and Amazon. He specialises in helping to secure the built environment by using a blend of physical, procedural and technical security advice that can be readily incorporated within new-build or major refurbishment projects. Previously, Mason spent 24 years serving in the British Army, a large part of which involved

Appointments Risk UK keeps you up-to-date with all the latest people moves in the security, fire, IT and Government sectors Simon Ashton

Selectamark is delighted to announce that vehicle security expert Simon Ashton has joined the company tasked with the specialist role of looking after vehicle industry liaison. This new role will further strengthen the firm’s position in the vehicle security market, with Ashton drawing on his extensive experience of both investigating and analysing vehicle-based crime. As a former Metropolitan Police Officer, Ashton was once part of the Organised Vehicle Crime Unit at New Scotland Yard and had a remit to engage with vehicle manufacturers, Government, industry and international police forces in a bid to reduce vehicle crime. During his career to date, he has investigated numerous organised crime syndicates and networks operating on an international basis. Ashton was instrumental in challenging the Motorcycle Industry Association to join with senior police officers in a London campaign aimed at reducing motorcycle and scooter theft. He also persuaded the Home Office and the Society of Motor Manufacturers and Traders to review European legislation affecting security measures imposed on vehicle producers. James Brown, managing director of Selectamark, told Risk UK: “I’m delighted to welcome Simon to the team. He brings a wealth of specialist expertise and knowledge and will help us to provide new and innovative security marking and identification solutions.” teaching ballistic safety and strategic platform design to UK and foreign students. Mason has also applied this knowledge on numerous counter-terrorism and counterinsurgency operations conducted around the world. He held joint responsibility for the protection and physical security management of some MoD establishments, working with JSP440 and the UK technical authorities for counter-terrorist measures from within the main defence infrastructure. Commenting on Mason’s appointment, Debbie Heald (managing director of Heald) informed Risk UK: “I’m delighted to welcome Craig to the team. With a wealth of knowledge in the industry, there’s no doubt that he’ll be a great asset to the business.”

www.risk-uk.com

Appointments February2017_riskuk_jul15 07/02/2017 08:44 Page 2

Appointments

Andy Coles

Andy Cross

Integrated security solutions manufacturer TDSi is pleased to announce the appointment of Andy Cross as the company’s new distribution channel manager. With 29 years’ worth of experience in the security industry, Cross is excited to be joining the TDSi team and has clear objectives in mind for his new role. “As distribution channel manager, my goal is to further strengthen TDSi’s working relationships with our partners. This will include the provision of more product training and extensive sales support, both for sales teams and integrators.” Cross continued: “I will also be assisting with the ongoing growth of TDSi’s product portfolio and making certain that it meets and exceeds our customers’ requirements and expectations. Part of this is ensuring our customers continue to be fully informed about forthcoming and new products and when they’ll be available to the market. I’m excited to be part of TDSi’s ongoing success.” Cross began his career as an apprentice engineer with Chubb Alarms and progressed through several roles including those of installation engineer, service engineer and engineering supervisor before moving to work on business development projects at Norbain and then as HID Global’s area sales manager responsible for the UK and Ireland.

Christian Ringler

Milestone Systems, the open platform company specialising in networked video management software (VMS), has just appointed a new regional director for the Middle East and Africa (MEA). The Milestone EMEA organisation is being reshaped to better fit the needs of the business’ partner community and provide stronger regional support. Christian Ringler now adds the MEA region to his existing responsibilities in DACH countries. Peter Biltsted, who has contributed immensely to Milestone’s successful development in the region previously, remains closely connected to the company as an executive consultant. “MEA is a core market for Milestone, and we’re delighted to see the open platform community growing rapidly in the region,” explained Thomas Lausten, vice-president for the EMEA. “Christian Ringler is a strong leader who has accelerated the Milestone community across Germany, Austria, Switzerland and central and southern Europe. I’m confident that he will now strengthen our leadership and position in the MEA space even further.” Ringler joined Milestone Systems as director of sales back in 2015, bringing to bear more than 15 years of experience gained within the IT and security markets. Prior to this, Ringler spent six years as country manager for Germany and as head of sales for a leading German VMS developer.

66 www.risk-uk.com

Hikvision UK and Ireland has confirmed the appointment of Andy Coles as the company’s key account manager. Coles, who has been in the security industry for over 20 years, brings with him a wealth of experience having previously worked in a number of roles at distributor Norbain for over 18 years (including as divisional director of sales). More recently, he spent over four years at Frontline Security in the position of sales and marketing manager. In his new role, Coles will now be responsible for building relationships and developing business in the key accounts division. On his appointment, Coles informed Risk UK: “I’m delighted to have joined the Number One security manufacturer in the world. I’m very much looking forward to renewing old relationships and building new ones. With such a vast array of exciting products currently available and many more due for release in 2017, I’m looking forward to playing a pivotal role in this growing business.”

Zak Thompson

Wavestore, the British manufacturer of video management software (VMS), welcomes Zak Thompson to its UK and Ireland sales team as regional sales manager for the North of the UK. In his new role, Thompson will be working closely with Wavestore’s Northern UK-based systems integration, distribution and consultant partners to support new and existing opportunities for the company’s truly independent and open platform VMS. Armed with a security industry background that spans over 13 years, Thompson is wellknown in the market, joining Wavestore from intelligent video analytics and VMS provider Aimetis where he was regional sales manager in the UK and Ireland. Prior to that, Thompson held business development and account management positions at Panasonic, Anixter and with distributor Norbain. Speaking about the appointment, Thompson commented: “I’m delighted to be part of the Wavestore team and very much looking forward to contributing to the company’s future success.”

Project1_Layout 1 07/02/2017 06:51 Page 1

Find the perfect solution for your business from world leading security manufacturers and experts The global stage for security innovation and expertise -

N E W FO R 2 0 1 7 : Understand how to protect your business from a global threat at the Borders & Infrastructure Zone Pre-book 1-2-1 meetings with the suppliers you really want to do business with using the â&#x20AC;&#x153;Meetings Serviceâ&#x20AC;? Learn from experienced security professionals and develop your knowledge by attending free seminars Grow your network through connecting with over 27,000 of other leading security professionals See the evolution of security systems in the Smart Zone, looking at Home Automation & Smart Buildings

20-22 June 2017 REGISTER TO GET YOUR BADGE TODAY AT IFSEC.EVENTS Supported by

Organised by

Your badge also gives you entry to:

Jan 17 dir_000_RiskUK_jan14 07/02/2017 16:15 Page 1

Best Value Security Products from Insight Security www.insight-security.com Tel: +44 (0)1273 475500 ...and lots more Computer Security

Anti-Climb Paints & Barriers

Metal Detectors (inc. Walkthru)

Security, Search & Safety Mirrors

Security Screws & Padlocks, Hasps Fastenings & Security Chains

ACCESS CONTROL

Key Safes & Key Control Products

Traffic Flow & Management

see our website

ACCESS CONTROL & DOOR HARDWARE

ALPRO ARCHITECTURAL HARDWARE ACCESS CONTROL

ACT ACT – Ireland, Unit C1, South City Business Centre Tallaght, Dublin 24 Tel: +353 (0)1 4662570 ACT - United Kingdom, 2C Beehive Mill Jersey Street, Manchester M4 6JG +44 (0)161 236 3820 sales@act.eu www.act.eu

Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk

ACCESS CONTROL – SPEED GATES, BI-FOLD GATES

HTC PARKING AND SECURITY LIMITED ACCESS CONTROL – BARRIERS, GATES, CCTV

ABSOLUTE ACCESS Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV

St. James’ Bus. Centre, Wilderspool Causeway, Warrington Cheshire WA4 6PS Tel 01925 552740 M: 07969 650 394 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk

ACCESS CONTROL

INTEGRATED DESIGN LIMITED ACCESS CONTROL

KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk

Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com

ACCESS CONTROL

SECURE ACCESS TECHNOLOGY LIMITED Authorised Dealer

ACCESS CONTROL

COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68

Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com

Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk

Custom Designed Equipment ACCESS CONTROL MANUFACTURER

NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES

UKB INTERNATIONAL LTD Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com

• • • • • ȏ •

Indicator Panels Complex Door Interlocking Sequence Control Door Status Systems Panic Alarms &HOO &DOO $΍UD\ 6\VWHPV Bespoke Products

www.hoyles.com sales@hoyles.com Tel: +44 (0)1744 886600

Hoyles are the UK’s leading supplier of custom designed equipment for the security and access control industry. From simple indicator panels to complex door interlock systems.

BUSINESS CONTINUITY

ACCESS CONTROL, CCTV & INTRUSION DETECTION SPECIALISTS

BUSINESS CONTINUITY MANAGEMENT

VANDERBILT INTERNATIONAL (UK) LTD

CONTINUITY FORUM

Suite 7, Castlegate Business Park Caldicot, South Wales NP26 5AD UK Main: +44 (0) 2036 300 670 email: tradeshows@VanderbiltIndustries.com web: www.vanderbiltindustries.com

Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org

www.insight-security.com Tel: +44 (0)1273 475500

Jan 17 dir_000_RiskUK_jan14 07/02/2017 16:15 Page 2

CCTV CCTV Rapid Deployment Digital IP High Resolution CCTV 40 hour battery, Solar, Wind Turbine and Thermal Imaging Wired or wireless communication fixed IP CE Certified Modicam Europe, 5 Station Road, Shepreth, Cambridgeshire SG8 6PZ www.modicam.com sales@modicameurope.com

CONTROL ROOM & MONITORING SERVICES ADVANCED MONITORING SERVICES

EUROTECH MONITORING SERVICES LTD.

Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.net Web: www.eurotechmonitoring.net

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS

ALTRON COMMUNICATIONS EQUIPMENT LTD

DISTRIBUTORS

Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: cctvsales@altron.co.uk Web: www.altron.co.uk

CCTV

G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk

CCTV/IP SOLUTIONS

DALLMEIER UK LTD 3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com

sales@onlinesecurityproducts.co.uk www.onlinesecurityproducts.co.uk

AWARD-WINNING, LEADING GLOBAL WHOLESALE DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.

ADI GLOBAL DISTRIBUTION SPECIALISTS IN HD CCTV

MaxxOne Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP Tel +44 (0)161 430 3849 www.maxxone.com

Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company also offers an internal technical support team, dedicated field support engineers along with a suite of training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online account, installers can order up to 7pm for next day delivery.

Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER. CCTV & IP SECURITY SOLUTIONS

PANASONIC SYSTEM COMMUNICATIONS COMPANY EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP UK Tel: 0207 0226530 Email: info@business.panasonic.co.uk

MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ

Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com

COMMUNICATIONS & TRANSMISSION EQUIPMENT

KBC NETWORKS LTD. Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS

DIGITAL IP CCTV

SESYS LTD High resolution ATEX certified cameras, rapid deployment cameras and fixed IP CCTV surveillance solutions available with wired or wireless communications.

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk

NORBAIN SD LTD 210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com

CCTV SPECIALISTS

UK LEADERS IN BIG BRAND CCTV DISTRIBUTION

PLETTAC SECURITY LTD

SATSECURE

Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 01788 567811 Fax: 01788 544 549 Email: jackie@plettac.co.uk www.plettac.co.uk

Hikivision & MaxxOne (logos) Authorised Dealer Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP Tel +44 (0)161 430 3849 www.satsecure.uk

www.insight-security.com Tel: +44 (0)1273 475500

Jan 17 dir_000_RiskUK_jan14 07/02/2017 16:15 Page 3

EMPLOYMENT

INTEGRATED SECURITY SOLUTIONS

INNER RANGE EUROPE LTD

FIRE AND SECURITY INDUSTRY RECRUITMENT

SECURITY VACANCIES

Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com

www.securityvacancies.com Telephone: 01420 525260

PERIMETER PROTECTION

IDENTIFICATION

ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS

GJD MANUFACTURING LTD Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk

PERIMETER PROTECTION

GPS PERIMETER SYSTEMS LTD

COMPLETE SOLUTIONS FOR IDENTIFICATION

DATABAC GROUP LIMITED

14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk

1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com

INDUSTRY ORGANISATIONS

POWER

POWER SUPPLIES â&#x20AC;&#x201C; DC SWITCH MODE AND AC

DYCON LTD Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471900 Fax: 01443 479 374 Email: sales@dyconpower.com www.dyconpower.com

TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY

BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk Twitter: @thebsia

STANDBY POWER

UPS SYSTEMS PLC Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk

THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY

SSAIB 7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org

INTEGRATED SECURITY SOLUTIONS

UPS - UNINTERRUPTIBLE POWER SUPPLIES

ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk

SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

UPS - UNINTERRUPTIBLE POWER SUPPLIES

HONEYWELL SECURITY AND FIRE

UNINTERRUPTIBLE POWER SUPPLIES LTD

Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com

Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk

www.insight-security.com Tel: +44 (0)1273 475500

Jan 17 dir_000_RiskUK_jan14 07/02/2017 16:15 Page 4

SECURITY

LIFE SAFETY EQUIPMENT

C-TEC CASH & VALUABLES IN TRANSIT

CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk

Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: www.c-tec.com

PERIMETER SECURITY

TAKEX EUROPE LTD QUALITY SECURITY AND SUPPORT SERVICES

CONSTANT SECURITY SERVICES Cliff Street, Rotherham, South Yorkshire S64 9HU Tel: 0845 330 4400 Email: contact@constant-services.com www.constant-services.com

Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takex.com Web: www.takex.com

PHYSICAL CONTROL PRODUCTS, ESP. ANTI-CLIMB

INSIGHT SECURITY FENCING SPECIALISTS

J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk

Units 1 & 2 Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com

SECURITY EQUIPMENT

PYRONIX LIMITED INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com

Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMS INTRUDER AND FIRE PRODUCTS

CQR SECURITY 125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk

BOSCH SECURITY SYSTEMS LTD PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 0330 1239979 E-mail: uk.securitysystems@bosch.com Web: uk.boschsecurity.com

SECURITY EQUIPMENT INTRUDER ALARMS – DUAL SIGNALLING

CASTLE

CSL

Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042

Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 @CSLDualCom www.csldual.com

INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS

RISCO GROUP Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk

www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity

www.twitter.com/castlesecurity

SECURITY PRODUCTS

EATON Eaton is one of the world’s leading manufacturers of security equipment its Scantronic and Menvier product lines are suitable for all types of commercial and residential installations. Tel: 01594 545 400 Email: securitysales@eaton.com Web: www.uk.eaton.com Twitter: @securityTP

ONLINE SECURITY SUPERMARKET

SECURITY SYSTEMS

EBUYELECTRICAL.COM

VICON INDUSTRIES LTD.

Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com

Brunel Way, Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com

www.insight-security.com Tel: +44 (0)1273 475500

Project1_Layout 1 06/05/2016 13:46 Page 1

Simple & Easy Installation Integrated Security - Access Control

Inception is an integrated access control and security alarm system with a design edge that sets it apart from the pack. Featuring built in web based software, the Inception system is simple to access using a web browser on a Computer, Tablet or Smartphone. With a step by step commissioning guide and outstanding user interface, Inception is easy to install and very easy to operate.

Access Control

Automation

No Software Required

Multiple Devices

Security Alarm

Easy Setup with Checklist Prompting

IGNED

S DE

For more information, visit www.innerrange.com/inception. There you will ďŹ nd installation guides and videos to help you get the most out of your Inception system.

STRA

Send IP Alarms via the Multipath-IP Network

Visit www.innerrange.com or call 0845 470 5000 for further information