Risk UK January 2017 by Western Business Media Limited

FrontCover January2017_001 10/01/2017 13:41 Page 1

January 2017

www.risk-uk.com

Security and Fire Management

Horizon Scanning Security and Risk Predictions for 2017 The World As We Donâ&#x20AC;&#x2122;t Know It: The Future of Security BSIA Briefing: Crisis Planning and Incident Management People in Control: Human Factors in Todayâ&#x20AC;&#x2122;s Control Rooms Perimeter Protection: Fencing Design and Specification

Project1_Layout 1 22/12/2016 12:10 Page 1

Always a suitable solution with the DIVAR hybrid and network recorders At Bosch, we believe that video surveillance solutions should be as easy to install as they are to use. It’s the thinking behind our completely new portfolio of DIVAR hybrid and network recording solutions. Specifically designed for 24/7 operation, they offer the ability to create video surveillance solutions with professional security features. Solutions that can be tailored to fit the growing needs of small and medium businesses.

boschsecurity.com

Contents January2017_riskuk_Dec12 10/01/2017 11:50 Page 1

January 2017

Contents 30 Monitoring Trends in Access Control Interesting developments are in the pipeline for 2017 in terms of both technologies and applications, as Charles Balcomb details

32 The Security Institute’s View The Future of Security (pp13-14) 5 Editorial Comment 6 News Update

Alison Wakefield and Robert Hall chart the likely implications of Brexit for the UK’s National Security

35 In the Spotlight: ASIS International UK Chapter The ASIS Young Professionals Group was created back in 2010. Stuart Eustace examines objectives and deliverables for 2017

CJEU backs DRIPA challenge by MP. ASIS targets ESRM. Pinkerton buys IBBC Group. Deloitte purchases Regester Larkin

38 FIA Technical Briefing

8 News Analysis: Security Predictions for 2017

40 Security Services: Best Practice Casebook

Control Risks has published its annual RiskMap forecast. Brian Sims takes a look at what’s in store for the New Year

Simon Chapman assesses how and why security provision in the UK should look very different 12 months on from now

11 News Special: Total Security Summit 2017

42 Meet The Security Company

Risk UK is the Official Media Partner for this year’s Total Security Summit events, the first of which takes place on 13-14 March at the Radisson Blu Hotel near Stansted Airport. Brian Sims previews the content to be delivered for attendees

In association with the SSAIB, Risk UK continues its ‘Meet The Security Company’ series by talking with Avantguard Security

13 Opinion: The Future of Security With due consideration of the sheer pace of technological advance, Carl Meason maps out what the 4th Industrial Revolution has in store for the professional security world and how that world’s protagonists ought to be reacting

17 BSIA Briefing When it comes to running any kind of business, being ‘one step ahead of the game’ and planning for all eventualities is absolutely vital for success. James Kelly discusses the importance of effective crisis management planning

23 People in Control The emergence of new technologies and ergonomic standards coupled with an increased public awareness of workplace health and well-being issues has combined to inspire a dramatic shift in Control Room design. Terry Shough outlines the fine points

26 First Line of Defence As Peter Jackson observes, perimeter protection solutions play a key role in facilitating the valuable ‘defence in depth’ strategy that’s so highly valued by risk management professionals when formulating their organisation’s security posture

28 Security Integration Goes Viral Designers and specifiers of bespoke perimeter protection solutions increasingly wish to integrate physical, electronic and human security measures. Chris Plimley explains why

Ian Moore on the Regulatory Reform (Fire Safety) Order 2005

44 End User Computing and Risk Governance Henry Umnet demonstrates why regulators demand financial institutions adopt holistic model risk management strategies

46 Training and Career Development One challenge facing the security sector is how to ensure a pool of high calibre trainers. Raymond Clarke searches for a solution

48 Risk in Action 50 Technology in Focus 53 Appointments The latest people moves in the security and fire business sectors

56 The Risk UK Directory ISSN 1740-3480 Risk UK is published monthly by Pro-Activ Publications Ltd and specifically aimed at security and risk management, loss prevention, business continuity and fire safety professionals operating within the UK’s largest commercial organisations © Pro-Activ Publications Ltd 2017 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means electronic or mechanical (including photocopying, recording or any information storage and retrieval system) without the prior written permission of the publisher The views expressed in Risk UK are not necessarily those of the publisher Risk UK is currently available for an annual subscription rate of £78.00 (UK only) www.risk-uk.com

Risk UK PO Box 332 Dartford DA1 9FF

Editor Brian Sims BA (Hons) Hon FSyI Tel: 0208 295 8304 Mob: 07500 606013 e-mail: brian.sims@risk-uk.com Design and Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 429 2015 e-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 01322 292295 e-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 01322 292295 e-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton Chairman Larry O’Leary

Editorial: 0208 295 8304 Advertising: 0208 295 8307

3 www.risk-uk.com

EditorialComment January2017_riskuk_jul14 09/01/2017 15:57 Page 1

Wireless upgrades for any security system

Expand any security system with Ricochet® mesh technology Adding additional safety and security to new and existing security systems couldn’t be simpler. With Texecom’s Ricochet Wireless Expansion Pack, adding additional wireless devices is a quick and easy process. Each pack converts wireless devices into Normally Closed (N/C) relay outputs for direct connection to security control panel wired zones or CCTV triggering systems. • Enhance safety and security • Quick and easy to install

Any Control Panel

Ricochet Expansion Pack

Relay Interface Wireless Expander

Texecom products are designed and manufactured in the UK

EditorialComment January2017_riskuk_jul14 09/01/2017 15:58 Page 2

Editorial Comment

Compatible Ricochet Enabled Devices

UAVs in the Zone he Government plans to introduce new measures designed to ensure that the successful uptake of drones is matched by strong safeguards to protect the public. Measures out for consultation as of Wednesday 21 December include the mandatory registration of new drones, tougher penalties for illegal operation near no-fly zones, new signage for such zones at sensitive sites including airports and prisons and making drones electronically identifiable such that the owner’s details can be passed to the police if they’re spotted breaking the law. Importantly, the consultation will also consider whether there’s an overriding need for a new criminal offence to be introduced specifically to penalise the misuse of drones. The Government is determined to make the most of this emerging technology, which is estimated to be worth upwards of £100 billion come 2025, but ministers are absolutely clear that drone solutions will only be a success if they’re safe. On that note, Aviation Minister Lord Ahmad of Wimbledon explained: “Drones have enormous economic potential. They’re already being used by the Emergency Services, transport and energy solution providers and conservation groups to improve their services, respond to incidents and save lives. While most drone users are law-abiding citizens and have good intentions, some operators are not aware of the rules, or otherwise choose to break them, subsequently putting public safety, privacy and security at risk. The Government is taking a common sense approach towards tackling such behaviour.” Current regulations balance clear rules on safety with strong penalties for misuse. Those companies using drones for commercial purposes require permission to do so in order to ensure the technology’s operated in a responsible manner. Tim Johnson, policy director at the Civil Aviation Authority (CAA), stated: “Our priority is the safe operation of drones. We cannot underestimate the importance of understanding how to use drones safely and responsibly. The new CAA Drone Code, which forms part of our wider drone awareness campaign, is designed to help protect the safety of the wider aviation industry. Drones have significant potential for driving benefits across a range of sectors, and we encourage anyone with an interest in this area to respond to the consultation.” Andrew Sage, RPAS director at air traffic control company NATS, responded: “NATS fully supports the development of the drone industry and is committed to creating a safe and efficient airspace environment that meets the needs of both manned and unmanned aircraft operators alike. We would encourage all users of the UK’s airspace to respond to the consultation.” The CAA’s own Safety Code and the Drone Safe website, in addition to the recently-released NATS safety app for drone users entitled ‘Drone Assist’, are vitally important tools in encouraging safe and legal drone use. Ultimately, it’s only by understanding all perspectives and working together that, collectively, we’ll be able to find the solutions that witness successful manned and unmanned aviation industries operating safely in tandem across the UK.

Compact Pet Immune Detector

Compact Digital Detector

Compact Digital Quad Detector

External Detector

Digital Quad Detector

Digital Detector

Ceiling Mount Detector

Contact/Shock Sensor

Panic Button

Smoke Detector

Carbon Monoxide Detector

Brian Sims BA (Hons) Hon FSyI Editor

www.texe.com Sales: +44 (0)1706 220460

December 2012

www.risk-uk.com

NewsUpdate January2017_riskuk_nov14 09/01/2017 16:33 Page 1

European Union Court of Justice backs MP’s strong challenge to DRIPA Judges at the European Union Court of Justice (CJEU) have backed a challenge by MP Tom Watson, represented by civil rights champion Liberty, to the Data Retention and Investigatory Powers Act (DRIPA). This is the temporary emergency law that covers state surveillance. DRIPA expired on 31 December, but the Government has since replicated and vastly expanded the same powers in its new flagship surveillance law, the Investigatory Powers Act, which passed through the Palace of Westminster in November. Liberty states that the CJEU ruling means major parts of that new Act are, in effect, unlawful and the Government will need to urgently and fundamentally amend it. Martha Spurrier, Liberty’s director, said: “The judgement upholds the rights of ordinary British people not to have their personal lives spied on without good reason or an independent warrant. The Government must now make urgent changes to the Investigatory Powers Act to comply with this. This is the first serious post-EU Referendum test for our Government’s commitment to protecting Human Rights and the rule of law. The UK may have voted to leave the EU, but we didn’t vote to abandon our rights and freedoms.” Tom Watson MP stated: “This ruling shows that it’s counterproductive to rush new laws through Parliament without proper scrutiny. At a

time when we face a real and ever-present terrorist threat, the security forces may require access to personal information none of us would normally hand over. That’s why it’s absolutely vital that proper safeguards are put in place to ensure this power isn’t abused, as it has been in the recent past.” DRIPA forces communications companies to store every individual’s ‘communications data’ – the ‘Who?’, ‘What?’, ‘Where?’, ‘When?’ and ‘How?’ of every e-mail, text, phone call and Internet communication, including those of lawyers, doctors, MPs and journalists. This data is subject to what Liberty calls “an extremely lax access regime”, and one which lets hundreds of organisations and Government agencies – from police forces to HMRC – to grant themselves access for a wide range of reasons that have nothing to do with investigating serious crime. The Investigatory Powers Act has legalised other “unprecedented” bulk spying powers including bulk hacking, the interception of phone calls and e-mails on an industrial scale and the collection of huge databases containing sensitive information on millions of people which could integrate records such as Oyster card logs and Facebook back-ups. Liberty believes these indiscriminate powers are also unlawful and is already preparing to challenge them in court.

ASIS International turns ESRM into global strategic priority for 2017 ASIS International, the association for security management professionals operating across the globe, has pinpointed Enterprise Security Risk Management (ESRM) as a global strategic priority for the organisation and committed to infusing its concepts into all programmes and services. Both a philosophy and a management system, ESRM uses globally established risk management principles to help security professionals manage the varied security risks facing today’s organisations. By making ESRM a strategic objective, ASIS International is looking to shift the profession from a siloed approach to security management towards a more collaborative process. “Threats today are increasingly more sophisticated, targeting organisations in myriad ways,” explained David Davis CPP, president of ASIS International. “In addition, the rapidly evolving business and compliance landscape requires a more holistic and strategic approach towards managing organisational risk. As the only global professional association representing the total spectrum of security, ASIS International is uniquely positioned to lead this effort.” ESRM covers not only traditional security issues such as loss prevention and counter-terrorism, but also a broad array of topics including brand protection, business continuity, corporate espionage, cyber security, information security, resilience and white collar crime. Davis also noted: “By embracing an ESRM mindset, our members will become more effective security professionals and more valuable members of their organisations.” To lead this initiative, the Board of Directors has established a two-year ESRM Commission headed by Dave Tyson CPP. Serving alongside Tyson on the ESRM Commission are Brian Allen CPP, Raymond O’Hara CPP, John Petruzzi Junior CPP, John Turey CPP and Volker Wagner.

6 www.risk-uk.com

NewsUpdate January2017_riskuk_nov14 09/01/2017 16:34 Page 2

News Update

Pinkerton boosts security consulting capacity with purchase of Poland-based IBBC Group Pinkerton – the provider of risk management services and solutions with offices in central London and Uxbridge and a blue chip client roster right across the UK – has boosted its security consulting and investigative operations in mainland Europe with the acquisition of Poland-based IBBC Group. IBBC Group is a well-known and highly respected risk management services provider mainly servicing a geographical area encompassing Poland, Germany, the Czech Republic, Slovakia, Hungary, Latvia, Lithuania, Belarus, the Ukraine and Russia. This expansion in mainland Europe by Pinkerton extends its range of local services throughout the continent. The business is now offering global connectivity to resources that will help identify both physical and cyber threats impacting on business continuity. The new Polish connection complements Pinkerton’s UK operations, where a team of security professionals provides a complete range of services to all areas of mainland Europe and Northern Eurasia, focusing on specialist areas of mitigating risk ranging from Intellectual Property protection and computer forensics through to crisis management.

Deloitte acquires Regester Larkin to double crisis management and strategic risk business Business advisory firm Deloitte has announced the acquisition of crisis, issues and reputation management consultancy Regester Larkin. For more than two decades, Regester Larkin has worked with blue chip multinationals as they prepare for, respond to or recover from crises and as they predict, prevent or resolve strategic issues, in turn advising on some of the highest profile corporate cases. Internationally recognised as a leader in its field, Regester Larkin will now be merged with Deloitte’s existing crisis and resilience business to form one of the largest and most comprehensive fully-dedicated practices in what is a highly specialist area. The new practice will be 70-strong with six partners and operate under the ‘Regester Larkin by Deloitte’ brand. This acquisition comes at a time when businesses are facing uncertainties, growing threats from cyber and other strategic risks, while corporate reputations are under greater scrutiny. It supports Deloitte’s growth agenda

Making the announcement, Pinkerton president Jack Zahran explained: “The risk landscape continues to change and evolve on a rapid basis. We recognised a need to expand our footprint in a way that enhances our ability to view risk holistically from a global standpoint. Acquiring the IBBC Group furthers Pinkerton’s ability to provide local services and solutions while leveraging resources from all over the world.” Boasting a team of highly experienced lawyers, investigators, analysts, IT engineers and experts from various specialist industry sectors, the IBBC Group offers clients complex consulting services and security solutions in a host of disciplines, among them background screening, due diligence, business intelligence, crisis management, computer forensics and risk analysis. Speaking about the deal, Bartosz Pastuszka (director of the IBBC Group) informed Risk UK: “We’re eager to partner with Pinkerton and align our resources in order to help clients more thoroughly protect their assets, people and brands.” Expanding its presence throughout Europe further strengthens Pinkerton’s global network of experts that the agency can draw on to identify new and emerging threats that have the potential to prevent businesses from accomplishing their objectives.

and focuses on issues that matter to its clients at both the Board and senior executive levels. Speaking about this move, Rick Cudworth (crisis and resilience partner at Deloitte) stated: “From Day One we will join forces under the new ‘Regester Larkin by Deloitte’ brand. By combining with Regester Larkin’s unrivalled experience and skills in crisis, issues and reputation management, we’ll deepen our ability to support the growing demand of our clients for dealing with strategic risk issues through a fully-integrated crisis management solution.” Andrew Griffin, CEO of Regester Larkin, responded: “This is a hugely exciting opportunity for Regester Larkin and, indeed, our clients. We’re looking forward to the scope, reach, depth and access to additional expertise that being part of Deloitte will bring. We are particularly delighted that Deloitte is keen to invest in and grow our strategic crisis response, crisis communication and issues management offerings. Our clients welcome the fact that our crisis preparedness advice is based on real life response experience, and we very much look forward to supporting many more organisations as they respond to strategic issues and crisis events.”

7 www.risk-uk.com

NewsAnalysisSecurityandRiskPredictionsfor2017 January2017_riskuk_mar15 09/01/2017 16:32 Page 1

2017 set to be “year of acute uncertainty for business sector” predicts Control Risks relationship between the US and China, which is vital for global economic stability. US withdrawal from the Trans-Pacific Partnership threatens to redraw trans-Pacific commerce. The calls across Europe for further referendums on EU membership are causing nervousness and populism in other parts of the world such as sub-Saharan Africa which adds further fuel to investor risk.

Control Risks, the specialist risk consultancy, has published its annual RiskMap forecast, widely renowned as the leading guide to political and business risk and an important reference point for policy makers and business leaders alike. Brian Sims takes a look at what’s in store for the New Year

peaking about the new RiskMap for 2017, Richard Fenning (CEO at Control Risks) observed: “The unexpected US Presidential Election and European Union Referendum results that caught the world by surprise have tipped the balance to make 2017 one of the most difficult years for business’ strategic decision-making since the end of the Cold War. The catalysts for international business – geopolitical stability, trade and investment liberalisation and democratisation – are facing erosion. The commercial landscape among Government, private sector and nonstate actors is becoming more complex.” The high levels of complexity and uncertainty attached to the key political and security issues for the year, as highlighted by the RiskMap, mean that Boards of Directors will need to undertake comprehensive reviews of their approaches towards risk management. Control Risks has identified several key business risks for the New Year ahead:

Political populism exemplified by Presidentelect Trump and Brexit The era of greater national control of economic and security policy ushered in by the US Presidential Election and Brexit outcomes provides increased uncertainty for business leaders. Caution prevails because of the lack of political policy clarity from the USA and the UK as well as geopolitical issues. Political sparks will fly as the new American Presidency places pressure on the economic

8 www.risk-uk.com

Persistent terrorist threats The threat of terrorism will remain high in 2017, but become more fragmented. The eventual collapse of Islamic State’s territorial control in Syria and Iraq will lead to an exodus of experienced militants across the world. Responding to terrorism is becoming evermore difficult for businesses. Risk adjustment is critical, including Big Data solutions and reviews of potential insider radicalisation, physical security and scenario planning. Increasing complexity of cyber security 2017 will see the rise of conflicting data legislation. US and EU Data Protection Regulations remain at odds. The EU’s Single Digital Market is isolationist and China and Russia are introducing new cyber security laws. This will lead to data nationalism, forcing companies to store data locally, at increased cost, as they’re unable to meet regulatory requirements in international data transfer. The forecast is that e-commerce will be stifled. In parallel, fears of terrorism and statesponsored cyber attacks will exacerbate national legislation, adding additional burden to businesses. Any brake on US regulation could lead to a transformed global regulatory environment US adherence to the Paris climate accords is under question, the Dodd-Frank Act could be modified substantially and the Foreign Corrupt Practices Act isn’t off limits. This could have a domino impact on regulation around the world. Intensifying geopolitical pressures driven by displays of nationalism, global power vacuums and proxy conflicts Syria, Libya, the Yemen and the Ukraine are likely to remain intractable conflicts, while the Middle East will continue to be shaped by friction between Saudi Arabia and Iran. China’s

NewsAnalysisSecurityandRiskPredictionsfor2017 January2017_riskuk_mar15 09/01/2017 16:32 Page 2

News Analysis: Security and Risk Predictions for 2017

increased focus on diplomacy and military influence will extend from Central Asia and the Indian Ocean to sub-Saharan Africa. North Korea’s systematic nuclear capability development is upending a relatively static regional and global nuclear status quo. Militarisation of strategic confrontations by accident or miscalculation While major conflicts remain unlikely in the South or East China Seas, for example, further militarisation of disputes among China, its neighbours and the US is likely. Saudi Arabia and Iran continue to jockey for position in the Hormuz and Bab el-Mandeb straits. Iran’s nuclear deal has emboldened the country to challenge the US-Saudi security infrastructure. Russia is likely to maintain substantial air patrols in or near European airspace. It will continue bolstering its Black Sea and Mediterranean naval fleets to secure its positions in Crimea and Syria. Richard Fenning continued: “Digitisation and the Internet of Everything transports risk everywhere. The distinction between safe home markets and dangerous foreign ones has largely gone. The mass of stored data, teetering on a fulcrum between asset and liability, has shifted the gravitational centre of risk.” Control Risks’ CEO added: “Terrorist attacks across continents in 2016, made possible in large part by the Internet, have shown that Islamist-inspired violence can be planned and carried out anywhere in the world. Also, given the seismic shift in risk scenario planning now required by businesses, we can expect the competitive playing field in many industries to witness significant change as organisations respond in different ways to the multitude of complexities facing them.” In conclusion, Fenning informed Risk UK: “By the end of this year, we will know for certain whether or not the global economy withstood the shocks and turbulence of 2016, if the US opted for a new definition of how to exercise its power and whether the great experiment in globalisation remains on track.”

Strategies for protecting value Companies will pursue different strategies to protect value and seize opportunities in 2017. Many organisations will be defined as Arks, Sharks or Whales by their response. Arks will be defensive and focus on core businesses and markets. They will shed nonperforming assets, reverse unsuccessful mergers, cut costs and delay expansion. While particularly associated with the mining and oil and gas sectors due to the collapse in

“The sheer mass of stored data, teetering on a fulcrum between asset and liability, has undoubtedly shifted the gravitational centre of risk” commodity prices, the Ark strategy also characterises retrenchment by retailers. Sharks are less risk-averse and will hunt for opportunities in new activities and locations. Facing regulatory uncertainty and the rise of competing power centres in the emerging world, financial services is likely to take on risk to capture first-mover advantages in frontier markets or disruptive sectors such as fintech. For their part, Whales will take advantage of their deep pockets and cheap financing to engineer mega-mergers and monopolise markets. Their main risks are economic nationalists and competition regulators. Consolidation strongly characterises the technology sector, pharmaceuticals and agribusiness, which have often arbitraged regulatory environments in order to gain more dominant market positions.

Richard Fenning: CEO at Control Risks

Data stewardship When it comes to data stewardship, regulation will become tighter and fines for breaches increase in the year ahead. Indeed, Iain Chidgey, vice-president for international business at Delphix, predicts that the EU General Data Protection Regulation (GDPR) will force UK organisations to ensure compliance and reduce the risk of a data breach once and for all in 2017. “2017 is officially the last financial year that organisations have left to prepare for the implementation of the GDPR,” urged Chidgey. “However, with the deadline for compliance now less than 18 months away, and a fifth of businesses admitting that they don’t understand the requirements of the GDPR, we predict that preparing for the upcoming law will dictate IT budgets, resourcing and initiatives over the 12 months.” Breaches like TalkTalk acted as an important reminder as to the sensitivity of unmasked data in 2016. In this instance, the hack went unnoticed for a prolonged period of time, triggering a hefty fine of £400,000 and impacting 157,000 customers. However, had the EU’s GDPR been in operation then the fine could have been even higher. “Regulators will finally have teeth,” observed Chidgey. “Any business offering goods and services to EU citizens or monitoring the behaviour of EU citizens will need to prioritise their GDPR preparations immediately.”

Iain Chidgey: Vice-President for International Business at Delphix

9 www.risk-uk.com

Project1_Layout 1 08/11/2016 20:39 Page 1

Joining the dots to bring business continuity into the digital ageâ&#x20AC;Ś

Cyber Security

Resilience

For more information contact our specialist Business Continuity team

email: enquiry.dcs@daisygroup.com or call: 0344 863 3000

Shadow

Planner BCM Software

we are www.daisygroup.com

NewsSpecialTotalSecuritySummit2017 January2017_riskuk_feb15 09/01/2017 16:33 Page 11

News Special: Total Security Summit 2017

ow more than ever, the end users of security solutions need to be sourcing products, services and systems providers offering the best value for money. Organised by Forum Events, the Total Security Summit 2017 is a highly focused gathering that brings together security professionals and an array of solution providers for detailed one-to-one business meetings, valuable networking opportunities and a series of interactive seminars. Taking place at the Radisson Blu Hotel near Stansted Airport on 13-14 March, the Total Security Summit will see suppliers spending quality one-to-one time with potential clients in order to discuss their future requirements while at the same time forging vital business links. Senior security and risk managers and directors at the event also have the opportunity to energise fresh contacts. This year, attending suppliers are those offering a broad range of security solutions including CCTV cameras, access control, perimeter protection, fire safety, intruder detection and integrated security management. Suppliers booked for the Total Security Summit 2017 include the Alcumus Group, Sony, DormaKaba, Gallagher, Tyco and ATEC Fire and Security. End users present can also chat with representatives from ASDC, IndigoVision, Nedap, Hikvision, Alternative Systems Protection, Vanderbilt and Netwatch.

Detailed seminar programme As stated, alongside the meetings programme there’ll be a series of special interactive seminars covering a variety of major topics, among them security strategies and crisis management and communications. In an era of rising global challenges and uncertainties, how might security and risk management professionals confront the complex security challenges of the future? On Monday 13 March from 9.45 am through until 10.30 am, Dr Anna Maria Brudenell (lecturer in Military and Security Studies at Cranfield University’s Defence and Security Academy) will assist in helping attendees to understand their specific and complex security challenges and guide them through a range of potential measures for addressing them. There’ll be a focus on security for major events and protecting crowded places, terrorism threats and high security zones and security in relation to counter-terrorism. ‘Crisis Management and Communications’ is the theme of Chris Phillips’ presentation. Director of the International Protect and Prepare Security Office, Phillips is set to cover crisis management principles and processes as

Security at the Summit

well as effective preparedness and response programmes. There will be in-depth discussion around understanding of the specific and unique threats, risks and vulnerabilities posed to today’s businesses, how to remain up-todate with security training, a focus on education and training and information and theory concerning security project management when it comes to planning and implementing a crisis management system. The afternoon of Monday 13 March sees presentations on CCTV and video surveillance and how to keep your business’ cash and assets both safe and secure. As the online landscape evolves, it’s critical to develop, implement and continually assess a proactive online brand protection strategy. The fifth seminar at the Total Security Summit, which runs from 8.30 am to 9.15 am on Tuesday 14 March, is scheduled to cover the threat landscape of cyber space and focus on the growing awareness of data protection, keeping data secure using IT and ID theft protection. The Critical Sectors Resilience seminar, which begins at 1.45 pm, will discuss the resilience of critical sectors to the relevant risks identified in the National Risk Assessment. This represents an opportunity to learn about risk approaches and infrastructure resilience so as to anticipate, absorb, adapt to and recover from disruption. There will be useful guidance on the validation and assurance of resilience arrangements, detail on how to prepare for and adapt to changing conditions and withstand and recover rapidly from disruptions and instruction on how to be alert to any perceived vulnerabilities. On the day, a programme of specific measures designed to improve resilience is going to be outlined.

The Total Security Summit is designed to match security professionals with key industry solution providers such that they might discuss the latest technologies and innovations. Risk UK is the Official Media Partner for the two-day March 2017 event, previewed here by Brian Sims

*To register your place at the Total Security Summit 2017 call 01992 374066, send an e-mail to: leanne.webster@ forumevents.co.uk or log on to the event website at: www.totalsecuritysummit.co.uk

11 www.risk-uk.com

Project1_Layout 1 06/05/2016 13:46 Page 1

Simple & Easy Installation Integrated Security - Access Control

Inception is an integrated access control and security alarm system with a design edge that sets it apart from the pack. Featuring built in web based software, the Inception system is simple to access using a web browser on a Computer, Tablet or Smartphone. With a step by step commissioning guide and outstanding user interface, Inception is easy to install and very easy to operate.

Access Control

Automation

No Software Required

Multiple Devices

Security Alarm

Easy Setup with Checklist Prompting

IGNED

S DE

For more information, visit www.innerrange.com/inception. There you will ďŹ nd installation guides and videos to help you get the most out of your Inception system.

STRA

Send IP Alarms via the Multipath-IP Network

Visit www.innerrange.com or call 0845 470 5000 for further information

OpinionTheFutureoftheSecurityBusinessSector January2017_riskuk_mar15 09/01/2017 16:36 Page 2

Opinion: The Future of the Security Business Sector

irst of all, please do forgive me for what you might believe to be the ramblings that follow. There are no statistics being presented in the paragraphs that ensue below and zero references to any scientific studies. There’s no quoting of – or, indeed, from – British Standards, either. Nonetheless, I simply have to get a few concerns off my chest by posing a question or two of my own. Specifically, is there a future for the security industry as we understand it? What’s more, is our industry prepared for what the future is already throwing in its direction? Can our industry adapt at a quicker rate than in days gone by in order to satisfy the new demands of an ever-evolving end customer? Do a large number of our existing sectors have a dwindling shelf life? Will human interaction in the security industry become more unnecessary? How does new technology and the Internet of Everything (IoE) begin to make us think about the impact all of this will have on our own business world? Let’s go back to the beginning. Is there a future for the security industry? Well, of course there is, but only for those who embrace the changes that technology is forcing upon ourselves as solution providers, but also – and perhaps more importantly – on our customers. It seems as though a new device, gadget, gizmo or piece of software is being thrust in my direction almost on a daily basis, with suppliers telling me that their latest invention can replace a function the industry has thought to be ‘standard’ for many years. The thing is, on many occasions these gizmos are ‘better’, they do make my life ‘easier’ and, ultimately, this does mean that I – and many others like me – become less dependent on interaction with another human being. That’s sad, because like many others I do love a good chat. Are these gizmos and gadgets mere fads? Or is it more the case that an entrenched culture within the security business sector is somewhat distracting us from the fact that these developments could actually prove to be ‘industry disruptive’?

Expectations are changing Let me elaborate. When I was a lad – yes, I’m fortunate enough to be able to remember that far back – would I have dreamed that I could use a mobile telephone to turn on my heating? No, because when I was a boy we didn’t have any such technology. Our phone was some huge thing with a wheel at the centre of it. Fast forward to today, though, and an era wherein turning on the heating with your phone is now seen as being as normal as it was for me to put

The World As We Don’t Know It Is there a future for the security sector as we understand it? What’s more, is that sector fully prepared for what the future is already throwing its way? With due consideration of the sheer pace of technological advance, Carl Meason maps out what the 4th Industrial Revolution has in store for the professional security world and how that world’s protagonists ought to be reacting sooner rather than later on another jumper to keep warm and suffer from arm ache as I telephoned my Grandma. In short, expectations are changing… and, it must be recognised, so is the consumer. Permit me to point you in the direction of some new products that are taking small, but steadily encroaching steps towards our security market. Consider the ringing of a smart phone doorbell, smart home hubs and Wi-Fi light bulbs with integrated IP cameras. In my opinion, these are more shots across the bow, at least in terms of theoretical disruptive applications in our industry. The need for rapid information that interacts and has the potential for value added ‘bells and whistles’ is the norm for the consumer of today, and will most certainly be an expectation of the future. I often think back to the story of the two year-old girl who was looking out of her window and decided to try and expand the view because she was used to using her tablet device as a way of doing so. This new breed of consumer has grown up in the surroundings of an evolving, ‘need something now’-style environment: an environment that doesn’t display any signs of stopping or even slowing down any time soon.

Carl Meason MSyI MCMI: Director of Electronic Systems at Unipart Security Solutions

www.risk-uk.com

OpinionTheFutureoftheSecurityBusinessSector January2017_riskuk_mar15 09/01/2017 16:36 Page 3

Opinion: The Future of the Security Business Sector

Speaking of the ‘environment’, well there’s another thing. Are we considering the future structure of the world? A few years ago, I authored an article entitled ‘The Digicom Dinosaur’ for The Security Installer’s online community. In essence, my blog asked if we were too slow to react to an evolving IP connective infrastructure. Looking back, I recall receiving a good deal of criticism for the views expressed therein. Several years later, I’m not sure how far we’ve since progressed. Even now, in the face of such dynamic change, how many of us remain in denial? How many of us feel – or, indeed, hope – that things will remain as they’ve always been? Well, it’s too late for that.

Revolution is here The 4th Industrial Revolution is already upon us and it’s underpinned by the aforementioned IoE powered by the Internet of Things (IoT). The IoT and the IoE: the clue is in the names. Ever heard someone say: “I just cannot keep up with these new…” These words are more relevant right now than at any other time in days gone by. Technological advances breed ideas and, in turn, services and products. Given that these changes are happening at such a rate, is it possible for any of us to claim that we’re genuinely up to speed? Am I right to be more than a little concerned? Should all industries sit up and take notice of what’s going on around them? I think so, given the speed at which technology is developing ‘around’ our own business sector. Some seem comfortable and are happy to watch from the sidelines as change takes effect. I have some pretty important news for those of you who adopt such a cautious ‘wait and see first’-type approach. This change is a technological revolution that’s real and it’s altering the world right now. In further news, the security industry isn’t exempt. OK, what’s the difference? The IoT is all about smart things that we use: tablets, phones, TVs, heating systems, games consoles, heating controls such as ‘Hive’ and ‘Nest’ and anything that can interact with the Internet. In relation to elements of our industry, items such as cameras, routers, detectors, alarm panels and signalling devices are those involved. This is something we’re beginning to embrace, although the use of old technologies is still

“Technological advances breed ideas and, in turn, services and products. Given the speed of change, is it possible for any of us to claim that we’re genuinely up to speed?” 14

www.risk-uk.com

very much the mainstream in the electronic security world. The IoE is the interconnectivity and the services and data transfer this interconnectivity can produce. An example of this service could be the un-setting of an intruder system triggered by the proximity of your smart phone. It’s the data-driven communication of devices to develop an output that has the value. As more devices become connected, so the scope for products and services continues to develop. Smart homes, businesses and even smart cities are an inevitable outcome, with smart ideas then very much in play. This is where our future is, because this is our future. An estimated 25 billion Internet devices will be connected by 2020. Apologies… I did suggest there were no statistics being relayed in this missive, but that one’s pretty hard to ignore.

Future of security What does all of this mean, then, for that important element of the security community often bracketed under the collective banner of ‘people’ (in other words, our security officers who provide security guarding functions or mobile response and patrol services)? To be frank, the impact of change could be hard on those security businesses that don’t embrace it and determine to diversify. Granted, the requirement for human interaction in security should always be valued, but I believe this sector has a greater need to evolve in the face of technological progression. Maybe now is the time to understand how we might change and adapt to incorporate technologies and ‘swim with the tide’. It’s brutal to see it spelled out in black and white, perhaps, but technology is cheaper than the presence of an individual and, what’s more, our customer base knows this to be true.

Thinking like the customer Put simply, security solution providers have to adapt to the new dawn with new ideas. We must see our challenge as one focused on thinking like our new consumer: the modern individual with a smart mobile phone and remote-controlled heating. The kind of individual who expects to receive detailed and salient information at the touch of a button and in a way that they like to see it. The kind of person who doesn’t need an extra jumper. Returning to my initial – and so very important – question once again, then, is there a future for the security industry? The answer is ‘Yes’. There most certainly is, but there isn’t any room for dwelling on the past or many of the thought processes that went with it.

Project3_Layout 1 13/07/2016 12:08 Page 1

Project1_Layout 1 09/01/2017 16:45 Page 1

BSIABriefing January2017_riskuk_mar15 09/01/2017 15:53 Page 2

BSIA Briefing

ne of the most important elements of an organisation’s contingency plan is the risk register. When planning for safety and creating incident management processes, it’s essential that those responsible for crisis planning are able to identify the day-to-day risks facing the business and the myriad strategies in place to counteract them. Businesses face a number of threats each day, including potential terror attacks, the threat of flooding, an outbreak of fire and the ever-present danger of a cyber attack, all of which have the ability to completely shut down an organisation. When addressing these various threats, it’s important to evaluate in detail how the organisation operates on a wider level in order to identify what aspects of the business are essential in its ability to continue to function during a crisis episode. By way of example, ensuring that employees can work securely off-site, if necessary, is crucial in terms of business continuity. It’s not enough just having plans in place in case an emergency should arise. Also paramount is that all employees are aware of existing contingency plans such that they may go about their roles as necessary. Such plans should also be nothing other than efficient in their structure, all the while making sure that incidents are dealt with in a timely manner so as not to compromise the business any further. Eddie Hirst, risk director at Mitie Total Security Management (a member company of the British Security Industry Association’s Specialist Services Section), believes that, today, organisations are taking crisis planning far more seriously. “Due to events such as the Paris and Brussels terrorist incidents and the recent UK flooding episodes,” commented Hirst, “crisis management is in the national media far more. People are generally more aware of Government strategies such as CONTEST and Prevent, which are policies aimed at reducing the risk of terrorism in the UK. Groups such as ASIS and the Centre for the Protection of National Infrastructure (CPNI) also offer specific guidance on crisis planning.” CPNI is the Government authority for protective security advice to the UK’s national infrastructure. Its role is to protect national security by helping to reduce the vulnerability of the national infrastructure to terrorism and other threats. National infrastructure is those facilities, systems, sites, information, people, networks and processes necessary for a country to function and upon which daily life depends. It also includes some functions, sites and organisations which are not critical to the maintenance of essential services, but which

Crisis Planning in an Unpredictable World When it comes to running any kind of business, being ‘one step ahead of the game’ and planning for all eventualities is absolutely vital for success. This not only applies to business strategy, but also for ensuring the general Health and Safety of an organisation and its employees. Here, James Kelly discusses the importance of effective crisis planning and incident management in an unpredictable world need protection due to the potential danger to the public (civil nuclear and chemical sites being a prime example). In the UK, there are 13 national infrastructure sectors: Chemicals, Civil Nuclear Communications, Defence, the Emergency Services, Energy, Finance, Food, Government, Health, Space, Transport and Water. Several sectors have defined ‘sub-sectors’. Emergency Services, for example, can be split into the Police, Ambulance and Fire Services and the Coast Guard.

Focus on crisis planning With crisis planning now more widely recognised, Eddie Hirst stated: “Public bodies, such as local councils and Critical National Infrastructure clients, very often have dedicated departments and people in place focused on this issue. Private businesses, on the other hand, often don’t have large departments taking care of crisis planning. Rather, different functions are creating their own plans without one central department taking the lead.”

James Kelly: CEO of the British Security Industry Association

www.risk-uk.com

BSIABriefing January2017_riskuk_mar15 09/01/2017 15:54 Page 3

BSIA Briefing

Hirst continued: “We do believe there’s a heightened awareness regarding crisis planning and incident management. However, there’s evidence to suggest that some organisations, notably in the private sector, need to dedicate more resources in addressing this challenge.” Looking at the approach Mitie Total Security Management adopts towards crisis management, Hirst explained that, by working closely with its clients on recognising shortfalls in the host organisation, the business can work in unison with customers to create a joint plan in order to address them. “Once an overarching strategy is agreed, we very often deliver training and testing,” observed Hirst. “Technological developments have enabled crisis planning and management to be delivered in an efficient and paperless fashion. One such example is our own security management and resilience tool, SMART, which uses bespoke process flows created by our risk team in partnership with the client, ensuring that each incident is handled in the most efficient and consistent manner possible.” While a user enters incident information, the system is also reminding them of the standard operating procedures related to that specific incident and communicates information in realtime to the required audience. This can also be altered easily by those end users with the correct permission levels.

Handling an incident Explaining SMART further, Hirst outlined to Risk UK: “As well as ensuring that quality data is captured and the incident is handled in a consistent manner, the system is also designed to minimise the amount of time taken to handle that episode. For instance, during consultations with a retail customer, it was identified that, when detaining store thieves, there were two key issues involved. First, if the police were called to the incident, a given security officer needed to spend 30 to 40 minutes creating a police statement which meant that, following the incident, each security colleague spent valuable time off the shop floor.” Second, an issue arose that highlighted the fact the police were frustrated when attending incidents, as the quality of statements was of varying standards or sometimes non-existent. To resolve both of these issues, and working in partnership with former police officers and

Home Office guidance documents, Mitie Total Security Management developed an automated statement creator which takes information recorded in an incident and combines it with information held centrally in the system in order to realise an editable statement which, in most cases, can be printed, signed and handed to the police officer. Small changes may be made within the system before printing. “The development of this system means the security officers and their store colleagues have greatly reduced the time spent dealing with crime incidents,” concluded Hirst, “affording them more opportunities to support customers and consequently create a safer environment.”

Taking the extra step In order for employees within a business – and particularly those at a senior management level – to be fully prepared for a crisis event, it can be beneficial to undertake specialist training courses in the subject. Enlisting the help of a reputable training provider to deliver a comprehensive course on risk management can help members of the business nurture the skills and confidence to effectively deal with a crisis. Such training can cover all aspects of incident management, including risk assessments, security surveying, continuity management and disaster recovery. If an organisation does choose to undertake a specified training course, it’s essential that the course is delivered by a high quality training provider. When sourcing a training provider, there are a few factors to be aware of so as to ensure that the service is going to be of sound quality. Generally, a good training provider will offer a free consultation in order to fully discuss the training needs of the business and also present a wide variety of courses at a range of levels specifically designed for different disciplines. They will also provide a professional learning environment, incorporating modern teaching aids and a range of state-of-the-art equipment to assist the education process. The tutors themselves will be professionally qualified with ‘real world’ experience of the industry. To differentiate themselves from other training providers, members of the BSIA’s Training Providers Section have developed their own official Code of Conduct that safeguards the interests of consumers in the UK.

“It’s not enough just having plans in place in case an emergency should arise. Also paramount is that all employees are aware of existing contingency plans such that they may go about their roles as necessary” 18

www.risk-uk.com

AdvertisementFeatureEsotericLtd January2017_riskuk_mar15 10/01/2017 11:28 Page 39

Advertisement Feature

Innovation Brings Risks… Are You Prepared? t the outset, it’s important to remember that information comes in many forms: paper, conversational as well as digital. It’s therefore imperative that any information security regime incorporates more than just the standard network system tests and considers the risks to information from other traditional and innovative corporate espionage threats. Technological advancements are now so fastpaced – and readily adopted – that it appears we no longer question the next innovation presented to us. Most organisations look upon innovation as a positive influence to aid business processes, communication platforms and cost-reductions. However, innovation isn’t solely resting in the hands of the innocent. Devices used to gain intelligence from an organisation are also constantly evolving, and at a tremendous pace. More recent technological advancements have seen us having to counter frequency hopping, spread spectrum, adaptive power and high throughput devices, at the same time as we watch camera technology reduce in size to less than 1 mm.

High-speed to light-speed For years, we’ve heard security providers warn of the dangers posed by public Wi-Fi. Even so, employees have become complacent and overly confident in their device security. The false sense of security a network password affords actually allows access with no real authentication and provides a simple and attractive opportunity for the hacker to gain free entry to unsecured devices on the network. Not only do aggressors piggyback on other networks, but as seen during the Rio Olympic Games, hackers are setting up fake/malicious Wi-Fi ‘hotspots’ designed to capture personal information. There are now more avenues than ever that threat actors can and will exploit. In a survey conducted by Osterman, almost half (43%) of those employees questioned admitted to accessing sensitive corporate data on unsecured public networks, such as those in airports, coffee shops, hotels and offsite meeting rooms. This in itself represents a huge challenge for the security manager to rectify as the solution relates to human behaviour. Organisations need to ensure that adequate security restrictions are in place to prevent open Wi-Fi use and restrict file access on BYOD while also conducting awareness programmes to address the behavioural issues. Looking ahead, we also need to consider the impact of the next generations of data transfer.

The latest Wi-Fi to evolve uses the 5 GHz frequency range which is far less congested than the 2.4 GHz range we currently see. It’s capable of a throughput of up to 500 Mbps and will soon be upgraded to Wi-Gig with speeds of up to 7 Gbps. It’s the speed of service that’s of greatest concern: the damage that can be done, the volume of data that can be intercepted and extracted and the malware that can be downloaded all in such a limited time, without the usual warning signs seen in current networks (such as reduced speeds and increased processor activity). Without these ‘flags’, the mindful user is no longer a line of defence and strict control measures by security managers will be an absolute must to prevent interception.

Consideration of Li-Fi Evolution doesn’t stop with speed. The future threat in this arena is Li-Fi. The visible light spectrum is 10,000 times larger than the entire RF spectrum and provides huge potential for data transfer. Researchers have reached data rates of over 10 Gbps (which is more than 250 times faster than superfast broadband). Li-Fi is also expected to be ten times cheaper than WiFi, although it’s not capable of passing through solid structures like walls, for example. These enhancements in technology will certainly require skilled specialists to detect – and ensure protection from – aggressors. Let’s take a look at 4G and 5G. Most devices now operate with 4G capability and the

As a business, we spend most of our working day gathering, processing and disseminating information. Today, information is probably the most valuable asset of any organisation. Now, there must be a heightened degree of awareness in terms of how this myriad detail is managed and secured. Emma Shaw notes the main points to be observed

AdvertisementFeatureEsotericLtd January2017_riskuk_mar15 10/01/2017 11:28 Page 40

Advertisement Feature

encryption it provides is a key security benefit. You might presume that the latest iteration, 5G – which is being field-trialled in Tokyo – would have further enhanced protocols. 5G will be entering commercial use in the near future and is capable of over 100 Mbps throughput. So, you might well ask, what’s the risk? Looking towards the US, both FBI and NSA departments have stated concerns over China’s participation in America’s 5G network. AT&T and Verizon are key players in that network’s development, but need the support of equipment manufacturers like Huawei and ZTE Corporation to be successful. Both are Chinese entities with an extensive history – as played out in the media – of espionage accusations levelled by the US Government. Assessing more current threats, 4G technology has been evolving. Devices like the 4Gee Action Cam are capable of streaming live HD video on 4G networks. High resolution video is no longer dependant on terrestrial Internet bandwidth. Only the most advanced of detection equipment is capable of discovering illicit devices with this capability. It’s clear that organisations need to look towards specialist countermeasure providers in order to ensure sensitive business discussions are conducted in ‘clean’ areas.

Man-In-The-Middle? The long-running nuclear talks were a magnet for the world’s intelligence agencies as they sought to find out more about the Iranian nuclear programme and the negotiating positions of the six nations involved. When such high profile global interests come to the stage, it’s expected that they’ll be a magnet for worldwide intelligence agencies. Swiss prosecutors (OAD) discovered data gathering malware, bugging devices at one of the venues and surveillance signals so prevalent that diplomats vacated the venues to make phone calls in an attempt to avoid all of the microwave interference. One of the major threats today is mobile phone interception, the processes behind which are fairly simple. A false Base Transceiver Station (BTS) will clone a legitimate mobile phone mast and present itself as the strongest available signal to localised mobile phones, causing the phones to connect to the false BTS. The encryption that’s provided by the mobile phone provider is bypassed as the operator becomes the ‘Man-In-The-Middle’ and can listen-in to calls, track incoming and outbound activity and even emulate the phones. A false BTS can be fixed or portable. This is a real and highly effective threat. Users may

notice the phone battery life falling or signal fluctuations, but that’s no real indicator of the true situation. The only real detection is by way of the very latest specialised equipment, designed to recognise a false BTS, and of course a skilled operative capable of locating and analysing the threat.

Capability of a ‘bug’ Traditionally, the capability of a ‘bug’ and its location was capped by the power source it used. For short term espionage attacks, device battery life may extend to 30 days with intermittent record and forward functionality. For more long-term devices, a permanent power supply is required, which invariably means connection to cabling within the target building infrastructure. While posing a challenge for inhouse security teams to locate, this is resolved through the technical solutions employed in a countermeasures survey. However, we now have new advancements to contemplate. Lithium-Sulphur, solid state batteries, hydrogen fuel cells and air batteries (which run on water) are all developing at a rapid pace. Indeed, billions of dollars are being invested on R&D procedures. Batteries are now lasting significantly longer and are much smaller than in days of old. For example, an air battery is capable of powering a device for four times the duration of its lithium-ion equivalent and is set to be available at a fraction of the cost. As this technology develops still further, illicit devices will reduce in size while their effective duration increases. It takes a highly-skilled and well-informed engineer to locate such concealed devices using a range of physical and technical solutions. Battery life continues to push the boundaries, but there are emerging threats that don’t have such constraints. Tribo-Electric Nano Generator (TENG) involves technology originally designed for use in hearing aids. The vibrations of everyday noise are turned into electrical energy. This can then charge the internal capacitor so that it becomes a self-powered microphone. This means a deep plant device is no longer dependent on large or external power sources. No longer can an organisation depend on tracing cabling intercepts/junctions as an indicator of deep plant bugs. Detection is made possible thanks to experienced engineers using advanced technical and physical methods.

Countering the threat The present economic climate, the changing threat landscape and advancements in the way in which we all do business today means that companies have never been more vulnerable to

AdvertisementFeatureEsotericLtd January2017_riskuk_mar15 10/01/2017 11:30 Page 41

Advertisement Feature

acts of espionage. The threat is broad and the solution must be equally so if we’re to effectively address the risk. Ultimately, it’s the case that a combination of technical and nontechnical measures is going to be required in order to identify and subsequently mitigate an organisation’s vulnerabilities. The best way in which an organisation can protect its proprietary information is by educating its employees about what’s held by the business which is deemed valuable. If all employees understand what needs to be protected, they can better understand how and from whom to protect it.

Physical security measures Further, ensuring that appropriate physical security measures are in place – such as access control solutions, clear desk policies for all members of staff, tailgating prevention and employee vigilance – can go a long way towards preventing unauthorised access to privileged information. With the introduction of personal liability for directors in connection with corporate governance issues and compliance, most highperforming organisations have their offices swept for listening devices once or twice every year. This frequency of process may need to be increased if a business finds itself confronted by a heightened period of risk such as in a preresults announcement phase or during high levels of M&A activity. The chances are that your company is most likely already the target of some form of deliberate corporate espionage activity. Such activity has the ability to negatively affect share prices. In addition, it may well undermine confidences and could compromise client security and confidentiality. When companies lose control of proprietary information, it’s fair to say that there can be serious consequences.

Corporate compliance Cultivating a position whereby your organisation can promote the fact that it has considered every eventuality is proactive. Not only does this ensure corporate compliance, but also assists in new business acquisition from increasingly security-conscious corporate clients as well as offering an additional level of comfort to your existing client base. As stated at the outset, information comes in many forms. A security regime that encompasses all disciplines – including physical, personnel, operational and technical security – really is the only effective solution. Organisations need to look at their defences and ensure that sensitive information is well protected. They must employ a level of countermeasures appropriate to the risks and potential losses confronted by the business.

Esoteric Ltd Esoteric Ltd is a specialist Technical Surveillance Countermeasures (TSCM), bug sweeping and covert surveillance company working discreetly with corporations, Government departments and high-net worth individuals on the global stage to safeguard private information and conversations from illicit eavesdropping devices and bugs. Many of today’s organisations face increasing threats from acts of terrorism, crime, espionage, single-issue pressure groups and improper or corrupt behaviour by members of staff. The single greatest asset held by most organisations is information and, with this in mind, a growing number of businesses now take proactive steps to protect that information and so deter criminals before any damage can be done. To discuss your concerns and how Esoteric Ltd can assist with solving them please contact us on (telephone) 01483 740423, e-mail us at: mail@esotericltd.com or visit our website for more information: www.esotericltd.com

Emma Shaw MBA CSyP FSyI FCMI: Managing Director of Esoteric Ltd

Project1_Layout 1 09/01/2017 17:05 Page 1

͞ ŽƚŚ ƚƌĂĚŝƟŽŶĂů ĂŶĚ ĐǇďĞƌ ĞƐƉŝŽŶĂŐĞ ĐŽŶƟŶƵĞ ƚŽ ƉŽƐĞ Ă ƚŚƌĞĂƚ ͘͘͘ ǁŝƚŚ ƚŚĞ ĐŽŵŵĞƌĐŝĂů ƐĞĐƚŽƌ ǀĞƌǇ ŵƵĐŚ ŝŶ ƚŚĞ ĨƌŽŶƚ ůŝŶĞ͟ >ŽƌĚ ǀĂŶƐ ŽĨ tĞĂƌĚĂůĞ < > ĨŽƌŵĞƌ ŝƌĞĐƚŽƌ 'ĞŶĞƌĂů͕ ƌŝƟƐŚ ^ĞĐƵƌŝƚǇ ^ĞƌǀŝĐĞ

:ƵƐƚ ŚŽǁ ĐŽŶĮĚĞŶƟĂů ŝƐ ǇŽƵƌ ĐŽŶĮĚĞŶƟĂů ŝŶĨŽƌŵĂƟŽŶ͍

dŚĞ ƐŝŶŐůĞ ŐƌĞĂƚĞƐƚ ĂƐƐĞƚ ŚĞůĚ ďǇ ĂŶ ŽƌŐĂŶŝƐĂƟŽŶ ŝƐ ƚŚĞŝƌ ŝŶĨŽƌŵĂƟŽŶ͘ /ƚƐ ƉƌŽƚĞĐƟŽŶ ŝƐ ĐƌƵĐŝĂů ƚŽ ƚŚĞ ƐƵĐĐĞƐƐ ŽĨ ĂŶǇ ďƵƐŝŶĞƐƐ͘ ƐŽƚĞƌŝĐ ƐƉĞĐŝĂůŝƐĞƐ ŝŶ ƉƌŽǀŝĚŝŶŐ ĞŶĚͲ ƚŽͲĞŶĚ ƐŽůƵƟŽŶƐ ƚŽ ĂĚĚƌĞƐƐ ƚŚĞ ŝƐƐƵĞƐ ŽĨ ĐŽƌƉŽƌĂƚĞ ĞƐƉŝŽŶĂŐĞ͕ ĐŽŵƉĞƟƟǀĞ ŝŶƚĞůůŝŐĞŶĐĞ ŐĂƚŚĞƌŝŶŐ ĂŶĚ ƚŚĞŌ ŽĨ ŝŶĨŽƌŵĂƟŽŶ ĂŶĚ ŝŶƚĞůůĞĐƚƵĂů ƉƌŽƉĞƌƚǇ͘ Our core services include: ͻ dĞĐŚŶŝĐĂů ^ƵƌǀĞŝůůĂŶĐĞ ŽƵŶƚĞƌŵĞĂƐƵƌĞƐ ͬ ůĞĐƚƌŽŶŝĐ ƵŐ ^ǁĞĞƉŝŶŐ ͻ ĐĐƌĞĚŝƚĞĚ d^ D dƌĂŝŶŝŶŐ ĂŶĚ ƐƉŝŽŶĂŐĞ ǁĂƌĞŶĞƐƐ ƌŝĞĮŶŐƐ ͻ WŚǇƐŝĐĂů ^ĞĐƵƌŝƚǇ ZĞǀŝĞǁƐ ͬ WĞŶĞƚƌĂƟŽŶ dĞƐƟŶŐ ͻ ^ĞĐƵƌŝƚǇ ^ƚƌĂƚĞŐǇ ĞǀĞůŽƉŵĞŶƚ ĂŶĚ ^ƵƉƉŽƌƚ ͻ ŽǀĞƌƚ /ŶǀĞƐƟŐĂƟŽŶƐ ĂŶĚ ^ƵƌǀĞŝůůĂŶĐĞ ͻ ǇďĞƌ ƐƉŝŽŶĂŐĞ ZĞƐƉŽŶƐĞ ĂŶĚ ZĞǀŝĞǁ ͻ ŽŵƉƵƚĞƌ ͬ DŽďŝůĞ ĞǀŝĐĞ &ŽƌĞŶƐŝĐ /ŶǀĞƐƟŐĂƟŽŶƐ ͻ dƌĂǀĞůůĞƌ WƌŽŐƌĂŵŵĞ ;ŝŶĐůƵĚŝŶŐ ƐƚĞƌŝůĞ ĞƋƵŝƉŵĞŶƚͿ ͻ Z& ĂŶĚ ^ŽƵŶĚ ƩĞŶƵĂƟŽŶ dĞƐƟŶŐ

ƐŽƚĞƌŝĐ ŝƐ Ă ŐůŽďĂů /^Kͬ/ ϮϳϬϬϭ ĂŶĚ ǇďĞƌ ƐƐĞŶƟĂůƐ ĂĐĐƌĞĚŝƚĞĚ ĐŽƵŶƚĞƌĞƐƉŝŽŶĂŐĞ ĂŶĚ d^ D ĐŽŵƉĂŶǇ͕ ƉƌŽǀŝĚŝŶŐ ĐŽŶĮĚĞŶƟĂů ƐĞƌǀŝĐĞƐ ƚŽ Ă ƌĂŶŐĞ ŽĨ ďŽƚŚ ƉƵďůŝĐ ĂŶĚ ĐŽŵŵĞƌĐŝĂů ƐĞĐƚŽƌ ĐůŝĞŶƚƐ ĂƌŽƵŶĚ ƚŚĞ ǁŽƌůĚ͘ ƐŽƚĞƌŝĐ DŝĚĚůĞ ĂƐƚ ƉƌŽǀŝĚĞƐ Ă ĨƵůů ƐƵŝƚĞ ŽĨ ĐŽƵŶƚĞƌͲƐƵƌǀĞŝůůĂŶĐĞ ƐĞƌǀŝĐĞƐ ƚŽ ĐůŝĞŶƚƐ ŝŶ ƚŚĞ D E ƌĞŐŝŽŶ͘ Ăůů ƵƐ ƚŽĚĂǇ ƚŽ ĚŝƐĐƵƐƐ ĂŶǇ ƌĞƋƵŝƌĞŵĞŶƚƐ ǇŽƵ ŚĂǀĞ Žƌ ƚŽ ĐŚĂƚ ƚŚƌŽƵŐŚ ŚŽǁ ƐŽƚĞƌŝĐ ŵŝŐŚƚ ƐƵƉƉŽƌƚ ǇŽƵ͘

Esoteric Ltd

Esoteric Middle East

нϰϰ ;ϬͿ ϭϰϴϯ ϳϰϬ ϰϮϯ ŵĂŝůΛĞƐŽƚĞƌŝĐůƚĚ͘ĐŽŵ ǁǁǁ͘ĞƐŽƚĞƌŝĐůƚĚ͘ĐŽŵ

нϵϳϭ ϱϲ ϯϴϵϵ ϰϯϲ ŵĂŝůΛĞƐŽƚĞƌŝĐ͘ĂĞ ǁǁǁ͘ĞƐŽƚĞƌŝĐ͘ĂĞ

ControlRoomsandMonitoringCentres January2017_riskuk_mar15 09/01/2017 15:56 Page 2

Control Rooms and Monitoring Centres

oday’s control workstations are smaller, more functional and more aesthetically appealing than those that have gone before. In terms of configuration, the ergonomic approach towards designing control workstations or consoles into the layout of a Security Control Room should actively contribute towards achieving the performance objectives for the space in question, while at the same time ensuring that every aspect of interaction between human, machine and the environment – from raised flooring through to acoustical concerns, from indirect lighting to the overall well-being, safety and health of each operator – is taken into account. Put simply, a Control Room is a place wherein a facility or service can be monitored and controlled. While the equipment in the Control Room is essential for overall operation, to be effective it absolutely has to support the requirements of the operator. On that note, it’s important to keep in mind that, while inside a Control Room, an individual’s ability to use their senses at all times may be diminished, which then requires them to rely on technology within the space to determine what’s happening and/or what action must be taken. Since the Control Room acts as a person’s ‘eyes and ears’, the design of such spaces is important. When facilitating a Control Room, it’s critical to consider all factors, for example equipment selection, operating practices, working environments and furniture choices. In addition to the design of a workstation, operators within the Control Room must be considered. The overall system will fail if operators are overloaded, undertaking tasks for which they’re poorly trained or compel them to strain their eyes in order to read displays that are illegible. Here, it’s necessary to identify the limitations of the operator to minimise potential mismatches between user capabilities and system demands.

Room architecture The Control Room itself is important because it serves as the shell of the system. When selecting a room, designers should consider the Control Room’s objectives and determine how much equipment and people the environment will house. The size of the room should accommodate all necessary equipment, while allowing for people to comfortably move about. Physical layouts should also accommodate the use of non-electronic equipment and documents, such as operations manuals, log books, maps and clipboards. Space should also be allowed for positioning such items as telephones, keyboards, controllers and radios.

People in Control: The Human Factors in Today’s Control Rooms The emergence of new technologies and ergonomic standards coupled with an increased public awareness of workplace health and well-being issues have combined to inspire a dramatic shift in Control Room design. Terry Shough provides an introduction to the important topic of the human factors involved when planning and configuring such a vital space Control Rooms are usually equipped with elaborate fire suppression and security systems to safeguard their contents and occupants, and also to ensure continued operation in times of emergency. In hazardous environments, the Control Room may also serve as an area of refuge for personnel trapped on site. Such spaces are crammed with equipment mounted in multi-function rack cabinets to allow updating. The dense concentration of equipment often necessitates special electrical UPS feeds and air conditioning systems. Since the control equipment installed is intended to control other items in the surrounding facility, these – often fireresistance rated – service rooms require many penetrations for cables. Due to routine equipment updates, these penetrations are subject to frequent changes. That being so, a given Control Room’s maintenance programme must be seen to include vigilant fire safety maintenance as part of the overall process.

Furniture and consoles The workstations or consoles must meet the demands of the job. Control Room environments run 24 hours a day, seven days a week and place incredible stress on the equipment within them. Consoles should be

Terry Shough: General Manager of Winsted (Europe and the Middle East)

www.risk-uk.com

ControlRoomsandMonitoringCentres January2017_riskuk_mar15 09/01/2017 15:56 Page 3

Control Rooms and Monitoring Centres

designed for 24/7 use and constructed to handle high equipment loads, while also offering multiple levels of cable management. Depending on the Control Room’s objectives, flexibility may also be key when considering the right console choice. Selecting a modular solution may future-proof your installation, lending itself to space reconfiguration or the addition of new elements. The big news at the moment is height adjustable or ‘sit-stand’ desks. ‘Sit-stand’ and ‘active working’ have become buzz phrases in UK Control Room design given the growing popularity of these types of consoles. The case for them is that physical movement such as alternating between sitting and standing can make a significant difference in physical health and well-being, thus reducing the health perils risked by many operators who spend an average of 8.5 hours per day sitting down. In addition, with the connections between physical activity and brain activity becoming more apparent, it’s believed that productivity is enhanced, in turn making for more alert operators. Electrically adjustable ‘sit-stand’ desks have become the most popular option thanks to their simple ‘one button’ ease of use. One of the greatest advantages of electric controls is that they can be adjusted far more easily than the traditional crank handle alternative. The easier the desk is to adjust, the more likely people will use it on an active basis. When determining console placement in the Control Room, it’s important to consider the room’s dimensions, the number of stations, the measurements of each of those stations, video wall sizes and aisle width. For the ideal viewing angles, there should be no head movement coupled with minimal eye movement. It’s critical to determine if a given workstation will be used as an isolated unit or in conjunction with overview displays or other workstations. The height of the console should be calculated such that the smallest operator can see over the top of any mounted electronics, walls or displays, while the clearance beneath the work surface should allow for the tallest of security operators to sit comfortably. When designing a command Control Room, it’s critical to factor-in every type of situation and future upgrade rather than only consider day-to-day operations. Sufficient space should be maintained in and around the console to

“Maximising operator performance requires that the designer knows the exact amount of activity associated with each monitor image and the scale of detail demanded” 24

www.risk-uk.com

allow multiple groups of personnel to view and analyse information on both a swift and efficient footing.

Displays in the space When designing display layouts, it’s very important to keep in mind that the amount of information an individual can handle is limited. Maximising operator performance requires that the designer knows the exact amount of activity associated with each monitor image and the scale of detail demanded by the client. Displays that are used for close image inspection should be positioned directly in front of the operator, with sizes typically ranging from 19 through to 24 inches. Displays outside the workstation and positioned at a greater distance or behind the console should range in size from 24 to 42 inches (and maybe larger). The introduction of flat-panel displays and touch-screen technologies has had a significant impact on console design. Flat-panel screens take up considerably less space, reduce power consumption and require less cooling within the console. With increased screen resolution, operators can be closer to the display and still not be able to detect the individual pixels. A general rule for viewing video images is that the operator should be at least twice the distance from the screen as the height of the largest image displayed (not the display itself ), but not more than eight times. The ideal spot is four-to-six times. Touch-screen technology also affects the ergonomics of new console designs, especially in high-security or high-attention environments. Studies have shown that, when operators become extremely nervous or are under high stress, they have trouble finding or clicking on an icon using a mouse, but have less trouble pointing with their finger (making them ideal for high-stress environments). However, consoles incorporating touchscreen technology must offer a shorter distance between the operator and the screen – typically less than 28 inches from the edge of the console work surface – such that the screen can be reached from a relaxed sitting position. The use of ergonomics in Control Rooms plays a pivotal and holistic role in creating an idealised environment for operators. The combination of an efficient and comfortable workplace will, in turn, contribute towards enhanced staff motivation and productivity. In truth, there are additional and significant benefits to be gained in terms of employee morale and their long-term retention within the organisation. Can you really afford to ignore all of the gains an ergonomic approach brings?

Project1_Layout 1 09/01/2017 16:45 Page 1

Access Control CCTV Lone Worker Security Loss Prevention Solutions Fire Solutions Perimeter Security Transit Security IP/IT Security Business Continuity Risk Management

13th â&#x20AC;&#x201C; 14th March 2017 Radisson Blu Hotel, London Stansted At the Total Security Summit, everything is covered. Meet with the most experienced suppliers, learn from industry gurus and connect with peers over the course of this two-day Summit, which is complimentary to attend for security professionals. For more information, please contact Nick Stannard on 01992 374092 or email: n.stannard@forumevents.co.uk

Totalsecuritysummit.co.uk

PerimeterProtectionFencingDesignandSpecification January2017_riskuk_apr15 09/01/2017 16:37 Page 20

The very best perimeter security solutions deter, detect, deny, delay and defend against unauthorised access to a given premises, in turn helping to protect both assets and people on behalf of the host organisation. As Peter Jackson explains, perimeter solutions also play their part in facilitating the valuable ‘defence in depth’ strategy that’s so highly valued by risk management professionals when formulating their security posture

First Line of Defence A ccording to the latest Commercial Victimisation Survey, 40% of premises in the wholesale and retail sector experienced some form of crime (ie burglary, including attempts, vandalism, fraud, theft, robbery, assaults and threats) in the last 12 months. In other sectors, the reported results are 40% in transportation and storage, 30% in manufacturing, 24% in the agriculture, forestry and fishing sector and 15% for the information and communications world.1 Coupled with the current global security situation, risk and security managers at many companies are having to rethink perimeter security as they find that their properties are not adequately secured to prevent breaches. The physical threat of burglary, theft, vandalism, trespass and sabotage means that those responsible for ensuring security must frequently review their existing perimeter security solutions such as fences, gates and barriers. Before deciding which products are right for any given site, a number of crucial elements must be considered in order to arrive at the best perimeter protection regime.

Landscape and environment When securing a perimeter, the first thing to do is undertake an Operational Requirement Level 1 (OR1) to determine the requirement for security. The OR process can help organisations implement measures which are in proportion to the risks they face, and also assists risk and security managers to assess, develop and justify the actions their organisation needs to take by supporting the business case.2

Once it has been determined that there’s a need for perimeter security via the OR1, the next step is to conduct OR2 to identify specific requirements at all points around the site. The OR2 will cover fundamentals such as the location, ground and landscaping of the area in and around the property boundary. Conducting risk assessments will aid risk and security managers in understanding how the site is used and identify potential areas of breach. With exposure to changeable weather conditions a daily occurrence, the foundations in which perimeter security elements such as fences, gates and vehicle barriers sit need to be solid to ensure ultimate performance. Additionally, designing a solution that’s away from potential climbing aids such as overhanging branches, storage bins and vehicles is crucial. Uneven ground and existing structures may mean that different post options are used. They may be cranked on to a wall, base-plated if on concrete or over-length posts used if installed into the ground. The use of natural or artificial landscaping features and road layouts in some locations can affect the level of security required to safeguard the perimeter. In some instances, landscaping can mean a lower security rated product is sufficient which could result in lower costs. Road layouts might also make a big difference in the specification process. In some cases, it may be necessary to install physical measures that change the attack vector and reduce the approach speed of any hostile vehicles to mitigate the effect of a vehicle-borne attack.

Standards and regulations The ORs of a property will determine the necessity of a number of other elements such as fence height and material, lighting, electronic surveillance, access/egress control and Perimeter Intrusion Detection Systems (PIDS). Those responsible for securing a given site must ensure that all perimeter security products perform to their designed specification throughout their service life by considering the installation and maintenance requirements of each security component. There are a number of third party accreditations and ratings that risk and security managers can use as a guide when it comes to specifying security products such as fences, gates and barriers. Accreditation from bodies such as the British Standards Institution, the

www.risk-uk.com

PerimeterProtectionFencingDesignandSpecification January2017_riskuk_apr15 09/01/2017 16:37 Page 21

Perimeter Protection: Fencing Design and Specification

Loss Prevention Certification Board and Secured by Design are a good indicator of a secure solution alongside testing and certification to national standards like LPS 1175 and PAS 68. Products that prevent and guard against vehicle-borne attacks should be certified to the International Workshop Agreement 14, which was introduced by the International Organisation for Standardisation back in 2013. The standard combines and updates elements from the UK-specific PAS 68 and PAS 69, the US’ ASTM F2656 and Europe’s CWA 16221 as well as including new content. For enhanced security, products tested and graded by the Centre for the Protection of National Infrastructure (CPNI) must be specified. These products are assured for UK Government use on Critical National Infrastructure sites having gone through an evaluation, testing, grading and approval process within the Manual Forced Entry Standard. One thing to note is that products approved by the CPNI are listed in its Catalogue of Security Equipment which isn’t publicly available. The CPNI trademark and the wording ‘Approved for UK Government Use’ is issued to manufacturers for the identification of specific products which have been successfully evaluated rather than the company as a whole.

Materials used for secure perimeters Steel is the most common material used to secure perimeters, featuring in many premises where the aim is to deter/prevent unauthorised access and the ‘look’ isn’t as important. For premises where there’s an aesthetic consideration, products manufactured in timber either in isolation or in combination with steel are ideal. The best solutions will feature security certification to LPS 1175 and be approved for UK Government use. In the case of steel, to ensure maximum rigidity over the life of the product, elements such as fence posts above and below ground must be (at a minimum) hot dip galvanised to BS EN 1461 both inside and out. Ideally, this galvanising process should be carried out once basic manufacturing such as the welding has been done and fixtures are in place. Stainless steel at the appropriate gauge is also ideal. For elements such as steel wire mesh fence panels and sheet steel, it’s advisable to specify a zinc-aluminium alloy coating to BS EN 10224 where this is practical. It’s only a fraction more expensive than a standard galvanised product, but in truth much more durable. If considering a coloured steel structure, powder coating is ideal as it provides a

durable, decorative surface treatment. However, it works best when applied to a galvanised or zinc-aluminium coated base to BS EN 13438. Stipulating these minimum parameters ensures that the coating doesn’t peel over time and that the steel structure underneath the paint isn’t rusting while hidden from view. In locations close to water sources such as estuaries and the coast, it’s prudent to specify a specially formulated ‘marine coating’ for galvanised or zinc-aluminium coated steel. This aids structural integrity and longevity. Timber perimeter security products must be fashioned from the right part of the right species of timber for rigidity. Additionally, it should be kiln-dried sufficiently enough to accept the optimum volume of chemical treatment against rot and wood-boring insects. Fixtures and fittings should be manufactured with galvanised or stainless steel. Where security and noise pollution are of high concern, timber acoustic barriers offer the most cost-effective and flexible solution and can be adapted to suit most ground conditions and contours. The natural façade look of the material is aesthetically pleasing and, when combined with high acoustic properties and enhanced security, such products can meet the needs of the majority of projects. Where there’s a need for an acoustic barrier, a qualified and independent acoustic engineer is consulted ahead of a product being specified to ensure the correct barrier is selected in order to meet specific site and performance criteria.

Peter Jackson: Chief Executive of Jacksons Fencing

References 1Home Office https://www.gov.uk/ government/uploads/ system/uploads/attachment_ data/file/520345/crimeagainst-businesses-2015hosb0316.pdf 2Centre for the Protection of National Infrastructure https://www.cpni.gov.uk/ operational-requirements

“In some cases, it may be necessary to install physical measures that change the attack vector and reduce the approach speed of any hostile vehicles” 27

www.risk-uk.com

PerimeterProtectionIntegratedSecurityforEndUsers January2017_riskuk_apr15 09/01/2017 16:38 Page 1

Security Integration Goes Viral creating the security protections for – critical infrastructure facilities. Indeed, this is the kind of approach we’re happily witnessing from our own customers when it comes to the highest grade security systems, both within Government spheres and across the commercial world.

Supplier relationships

Designers and specifiers of bespoke perimeter protection solutions increasingly wish to integrate physical, electronic and human security measures – not to mention a host of other on-site facilities – as part of the final set-up. Here, Chris Plimley examines current thinking when it comes to the beating heart of holistic approaches towards security

www.risk-uk.com

overnment and commercial buyers of perimeter protection increasingly want to integrate their systems. This desire has been driven by many factors, among them technological advances, an ever-evolving terrorist threat, manufacturer innovation, the low carbon agenda and growing expectations on the part of specifiers in terms of what today’s systems can ultimately achieve. Few end users have the luxury of a green field site with all-new perimeter protection. As a result, facility managers, risk and security professionals and system operators alike often have to ‘make do’ with pre-existing standalone systems that perform a single function and integrate newer technology over time, while requiring to monitor them all from a single Security Control Room. With the proliferation of systems and technologies now available, buyers are moving towards ‘single sourcing’ to improve integration, drive up standards, reduce their costs and avoid the ‘sloping shoulders’ that can result from suppliers passing the buck when systems don’t integrate quite as smoothly as originally intended. The ‘insider threat’ in Government agencies and big companies is a known problem with well-developed strategies to mitigate this issue, but globalisation and outsourcing have blurred the lines between insiders and external suppliers. Security strategies are less easily implemented with vendors, contractors and business partners, so partnering and engagement which fosters mutual trust is arguably the best protection when outsiders are gaining privileged access to – or even

It’s the end users’ desire to contract with a single company for all their security needs – both physical and electronic – and partner in an automotive-style top tier supplier relationship that’s steering our own business strategy. Driven by this customer demand, we recently acquired high-security systems installer Binns Fencing and brought on board the latest in CCTV and video content analysis thanks to the buy-out of EyeLynx. The end goal is to combine perimeter intrusion detection systems, electric fencing and lighting and offer holistic and fullyintegrated security solutions from design and manufacture through to supply and installation. What, you might ask, are the benefits to the end user buyer – and, indeed, for the security of the infrastructure they run – engendered by such integration? First, the Holy Grail in this era of spiralling debt and hard-earned recovery post the credit crunch of the late 2000s: sole source partnering reduces costs. Second, sole customer-supplier interfaces are driving the development of increasingly higher standards and levels of security designed to cope with the evolving nature of the threat posed by global terrorism and organised crime. Third, partner relationships are reducing overall lead times in the design and construction of Critical National Infrastructure. Last, but not least, this way of working enables a more truly integrated security solution to be designed. By sharing in confidence with trusted suppliers the full extent of the vision for their facility and security strategy, it enables the age-old security questions to be explored at the design stage, namely: ‘What asset base are we trying to protect – physical, human, intellectual and even reputational?, ‘What risks do (or might) they face of damage, theft or sabotage?’, ‘Who or what might pose these risks?’ and ‘How might they carry out their threats?’

Joined-up thinking Quite rightly, the security market now demands more joined-up physical security technology,

PerimeterProtectionIntegratedSecurityforEndUsers January2017_riskuk_apr15 09/01/2017 16:38 Page 2

Perimeter Protection: Integrated Security for End Users

with the demonstrable integration of security fencing and lighting, access control, perimeter intrusion detection systems and intruder alarms, CCTV and video analytics, guard patrols and Security Control Rooms commonplace. In the search for greater security control, enhanced employee safety and operational cost savings, some businesses have chosen to take this move a stage further by integrating firefighting systems, building services controls (such as lighting, air conditioning and lifts) and even business information systems and Human Resources records. A good example of Best Practice is a UK electricity supplier that used its acquisition of two additional delivery licences as a catalyst for a fundamental review and improvement of its total security solution. Here, ‘integration’ took place not just of different security elements and systems, but also of existing measures with new ones across over 600 sites – all monitored, analysed and controlled remotely from one central Alarm Receiving Centre. In the event of a security breach or emergency, it’s essential that head office knows who’s present on site and that only authorised personnel can gain access. Someone at headquarters needs to know the moment the perimeter is threatened or compromised, even at the smallest sub-station, or that any individual is in a place they shouldn’t be. If an alarm is triggered, video can automatically be sent to mobile phones, PDAs, laptops or other devices such that security personnel are able to decide how best to respond. Integrated video and alarm systems can help to immediately target security breaches such that any patrol personnel on site are able to react quickly to the threat and prevent property loss (or worse). Access control systems may be programmed to lock certain areas of the facility and thus confine any search for the perpetrator.

Consideration of safety Knowledge of who’s where is equally necessary from a safety point of view as it is a security one. If an accident occurs or there are fatalities, it’s absolutely essential the company knows how many people are involved and who’s on site through a ‘Persons on Board’ report. This can be made available automatically by taking the data from the access control system integrated into gates, barriers and turnstiles on the perimeter, in turn providing a report for the Emergency Services personnel to tally against. It’s hardly a new technology, but often a fire alarm is the first system to activate. In a modern integrated system, this can alert a Control Room’s operating team and, if

“Integrated video and alarm systems can help to immediately target security breaches such that any patrol personnel on site are able to react quickly to the threat” necessary, escalate the warning automatically to the Emergency Services, letting them know who’s on site before they arrive and even providing detail around special medical needs. CCTV can also be used to ascertain if people are trapped or flag areas that are potentially dangerous before the Emergency Services arrive without putting lives at risk. In short, then, the greater the degree of integration, the better able everyone is to build more effective security plans and architectures, respond more quickly and appropriately to security threats and breaches and, ultimately, protect people and property. The more technology advances, the more intelligent the systems will become per se. Specifiers now include high-tech perimeter intrusion detection systems in tenders as often as they do the classic low-tech solution of electric fencing. Gone are the days when PIDs were simply mounted on a fence. Now, threats can be monitored, analysed and recorded in real-time so that, for instance, the same person approaching the perimeter at three different points on three separate occasions can be identified, marked as a threat and apprehended without ever even touching the fencing line.

Chris Plimley: Sales and Marketing Director at Zaun

Interdictive security The ways in which CCTV cameras are now being used demonstrate once again that aforementioned technological progress. Originally, CCTV was largely employed as a deterrent on the premise that ‘Big Brother’ watching over proceedings was sufficient to discourage people from misbehaving. It then evolved into a forensic tool used to collect evidence after a crime had occurred in order to identify what had gone on and, potentially, catch and prosecute the perpetrator(s). As CCTV becomes more easily integrated with monitoring devices, alarm systems and access control solutions, it’s gaining momentum as an interdictive security measure, in turn helping security personnel to identify and interrupt security breaches as they’re occurring, or even before they take place. You can see the ongoing prevalence of drone technology in the future as well as that of fixed cameras. Intelligent video algorithms, such as sophisticated motion detection, can readily identify unusual walking patterns and alert a security officer to watch a screen to which the video is fed.

www.risk-uk.com

AccessControlSmartCardsBiometricsandIDCredentials January2017_riskuk_sep14 09/01/2017 15:51 Page 1

Monitoring Trends in Access Control Right now, the security sector is full of activity and research continues apace. Some interesting developments are in the pipeline for 2017 in terms of both technologies and applications. As Charles Balcomb asserts, smart cards will become smarter, contactless will go long-range, biometrics will boom, applications will integrate and the mobile phone will join the arsenal of ID credentials alongside cards and tags

www.risk-uk.com

ltra-high frequency (UHF) technology is making tentative forays into barcode territory. Its long read range coupled with a low manufacturing cost renders it a more advanced, flexible and versatile contender in situations such as luggage tracking and inventory control in retail outlets. It’s also highly robust: a UHF tag can be read through water and when attached to metal. UHF has been around for a while now, but the international standard EPC Generation 2 makes the technology that much more viable, not only across the supply chain, but also for the identification and tracking of individuals. Generation 2 enables the design of smaller antenna configurations that fit on the smallest of vials, while anti-collision algorithms mean that scanning a large stack of products doesn’t present any difficulties. This brings obvious advantages to pharmaceutical supply chains, for example, where a single technology can be used throughout, from product to pallet, in turn streamlining the process and making it that much more secure. In terms of people, UHF has huge potential in applications that involve long-range identification. For example, passive UHF wristbands are enabling accurate identification of patients going into surgery. They’re also being used for real-time tracking of people at events, ensuring that attendee numbers comply with Health and Safety regulations. Beyond security applications, and largely thanks to

improvements in reader design, UHF is now being used in retail environments for asset tagging, tracking and payment. As usage grows, more inventive applications will surely appear. The barcode isn’t about to disappear, however. Its price and practicality will secure its position in the market for many years to come. UHF usage across the supply chain may now be a real possibility, but it might be some time before all those involved adopt the technology in favour of the existing standard. Nor will existing RF technologies be phased out. On the contrary: read-only 125 KHz will still have its place, as the readers are more economical than UHF readers and price will dictate the need for these products. Read/write 13,56 MHz (Legic and NXP, etc) is established in the market, with a large user base and a huge number of complementary products. Where contact chip cards are concerned, high-end products like Java Card (JCOP 21/31) will be on demand for multiple secure applications, while dual interface cards look set fair to push combined contact and Near-Field Communication applications. UHF’s many advantages should nevertheless ensure it finds a place alongside barcode and chip technologies, perhaps not in a logistical setting to begin with, but more likely in the first instance for the identification of people.

Biometric boom Identity theft has become a big driver in the uptake of biometrics. As public resistance to biometrics starts to ebb, biometric verification has begun to take its rightful place as one of the most secure methods of identification. Iris, facial and fingerprint biometrics are now used for fail-safe identification in immigration/crossborder control and passport applications. Fingerprint systems are already widely used and accepted, and are evolving to the next level. Original concerns about fake fingerprints made out of latex, clay and rubber have been addressed, with readers and software using methods like infrared detection, skin capacitance imaging and the measurement of pulse, temperature or blood pressure. Systems that scan vein (or vascular) patterns have had limited success to date, but may yet increase their market share. Convenient and secure, they’re very user-friendly as a wave of the hand is all that’s required by the user to log on to a PC or operate a system. Face and iris recognition have become easier to use and

AccessControlSmartCardsBiometricsandIDCredentials January2017_riskuk_sep14 09/01/2017 15:51 Page 2

Access Control: Smart Cards, Biometrics and ID Credentials

require nothing more than standing still for a few seconds. Employment of this user-friendly technology is already established in crime prevention for identifying individuals in crowds, for example, though usage will become more mainstream and more one-on-one. In fact, facial recognition is increasingly employed for secure access to high-security buildings and warehouses. Of course, the combination of two or more biometric technologies – ie multimodal biometrics – is the ultimate in secure identification. The rise in biometrics and mobile authentication solutions doesn’t spell the death of the card, which they could be seen to replace. Instead, one will likely boost the other. News reports of lost records and data theft mean that many people don’t wish their data to be stored in a place outside of their control. ‘Match-on-card’ and similar system solutions render this unnecessary. With these systems, biometric and other data – including fingerprints, palm prints, photographs, personal data and access rights – are stored not on a central database, but rather in a card or other device which the user keeps with them at all times. When users approach a reader, for example, they scan their fingerprint and card. The reader compares the fingerprint to the image held on the card. If it matches, access is granted. Even if such a card is lost or stolen, it would mean that only a single record is compromised. This can easily be restored.

Multi-application systems Whatever technologies are used to verify an individual, one trend is forging ahead. Security systems are converging and merging with other systems. Access control, logical access, building automation, time and attendance, network logon, security and PKI are all becoming one. This isn’t surprising as, in essence, they’re not very different. Each application requires the identification of an authorised person to activate a preprogrammed task, such as open a door, log the date and time, open a software program or switch on the air conditioning. Multi-application cards have been around for a long time, whereby a single card operates with various systems for different functions. Dual interface cards are the latest iteration of multi-application smart cards. Web-based systems are ideal for extended enterprises. Integrated security systems can leverage corporate Intranets to enable them to function around the country or even worldwide. How users access these systems will differ: a mixture of smart cards and biometrics is likely.

Focusing on mobile The vehicle for user ID is moving beyond traditional cards or tags or even the latest biometric readers. With the boom in mobile payment systems, mobile devices already incorporate security applications for facial and fingerprint recognition. This market will start to grow bigger and bigger, with new methods coming on stream such as cardiac ECG technology and improved iris recognition. Nowadays, many access systems can be used with mobile phones, whereby they’re deployed just like any other credential. Thanks to NearField Communication, itself essentially an evolution of RFID technology, the mobile phone has become an effective device for accessing security systems. Apple, Google and Samsung all offer smart phones with NFC capabilities built-in and many more will follow. Beyond personal applications like instant messaging and taking photos, opening car doors, public transport and payment, its future includes corporate and security functions such as ID, access, clocking in and, in fact, much more besides. Identifying data can be stored locally on a mobile for a possible ‘match-on-phone’ verification process. Picture the scenario: users activate their company mobile using their fingerprint and, on arriving at the office, hold the phone up to a chip reader, while speaking a voice code and standing still for a second or two for a facial scan. The system then checks the voiceprint and facial image against the templates held on the phone and grants or otherwise denies access accordingly. This scenario isn’t so far-fetched. End users would simply need to ensure that they keep their mobile fully-charged at all times.

Charles Balcomb: Managing Director of Databac

“The rise in biometrics and mobile authentication solutions doesn’t spell the death of the card, which they could be seen to replace. Instead, one will likely boost the other” 31

www.risk-uk.com

TheSecurityInstitute'sView January2017_riskuk_apr15 09/01/2017 16:40 Page 1

Brexit: An Assessment of Implications for the UK’s National Security Through this project, we hope not only to inform and influence, but also to stimulate discussion and debate among practitioners on the key issues raised by Brexit and how these need to be addressed. Themes in our work include the national security context, corporate preparedness, public-private sector security cooperation, security information sharing, regulation and legislation, security innovation and research and community resilience.

International threats

The outcome of the EU Referendum in the UK on Thursday 23 June 2016 has required leaders across all domains to sit up and take note of the potential impact of Brexit. The security community is no exception. As Alison Wakefield and Robert Hall explain, the degree of uncertainty comes at a time when the UK is also facing a heightened threat of terrorism, presenting yet further challenges

www.risk-uk.com

ate last summer, the Security and Resilience Network of business association London First brought together a group of security practitioners, among them members of The Security Institute, to analyse the challenges and opportunities presented by the EU Referendum and establish the areas that we feel will matter most in a final deal with the European Union (EU). The group’s first report was launched at the Global Resilience Summit in October, and is authored by Sir David Veness CBE QPM, Dr Alison Wakefield FSyI, Dr Hugo Rosemont, David Clark, Professor Chris Hankin and Robert Hall MSyI. It’s aimed at senior executives in the public and private sectors who will need to confront the issues presented by Brexit, and concludes with ten recommendations for consideration as the UK moves forward under a new set of circumstances. Following this, in December Wakefield and Hall prepared a submission to the Foreign Affairs Select Committee on the implications for the UK’s national security and resilience of the Government and the EU being unable to reach a deal within the two-year period following the activation of Article 50 of the Lisbon Treaty. It’s intended that further publications will follow, with the second report set to examine in more detail the likely implications of Brexit for corporate security.

Unsurprisingly, the area that has received most political attention is the UK’s security cooperation with other EU countries. The UK’s threat level from international terrorism has been at ‘Severe’ since August 2014, while 2015 and 2016 witnessed unprecedented atrocities in France, Belgium and Germany. The UK’s major threat emanates from our own citizens who become radicalised, organise online, in some cases travel to Syria or elsewhere to train and fight and then seek to support terrorism within the UK. We also face increasingly sophisticated organised crime groups operating on a networked basis across international borders, or otherwise operating in the essentially borderless field of cyber crime. International threats require international cooperation, of which the UK has been at the forefront within Europe. In 1975, (then) British foreign minister James Callaghan proposed the establishment of the TREVI Working Group to combat terrorism. Since then, the UK has heavily steered the development of the EU’s security architecture. In oral evidence presented to the Home Affairs Sub-Committee of the House of Lords EU Select Committee on 12 October last year, David Armond (deputy director general of the UK’s National Crime Agency) noted: “The whole EU policy cycle […] is an absolute lift and shift of the UK intelligence model.” On 16 December, the House of Lords’ EU Select Committee published a report entitled ‘Brexit: Future UK-EU Security and Police Cooperation’, which concluded that there’s considerable consensus among UK law enforcement agencies on the EU tools and capabilities they would like to see retained or adequately replaced when we leave the EU.

TheSecurityInstitute'sView January2017_riskuk_apr15 09/01/2017 16:40 Page 2

The Security Institute’s View

The top priorities consistently listed by those who gave evidence were: • Europol (the European Union’s law enforcement agency), which supports law enforcement authorities throughout the EU in preventing and combating all forms of serious international crime and terrorism • Eurojust, which supports investigations and prosecutions of cross-border crime in the EU • the Second Generation Schengen Information System (SIS II), which allows police forces to share real-time ‘alerts’ on suspects, vehicles, firearms and other property • the European Arrest Warrant (EAW), providing for simplified extradition procedures among the EU Member States • the European Criminal Records Information System (ECRIS), which enables the exchange of information on criminal convictions between EU Member States • the Prüm Decisions agreement, enabling police forces to share DNA, fingerprint and vehicle information • the EU Passenger Name Record (PNR), which allows for the collection, use and retention of airline passenger details

Engagement with Europol Notably, the UK has one of the highest rates of engagement with Europol in the EU. Europol data indicate that the UK authorities initiated 2,500 cases for cross-border investigation and operational support at Europol last year, while its British director, Rob Wainwright, has estimated that 40% of all Europol cases have some level of British involvement. Further, Wainwright has argued that any alternative police co-operation arrangement would be only “partially as good” for the UK as it would become a “second-tier member… still useful but not, for example, having direct access to our database, not being able to lead any of our operational projects and not having the influence in our organisation that they do at the moment.” For example, the UK’s access to security databases such as ECRIS would be withdrawn following Brexit. It would need to step down from leadership roles, such as its current chairmanship of the European Cyber Crime Task Force (which is made up of the heads of cyber crime units from all of the EU Member States as well as Europol, Eurojust and the EC, and seeks to promote a harmonised approach towards the fight against cyber crime). David Armond stated in his evidence to the House of Lords EU Select Committee that the UK’s diminished relationship would also impact the other ‘Five Eyes’ countries –

Australia, Canada, New Zealand and the USA – which sometimes rely on the UK to provide information from Europol. States outside the EU are able to negotiate strategic agreements (limited to the exchange of general intelligence as well as strategic and technical information) and operational agreements (which have been established with Norway, Switzerland and Iceland, for example, and allow for the exchange of information, including personal data). The House of Lords EU Select Committee observes, however, that: “these precedents… offer no quick fix. Some of the bilateral agreements in question have taken many years to negotiate, and in some cases are still not in force.”

Positive signal Challenges include the fact that there’s either no precedent for the EU permitting access to its tools by non-EU or non-Schengen members, such as ECRIS or SIS II, or the precedents that do exist would not be sufficient to meet the UK’s operational needs, for example in the limited scope of third country agreements with Europol compared with the level of engagement that the UK is accustomed to enjoying. A positive signal for the UK, however, was the appointment last September of Sir Julian King as EU ‘Commissioner of the Security Union’, with direct responsibility for establishing more co-ordination across all stages of investigation, law enforcement and criminal proceedings. This plays to the UK’s strengths in counter-terrorism and may well indicate a desire within the EU to retain strong links with our security services. We firmly believe that, due to the transnational and worsening nature of the current terrorist threat, and as vividly illustrated by the latest terrorist atrocity in Berlin, more rather than less security cooperation at the European level is going to be essential. Yet the House of Lords EU Select Committee concludes that, in leaving the EU, the UK will lose the platform from which it has been able to exert significant influence, which presents risks to the UK’s ability to protect its own security interests in the future. The UK Government needs to decide which structures it should seek to remain part of and which it will need to replace, both to influence the EU’s security agenda and also maximise the UK’s own security capabilities.

Dr Alison Wakefield FSyI: Vice-Chairman of The Security Institute and Senior Lecturer in Security Risk Management at the University of Portsmouth

Robert Hall MBCI MSyI: Director of the Security and Resilience Programme at London First

“Themes in our work include the national security context, corporate preparedness, public-private sector security cooperation and security information sharing” 33 www.risk-uk.com

Project1_Layout 1 09/01/2017 16:49 Page 1

f ireray

The world’s most trusted beam

f fe

T +44 (0) 1462 444 740 E sales@ffeuk.com W www.ffeuk.com

Fireray® 5000 - The only laser aligned motorised beam smoke detector system available on the market Single person install - Laser allows for rapid alignment of detector onto the reflector Simple line-of-sight - Laser helps installer to quickly and accurately determine path of beam

InTheSpotlightASISInternational January2017_riskuk_apr15 09/01/2017 16:29 Page 2

In the Spotlight: ASIS International UK Chapter

Securing Tomorrow By Investing Today hile a young professional is typically defined as an ASIS UK member who’s less than 40 years of age, or who has spent fewer than five years in the security profession, participation is encouraged by anyone passionate about this initiative, regardless of their age or experience. The ASIS Young Professionals Group’s core mission is to develop and educate younger practitioners in the security industry. Expanding on this core Mission Statement, the ASIS UK Board recently reinvigorated and re-energised activities relating to such programmes in the UK, recognising the need to embrace and engage the security practitioner of the future and connect those looking to advance in the industry with those best placed to assist them in achieving their ambitions. When I was first asked to take on and lead this initiative not long after the 62nd ASIS Annual Conference in Orlando last year, I did take a little convincing. However, as a product of the ASIS educational system myself, there could be no better way for me to give back to an organisation that supported my own professional and personal development, while also having the opportunity to pay it forward by influencing and supporting the next generation of our profession (in which I include myself ). In the month or so since taking over as the Young Professionals lead in the UK, I’ve been both surprised and delighted by the energy and enthusiasm of not just Young Professionals, but also established industry leaders willing to dedicated their time and knowledge to such a worthwhile initiative. Pretty quickly, we’ve managed to merge a core team of professionals keen to volunteer their time and experience to the cause. Our core UK volunteer team has representation in global consultancy, industry recruitment, training and education and involves practising corporate security managers who all bring unique yet complementary skill sets and experiences that both support and facilitate the achievement of the initiative’s core objectives for both 2017 and beyond. This team has more than exceeded my expectations in laying out a framework of objectives and deliverables for 2017 that will see the ASIS UK Young Professionals Group move to new heights and represents a step change in UK capability. The programme for 2017 aims to both promote the Young Professionals initiative and the wider ASIS agenda, while also providing real value and

The ASIS Young Professionals Group was created in 2010 to provide a comfortable environment both for ASIS members new to security and for future leaders to engage in education programmes and activities. Stuart Eustace examines the objectives and deliverables for 2017 that will see the Group move to new heights opportunity for Young Professionals and senior industry managers alike. By co-ordinating educational events, mentoring programmes, practical workshops and career development seminars specifically tailored to increase opportunities and capabilities across all industry sectors, including reverse mentoring opportunities, we intend to ensure that today’s leaders are aware of the talent available, and that the talent of today is actively prepared for tomorrow.

Business capabilities As the corporate and commercial world becomes more aware of the value that professional security and risk management functions and services bring, coupled with the ever-evolving and dynamic global security environment, the need for not only functional and disciplinary knowledge, but also for wider, softer and more business-focused capabilities becomes more and more important. The rise in big business’ acceptance of the security function’s value and the services provided by security organisations is testament to the ability and adaptation of the current practitioner in educating senior business leaders, in most cases by translating security risk terminology into common business language and finding new and innovative ways

Stuart Eustace CPP: Young Professionals Lead at ASIS UK and Global Lead on Risk, Security and Crisis Management at pladis Global

www.risk-uk.com

InTheSpotlightASISInternational January2017_riskuk_apr15 09/01/2017 16:29 Page 3

In the Spotlight: ASIS International UK Chapter

*If you’re interested in the ASIS Young Professionals initiative and are under the age of 40, or have been in the industry for less than five years, or maybe looking to break into the industry or are just curious, then you can find more information at https://www.asisonline.org/ Membership/MemberCenter/Councils/YoungProfessionals/Pages/ default.aspx **Additionally, if you don’t fall into the Young Professionals bracket, but would like to be involved as a member of the volunteer committee or as a mentor we would love to hear from you. For those who wish to volunteer their time, speak at events or share their experience and knowledge with Young Professionals, send an e-mail to: yp@asis.org.uk (volunteering) or ypmentoring@asis.org.uk (mentoring)

of displaying input to the business and, indeed, its value chain. The methodology used in the sector has changed in some ways, although I would argue that the real enhancement has been in the security professional, and his/her evolution in understanding business process and business needs. This is a trend that will need to continue as the scope of services and expectations continues to increase, with our learning cycle being continuous and ever-widening. As the business world continues to evolve, so will the risk landscape, and with it the expectations of the Board and commercial clients. The security practitioners and leaders of the future will not only need to be multiskilled in terms of functional capability and domain knowledge, but will also have to possess enhanced social skills, both in person and through the use of social media and/or technology-based platforms and networking forums. They will need to understand business processes and management and be able to sell their value to multiple stakeholders. This isn’t a new revelation. It’s both well established and expected in today’s world. However, as a sector it could be said that we’ve struggled in the past to keep pace with our ability to match or meet business needs, specifically when compared to other departments who generally lead on innovation and renovation. The security sector relies on tried and, therefore, perceived tested practices. While I would agree that these practices and methodologies have stood the test of time in most cases, the way in which they’re implemented, communicated and measured has changed, in general as a result of business evolution and altered business sensitivity.

Leadership and management Most important of all, future professionals will need to know how to manage and lead. Management and leadership mean many things to many different people, while the styles employed by different managers and leaders are in many ways very different. I would suggest that the similarities in all good leaders and managers are respect, patience and inspiration. All the functional knowledge in the world can be wasted if results cannot be achieved. The ability to inspire confidence, respect and belief both vertically and

“A cornerstone objective is the establishment and development of a mentoring programme that allows Young Professionals to learn from senior leaders” 36

www.risk-uk.com

horizontally within an organisation or client portfolio is – and always will be – invaluable to the practitioner of the future. The principles of effective leadership and management are well documented and presented across training providers’ educational materials and, it must be said, do go some way towards supporting future capability development. However, this is no substitute for seeing it in practice or being a product of its execution.

Cornerstone objective A cornerstone objective of the ASIS UK initiative is the establishment and development of a mentoring programme that allows Young Professionals to access and learn from senior leaders in a structured manner. Personally, I hope that, as this initiative grows, the ability to match Young Professionals and mentors will not solely focus on learning from the leaders within our industry, but also allow for opportunities to learn from professional business personnel across varying different sectors and disciplines. After all, these are the stakeholders to whom we must ‘sell’ our profession, talking all the while in their language and with enough inspiration to instil confidence and belief. The establishment of such a programme, coupled with education and networking initiatives and wider ASIS offerings, will produce a platform to support well-rounded, driven, motivated and well-equipped professionals who can reach out and lean on a system that underpins them. Further benefits to the wider ASIS organisation and industry leaders include opportunities to understand the employment pool and its capabilities, learn from the next generation and better understand what their future needs might be and who or what is/will be available to fulfil those needs.

Looking to the future As we look to the future and launching this initiative in the face of an ever-changing global security dynamic that drives an ever-evolving priority list from the business world, the ASIS UK Young Professionals team holds high expectations for the development of Young Professionals both within the ASIS organisation and across the wider security landscape. We all share the same world and work towards a similar end state when it comes to a professional footing. The opportunity to increase knowledge and share Best Practice and learnings can only be a positive thing for the future of our profession.

Project1_Layout 1 12/09/2016 14:30 Page 1

Security? Itâ&#x20AC;&#x2122;s in our DNA . The ultimate deterrent against theft, burglary & robbery

SelectaDNA is one of the most effective security solutions to protect valuable property and assets within an organisation. SelectaDNA is available in a number of formats including property marking solutions to mark and protect assets and infrastructure such as IT equipment, tools, machinery and vehicles, a lacquer aerosol for the protection of valuable metals including copper cable, and a spray to deter commercial burglaries and robberies. SelectaDNA is a huge deterrent, as the one thing criminals fear most isâ&#x20AC;Ś DNA evidence. Discover how SelectaDNA can help protect your business www.selectadna.co.uk or call 01689 860757 to find out more.

SelectaDNA is a registered trademark of Selectamark Security Systems plc

DA0302/1

FIATechnicalBriefing January2017_riskuk_nov14 09/01/2017 16:07 Page 1

Enforcement of the Fire Safety Order The Regulatory Reform (Fire Safety) Order 2005 is the piece of legislation that covers fire safety within England and Wales. Scotland and Northern Ireland have their own legislation regarding fire safety – the Fire (Scotland) Act 2005 in combination with the Fire Safety (Scotland) Regulations 2006, and the Fire and Rescue Services (Northern Ireland) Order 2006 and the Fire Safety Regulations (Northern Ireland) 2010 respectively. As Ian Moore observes, enforcement of the Fire Safety Order is paramount

Ian Moore: CEO of the Fire Industry Association

www.risk-uk.com

he Regulatory Reform (Fire Safety) Order 2005 protects buildings and the people inside them from the dangers of fire by setting out what steps should be taken in order to reduce the risk. The Order was passed into law on 7 June 2005 and came into force on 1 October the following year. In most premises, local Fire and Rescue Authorities are responsible for enforcing this legislation. For its part, the Health and Safety Executive holds enforcement responsibility for construction sites and nuclear premises. More on this particular subject anon. Most fires are preventable. Those directly responsible for workplaces and other buildings to which members of the public have access can help in avoiding fire outbreaks by adopting the right behaviours and procedures. Helpfully, steps such as carrying out a fire risk assessment to assess the level of hazards and risks within a building are addressed in the Regulatory Reform (Fire Safety) Order 2005, so too observations on who can carry out specific tasks relating to fire safety. Nonetheless, many individuals still don’t understand their responsibilities as defined by the legislation, which is a possible reason why there are still regular news reports of fire safety breaches pretty much on a weekly basis. Here at the Fire Industry Association (FIA), it’s our view that better education in responsibilities towards fire safety will lead to safer communities for all. The Regulatory Reform (Fire Safety) Order 2005 applies whether the business employs five or 5,000 people – size doesn’t exclude an organisation from the legislation. It applies whether the company is a large well-known brand, or a small self-employed family business. The premises could be a charity, a not-for-profit or a business focused on profit, whether that’s an office, a shop, a museum or any other building accessed by members of the public. Whatever the nature of the premises, if the building isn’t a private residence, then the Regulatory Reform (Fire Safety) Order 2005 duly applies. The Order also applies to the communal areas of multiple occupancy residences or blocks of flats. The legislation applies directly to anyone and everyone who owns or is responsible for nondomestic premises. This individual is referred to as the ‘Responsible Person’ in England and Wales, but the term ‘Duty Holder’ and ‘Appropriate Person’ is used in Scotland and Northern Ireland respectively. Those terms

mean the same thing. In the case of a business, it’s almost always the employer. In a public building such as a school or hospital, it could be the NHS Trust, the academy chain or local authority assuming responsibility.

Breaching the law When it comes to breaching fire safety law, there are millions of individuals who can be held responsible for their actions – or lack thereof – in terms of protecting people from fire. These individuals all need to have a good understanding of how the law applies to their business or premises, such that they can create a safe environment for themselves and for all of those resident within their buildings, whether they’re employees, customers, visitors, patrons, residents, schoolchildren or patients. Fire safety legislation is enforced by fire safety enforcement officers from the local Fire and Rescue Service. They can enter any workplace at any suitable hour, without giving notice, though notice may be given when the inspector thinks it’s appropriate to do so. Once on site, the enforcement officer will conduct a thorough inspection to check out the workplace, the work activities and the management of fire safety and audit the Responsible Person’s fire risk assessment to ensure that they’re fulfilling their duties in respect of fire safety law. The enforcement officer may also offer assistance or advice to help, but they might well talk to employees or their representatives, take photographs, serve notices or take appropriate action if there’s a risk to fire safety that needs to be dealt with on the spot. The problem is that there’s a huge lack of understanding around the law on the part of Responsible Persons and how it’s enforced. Whether this is down to a lack of education on the implications or simply a reluctance to find out about fire safety law is only conjecture, but what’s not in any dispute is that breaches of fire safety law happen on a regular basis.

Cases involving prosecutions In November last year, 12 cases of prosecutions or fines for failing to comply with the Regulatory Reform (Fire Safety) Order 2005 were brought to the attention of the FIA when they were reported in the news and subsequently published on the Association’s website. On the face of it, it’s fair to say that 12 offences in one month may not sound like many, but in truth the effects of a fire can be

FIATechnicalBriefing January2017_riskuk_nov14 09/01/2017 16:23 Page 54

FIA Technical Briefing: Regulatory Reform (Fire Safety) Order 2005

both lasting and devastating for businesses and, indeed, the lives of many. These 12 cases are only the ones that were reported on by local and national press and reached the News Desk of the FIA in that month alone. Imagine how many more episodes there might be that are happening nationwide, and the horrendous and wide-ranging devastation that may be occurring due to a lack of fire safety precautions being in place? One of the most memorable cases of breaches of fire safety legislation is one that realised a fine of £400,000 (the largest ever recorded). In 2007, clothing giant New Look – at the time operating a store on London’s everpopular Oxford Street – was charged with two breaches of fire safety legislation. Reports at the time suggested members of staff didn’t have sufficient training to be able to evacuate shoppers, and that escape routes were blocked. More worryingly, perhaps, these factors were only discovered during the outbreak of the fire, which took hold in a second floor storeroom, subsequently destroying the store and shutting down much of London’s biggest shopping area. This disrupted businesses in the district and created dangerous conditions for some of the estimated 500,000 shoppers who visit Oxford Street on a daily basis. During the legal inquest, Judge Geoffrey Rivlin QC presiding at Southwark Crown Court heard that all 150 people in the store escaped unharmed, while another 300 were evacuated from neighbouring premises. The cause of the fire was never discovered, but it “virtually gutted” the building, which subsequently had to be demolished. New Look was fined £250,000 for failing to supply a “suitable and sufficient” fire risk assessment for the premises and £150,000 for failing to adequately train staff. On top of that, the company was also ordered to pay upwards of £136,000 in costs.

disrupt services in the vicinity and release dangerous chemicals into the environment. Indeed, the effects of fire can last for a lifetime. In light of this, the FIA has created a short video to explain to all Responsible Persons what their responsibilities are and what steps they need to take in order to protect themselves from fire and comply with fire safety legislation. Developed by a team of fire safety experts from across the fire safety industry, the video took almost a year to create, and delivers fire safety information for Responsible Persons in both a clear and concise manner. The video can be accessed on the FIA’s YouTube channel by searching ‘Responsible for Fire Safety? | Fire Safety Explained Video’ in YouTube’s search bar, or by visiting the FIA’s website: www.fia.uk.com

Education, education, education There’s one way to ensure that all Responsible Persons are aware of their responsibilities: education. Making sure that people are interested in fire safety and helping them to learn about the legislation is a necessary step towards cutting out devastating incidents. Fire protection isn’t a subject to be taken lightly – fires can destroy lives, ruin businesses,

“Those directly responsible for workplaces and other buildings to which members of the public have access can help in avoiding fire outbreaks by adopting the right behaviours and procedures” 39

www.risk-uk.com

SecurityServicesBestPracticeCasebook January2017_riskuk_apr15 09/01/2017 16:39 Page 1

2017... The Year of the National Living Wage and IP Camera Analytics

The increase in the National Living Wage in 2017 could have a dire impact on the security guarding sector. The struggle to respond, at a time when security budgets are frozen and even falling, will likely drive a whole series of developments in technology to compensate. Simon Chapman outlines how and why security provision in the UK will probably look very different 12 months from now

www.risk-uk.com

he National Living Wage was introduced by the Government on 1 April 2016 for all working people aged 25 and over, and is currently set at £7.20 per hour. On 1 April 2017, it will rise to a rate of £7.50. Security solution providers need to make sure that they’re paying their staff correctly, as the National Living Wage will be enforced every bit as strongly as the current National Minimum Wage. The Government wants to move from a low wage, high tax, high welfare society towards a higher wage, lower tax, lower welfare regime. With record employment, the highest GDP growth in the G7, over two million jobs created since 2010 and 1.1 million more forecast by the Office for Budget Responsibility, last April the Government believed – and still does – that now is the right time to take action to ensure low wage workers can take a greater share of the gains from growth. The new National Living Wage is an essential part of this. The Conservatives believe it ensures that work pays, and reduces reliance on the state topping up wages through the benefits system. The aim for the National Living Wage is to reach 60% of median UK earnings by 2020. For employees over the age of 25, the wage is projected to rise to at least £9.00 per hour by April 2020. Smaller employers have had their employer National Insurance discounts increased to mitigate the higher costs of the National Living Wage. In September 2015, the proposed penalties for employer non-compliance were announced.

They’re double those previously payable for non-compliance with the National Minimum Wage Act 1998 (increased from 100% of arrears owed to 200%), although this is halved if paid within 14 days. The maximum penalty remains at £20,000 per worker. An additional penalty of disqualification from being a company director for up to 15 years will also be available to the courts. The enforcement budget is due to double, while the creation of a dedicated HM Revenue and Customs non-compliance team to pursue criminal prosecutions has been announced. This April, then, companies operating in the security guarding sector will see a rise in their wage bill that they’ll have to absorb or otherwise pass on to clients. The stated 30 pence per hour increase might seem pretty small at first glance, but multiply that by thousands of hours on an annual basis for a big contract and it’s a substantial extra cost.

Wafer thin margins Margins are already wafer thin in the security industry. That being so, it’s entirely possible this change will push some providers over the edge. Others will try to cut costs still further, perhaps by trimming an already depleted training budget or otherwise reducing staff numbers at head office. It’s unlikely that the aforementioned alternative – ie passing the increased costs on to clients – will be feasible, particularly so when it comes to major end users of security services in the retail and public service sectors. Most of them have already made it quite clear that they will not or simply cannot absorb any increases in their security budget. Over the last 12 months, many major service users have negotiated a decrease in the bill for security staffing or found an alternative supplier that would agree to charge less. Security companies have agreed these new contracts out of short term expediency, often without the realistic prospect of sustaining a service, and certainly not one of any great quality either in the medium or longer term. Public services have been told by central Government to freeze their budgets, while High Street retailers are clearly in no state to add to their overheads given the pressures at play within and around their own business domains.

SecurityServicesBestPracticeCasebook January2017_riskuk_apr15 09/01/2017 16:39 Page 2

Security Services: Best Practice Casebook

However, the need for retail security is clearly growing. Police officers are now recording more shoplifting offences than at any other time in the past 13 years. According to official figures, the police service recorded no less than 336,505 shoplifting offences in the year ending March 2016, representing a 3% increase compared with the previous 12 months. In fact, this is the highest volume recorded since the introduction of the National Crime Recording Standard in the year ending March 2003. Add to this the continuing threat posed by acts of international terrorism in the UK. The threat level here has been set at ‘Severe’ – meaning that an attack on the mainland is highly likely – since August 2014.

Finding a solution How, then, will retailers and their security providers reconcile this need for security protection but at a similar, or even reduced cost? The proposed solution has to be found in technology, and particularly in the use of IP cameras complete with video analytics and connected to a single Intelligence Centre, serving multiple user outlets and offering a 247 response service that’s readily able to send in local teams. In many instances, such a regime is already beginning to replace the need for security officers. The benefits of IP cameras over analogue systems are well known among security and risk managers. Principally, they relate to quality of image, but also to budgeting, with Internet connectivity offering big savings over the costs of installation and wiring on site required by traditional CCTV systems. Then there’s the greater flexibility afforded by IP cameras. End users can connect more cameras because they’re no longer limited by the number of ports on the CCTV system’s DVR. Importantly, cameras may be moved around on site to cover areas of risk as those areas change as a direct result of feedback from security audits and updated intelligence data. There are also significant opportunities arising from digital analytics which extend the level and range of protection available courtesy of IP cameras.

Automatic alerts IP surveillance technology and analytics provides a central Intelligence Centre with automatic alerts at the time of detection when dangerous or suspicious activity is detected. By mathematically analysing the pixels of digitised video, systems can intelligently interpret the movement of goods and also the behaviour of people on site, whether they’re

members of staff, customers or perhaps third party contractors. This includes, for example, detecting illicit behaviour and errors at the retail Point of Sale, such as a failure to scan goods or any attempts at refund fraud. If they choose to add-in the facility of audio, with a microphone connected to a camera, end users are able to increase the capability of the system to include automatic ‘aggression detection’, for example, by detecting changes in pitch within customerstaff interactions. The technology is generating particular interest in relation to its capability not just to support loss prevention, but also boost the return on investment from merchandising and actively create new revenue streams. Applications include the opportunity to measure interest in promotions and activity around product positions in-store, monitoring customer flows and recording how people react to a particular product line. Facial recognition systems have the capability to assess the age range and other key parameters of visitors and, potentially at least, to identify specific visitors and their activity in a given store or department.

Simon Chapman: Managing Director of Lodge Service and the LodgIC Intelligence Centre

Privacy and data protection The technology is embryonic, and there are several issues still to be resolved around privacy and data protection, in addition to protecting data transmission as well as stored data from cyber attack. What we can absolutely expect to see is an escalation in the application of IP technology. Indeed, we’re preparing for just such a scenario right now. The sector is – or can be – a beneficiary of major investment in robotics by the consumer electronics sector. Security end users can be the beneficiaries of this, not only in respect of loss prevention, but also when it comes to opportunities for increased revenue across the organisation as a whole. There’s little doubt that the challenges ahead of us in 2017 are substantial, while a degree of change is somewhat inevitable. The public sector, retailers and other corporate sector end users need to be fully aware of the opportunities – and, it must be said, the risks – arising from new IP technology and ready to trial and test new solutions.

“Public services have been told by central Government to freeze their budgets, while High Street retailers are clearly in no state to add to their overheads given the pressures at play within and around their own business domains” 41

www.risk-uk.com

MeetTheSecurityCompanyPartTwo January2017_riskuk_apr15 09/01/2017 16:30 Page 1

Meet The Security Company

This month sees the continuation of a brand new series of articles in which Risk UK shines the spotlight on SSAIBregistered businesses for the benefit of risk and security managers who purchase security guarding as well as systems-focused solutions. Answering our questions once again is Tony Woolcott, the managing director of Avantguard Security

Risk UK: Can you outline your thoughts on the proposed enablement of business licensing? Will it induce positive change? Tony Woolcott: I’m shocked that we’ve not yet seen the implementation of business licensing or any indication that it’s likely to happen in the near future. I would push for it to happen as soon as possible. I believe it’s an extremely good move for the industry as it will see unethical and unsustainable businesses driven out of the marketplace. Competition is important and I value good competition on my doorstep, but the emphasis must be on ‘good’ competition. It’s continually disheartening to hear the stories of clients who’ve been constantly let down. Worse still are stories from the labour market of the terrible treatment personnel have received at the hands of former employers. These unethical and sometimes illegal operations should absolutely be shut down. The last information I heard about the proposed business licensing was that it wouldn’t apply to smaller companies. I believe the figure being suggested was those firms with less than ten employees. I think that all

About the Security Systems and Alarms Inspection Board Founded in 1994, the Security Systems and Alarms Inspection Board (SSAIB) is a leading certification body for organisations providing security systems and services, fire detection and alarm solutions, telecare systems and solutions, manned security services and monitoring services. The SSAIB is a Security Industry Authority-approved certification body in respect of the Regulator’s Approved Contractor Scheme and operates in the UK as well as the Republic of Ireland.

www.risk-uk.com

companies operating in the security industry should have some form of audit or licensing in place, although I appreciate that requirements ought to differ depending on the size of the company, otherwise it would be too big a barrier to entry and we wouldn’t see new and innovative companies entering the market. In terms of sub-contract labour, essentially this isn’t an issue, but it becomes a problem when it’s used to circumnavigate regulations and avoid employer responsibilities. Sectors such as the ‘Event Security Market’ rely heavily on sub-contract labour often recruited through social media. There appears to be little in the way of standards or screening of individuals to work at large events and, in my opinion, this places members of the public at risk. The delay on business licensing has driven the industry backwards and facilitated an increase in bad practice. Companies who operate in the trusted arenas of of public and private sector security should always be subject to tough and enforced regulations. Risk UK: In which direction would you like to see ‘The Regulation Roadmap’ take the guarding sector during the next decade? Tony Woolcott: I believe we need to see more regulation, but that means the Security Industry Authority (SIA) requires more funding and elevated powers. The Regulator is largely intelligence driven because of limited resources, but should be able to take more steps to identify illegal operations. The Approved Contractor Scheme (ACS) audit process should also be much stronger in rooting out bad practice and any companies ‘hoodwinking’ the system. The weakness often rests with larger organisations who are audited at their main office, but it seems that rarely are steps taken to audit their satellite operations. The security industry needs to be viewed as a professional sector and occupation rather than a ‘stop gap’. Training should be more comprehensive. Training providers have been seen to be a weak link in the security industry. We’ve all heard the stories about candidates allegedly being ‘guided’ through their examinations or, in some cases, blatantly provided with the answers. This makes the

MeetTheSecurityCompanyPartTwo January2017_riskuk_apr15 09/01/2017 16:30 Page 2

Meet The Security Company: Avantguard Security Ltd (Part Two) In association with the trainers look good, but the industry and the officers sitting the tests then look bad with doubts cast on their abilities. Examinations at the end of training must be properly invigilated. Risk UK: If you had to describe ‘The Security Officer of Tomorrow’, what would be the key traits necessary for ultimate success? Tony Woolcott: ‘The Security Officer of Tomorrow’ would be a true professional trained to a high standard, respected and confident in the use of modern technology. They should be motivated to perform their duties to the best of their abilities and properly equipped to provide the degree of service that’s required of them. ‘The Security Officer of Tomorrow’ is no longer the traditional vision of a ‘night watchman’. Rather, the role should be multilayered and keep officers busy. No longer is security a sedentary role with a few ‘token patrols’ thrown in for good measure. Security officers should be absolutely dedicated to fulfilling their duties enthusiastically and constantly looking for ways in which to add value for the client. They’re in a unique position whereby they are an employee of a security company, but also form part of the host client’s team. It’s important they have the required interpersonal and customer service skills to hand in order to bring the most benefit to their role. The industry is already heading in the right direction with apprenticeships and more advanced training, with a view to security being a proper career path rather than a ‘stop gap’ job. However, there’s a long way to go as many officers find it hard to adjust to the new vision of security. For meaningful change to take hold, it’s also necessary for security companies to develop their teams and the roles which they undertake, continually improving the service delivery. Finally, the clients must play their part in the development of ‘The Security Officer of Tomorrow’ by appreciating the value these individuals bring to their business, embracing them as hard working members of the team. Risk UK: In what ways is third party accreditation beneficial not only for your business, but also for the security guarding sector in general? Tony Woolcott: Third party accreditation is really important for our business because we’re always looking to achieve the highest levels of quality service that we can, but it must be stated that accreditation is only as good as the explanation of what it stands for. ‘Badges’ look great, but we must be sure to make it very clear

to clients what they mean and, importantly, what’s needed to achieve them. We hold several accreditations, but we’re only audited for one of them, which is the ACS. Renewal of many accreditations generally involves either paying the fee or sending off a batch of documents. The $64,000 question is: ‘Are we simply joining a club or do these accreditations really mean something?’ ACS involves a comprehensive audit of our procedures, but buyers are not always knowledgeable about the ACS process and how to differentiate between different providers and their accreditations. Some industries have very well publicised standards and accreditations such that the buying public are fully informed about what to expect. I always use Gas Safe as an example. On the whole, people are knowledgeable about the standards here and whom they should choose for their boiler repairs. The ACS should be equally well publicised as it affects the general public on a daily basis. In these times of high terror alert more than any other, public and private security is extremely important. Risk UK: Undoubtedly, the National Living Wage will have a major impact on the sector. What are your thoughts on this and, indeed, the National Minimum Wage? Tony Woolcott: I’m very positive about the steady rise in the National Minimum Wage. The National Living Wage seems to me like a simple re-branding of the National Minimum Wage, but it’s good to see that there are aims to continually raise the standard of living. The choice of timing in terms of introducing the new National Living Wage was difficult as our contracts have always been built on rate negotiations in advance of the October increases to which we’re accustomed. However, the adjustments were made and clients were accepting of the need to accommodate the new rates of pay. Unfortunately, I don’t believe the new National Living Wage due in April will make a dramatic difference to the industry. Those on the lower end of the pay scale will steadily rise, but those on the higher end of the pay scale will likely remain as they are, so eventually the gap will close and the entire industry will be a ‘minimum wage’ industry. At the end of the day, well paid and motivated members of staff are the key to providing consistency and quality of service for clients. Those clients should be encouraged to pay a rate that allows for higher than National Living Wage payments in order to realise the very best results from the labour market.

Name Tony Woolcott Job title Managing Director Time in the security sector I’ve worked in the security industry for 14 years. I’ve served as managing director of Avantguard Security Ltd for the last eight years Location of the business Avantguard Security Ltd is a local provider of security guarding services based in Littlehampton, West Sussex. We operate in West Sussex and East Sussex Areas of expertise Avantguard Security Ltd specialises in providing security guarding services for commercial and corporate buildings, industrial warehousing and manufacturing, food processing and educational establishments. We provide security officers, mobile security services, key holding and alarm response solutions Accreditations Avantguard Security Ltd holds SIA Approved Contractor status for the provision of security guarding and key holding services and is audited by the SSAIB. We’re SAFEcontractor approved and members of the Trading Standards ‘Buy With Confidence’ Scheme

Tony Woolcott: Managing Director of Avantguard Security Ltd

www.risk-uk.com

EndUserComputingManagementandRiskGovernance January2017_riskuk_apr15 09/01/2017 15:59 Page 1

End User Computing Management: The Key to Model Risk Governance that surround each and every model, successfully enforcing an enterprise-level model risk management and governance framework – as purported by directives such as SR 11-7 and CCAR – is impossible to achieve. Why? A single error or change in a manual and undocumented process (eg in a spreadsheet) can proliferate across the model landscape and feed erroneous data into a model that could result in inaccurate outputs.

Risk and challenge of EUC

Prompted by the need to pre-empt new occurrences of the problems that caused the 2008 global economic crisis, regulators – through directives such as the SR 11-7, BCBS 239 and Comprehensive Capital Analysis and Review (CCAR) – are demanding that financial institutions adopt an all-inclusive model risk management and governance programme and strategy. Henry Umney pores over the detail

44 www.risk-uk.com

he mandate is both broad and sweeping. In delivering against it, banks need to pull back their governance lens and take an holistic view of the models. Model governance needs to focus on more than just the central processing engine. After all, a model doesn’t work in isolation, requiring data from the enterprise to function effectively. Today, there’s widespread recognition that a significant proportion of the data feeding the models comes from end user-controlled processes supported by spreadsheets, access databases and other similar end user computing (EUC)-developed tools. These end user-controlled processes are required to collate and augment data in order to meet the model input requirements. The added complication is that these end user-controlled processes can be reliant on multiple spreadsheets with complex data linkages as well as being dependent on other data feeds. In addition, there may be complexity in the model’s output and where this data is used. Regularly, data extracts are manipulated in yet more EUCs such as Excel or business intelligence tools like Qlikview for socalled ‘final mile’ analysis. Without an in-depth understanding of the entire ecosystem of applications and processes

The first step towards achieving the wider model risk governance that the various regulations demand is to understand and control the entire ecosystem that surrounds the models of an organisation. EUC enables businesses and users to quickly deploy solutions in response to shifting market conditions, industry changes and evolving regulations. It delivers agility that corporate systems simply cannot offer. For instance, it’s far easier for a business user to build new financial analytical capability using Excel than request IT to create a new solution in the corporate system which, even if sanctioned, would take significant time to engineer. However, these very aspects that make EUC so appealing also render it challenging to manage and control on an effective footing. Organisations including banks and financial institutions are typically reliant on numerous – even hundreds of – spreadsheets to support their models. A single data error or change in one file can propagate across the wider EUC landscape, in turn impacting model outputs. The problem exacerbates as spreadsheet and database software is used extensively, and so is regularly integrated within systems and processes across the organisation. Spreadsheets are somewhat cumbersome and contain a vast amount of data stored in multiple sheets, making discrepancies difficult to identify. This is further compounded by linkage of these applications to each other via formulae, creating an environment wherein changes and discrepancies are not visible, often occurring in data not intended to be viewed after the initial data input. Additionally, spreadsheets are frequently shared and transferred between users, resulting in multiple documents, only one of

EndUserComputingManagementandRiskGovernance January2017_riskuk_apr15 09/01/2017 15:59 Page 2

End User Computing Management and Risk Governance

which is up-to-date. If they’re not stored and labelled correctly, subsequent users are unable to identify which spreadsheet is the current version containing up-to-date data, possibly causing discrepancies due to the use of old or incorrect information. Organisations – and IT in particular – prefer the use of enterprise business applications, so it follows that gaining their mindshare for the proper use of spreadsheets is often a challenge. EUC applications are frequently developed by individuals without formal software training, while most organisations don’t implement standardised and structured developmental methodologies, which ultimately results in increased risks.

Automation imperative The key to successful model risk governance is data quality, which in turn requires transparency. Organisations need transparency to establish how data is created and where the transformations in the data and models are occurring. In achieving such transparency, they’re able to verify the processes and controls demanded to ensure good quality data. This is predominantly undertaken manually, but improving the process of collecting, validating and proofing model data is a complex and high risk function. Being able to integrate and automate the process is a real imperative for businesses in order to reduce risk and deliver a consistent model. Technology can facilitate the adoption of Best Practice processes to ensure data quality by embedding governance into the business operation, supporting everything from the creation of new EUC applications through to eventual decommissioning of these files. Enabling organisations to understand and control the entire data ecosystem that surrounds the risk and governance models can provide a means of establishing what type of EUC the data is coming from (eg spreadsheets or access databases), whether it’s a single spreadsheet or multiple spreadsheets that feed data into the model and what the data linkages between the various data feeds are, etc. This visibility comes from a process of discovery including consolidating existing inventories, scanning file shares and repositories as well as analysing the overall EUC estate structure, properties and content. Organisations are then able to rank the inventory of files by the level of risk – or ‘materiality’ – they pose based on the risk appetite of the business, providing an holistic view of the complex web of data flows on an ongoing basis.

“A technology-led approach to EUC data quality management eliminates the need for manual checking and credibly demonstrates the validity of governance models” A technology-led approach to EUC data quality management eliminates the need for manual checking and credibly demonstrates the validity of governance models as well as the accuracy of the corresponding outputs to satisfy the regulators. EUC management solutions enable financial institutions to set up data change management processes and control mechanisms, supported by an audit trail to ensure that the integrity of the data is always maintained. Most importantly, users can continue to add judgement calls/expert judgement by altering data sets in spreadsheets to improve the alignment between theoretical calculations and the real world. The automation offered by technology solutions facilitates re-attestation of the models – and, indeed, the tools that feed them – with the real-time reporting and monitoring functionality and data, such that organisations can periodically re-evaluate models and tools to ensure that they are indeed working as desired. Ultimately, while organisations are faced with meeting stringent regulatory requirements, the major benefit of quality data is that it can be used strategically to meet business goals. It’s imperative that financial institutions are able to accurately and adequately demonstrate the ancestry and validity of their data. Automated management processes will contribute to risk management and bottom-line benefits.

Process optimisation Armed with complete visibility of all the verified files and an holistic view of the complex web of data flows, organisations are in a good position to ascertain which of the EUC-developed tools would benefit from being moved into the enterprise-supported system and, thereafter, decommissioned in their EUC format. With regulators honing their focus on data management, adopting an automated approach towards EUC management significantly reduces model risk and creates a controlled and managed model governance environment. In essence, it helps organisations to control the weaknesses in their data processes. Such an approach also makes the use of spreadsheets and EUC and their business purpose more transparent, helps prioritise files based on the level of risk they pose and ensures both data quality and integrity.

Henry Umney: Director of ClusterSeven

www.risk-uk.com

TrainingandCareerDevelopment January2017_riskuk_apr15 09/01/2017 16:43 Page 1

Security Trainers: Why It’s Important to Separate the Wheat from the Chaff Increasingly, the customer is the individual who’s seeking work rather than employers. That scenario is combined with the former’s natural interest in obtaining their qualification as inexpensively as possible. In such a climate, it’s almost inevitable that standards will fall. As far as IQ’s concerned, we have indeed witnessed the changes. Back in 2012, our rejection rate for security training centres submitting for centre approval was 21%. During 2016, that figure increased to 38%. Some of those applying were new to the security market, but many are moving from one awarding organisation to another.

Taking responsibility

One of the foremost challenges facing the security business sector is how to ensure a pool of high calibre trainers. In short, individuals who can communicate, inspire and impart the value of their experience. As Raymond Clarke rightly observes, they must be individuals for whom standards are hugely important

www.risk-uk.com

nly a couple of months ago, I was talking to one of our customers who’s struggling with the new economic climate facing training providers. As a well-regarded training company, the business boasts excellent employer relationships which have served it extremely well for publicly-funded training. The fiscal issue really revolves around the availability of public funding for the types of programmes offered by security training providers being progressively removed. Moreover, as the market for licence to practise training is saturated with low cost and low value providers, it inevitably causes difficulties for quality providers to compete. Instead, we see trainers not capable of inspiring students – and sometimes with limited experience in the security sector – training new entrants. In some instances, training companies themselves are perhaps barely fulfilling their legal duties. In an environment where the price of a fourday course is so low, something simply has to give. The numbers of students per cohort creeps up, the quality of trainers declines and the standard of facilities reduces as training organisations start to cut costs in an attempt to remain competitive. While public funding historically allowed quality providers to offer licence to practise training with the higher overheads subsidised, it’s not as easy for quality to shine through in today’s climate.

There are many who will argue it’s the responsibility of awarding organisations to police this situation in what is undoubtedly a challenging environment. While there’s perhaps a grain of truth in this view, it also only represents part of the story. Responsibility also rests with regulators and employers. The biggest challenge in front of us is how we ensure a pool of high calibre trainers. We need people who can communicate and inspire and impart the value of their experience in the security sector. They must be individuals for whom standards are important. When I ran my first trainers course for the BSIA in 1988, there was an elderly man enrolled who wished to train to be a trainer. It was clear from the first morning that he was going to struggle. When I asked him why he wanted to be a trainer he informed me that he had no choice. His company liked him, but he was deemed too old and frail to be charged out to customers any longer. The chap couldn’t afford to retire. Very few companies placed value on the role of the trainer at that time, with a handful of notable exceptions. While we cannot ignore the fact that we’ve made significant progress since those days, there’s still more to be done. As a sector, we cannot say that all or perhaps even the majority of security-focused training is interesting, wellinformed and delivered with absolute integrity. When, at the bottom end of the market, subcontract trainers can be paid at a rate of £125 per day or less, is this really surprising? In truth, we’re a long way from what perhaps many of us hoped for at the onset of Security Industry Authority (SIA) licensing. The shame of

TrainingandCareerDevelopment January2017_riskuk_apr15 10/01/2017 11:56 Page 2

Training and Career Development

the situation is that the role of the trainer probably holds the most significance within the overall licensing regime, but it’s perhaps the least well controlled.

Trainer integrity In March 2015, just as the BBC was exposing alleged fraud at Ashley Commerce College (ACC), IQ published a White Paper that duly considered – among other things – the way in which we monitor trainers. Back then, there were no means for an awarding organisation to access information from regulator Ofqual on trainers who had been involved in fraud or malpractice. Despite initial interest from Ofqual, some 21 months later there has been no progress made on this issue. The overwhelming sense is that, after the issue was raised by IQ, it was seemingly placed on the ‘too difficult’ pile by the qualifications regulator. It’s far easier to respond to the effect than address the cause. Despite the attention the ACC case generated, and information supplied to Ofqual, neither Ofqual nor any awarding organisation operating in the security sector can confirm with confidence whether or not those involved in the fraud at ACC have re-entered the education sector or are involved in some form of security training. A list of individuals (also supplied to Ofqual by IQ) who had been identified as possibly being involved in fraud or malpractice seemingly hasn’t been followed up. Clearly, it’s not easy to resolve this situation as issues concerning the transfer of data and what might be perceived as the creation of a de facto ‘black list’ all have legal implications. It’s obvious, though, that more needs to be done. Without action, the qualification systems will continue to be exposed. It really is time for the regulators to finally do something.

Making changes In the absence of regulatory action, perhaps there are things that can be done by the sector itself, with the support and involvement of awarding organisations. During the prime of SITO, industry trainers underwent the ‘Train The Trainers’ programme and were then listed on the SITO trainers register. While the restrictive nature of the old SITO scheme cannot be repeated, there are things that could be done. Perhaps the SIA might consider licensing a controlled number of companies to provide security trainer training? After all, the SIA let a number of contracts for ACS assessment companies, and the issue of the quality of trainers is at least as important. The way in which we develop people on entry into the

“As a sector, we cannot say that all or perhaps even the majority of security-focused training is interesting, wellinformed and delivered with absolute integrity. We’ve made significant progress since the late 1980s and early 1990s, but there’s still more work to be done” industry is so critical as it affects quality, understanding and labour retention, yet we work in an environment wherein individuals can gain qualifications as trainers outside of the control or influence of the SIA or the awarding organisations operating in the security business sector. Another solution, perhaps, is to create a register of approved trainers. The sector competence of the individuals could be independently assessed, training credentials monitored and trainers rigorously tested. Awarding organisations could amend their own centre contracts to allow any suspected incidences of maladministration, malpractice or fraud to be reported to the register’s holder. A considerable amount of detail would clearly need to be resolved as the legal issues here are somewhat challenging. However, for those employing trainers in the sector, and certainly for awarding organisations, such a register could prove to be an invaluable development.

Part to play Awarding organisations have a part to play in raising the standards of training delivery. Somehow, we need to stop the churn of the unscrupulous and/or inadequate trainers or training companies moving around the sector. It’s highly likely the 38% of centres for which IQ refused approval in 2016 will have since found an awarding organisation to work with them. Employers are also key actors when it comes to driving a culture of improvement. Just now, we’re perhaps witnessing a drift away from outsourcing to the re-establishment of in-house Training Departments. It’s entirely possible that this drift will accelerate as the Apprenticeship Levy becomes a reality. However, for those who do rely on the open market or training providers to attract pretrained and qualified recruits, there’s work to be done with the supply chain. Identifying trusted suppliers and backing quality through establishing recruitment pathways with those suppliers would have an impact. While ‘pre-trained and free’ has its attractions, much depends on whether you’re faced with the wheat or the chaff. I would contend that it’s time to think about how we increase the percentage of wheat over chaff.

Raymond Clarke: Chief Executive of Industry Qualifications

www.risk-uk.com

RiskinAction January2017_riskuk_oct16 10/01/2017 12:27 Page 1

Risk in Action The Oracle maximises surveillance performance thanks to 360 Vision Technology’s Hybrid cameras Opened in September 1999, The Oracle Shopping Centre in Reading plays host to 90 retail outlets in addition to The Riverside. The stylish latter development, completed in May 2000, features over 20 restaurants, cafés and bars. The site is served by two large car parks able to accommodate 2,300 vehicles. Securing such a vast retail space presents something of a challenge for the security team at The Oracle, which consists of a mixture of security officers patrolling in public areas in addition to highly-skilled operators working in the dedicated CCTV Control Room, from where they can view images produced by a network of over 300 static, covert, PTZ and dome cameras. Looking to move towards a totally IP surveillance-based camera network in the future, but wanting to upgrade its current analogue cameras right now, The Oracle’s management team is fulfilling both desires thanks to Predator Hybrid cameras supplied by 360 Vision Technology. Andy Salmon, security manager at The Oracle, informed Risk UK: “For the latest upgrade, we did harbour some concerns about investing in analogue cameras, only to be faced with them becoming obsolete such that we would have to replace them when the time comes for upgrading to IP.” For many years, Salmon has worked with specialist Shopping Centre security consultant partner Zada Technology, the latter having specified certain cameras at The Oracle during prior system upgrades. “On this occasion, we’ve specified 360 Vision Technology’s Predator Hybrid model for analogue and HD functionality in a single PTZ camera,” explained Adam Parsonson-Smith, technical director at Zada Technology. “When this installation moves to an HD infrastructure, the Hybrid cameras’ standard analogue 4:3 images can be replaced with a Full-HD 1080p output at the flick of a switch.”

Intelligent fire safety systems from Advanced play leading role at the South Bank’s National Theatre The National Theatre has played host to some of the most important productions in British theatrical history orchestrated by many of the world’s most famous actors and directors. Opened in 1976 to provide the National Theatre Company with its first permanent home, the site – which includes three auditoria in the shape of the Olivier Theatre, the Lyttelton Theatre and the Dorfman Theatre – is well known for its ‘Brutalist’ architecture. A focus for cultural activities on London’s South Bank, the location also encompasses a special learning centre, restaurants, a riverside bar and a bookshop.

www.risk-uk.com

Hanwha Techwin makes the grade with video surveillance solution for Deansgate’s luxury serviced offices A landmark Grade II-listed building in Wolverhampton, which has been converted into luxury serviced offices, is being protected with the help of a Samsung Wisenet video surveillance system from Hanwha Techwin. Samsung Wisenet Q and P Series cameras have been installed at Deansgate in Tettenhall Road, Wolverhampton, a two-storey building constructed by the Victorians and now comprising 24,000 square feet of office space. 46 cameras have been installed. In addition to fixed cameras and domes from the Samsung Wisenet Q 4MP range, these include four 2 MP SNP-L6233RHP Wisenet Lite 23x zoom PTZ domes and two Wisenet P PNF-9010R 4K (12 MP) 360 degree cameras. The PNF-9010Rs come complete with licence-free, on-board heat mapping and people counting analytics which can identify areas of the building most commonly used and at what times. Images captured by the cameras are recorded on two Wisenet X 32-channel XRN-2011 NVRs, with security personnel in reception able to view live images or retrieve recorded video. Now, intelligent fire panels from Advanced have been chosen to protect the National Theatre in the wake of an £89 million redevelopment at the site. The contract for the new fire system was awarded to the team at Tri-Management, who specified a network of 12 MxPro 5 panels. Tony O’Connell, business development manager at Tri-Management, said: “Given the tight timescale we had to install the system at the National Theatre, it was an easy decision to select the Advanced panels. They’re both simple to install and programme.” The Tri-Management team carried out the panel upgrade process across a single weekend, in fact, with of all the programming and pre-planning conducted away from site.

RiskinAction January2017_riskuk_oct16 10/01/2017 12:28 Page 2

Risk in Action

IP audio-video intercoms supplied by Castel enhance access control for University of Huddersfield’s Queensgate Campus The University of Huddersfield’s management team has installed a two-way IP audio-video intercom solution from Castel at its Queensgate Campus to manage the exit and entry of both vehicles and visitors. The Queensgate site has witnessed investment of £100 million on infrastructure and resources over the past decade. Recently, Castel worked with installer Kenyon Access Consultants to enable university staff to communicate effectively with visitors before allowing them entry. When they arrive at barriers, gates or bollards on the campus, drivers contact security officers using Castel’s XELLIP one or two-call button Full-IP/SIP entry stations. These are compliant with the Equality Act. The stations boast a 316-grade stainless steel vandal-proof faceplate and are IP64rated to withstand the elements (including protection against rain/water ingress). For certain locations, Castel created a modified housing on posts to meet specific mounting requirements. Crucially, these units are PoE, meaning that installers and site managers were able to use the existing twisted pair cabling to connect the entry stations to the IP network. The built-in colour camera in each station uses H.264 compression technology, with sound quality enhanced by noise and echocancelling. There are three LEDs on the front panel and an integrated induction loop to comply with disability regulations. Some of the entry stations on the campus have been fitted with a 125 kHz MIFARE proximity reader such that staff and third parties can gain entry for their vehicles automatically. Atmane Bensghir, business development manager at Castel, explained to Risk UK: “The entry stations are being used in several non-standard ways to assist the client.”

Middlesbrough FC’s refurbishment of the Riverside Stadium sees panic hardware from Alpro installed on doors fashioned by Metal Services Panic hardware from Alpro is being used by Middlesbrough FC at its Riverside Stadium, the club having spent £5 million on the 33,000-capacity ground after winning promotion to the Premier League. The overhaul has involved work on the general stadium structure as well as new floodlights and media facilities. Safety measures include the use of Touch Bar two-point panic latches from Alpro on fire and exit doors. The latches allow rapid exit down escape routes in the event of an incident and offer the option to ‘lock off’ the hardware on nonmatch days to afford easy operation of the door. The Alpro latches at the Riverside Stadium have been fitted on doors created and installed by Tyne & Wear-based Metal Services. Following activation, the emergency door hardware allows authorised entry back into the site once an evacuation has been carried out. As stated, the application at Middlesbrough FC employs a two-point latch design, but single and triple-point models are also available. Equipment was specified at the Riverside Stadium on the grounds of proven build quality.

Siemens called upon to protect The Fondation Louis Vuitton Museum’s priceless works of art The Fondation Louis Vuitton Museum rises above the treetops of the famous Bois de Boulogne Park in Paris. Designed by acclaimed architect Frank Gehry, the building is the brainchild of Bernard Arnault – Patron of the Arts and chairman of Moet Hennessy Louis Vuitton (LVMH), the publicly-traded French holding company that owns majority shares in more than 60 luxury brands. This striking piece of architecture has been described as an ‘haute couture’ building. It houses one of the most valuable and visionary art collections of its time, including the art of Monet, Picasso and Van Gogh, reinforcing the connection between LVMH and art and design. The technical infrastructure of the multi-award winning 11,000 square metre building sets a new benchmark, encompassing state-of-the-art fire safety and building energy management solutions from Siemens Building Technologies. An intelligent Siemens fire safety system has been installed which combines the highest safety standards with international product innovations and cutting-edge technology. The system consists of the advanced Sinteso fire control panel and fire detection solution.

www.risk-uk.com

TechnologyinFocus January2017_riskuk_sep16 10/01/2017 12:28 Page 1

Technology in Focus OPTEX extends new laser range and enhances certification programme

Sensor manufacturer OPTEX has announced the global roll-out of its outdoor and high resolution indoor laser sensor RLS-2020S, complementing its next generation REDSCAN mini sensor that features a 20x20-metre detection range. The new sensor is being launched in Europe at the end of this month. The S Model features an enhanced microprocessor that provides more powerful sensing capabilities. For indoor environments, it can be set up to identify fast-travelling objects or very small objects. This information can be relayed to a VMS to provide a quicker, more accurate response. The sensor is PoE-compliant, and can send alarms via traditional relay outputs or by using its IP-based Redwall event code that’s integrated with all major VMS platforms. The more powerful processor also enables the RLS-2020S to be deployed in outdoor environments, and harbours a number of environmental resistance features to further minimise false alarms in all kinds of weather conditions. OPTEX is also launching its global certification programme, and will invite specifiers and system integrators to undertake technical and sales training. www.optex-europe.com

Wavestore introduces Version 6.4 of award-winning VMS to deliver major enhancements for practising end users

Wavestore has launched Version 6.4 of its VMS featuring a host of enhancements which allow system integrators and end users alike to derive even more benefits from their new and existing Wavestore solutions. In this latest release, Wavestore adds SSL and TLS protocol e-mail transmission to further protect against potential interception of alerts transmitted via e-mail to an existing long list of pre-configured security measures, which include up to 4096-bit video encryption, stringent password policy enforcement, authorisation of connected devices, privilege separation and robust protection against ‘man-in-the-middle’-style attacks. In direct response to partner feedback, Version 6.4 features built-in network diagnostic tools to aid the quick identification of network issues that could have an adverse impact on overall system performance, greatly reducing time spent on site fault-finding during the commissioning process. Version 6.4 also boasts a much-simplified RAID array configuration via an intuitive set-up screen directly accessed from WaveView client software. This allows authorised users to add internal drives or connected storage to RAID arrays and configure/change RAID5 and RAID6 operation as required from the comfort of the Control Room or a remote location. Several enhancements to user experience and display functionality have been included in Version 6.4, such as the ability to save individual camera bitrates to specific camera layouts. This is particularly useful when recalling a layout that features a high number of HD cameras where the end user may wish to have low-bitrate images displayed to maximise available bandwidth and client computer processing power. If a camera is then selected for closer inspection, the stream can switch to a higher quality bitrate. www.wavestore.com

Gent by Honeywell’s S-Quad AntiLigature Base reduces the risk of harm in prisons and hospitals

Gent by Honeywell, the life safety solutions manufacturer, has announced the introduction of its new and improved S-Quad Anti-Ligature Base (ALD302) for fire detectors designed to provide additional safety within buildings that accommodate individuals who are considered to be at risk. The redesign is a direct result of customer feedback and is ideal for environments such as hospitals, prisons, mental health units and other secure facilities that house and support vulnerable people. Many fittings that would usually be considered perfectly safe pose a risk of ligature in such environments. That being so, products employed need to be modified to maintain the same functionality, yet still engender a safe regime. Equally, installed devices must not offer an opportunity for hiding drugs, knives, razor blades or any other items that could be used for acts of self-inflicted harm. www.gent.co.uk

Zaun boosts ArmaWeave by allowing end users to rake security fencing and employ PID cable systems One of the most intruder-resistant perimeter fencing solutions on the high security market can now be raked across undulations in ground levels, with manufacturer Zaun developing an installation method to make best use of the properties of high security fabric. The ArmaWeave fencing – which is unique to Zaun, as is the ability to rake it – is produced on the world’s largest mesh weaving machine at the company’s West Midlands manufacturing base. It limits the need for stepping panels on slopes and reduces installation costs significantly when compared with standard welded mesh systems, while still conforming to the highest-rated standards for fencing products defending against forcible attack. www.zaun.co.uk

www.risk-uk.com

TechnologyinFocus January2017_riskuk_sep16 10/01/2017 12:29 Page 2

Technology in Focus

Samsung Wisenet 4K 360 degree fisheye camera launched by Hanwha Techwin

With the launch of the Samsung Wisenet 4K PNF9010R, Hanwha Techwin has declared its intention to set a new standard for 360 degree fisheye cameras. Capturing “need to be seen to be believed” 12 MP 360 degree images and with on-board dewarping, the PNF-9010R offers a variety of alternative viewing modes, including single panorama, double panorama and quad views. In addition, the PNF-9010R boasts a significant number of other features which make it stand out from the crowd. These include licence-free on-board people counting analytics and a heat mapping solution. As well as providing a powerful tool to deter and detect criminal activity, the PNF-9010R’s built-in analytics enable end users to achieve so much more. In retail environments, for example, the people counting facility offers the opportunity to measure store efficiency between footfall and actual sales and also helps identify the busiest days, times and seasons in order to manage peaks and troughs of customer flow at checkouts. The heat mapping feature is able to provide accurate information about customer in-store behaviour. It does so by displaying hotspots within a given store to indicate customer buying patterns, including dwell times. www.hanwha-security.eu

UNION enhances quality and finish of keyULTRA master key system UNION’s keyULTRA master key system is patented until 2028. This patent protects the key and cylinder assembly, using DuraPIN technology and preventing the unauthorised copying of keys. The standard finish of keyULTRA has been carefully revised and developed, ensuring the cylinder range complements the rest of UNION’s architectural hardware offering. End user customers can choose from a range of six finishes, including brushed satin nickel, polished chrome, satin chrome, polished brass, satin brass or antique brass. UNION’s knowledge of – and expertise in delivering – high-performance security systems is the result of a rich heritage dating back to 1840. Its Master Keying Department has a combined experience of over 217 years.

Apollo Fire Detectors introduces range of Intelligent Interfaces for fire safety systems

Apollo Fire Detectors has launched a new range of Intelligent Interfaces specifically designed to complement its full range of fire detection devices. The new range, which meets EN 54-17 and EN 54-18 standards, is the latest addition to the series of CoreProtocol-enabled devices following the launch of the new Apollo SOTERIA detectors last year. All devices are backwards compatible but, when used with CoreProtocol, provide enhanced functionality and individual module configurability to enable advanced programmable features. With two different mounting options for faceplate or DIN-Rail, installers of the new Intelligent Interfaces will find them easy to wire for faster installation due to the new colour-coded terminal blocks which provide simpler identification. All new Intelligent Interfaces now have isolators as standard, improved fault monitoring (including earth fault detection) and an extended temperature range of -40o to +70o degrees centigrade. When used in conjunction with a CoreProtocol-enabled panel, additional benefits include the capacity for over 250 addresses with both auto-addressing and soft addressing options. www.apollo-fire.co.uk

Following detailed ‘Voice of Customer’ research conducted among UNION’s Architectural Ironmongery clients, a new architectural thumb turn design has been developed to enhance the range. Craig Birch, product category manager for cylinders at ASSA ABLOY Security Solutions, said: “UNION’s product innovation is very much driven by customer feedback and our ongoing desire to enhance quality. The entire keyULTRA range has proven to be a very popular cost and time-saving solution with a 48-hour cylinder production lead time, offering both value and convenience for our end user customers.” www.uniononline.co.uk/keyULTRA

www.risk-uk.com

paper ad_Layout 1 04/06/2015 17:59 Page 1

thepaper

Pro-Activ Publications is embarking on a revolutionary launch: a FORTNIGHTLY NEWSPAPER dedicated to the latest financial and business information for professionals operating in the security sector

Business News for Security Professionals

The Paper will bring subscribers (including CEOs, managing directors and finance directors within the UKâ&#x20AC;&#x2122;s major security businesses) all the latest company and sector financials, details of business re-brands, market research and trends and M&A activity

FOR FURTHER INFORMATION ON THE PAPER CONTACT: Brian Sims BA (Hons) Hon FSyI (Editor, The Paper and Risk UK) Telephone: 020 8295 8304 e-mail: brian.sims@risk-uk.com www.thepaper.uk.com

Appointments January2017_riskuk_jul15 09/01/2017 15:52 Page 1

Appointments

James McAlister

At the most recent meeting of the Business Continuity Institute’s (BCI) Board of Directors, James McAlister MA DipBCM DipEd FBCI FICPEM formally became the new chairman of the organisation, taking over at the helm from David JamesBrown FBCI whose two years in office have now come to an end. McAlister is a former police officer with over 30 years of experience in the spheres of business continuity, civil protection, emergency planning, security, firearms, public order and training. He has advised on and contributed towards many operations and exercises throughout the UK and, indeed, internationally, including political party conferences, major sporting events, VIP visits, counter-terrorism operations, public order events and environmental/man-made emergencies. McAlister has won a number of prestigious awards, among them the Public Sector Business Continuity Manager of the Year Award at the BCI’s European Awards 2014. On taking up the post, McAlister commented: “David James-Brown has left the Institute in a much better position than it has ever been before. We’re financially stable, have a wider global presence, offer more member services and provide more research papers.” McAlister went on to comment: “Possibly, David’s greatest legacy is yet to be realised in the form of the Institute’s new customer relationship management system which goes live this year. On behalf of all the BCI’s membership, I would like to thank David for his dedication, loyalty, hard work and leadership over the last two years.”

Ashley Cardno CCTV, access control, intrusion, fire safety and data products distributor Oprema has boosted its sales team with the appointment of Ashley Cardno as business development manager for the North of England. Cardno has over 20 years’ experience in the security industry. Prior to joining Oprema, he served as divisional director at HBL Security. Cardno began his career at Intervision Ultrak and held roles at Norbain, Avigilon and Mirasys before spending a decade with Panasonic, where he was distribution manager for its security solutions products. Commenting on his appointment, Cardno stated: “During my time in the security

Appointments Risk UK keeps you up-to-date with all the latest people moves in the security, fire, IT and Government sectors Rob Luke

The Information Commissioner’s Office (ICO) has appointed a new deputy commissioner with responsibility for policy. Rob Luke will join the organisation on Monday 30 January. He was previously British High Commissioner to Malta, and has also served overseas in Brazil and Paris as well as in policy roles at the Foreign & Commonwealth Office in central London. Speaking about the appointment, Information Commissioner Elizabeth Denham said: “We’ll be drawing heavily on Rob’s leadership skills, and he’ll be central to our work on evolving the ICO to make sure we stay relevant, both to members of the public and the organisations whom we regulate. The digital world is a smaller world. The ICO will be taking an internationalist approach, continuing and growing our work with regulators around the world. Rob’s experience will be invaluable here, and I very much look forward to working with him.” For his part, Rob Luke informed Risk UK: “I’m absolutely delighted to be joining the ICO. The information rights landscape is evolving rapidly, and I very much look forward to working as part of the ICO’s team in anticipating and shaping change in the public’s interest, engaging closely with our numerous stakeholders.” Luke was educated at St George’s School in Harpenden and then at St Catharine’s College, Cambridge. He joined the British Diplomatic Service in 2000 after working for the UK’s Millennium Commission. business sector, I’ve worked closely with many integrators and manufacturers. I’m now pleased to bring these working relationships with me to Oprema.” Cardno continued: “Oprema already stocks a wide range of products, and the increasing breadth of brands on offer will allow me to work collaboratively with customers to find the best possible solutions for their requirements. I’m really looking forward to being part of the company’s future success.” Gareth Williams, sales director at Oprema, added: “We’re extremely pleased to welcome Ashley to our sales team. His strong working relationships with integrators and manufacturers built up over many years bring a fantastic benefit to the business.”

www.risk-uk.com

Appointments January2017_riskuk_jul15 09/01/2017 15:52 Page 2

Appointments

Patrick Cooper

Steve Broadley

Life safety systems provider Potter Electric Signal Company LLC has announced the expansion of its sales team in order to better serve clients based in the European market. Steve Broadley has been appointed as the company’s new European business development manager. He joins with over 40 years’ sales and operating experience in the fire protection industry. Starting out as an apprentice with Mather & Platt, Broadley worked his way up through various roles within the organisation. He then went on to work at Tyco, leading expansion projects within the UK, Ireland, Israel, Africa and the Middle East, more recently serving as EMEA business development director for Tyco Fire Protection Products. With the appointment of Broadley, Potter Electric Signal Company LLC will now have a dedicated support in place for European business partners. Bruce LaRue, president of Potter’s dedicated Sprinkler Monitoring Division, informed Risk UK: “We’re thrilled to have Steve on board. His experience and industry relationships are unmatched and will add significant value for our customers right across Europe.” On his new appointment at Potter, Steve Broadley explained: “I’m tremendously excited to be joining such a great company and brand.”

Damien Quarrington

Evidence Talks – the specialist Milton Keynesbased business which provides expert digital forensic systems and advice – has responded to growth across the company with four new appointments to the team. Damien Quarrington and Rowan Gates have joined the group of software developers at the heart of the company’s technology. Quarrington holds a First Class Honours degree in Computer Science (Software Engineering) and has previous commercial experience as a supplier to corporates such as Unilever as well as businesses within the aerospace and defence sectors. Gates joins from Nottingham University with a Masters degree in Computer Science, taken with an Artificial Intelligence specialism. Sam Wesley Obiri is now responsible for IT technical support, bringing a wealth of previous experience in security systems and IT support in the banking and legal sectors following an extensive period of vocational education. Administrator and receptionist Samantha Evans has wide-ranging responsibility for supporting the company’s directors, organising staff and providing Front of House solutions for customers and visitors. Evans boasts 30 years’ experience of implementation and training consultancy for international software houses. Evidence Talks’ CEO Elizabeth Sheldon commented: “The new members of staff add considerably to our in-house expertise as well as our customer-facing services.”

www.risk-uk.com

Farsight Security Services is looking to begin 2017 on a high by welcoming two new additions to its dedicated sales and finance teams. Patrick Cooper joins the remote monitoring services provider as northern business development manager, while Anne Strahan is welcomed to the business in the role of financial controller. Cooper informed Risk UK: “Having worked for installation companies, I fully understand how competitive the market is right now. Upon joining Farsight, my experience and technical know-how will hopefully help installers offer great value and quality remote monitoring services to their end user customer base.” The two appointments signal Farsight’s push to grow its already impressive client portfolio. Rob Moore, the company’s managing director, explained: “The skills that Patrick and Anne bring to Farsight are invaluable. Patrick’s previous experience gained in sales at Kings Security means that he really understands the intricacies of the installation process.”

Robin Kemp

As part of ongoing investment in its Lux Intelligent emergency lighting testing system, global fire protection and life safety company Advanced has appointed Robin Kemp as its dedicated UK sales manager. “I don’t believe there’s another system out there that can match Lux Intelligent for performance and ease-of-use,” explained Dave Henderson, Advanced’s emergency lighting product manager. “It’s fantastic that we now have Robin on the team to help grow our reputation and sales in the UK.” Lux Intelligent is an addressable automatic test system that shows all emergency lighting is compliant and functioning, with no engineer intervention required. It offers a host of technical features and proves compliance with BS 5266. Lux Intelligent will work with any light, fluorescent or LED, allowing it to be a genuine site-wide solution that offers real economies of scale. Cloud monitoring via mobile and web apps also makes the system even easier and more cost-effective for end users to manage.

smart mockup_000_Benchmark_march15 08/12/2016 12:26 Page 1

BENCHMARK Smart Solutions BENCHMARK

Innovative and smart solutions can add value and benefits to modern systems for customers. With the technological landscape rapidly evolving, the Benchmark Smart Solutions project assesses the potential on offer from system integration, advanced connectivity and intelligent technology. Bringing together field trials and assessments, proof of concept and real-world experience of implementing smart solutions, it represents an essential resource for all involved in innovative system design. Launching in 2017, Benchmark Smart Solutions will be the industryâ&#x20AC;&#x2122;s only real-world resource for security professionals who are intent on offering added value through the delivery of smarter solutions.

@Benchmark_Smart Partner Companies

www.benchmarksmart.com

Jan 17 dir_000_RiskUK_jan14 10/01/2017 11:35 Page 1

Best Value Security Products from Insight Security www.insight-security.com Tel: +44 (0)1273 475500 ...and lots more Computer Security

Anti-Climb Paints & Barriers

Metal Detectors (inc. Walkthru)

Security, Search & Safety Mirrors

Security Screws & Padlocks, Hasps Fastenings & Security Chains

ACCESS CONTROL

Key Safes & Key Control Products

Traffic Flow & Management

see our website

ACCESS CONTROL & DOOR HARDWARE

ALPRO ARCHITECTURAL HARDWARE ACCESS CONTROL

ACT ACT – Ireland, Unit C1, South City Business Centre Tallaght, Dublin 24 Tel: +353 (0)1 4662570 ACT - United Kingdom, 2C Beehive Mill Jersey Street, Manchester M4 6JG +44 (0)161 236 3820 sales@act.eu www.act.eu

Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk

ACCESS CONTROL – SPEED GATES, BI-FOLD GATES

HTC PARKING AND SECURITY LIMITED ACCESS CONTROL – BARRIERS, GATES, CCTV

ABSOLUTE ACCESS Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV

St. James’ Bus. Centre, Wilderspool Causeway, Warrington Cheshire WA4 6PS Tel 01925 552740 M: 07969 650 394 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk

ACCESS CONTROL

INTEGRATED DESIGN LIMITED ACCESS CONTROL

KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk

Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com

ACCESS CONTROL

SECURE ACCESS TECHNOLOGY LIMITED Authorised Dealer

ACCESS CONTROL

COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68

Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com

Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk

Custom Designed Equipment ACCESS CONTROL MANUFACTURER

NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES

UKB INTERNATIONAL LTD Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com

• • • • • ȏ •

Indicator Panels Complex Door Interlocking Sequence Control Door Status Systems Panic Alarms &HOO &DOO $΍UD\ 6\VWHPV Bespoke Products

www.hoyles.com sales@hoyles.com Tel: +44 (0)1744 886600

Hoyles are the UK’s leading supplier of custom designed equipment for the security and access control industry. From simple indicator panels to complex door interlock systems.

BUSINESS CONTINUITY

ACCESS CONTROL, CCTV & INTRUSION DETECTION SPECIALISTS

BUSINESS CONTINUITY MANAGEMENT

VANDERBILT INTERNATIONAL (UK) LTD

CONTINUITY FORUM

Suite 7, Castlegate Business Park Caldicot, South Wales NP26 5AD UK Main: +44 (0) 2036 300 670 email: tradeshows@VanderbiltIndustries.com web: www.vanderbiltindustries.com

Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org

www.insight-security.com Tel: +44 (0)1273 475500

Jan 17 dir_000_RiskUK_jan14 10/01/2017 11:35 Page 2

CCTV CCTV Rapid Deployment Digital IP High Resolution CCTV 40 hour battery, Solar, Wind Turbine and Thermal Imaging Wired or wireless communication fixed IP CE Certified Modicam Europe, 5 Station Road, Shepreth, Cambridgeshire SG8 6PZ www.modicam.com sales@modicameurope.com

CONTROL ROOM & MONITORING SERVICES ADVANCED MONITORING SERVICES

EUROTECH MONITORING SERVICES LTD.

Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.net Web: www.eurotechmonitoring.net

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS

ALTRON COMMUNICATIONS EQUIPMENT LTD

DISTRIBUTORS

Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: cctvsales@altron.co.uk Web: www.altron.co.uk

CCTV

G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk

CCTV/IP SOLUTIONS

DALLMEIER UK LTD 3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com

sales@onlinesecurityproducts.co.uk www.onlinesecurityproducts.co.uk

AWARD-WINNING, LEADING GLOBAL WHOLESALE DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.

ADI GLOBAL DISTRIBUTION SPECIALISTS IN HD CCTV

MaxxOne Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP Tel +44 (0)161 430 3849 www.maxxone.com

Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company also offers an internal technical support team, dedicated field support engineers along with a suite of training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online account, installers can order up to 7pm for next day delivery.

Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER. CCTV & IP SECURITY SOLUTIONS

PANASONIC SYSTEM COMMUNICATIONS COMPANY EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP UK Tel: 0207 0226530 Email: info@business.panasonic.co.uk

MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ

Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com

COMMUNICATIONS & TRANSMISSION EQUIPMENT

KBC NETWORKS LTD. Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS

DIGITAL IP CCTV

SESYS LTD High resolution ATEX certified cameras, rapid deployment cameras and fixed IP CCTV surveillance solutions available with wired or wireless communications.

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk

NORBAIN SD LTD 210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com

CCTV SPECIALISTS

UK LEADERS IN BIG BRAND CCTV DISTRIBUTION

PLETTAC SECURITY LTD

SATSECURE

Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 01788 567811 Fax: 01788 544 549 Email: jackie@plettac.co.uk www.plettac.co.uk

Hikivision & MaxxOne (logos) Authorised Dealer Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP Tel +44 (0)161 430 3849 www.satsecure.uk

www.insight-security.com Tel: +44 (0)1273 475500

Jan 17 dir_000_RiskUK_jan14 10/01/2017 11:35 Page 3

EMPLOYMENT

INTEGRATED SECURITY SOLUTIONS

INNER RANGE EUROPE LTD

FIRE AND SECURITY INDUSTRY RECRUITMENT

SECURITY VACANCIES

Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com

www.securityvacancies.com Telephone: 01420 525260

PERIMETER PROTECTION

IDENTIFICATION

ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS

GJD MANUFACTURING LTD Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk

PERIMETER PROTECTION

GPS PERIMETER SYSTEMS LTD

COMPLETE SOLUTIONS FOR IDENTIFICATION

DATABAC GROUP LIMITED

14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk

1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com

INDUSTRY ORGANISATIONS

POWER

POWER SUPPLIES â&#x20AC;&#x201C; DC SWITCH MODE AND AC

DYCON LTD Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471900 Fax: 01443 479 374 Email: sales@dyconpower.com www.dyconpower.com

TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY

BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk Twitter: @thebsia

STANDBY POWER

UPS SYSTEMS PLC Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk

THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY

SSAIB 7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org

INTEGRATED SECURITY SOLUTIONS

UPS - UNINTERRUPTIBLE POWER SUPPLIES

ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk

SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

UPS - UNINTERRUPTIBLE POWER SUPPLIES

HONEYWELL SECURITY

UNINTERRUPTIBLE POWER SUPPLIES LTD

Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com

Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk

www.insight-security.com Tel: +44 (0)1273 475500

Jan 17 dir_000_RiskUK_jan14 10/01/2017 11:35 Page 4

SECURITY

LIFE SAFETY EQUIPMENT

C-TEC CASH & VALUABLES IN TRANSIT

CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk

Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: www.c-tec.com

PERIMETER SECURITY

TAKEX EUROPE LTD QUALITY SECURITY AND SUPPORT SERVICES

CONSTANT SECURITY SERVICES Cliff Street, Rotherham, South Yorkshire S64 9HU Tel: 0845 330 4400 Email: contact@constant-services.com www.constant-services.com

Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takex.com Web: www.takex.com

PHYSICAL CONTROL PRODUCTS, ESP. ANTI-CLIMB

INSIGHT SECURITY FENCING SPECIALISTS

J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk

Units 1 & 2 Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com

SECURITY EQUIPMENT

PYRONIX LIMITED INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com

Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMS INTRUDER AND FIRE PRODUCTS

CQR SECURITY 125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk

BOSCH SECURITY SYSTEMS LTD PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 0330 1239979 E-mail: uk.securitysystems@bosch.com Web: uk.boschsecurity.com

SECURITY EQUIPMENT INTRUDER ALARMS – DUAL SIGNALLING

CASTLE

CSL

Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042

Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 @CSLDualCom www.csldual.com

INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS

RISCO GROUP Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk

www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity

www.twitter.com/castlesecurity

SECURITY PRODUCTS

EATON Eaton is one of the world’s leading manufacturers of security equipment its Scantronic and Menvier product lines are suitable for all types of commercial and residential installations. Tel: 01594 545 400 Email: securitysales@eaton.com Web: www.uk.eaton.com Twitter: @securityTP

ONLINE SECURITY SUPERMARKET

SECURITY SYSTEMS

EBUYELECTRICAL.COM

VICON INDUSTRIES LTD.

Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com

Brunel Way, Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com

www.insight-security.com Tel: +44 (0)1273 475500

Project1_Layout 1 09/01/2017 16:45 Page 1