Integrated Security Systems
Integrated systems (especially access control, intrusion detection and closed circuit TV (CCTV)) can have a major impact on the daily functioning of an organisation - knowledge of the security industry and the right approach are pre-requisites for ensuring maximum benefit can be gained from a integrated security system installation.
During the tender appraisal stage of a contract for an integrated security system, a client visited an installation at another organisation, presumably considered as a show site by one of the favoured tenderers. After the visit my client told me that technically the installation looked really good and professional, but he was aghast that for all the money spent on it, the major part, the access control system, was only being used at night when there was next to nobody about. Apparently the system had caused too many problems during the day.
Integrated systems are complex and they need to be carefully planned to ensure effective integration into the business operation. As always in large projects; technical problems can be difficult to overcome, but not always the human ones. It can be a major problem getting employees to accept change or suspected intrusion on their privacy, but with care even the most intransigent institutions can be wooed. And often 6 months down line, if something goes wrong with the system the original antagonists are the first to want it put right quick.
Some organisations install an integrated system to reduce the diversity and complexity of a possible multitude of different building functions down to a single manageable system. Where there are building critical functions, auditing becomes very important. If this is structured as in an integrated management system, management functions can be greatly streamlined or in some cases - the impossible becomes possible. From the mass of data the manager can request reports on just the data he wants, in many cases that may be reports on just exception incidents.
Integrated systems are therefore management systems first and foremost and are often referred to as security management systems. A well-planned integrated security system will not only monitor and control inputs from various systems, it will also monitor the performance and activities of the operators or guards. This is very important in high security installations as it brings in accountability. With all actions being logged and time stamped there is a significant incentive to operators to follow instructions in a timely and accurate manner.
Most integrated security systems come about following a full time security requirement. If an organisation has 24 hour manned guarding or security monitoring where the guards are expected to respond efficiently to security, fire, access and prime building function alarms, the alarms need to be presented in a manner that gives them the ability to do so. Where alarm panels are wall mounted around a tiny room bombarding the guard with alarms every few seconds in an unstructured way, don't be too upset if he misses a critical battery low alarm or worse.
The most important part of any integrated security system is the user interface. Training of users is essential but systems still have to be designed in such a manner that they more or less instruct the user what to do. I have witnessed an (apparently) trained guard at the main data processing site of a large UK bank panic and fail to respond correctly with a deliberately operated security alarm because the circumstances were different from normal - he was being watched by visitors.
The majority of integrated security systems software is written in North America and supplied and installed by large or specialist security companies. Don't expect them to tell you what you need. In many cases I have found sales representatives do not really know what they are selling and what impact the system may have on the operation of an organisation. Your business is unique and the pressures applied to system sales forces these days do not give them time to fully analyse or understand your needs. Insufficient training, new products and system upgrades coming too fast is the all too common problem for integrated network security system suppliers.
Unless you insist, the supplier's personnel who most understand their company's products will not normally have much contact with the client until after the sale is made. Demand for engineering time for commissioning or rectification of badly sold or poorly specified systems is high for many suppliers.
For the UK and Europe there are British and European standards covering Integrated Systems, Fire, access control, Intruder Alarm Systems, High Security Systems, CCTV, Lighting & control rooms. Legal requirements concerning installations are usually limited to fire, electrical and Health & Safety (including CDM (UK)) regulations.
Acceptance testing should be very thorough against the requirement specification as very few (if any) integrated security systems are independently tested. Suppliers' in-house design staff normally carry out the system tests as they go along with the usual in-house pressures for getting the system to market for fast market returns. I'm sure most suppliers would welcome independent testing as it would solve a lot of their installation problems. Again it's the speed at which new releases and upgrades are brought to the market that makes it difficult and expensive. Until there is user demand across the industry, it is unlikely suppliers will consider it as giving their products a commercial advantage.
Many security management systems include a standard softaware package covering a token, biometric or card access control reader application, identity card production, security monitoring, command scheduling, role call and anti-passback (roster/muster features for evacuation in case of fire or other emergencies), intrusion detection, guard tours, time and attendance, CCTV control and the ability to receive auxiliary inputs (normally binary only) perform arithmetic functions and initiate relay outputs in a variety of modes. Databases can often be exported in a variety of forms to other systems (e.g. human resources and accounts). As previously mentioned the auditing features should be a prime consideration.
Life-critical systems like fire are often integrated for monitoring and control purposes, but integrated security systems never replace the fire control panels in the UK. The preferred interface to these systems is still the old-fashioned volt free relay contacts. Overseas in North America integrated security systems can be certified to control fire inputs. Always communicate with your local fire officer when considering moving fire equipment or altering the fire procedures.
As integrated systems are management systems, a requirement specification should be written by the responsible security manager, the facilities manager (if relevant) and the operators to be. The input from long standing security guards can be invaluable. Make the requirement for the operator interface as simple as possible. An easy response to alarms in stressful situations cannot be over emphasised.
Many of the system structures being adopted today by system designers are following the fashionable trends of modern networks, which is not always desirable for security systems with life-critical or business-critical functions that require built-in redundancy. On the other hand, utilising the company network can greatly reduce the total installation cost. This is where an external independent security consultant can be valuable advising on the best way forward.
For security staff to perform efficiently early consideration needs to be given to job descriptions, control room layout and design. Facilities need to meet relevant human factors criteria for display units, CCTV equipment, mimic panels and communication requirements.
There are typically a choice of three routes to install an integrated security system:
- Approach several suppliers for proposals
- Use an in-house engineer or consultant with inadequate relevant experience to specify and supervise the installation
- Select a good experienced independent security consultant to produce documentation and guide you through the steps.
Believe it or not, the third method, (including consultancy fees) could easily be 60% the cost of methods one or two. And maybe more importantly, the system is more likely to meet its objectives. As in most industries, the response to detailed professional documentation that is clear in its objectives and reduces risk for both purchaser and supplier is met with very competitive prices and a stronger desire to win the work, so getting an independent security consultant with experience on both sides of the supplier / user divide can be very advantageous.
The right approach:
- appoint an in-house project manager or coordinator,
- appoint an independent security consultant for advice on how to avoid the pitfalls,
- carry out a security audit and risk assessment (including existing system functions - e.g. building services) and manpower review. The risk assessment should be a key component of the strategy proposal document,
- produce a strategy proposal with detailed recommendations, alternatives and budget estimates. This is essential to get everyone on-board and travelling in the same direction. The basis for security measures is not always logical, it can be purely subjective - but still very valid,
- board approval - signed and sealed,
- designs, specifications, contract conditions, tender lists and documentation, and job descriptions,
- tender appraisal (short term and long term) - avoid strong ties with suppliers if possible,
- negotiate and award contract,
- regular project meetings and site supervision,
- ensure factory acceptance tests, site acceptance tests and tests at the end of the defects liability period are thorough,
- carry out in-house training for system management, data entry and operators,
- negotiate a fair and reasonable maintenance contract.