14.03.2018 Views

RiskUKMarch2018

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

March 2018<br />

www.risk-uk.com<br />

Security and Fire Management<br />

The Centre of Intelligence<br />

Integrating Technology and Security Guarding<br />

News Special: ASIS European Security Conference 2018<br />

BSIA Briefing: Preparing for the EU’s GDPR<br />

Perimeter Protection: Utilities Sector Solutions Examined<br />

FIA Technical Briefing: Detecting Stratified Smoke


SkyHawk AI<br />

The hawk is back and<br />

smarter than ever.<br />

Gain the commercial edge with SkyHawk AI,<br />

built for AI-enabled surveillance systems,<br />

and now protected by SkyHawk Health.<br />

WWW.SEAGATE.COM<br />

©2017 Seagate Technology LLC. All rights reserved.


March 2018<br />

Contents<br />

34 Meet The Security Company<br />

In association with the NSI, Risk UK continues its ‘Meet The<br />

Security Company’ series by asking Risk Management Security<br />

Services’ managing director Graham Tilly some key questions<br />

Preparing for the EU’s GDPR (pp17-18)<br />

5 Editorial Comment<br />

6 News Update<br />

BS ISO 31000 revised. ICO data protection work funding model.<br />

New counter-terrorism technology unveiled by Home Office<br />

8 News Analysis: PwC’s Crime and Fraud Survey<br />

PwC’s latest study highlights that half of those UK organisations<br />

questioned have been the victim of fraud and/or economic crime<br />

in the last two years. Brian Sims delves into the fine detail<br />

11 News Special: ASIS Europe 2018<br />

ASIS International’s annual European Security Conference and<br />

Exhibition runs from 18-20 April at the Postillion Convention<br />

Centre in Rotterdam. Brian Sims previews the content on offer<br />

14 Opinion: Security Business Sector Insight<br />

Simon Chapman examines the impact of the IoT and how it’s<br />

actively enhancing remote monitoring via Intelligence Centres<br />

17 BSIA Briefing<br />

What exactly does it mean to be compliant with the European<br />

Union’s General Data Protection Regulation, which comes into<br />

force at the end of May? James Kelly outlines the main points<br />

20 The Global Context: Risk in 2018<br />

In the second instalment of an exclusive series, Nicola Crawford<br />

provides an overview of the risk landscape emerging in 2018<br />

38 The Security Institute’s View<br />

Rachel Anne Carter focuses on the important role of the<br />

insurance industry in the delivery of security solutions<br />

40 In The Spotlight: ASIS International UK Chapter<br />

Jerry Ross spoke at a recent ASIS Young Professionals Group<br />

event and gave an account of how she embarked on a career in<br />

the field of intelligence and, subsequently, security<br />

42 FIA Technical Briefing<br />

Fire detection in large open spaces has often proved to be<br />

something of a challenge for project designers, as Robert Yates<br />

and Peter Massingberd-Mundy discover<br />

44 Security Services: Best Practice Casebook<br />

With workplace stress on the increase and mental health issues<br />

now firmly on the agenda, this really should be something that<br />

businesses are tackling head on. Louise McCree investigates<br />

46 Cyber Focus: IP Security and Surveillance<br />

Iain Deuchars describes the features within active network<br />

equipment that can prevent cyber attacks from being successful<br />

48 Training and Career Development<br />

Appropriate training in medical and vehicle rescue capabilities is<br />

now of paramount importance, as Neil Pedersen observes<br />

50 Risk in Action<br />

51 Technology in Focus<br />

53 Appointments<br />

22 Acting on Auto<br />

Paul Woodhouse addresses the security mechanisms that must<br />

be put in place when it comes to autonomous vehicles<br />

24 Making Water Security Work<br />

Jason Hunter evaluates the security implications of proposed<br />

changes in the 2019 Price Review formula for the water industry<br />

27 From Forensics to Real-Time<br />

Lucas Young discusses the business case for protecting the UK’s<br />

transport infrastructures with IP camera and audio technology<br />

28 The Changing Face of Security Services<br />

Risk UK’s regular Security Guarding Supplement features<br />

contributions from Axis Security, CIS Security and TrackTik<br />

56 The Risk UK Directory<br />

ISSN 1740-3480<br />

Risk UK is published monthly by Pro-Activ Publications<br />

Ltd and specifically aimed at security and risk<br />

management, loss prevention, business continuity and<br />

fire safety professionals operating within the UK’s largest<br />

commercial organisations<br />

© Pro-Activ Publications Ltd 2018<br />

All rights reserved. No part of this publication may be<br />

reproduced or transmitted in any form or by any means<br />

electronic or mechanical (including photocopying, recording<br />

or any information storage and retrieval system) without the<br />

prior written permission of the publisher<br />

The views expressed in Risk UK are not necessarily those of<br />

the publisher<br />

Risk UK is currently available for an annual subscription rate of<br />

£78.00 (UK only)<br />

www.risk-uk.com<br />

Risk UK<br />

PO Box 332<br />

Dartford DA1 9FF<br />

Editor Brian Sims BA (Hons) Hon FSyI<br />

Tel: 0208 295 8304 Mob: 07500 606013<br />

e-mail: brian.sims@risk-uk.com<br />

Design and Production Matt Jarvis<br />

Tel: 0208 295 8310 Fax: 0870 429 2015<br />

e-mail: matt.jarvis@proactivpubs.co.uk<br />

Advertisement Director Paul Amura<br />

Tel: 0208 295 8307 Fax: 01322 292295<br />

e-mail: paul.amura@proactivpubs.co.uk<br />

Administration Tracey Beale<br />

Tel: 0208 295 8306 Fax: 01322 292295<br />

e-mail: tracey.beale@proactivpubs.co.uk<br />

Managing Director Mark Quittenton<br />

Chairman Larry O’Leary<br />

Editorial: 0208 295 8304<br />

Advertising: 0208 295 8307<br />

3<br />

www.risk-uk.com


Texecom Connect App<br />

Android version now available<br />

Interact, control and integrate your Texecom security system like never before<br />

The Texecom Connect App allows you to control your security directly from your compatible<br />

<br />

system events and monitor cameras or activity from anywhere in the world.<br />

www.texe.com<br />

Sales: +44 (0)1706 220460<br />

Watch the Texecom<br />

Connect App video


Texecom Connect App<br />

New smartphone application for<br />

Android & iOS operating systems<br />

Texecom Connect SmartCom<br />

Texecom Connect WiFi & ethernet<br />

communicator<br />

Texecom Connect SmartPlug<br />

Ricochet ® enabled<br />

wireless plug<br />

Editorial Comment<br />

All Eyes on Cyber<br />

The large-scale cyber attacks that occurred last year have<br />

served to reaffirm the need for fashioning cyber-resilient<br />

organisations. That’s according to the Business Continuity<br />

Institute’s (BCI) Horizon Scan 2018, released in association with<br />

the BSI. For the second year in succession, the threat posed by<br />

data breaches has been ranked second.<br />

The BCI’s Horizon Scan assesses the business preparedness of<br />

657 organisations worldwide and shows that 53% of business<br />

continuity and resilience professionals are ‘extremely concerned’<br />

about the possibility of a cyber attack. Meanwhile, 42% are<br />

worried about the possibility of a data breach, with 36%<br />

concerned about unplanned IT or telecommunications outages.<br />

Physical security challenges also remain a major concern for<br />

organisations, with 18% of businesses questioned identifying<br />

any interruption to utility supplies and adverse weather as being<br />

severe threats. There’s an intrinsic connection between these<br />

two concerns, as severe weather events – such as Hurricane Irma<br />

and Hurricane Harvey – often damage infrastructure and utility<br />

services. This unavoidable chain reaction reinforces the<br />

importance of workplace recovery plans designed to help<br />

organisations become better prepared for crises, in turn ensuring<br />

the safety of their staff and the stability of operations.<br />

The BCI’s report suggests that professionals are becoming<br />

increasingly aware of the benefits that business continuity<br />

brings to their organisations. The use of ISO 22301 for business<br />

continuity is certainly burgeoning, as is the investment made<br />

into detailed business continuity management programmes.<br />

Moreover, the results of the study suggest that there’s a<br />

positive correlation between the amount of time spent by<br />

organisations in adopting and embedding business continuity<br />

management arrangements and the likelihood of businesses to<br />

keep investing in them. No less than 86% of organisations<br />

who’ve had business continuity plans in place for five years or<br />

more stated that they will either increase or maintain their<br />

investment in this area. The BCI’s report proposes that this could<br />

be due to the fact that professionals are beginning to see a<br />

return on investment from their business continuity planning.<br />

Howard Kerr, CEO at the BSI, informed Risk UK: “With the<br />

stakes continuing to rise as the development of more<br />

sophisticated smart technologies gathers pace, organisations<br />

simply cannot afford to be complacent. They may well be<br />

cognisant of the importance of business continuity, but it’s not<br />

just this that will build their organisational resilience. A much<br />

more holistic approach is required. One that’s focused on<br />

understanding all strengths and vulnerabilities.”<br />

Terrorism and/or gun violence appear to be a growing concern<br />

for many business continuity professionals who should also<br />

determine to remain vigilant about natural catastrophes and<br />

pandemics that could occur in the short term and might well<br />

exert a highly disruptive impact.<br />

Positively, organisations do seem to be heading in the right<br />

direction in terms of preparedness. Detailed business continuity<br />

arrangements now exhibit consistent growth. A win-win scenario.<br />

Brian Sims BA (Hons) Hon FSyI<br />

Editor<br />

December 2012<br />

5<br />

www.risk-uk.com


International standard for managing risk<br />

in organisations revised by BSI<br />

BSI, the business standards company, has<br />

published the revised international standard for<br />

risk management BS ISO 31000:2018 Risk<br />

Management: Guidelines. The purpose of this<br />

standard is to assist a given organisation to<br />

integrate risk management into all of its<br />

activities and functions.<br />

Properly implemented, risk management<br />

improves performance, encourages innovation<br />

and supports the achievement of objectives.<br />

With that in mind, BS ISO 31000 provides Best<br />

Practice guidance on how an organisation can<br />

create the framework for a risk management<br />

strategy which aligns with its broader goals.<br />

Risk can take many shapes and forms<br />

including economic, political and<br />

environmental. BS ISO 31000 is intentionally<br />

broad in its scope in order to assist<br />

organisations with managing risk of any kind,<br />

and is consequently applicable to organisations<br />

in all sectors.<br />

A notable change in this revision is a review<br />

of the principles of risk management. One of<br />

these is continual improvement. This means it’s<br />

not enough for an organisation to create a risk<br />

management framework which is never<br />

revisited or reviewed. To be effective, the risk<br />

management framework needs to take into<br />

account the context of the organisation and its<br />

current risk management practices so that gaps<br />

can be addressed. The different parts of the<br />

framework and how they work together should<br />

always be adapted for specific needs.<br />

Human and cultural factors are also key. For<br />

example, different opinions will affect risk<br />

appetite in addition to the judgement and<br />

perception of risk. A traditional hierarchical<br />

organisation may have very different attitudes<br />

towards risk when compared to a collaborative,<br />

innovation-based company.<br />

This latest revision of BS ISO 31000<br />

highlights the importance of top management<br />

not only implementing risk management, but<br />

also promoting it. Ultimately, the effectiveness<br />

of risk management depends on its integration<br />

into an organisation at all levels.<br />

Anne Hayes, head of the governance and<br />

resilience sector at the BSI, informed Risk UK:<br />

“Effective risk management is about all levels of<br />

an organisation strategically planning for both<br />

today and tomorrow. BS ISO 31000 provides<br />

structured risk management guidance for<br />

organisations such that they can prepare<br />

effectively for the future. Ultimately, having a<br />

plan in place is in the very best interests of<br />

everyone’s safety, security and resilience.”<br />

New Government model announced for funding data protection work of ICO<br />

The Government has announced a new charging structure for data controllers to ensure the<br />

continued funding of the Information Commissioner’s Office (ICO). The new structure was laid<br />

before Parliament on Tuesday 20 February as a Statutory Instrument and will come into effect on 25<br />

May 2018 in order to coincide directly with the advent of the European Union’s General Data<br />

Protection Regulation (GDPR). Until then, organisations are legally required to pay the current<br />

notification fee unless they’re exempt from having to do so.<br />

To help data controllers understand why there’s a new funding model and what they’ll be<br />

required to pay from 25 May 2018, the ICO has produced a Guide to the Data Protection Fee.<br />

The ICO’s data protection work is currently funded through fees levied on organisations that<br />

process personal data (as stated, unless they’re exempt). This is transacted under powers granted<br />

in the Data Protection Act 1998. When the GDPR comes into effect in late May, it will remove the<br />

requirement for data controllers to pay the ICO a fee.<br />

The Government has proposed the new funding structure based on the relative risk to the data<br />

that an organisation processes. The model is divided into three tiers (more of which anon) and<br />

based on a number of factors including an organisation’s size, turnover and whether it’s a public<br />

authority or charity. For very small organisations, the fee will not be any higher than the £35 they<br />

currently pay (if they take advantage of a £5 reduction for paying by direct debit).<br />

Larger organisations will be required to pay £2,900. The fee is higher here because these<br />

organisations are likely to hold and process the largest volumes of data. As such, the risk is greater.<br />

The new fees are as follows: Tier 1 – Micro organisations Maximum turnover of £632,000 or no<br />

more than ten members of staff. Fee: £40 (or £35 if paid by direct debit) Tier 2 – SMEs Maximum<br />

turnover of £36 million or no more than 250 members of staff. Fee: £60 Tier 3 – Large organisations<br />

Those not meeting the criteria of Tiers 1 or 2. Fee: £2,900<br />

6<br />

www.risk-uk.com


News Update<br />

New technology unveiled by Home<br />

Office in bid to help combat<br />

terrorist content online<br />

The Home Office has announced the<br />

development of new technology to<br />

automatically detect terrorist content on any<br />

online platforms. Tests have shown that this<br />

new tool can automatically detect 94% of<br />

Daesh propaganda with 99.995% accuracy. It<br />

boasts “an extremely high degree of<br />

accuracy”. For instance, if it analyses one<br />

million randomly selected videos, only 50<br />

would require additional human review. The<br />

tool can be used by any platform and<br />

integrated into the upload process such that<br />

the majority of video propaganda is stopped<br />

before it ever reaches the Internet.<br />

Developed by the Home Office and ASI Data<br />

Science, the technology uses advanced<br />

machine learning to analyse the audio and<br />

visuals of a video and determine whether it<br />

could be Daesh propaganda. The Home Office<br />

and ASI Data Science will be sharing the<br />

methodology behind the new model with<br />

smaller companies to help combat abuse of<br />

their digital platforms by terrorists.<br />

Many of the major tech companies have<br />

developed technology specific to their own<br />

platforms and publicly reported on the<br />

difference this is making in their fight against<br />

terrorist content. Smaller platforms, however,<br />

are increasingly targeted by Daesh and its<br />

supporters and often don’t have the same<br />

level of resources to develop such technology.<br />

The model, which has been tested using<br />

over 1,000 Daesh videos, isn’t specific to one<br />

platform. That being the case, it can be used<br />

to support the detection of terrorist<br />

propaganda across a range of video streaming<br />

and download sites in real-time.<br />

Welcoming the new technology, Home<br />

Secretary Amber Rudd (pictured) said: “Over<br />

the last year, we’ve been engaging with<br />

Internet companies to make sure that their<br />

platforms are not being abused by terrorists<br />

and their supporters. I have been impressed<br />

with their work so far following the launch of<br />

the Global Internet Forum to Counter<br />

Terrorism, although there’s still more to be<br />

done. I do hope this new technology which the<br />

Home Office has helped to develop can<br />

support others to go further and faster.”<br />

Separately, new Home Office analysis<br />

demonstrates that Daesh supporters used<br />

more than 400 unique online platforms to<br />

push out their poisonous material in 2017,<br />

highlighting the importance of technology that<br />

can be applied across different platforms.<br />

Previous research has found the majority of<br />

links to Daesh propaganda are disseminated<br />

within two hours of release.<br />

London Mayor’s Budget confirms<br />

additional £110 million for<br />

Metropolitan Police Service in 2018<br />

Sadiq Khan, the Mayor of London, has<br />

committed to investing an additional £110<br />

million into the Metropolitan Police Service<br />

across the next 12 months. This substantial<br />

investment means that City Hall is paying a<br />

greater percentage of the overall policing<br />

budget in the capital than ever before – up<br />

from 18% in 2010 to 23%, in fact.<br />

Since 2010-2011, the Metropolitan Police<br />

Service’s general grant funding from the<br />

Government has fallen by more than £700<br />

million (or nearly 40% in real terms) on a likefor-like<br />

basis. Indeed, the Metropolitan Police<br />

Service has had to find roughly £600 million<br />

worth of savings, with the Mayor of London<br />

orchestrating a further £150 million of savings<br />

since taking office.<br />

This has led to the loss of a third of police<br />

staff posts, which are down from 14,330 to<br />

9,985, as well as two-thirds of Police<br />

Community Support Officer posts. These are<br />

down from 4,607 to 1,591. In addition, there<br />

are now 114 fewer police station front counters<br />

and 120 less police buildings.<br />

Khan has repeatedly warned that, with<br />

further savings still needed, the Metropolitan<br />

Police Service is running out of options and<br />

that police officer numbers in the capital could<br />

fall significantly below 30,000 before 2021 – a<br />

dangerous low which “presents a serious risk”<br />

to the safety of Londoners.<br />

Khan commented: “These are challenging<br />

times, with Brexit posing a real threat to jobs<br />

and prosperity and the Government’s<br />

continued austerity programme damaging<br />

public services in our city. However, I’m<br />

convinced that this Budget will improve the<br />

lives of all Londoners and increase the<br />

opportunities available for our citizens to fulfil<br />

their potential.”<br />

The Mayor continued: “The Government has<br />

repeatedly refused to act on the funding crisis<br />

facing police services across Britain. This<br />

leaves me with no choice but to take the<br />

unusual step of increasing police funding from<br />

London business rates as well as Council Tax.<br />

However, tackling rising crime will also require<br />

us to be tough on the causes of crime.”<br />

In this Budget, Khan has created a new £45<br />

million Young Londoners Fund to support<br />

education, sport and cultural activities for<br />

them over the next three years.<br />

7<br />

www.risk-uk.com


“Fraud increasing in cost and complexity for<br />

UK organisations” reports PwC Survey<br />

PwC’s latest study<br />

highlights that half of<br />

those UK<br />

organisations<br />

questioned have been<br />

the victim of fraud<br />

and/or economic crime<br />

in the last two years.<br />

More than half (51%)<br />

of the most disruptive<br />

crimes resulted in<br />

losses of over £72,000<br />

compared to 37% on<br />

the global stage.<br />

Nearly a quarter of UK<br />

victims (24%, to be<br />

precise) lost more<br />

than £720,000. Brian<br />

Sims reports<br />

8<br />

www.risk-uk.com<br />

Plainly, not enough is being done by UK<br />

organisations when it comes to actively<br />

preventing fraud. Only half of respondents<br />

to the latest PwC study reported having carried<br />

out a fraud risk assessment in the last two<br />

years. This is an important first step in the<br />

process to allow for the right prevention<br />

measures to be put in place.<br />

The findings are taken from PwC’s ninth<br />

biennial Global Economic Crime and Fraud<br />

Survey, which is based on input from more than<br />

7,000 business decision-makers across 123<br />

countries, including 146 from the UK (32% of<br />

them C-Suite representatives and 46% heads of<br />

department/business units).<br />

Fran Marwood, forensics partner at PwC,<br />

explained to Risk UK: “The cost of fraud to UK<br />

business continues to rise, due at least in part<br />

to the increasing threat from cyber fraud. While<br />

the direct losses are quantifiable, the wider<br />

effects can be far more damaging. UK<br />

organisations have told us that the cost and<br />

disruption of sorting out the aftermath, as well<br />

as the effects on employee morale, business<br />

relations and brand are big hidden costs.”<br />

Marwood added: “Times of uncertainty and<br />

change often help fraudsters to exploit<br />

weaknesses in an organisation’s systems. In<br />

this current period of pretty rapid business<br />

change, understanding the risks and possible<br />

avenues for attack is now more crucial than<br />

ever. Against this backdrop, only half of UK<br />

businesses are currently analysing the risks<br />

posed to them by fraud.”<br />

Potential of technology<br />

This year’s study shows a shift towards<br />

technology-enabled crime, bribery and<br />

corruption as well as procurement fraud. Cyber<br />

crime was the most prevalent (overtaking asset<br />

theft as the top fraud type for the first time<br />

since the survey began back in 2002), and was<br />

experienced by nearly half (49%) of economic<br />

crime victims in the UK (global: 31%). 42% of<br />

respondents expect this to continue to be the<br />

most serious type of fraud in terms of business<br />

impact over the coming two years.<br />

Marwood continued: “Much of the cyber<br />

crime in the UK comes from external overseas<br />

threats. As the world’s fifth largest economy, it’s<br />

no surprise that the resources of UK<br />

organisations are seen as an attractive target<br />

by global fraudsters. Over half of respondents<br />

reported suffering phishing attacks, which are<br />

transacted on a large scale to play the odds.<br />

Ultimately, cyber defence relies on people<br />

understanding the threat. On that basis,<br />

training, awareness and escalation routes are<br />

just as important as any defensive technology.”<br />

Despite being faced with an ongoing flow of<br />

fraudulent activity, the research suggests UK<br />

organisations are relying heavily on people with<br />

the skills to detect it, rather than employing<br />

more advanced technologies. General antifraud<br />

controls were reported to be the most<br />

successful detection method (uncovering 19%<br />

of frauds), followed by tip-offs/whistleblowing<br />

(16%) and internal audit (15%).<br />

While the majority of organisations are using<br />

technology to monitor or detect fraud in some<br />

way, it’s not always performing particularly<br />

well. Suspicious activity monitoring spotted<br />

10% of fraud, while data analytics detected only<br />

1% (the latter down from 8% according to the<br />

results of the same study two years ago).<br />

Anti-fraud technology has much more to<br />

offer, but UK organisations are behind the<br />

global average in its uptake. Around one-in-five<br />

firms have no plans to look at more advanced<br />

techniques – such as predictive analytics (19%)<br />

or machine learning (22%) – in order to combat<br />

or monitor fraud in future.<br />

Marwood outlined: “Technology is opening<br />

up more avenues for fraudsters, but also<br />

providing new and innovative ways of<br />

protecting against it. As economic crime<br />

continues to remain high, it underlines the<br />

need for new approaches. UK organisations are


News Analysis: PwC Global Economic Crime and Fraud Survey<br />

missing out on opportunities to detect<br />

anomalies in their data that might indicate<br />

fraud. It’s not about just plugging in a new<br />

piece of technology and hoping that solves the<br />

problem alone. Rather, it’s about harnessing<br />

the combined power of skilled people and the<br />

right technologies to stand the best chance of<br />

tackling the problem.”<br />

Additional study findings<br />

More than half (55%) of UK frauds were<br />

committed by external actors (eg hackers,<br />

customers and intermediaries were most<br />

common) versus a global average of 40%.<br />

Of those frauds carried out by internal parties<br />

(33%), half were committed by senior<br />

management, which is up from 18% in 2016 and<br />

double that of the global average (24%).<br />

There’s a sharp increase in reported bribery<br />

and corruption in the UK from 6% in 2016 to<br />

23% in this year’s study. This is more likely to<br />

be as a result of the positive stance the UK has<br />

taken on anti-bribery measures (including the<br />

Bribery Act introduced in 2010) leading to<br />

increased transparency rather than an actual<br />

rise in cases.<br />

UK firms are spending more than ever on<br />

compliance. Over half (54%) have witnessed an<br />

increase in their compliance spend in the last<br />

two years compared to 42% globally.<br />

Marwood went on to explain: “The increase<br />

in reported bribery is of particular interest,<br />

coming at a time when UK business is ahead of<br />

most global territories from a compliance<br />

perspective, largely as a result of measures<br />

required by the UK Bribery Act. The<br />

effectiveness of these measures, the additional<br />

ethical due diligence being conducted and the<br />

huge compliance resources introduced over the<br />

last few years are clearly succeeding in flushing<br />

out historic cases.”<br />

In conclusion, Marwood commented: “While<br />

increased levels of reported crime cannot<br />

always be directly equated to the actual crimes<br />

increasing, the study shows a greater<br />

awareness and understanding of the various<br />

types, perpetrators, impacts and costs of fraud<br />

among UK organisations. However, there’s still<br />

more work to be done, and particularly so in<br />

terms of understanding and acting on the<br />

specific risks that today’s organisations face<br />

due to fraud, cyber threats and bribery, as well<br />

as investing in people and technology to<br />

combat the ever-evolving threat.”<br />

Systemic failures<br />

Meanwhile, systemic senior management<br />

failure to protect consumers and prevent money<br />

laundering will result in the William Hill Group<br />

“There’s a sharp increase in reported bribery and corruption<br />

in the UK from 6% in 2016 to 23% in this year’s study. This<br />

is likely due to the stance taken on anti-bribery measures”<br />

(WHG) paying a penalty package of “at least<br />

£6.2 million”. A Gambling Commission<br />

investigation has revealed that, between<br />

November 2014 and August 2016, the gambling<br />

business breached anti-money laundering and<br />

social responsibility regulations.<br />

Senior management failed to mitigate risks<br />

and have sufficient numbers of staff to ensure<br />

that the company’s anti-money laundering and<br />

social responsibility processes were effective.<br />

This resulted in ten customers being allowed to<br />

deposit large sums of money linked to criminal<br />

offences which resulted in gains for the WHG of<br />

around £1.2 million. WHG did not adequately<br />

seek information about the source of the funds<br />

or establish whether the people involved were<br />

“problem gamblers”.<br />

WHG will pay more than £5 million for<br />

breaching regulations and divest itself of the<br />

£1.2 million earned from transactions with the<br />

ten customers. Where victims of the ten<br />

customers are identified, they will be<br />

reimbursed. If further incidents of failures<br />

relating to this case emerge, WHG will divest<br />

any money made from these transactions.<br />

WHG will also appoint external auditors to<br />

review the effectiveness and implementation of<br />

its anti-money laundering and social<br />

responsibility policies and procedures and<br />

share learning with the wider industry.<br />

Neil McArthur, executive director of the<br />

Gambling Commission, said: “We will use the<br />

full range of our enforcement powers to make<br />

gambling fairer and safer. This was a systemic<br />

failing at the William Hill Group which went on<br />

for nearly two years. The penalty package,<br />

which could exceed £6.2 million, reflects the<br />

seriousness of the breaches.”<br />

McArthur concluded: “Gambling businesses<br />

have a responsibility to ensure that they keep<br />

crime out of gambling and tackle problem<br />

gambling. As part of that, they must be<br />

constantly curious about where the money they<br />

are taking is coming from.”<br />

Nick Gaubitch, research manager (EMEA) at<br />

Pindrop, commented: “The penalty imposed on<br />

the William Hill Group shines a rather<br />

interesting spotlight on fraud detection within<br />

the industry. How efficiently companies<br />

mitigate risk and fraudulent transactions, and<br />

particularly so with machine learning and voice<br />

authentication, should play a key part in<br />

defending vulnerable channels.”<br />

9<br />

www.risk-uk.com


Powerful web based<br />

controller, powered<br />

by smart devices.<br />

DESIGNED<br />

IN<br />

A U ST R A<br />

R<br />

LIA<br />

Inception is an integrated access control and security<br />

alarm system with a design edge that sets it apart<br />

from the pack. Featuring built in web based software,<br />

the Inception system is simple to access using a web<br />

browser on a Computer, Tablet or Smartphone.<br />

With a step by step commissioning guide and<br />

outstanding user interface, Inception is easy to<br />

install and very easy to operate.<br />

For more information simply scan the QR code<br />

or visit innerrange.com.<br />

Security<br />

Alarm<br />

Access<br />

Control<br />

Automation<br />

No Software<br />

Required<br />

Multiple<br />

Devices<br />

Easy Setup<br />

with Checklist<br />

Prompting<br />

Send IP Alarms via<br />

the Multipath-IP<br />

Network<br />

T: +44 845 470 5000<br />

E: ireurope@innerrange.co.uk<br />

W: innerrange.com


News Special: ASIS European Security Conference 2018<br />

ASIS Europe 2018: ‘From Risk to Resilience’<br />

Practising security professionals find<br />

themselves operating in an era where the<br />

Internet of Things (IoT) is rendering once<br />

established lines of responsibility obsolete,<br />

while in parallel the risk of terrorism and<br />

ongoing political turmoil remain only too real.<br />

In addition, developments in Artificial<br />

Intelligence (AI) and drone technology, for<br />

example, continue apace. With this backdrop in<br />

mind, next month’s ASIS European Security<br />

Conference (otherwise known as ASIS Europe<br />

2018) is designed to confront all of these and,<br />

indeed, many more of today’s key topics.<br />

As a global community of security<br />

practitioners tasked with the protection of<br />

assets – encompassing people, property and<br />

information – ASIS is uniquely positioned to<br />

address the ‘issues of the day’ when it comes<br />

to enterprise-wide risks. As such, cyberphysical<br />

threats in hyper-complex and<br />

connected environments will be core themes for<br />

the 2018 gathering (as indeed they were at the<br />

2017 event in Italy).<br />

The conference programme itself runs on<br />

both Thursday 19 April (10.30 am-5.30 pm) and<br />

Friday 20 April (from 9.30 am until 1.30 pm),<br />

with registration commencing from 8.00 am on<br />

both days. This is prefaced on the evening of<br />

Wednesday 18 April in the form of a Welcome<br />

Party from 6.00 pm until 8.00 pm.<br />

ASIS Europe 2018 will offer multiple tracks of<br />

valuable learning opportunities including<br />

Keynotes, Masterclasses, executive sessions,<br />

training and a Careers Centre running alongside<br />

the exhibition. Exhibiting companies booked to<br />

attend include AS Solution, beTravelwise,<br />

Bosch Security Systems, the BSI Group,<br />

Dataminr, Darktrace, the Deltagon Group,<br />

Dormakaba, exploqii, F24, Falanx Assynt,<br />

Fastcom Technology, Genetec, Groundwork, Hill<br />

& Smith/Bristorm, the IE Business School,<br />

Indigovision, Johnson Controls, Nedap, QCC<br />

Global, Safehotels, Securitas Europe, Signpost<br />

Six, Stratfor, The Hague Security Delta,<br />

Trackforce, Trigion and Videotec.<br />

For its part, Nedap will be sharing knowledge<br />

about the key steps to consider when selecting<br />

a global physical access control system. The<br />

company has asked the Swiss Reinsurance<br />

Company Ltd (Swiss Re), the world’s secondlargest<br />

reinsurer, to give a presentation about<br />

its challenges and learnings when introducing a<br />

global physical access control system.<br />

Christoph Teuber, Swiss Re’s head of group<br />

security, will highlight the challenges and<br />

ASIS Europe 2018 – ASIS International’s annual European<br />

Security Conference and Exhibition – runs from 18-20 April at<br />

the Postillion Convention Centre. Brian Sims previews the<br />

educational content on offer for those risk and security<br />

management professionals making the trip to Rotterdam<br />

lessons learned during the implementation of<br />

its global security project. In essence, the<br />

presentation is designed to showcase the<br />

different steps that need to be taken for a<br />

physical access control system and its<br />

implementation. What are the reasons to move<br />

to a new system? What are the requirements of<br />

the new system? How should professionals<br />

manage a global system roll-out?<br />

Security of information systems and premises<br />

are of paramount importance to operations at<br />

companies like Swiss Re. Thanks to its own<br />

AEOS solution, Nedap has been able to deliver<br />

a state-of-the-art physical access control<br />

system capable of managing the ever-evolving<br />

security challenges faced by organisations.<br />

Impact of technology<br />

The opening Plenary Session at conference is<br />

not to be missed. In 2018, the focus is on ‘What<br />

the Next Ten Years of the IoT and AI Will<br />

Realise’, a pivotal subject to be covered in<br />

some detail by Tom Raftery (global vicepresident,<br />

futurist and IoT evangelist at SAP).<br />

Raftery will set the scene for conference with<br />

expert insight around the organisational<br />

impacts of Big Data, automation and AI. What<br />

will this mean for organisations and jobs in the<br />

future? How quickly will changes take place?<br />

What are the key benefits for businesses?<br />

This session runs from 9.00 am-10.00 am on<br />

Thursday 19 April and examines the<br />

11<br />

www.risk-uk.com


News Special: ASIS European Security Conference 2018<br />

Eduard Emde CPP:<br />

Chairman of ASIS Europe<br />

2018 and Head of the<br />

Security Section at the<br />

European Space Agency<br />

*Register for attendance at<br />

ASIS Europe 2018 by visiting<br />

www.asiseurope.org<br />

perspectives of businesses, consumers,<br />

shareholders and communities alike, setting<br />

the parameters within which security<br />

professionals and, in particular, security<br />

leaders need to operate.<br />

Following on from Raftery’s delivery,<br />

Conference Track 1 features a presentation by<br />

Scott Klososky, founding partner at Future Point<br />

of View. From 10.40 am until 11.10 am, Klososky<br />

(a renowned technology trend expert) will seek<br />

to challenge established thinking by outlining<br />

new security concerns created by the<br />

technology innovations shaping the business<br />

sector and our world in general.<br />

The Security Leaders Panel Debate entitled<br />

‘From Risk to Resilience’ takes place between<br />

11.15 am and 12.15 pm. A panel of CSOs and<br />

security leaders from key sectors will interpret<br />

the Keynote address, focusing on the risk<br />

outlook for security practitioners. Topics to be<br />

explored include the questions to be<br />

considered at the early stages of Big Data and<br />

AI implementation and how we can assign and<br />

maintain responsibility through the next phase<br />

of technological evolution. The Panel Debate is<br />

being chaired by Professor Martin Gill CSyP<br />

FSyI, director of Perpetuity Research.<br />

Transforming security<br />

The afternoon conference sessions in Track 1 on<br />

19 April begin with an examination of ‘The<br />

Cyber Threat Outlook’ (1.30 pm-2.15 pm) and<br />

‘Virtual Security Centre Operation<br />

Transformation’. Presented by Michael Foynes<br />

(senior director of global operations for global<br />

security at Microsoft), the latter session runs<br />

from 2.20 pm until 3.05 pm and explores the<br />

transformation of Microsoft’s Global Security<br />

Operations Centres to become a virtualised<br />

Security Operations Centre.<br />

This transformation has made good use of<br />

both cloud and the mobility of devices. Foynes<br />

will share details of Microsoft’s journey,<br />

highlighting changes to its people, processes<br />

and technologies. The discussion will touch on<br />

how the company altered its operating model<br />

to become a ‘Fusion Centre’ that co-locates<br />

intelligence and operations.<br />

The inaugural Masterclass of conference is<br />

focused on ‘How Digital Asset Valuation<br />

Impacts Risk Assessments’. Between 3.50 pm<br />

and 5.25 pm, Carl Erickson CPP (CISO at Philips<br />

Lighting in the Netherlands), Gal Messinger<br />

(head of global security at the same company)<br />

and Eduard Emde CPP (chairman of ASIS<br />

Europe 2018 and head of the security section at<br />

the European Space Agency) offer their views.<br />

Organisations are rapidly generating and<br />

developing abilities to handle, analyse and<br />

make sense of vast amounts of data – levels of<br />

data that would have been unimaginable even a<br />

few years ago. Additionally, data that didn’t<br />

exist before is now available, while data that<br />

was trivial in days gone by can suddenly<br />

become both valuable and sensitive. The<br />

objective of this Masterclass is to address how<br />

the increasing value of data and digital assets<br />

impacts risk assessments and the asset<br />

protection approaches in organisations which<br />

have historically had more of an emphasis on<br />

protecting human or physical assets.<br />

‘Insurance: Part of the Risk Management<br />

Strategy’ is the subject about which James<br />

Morris (regional security manager for the EMEA<br />

within Aon UK’s Corporate Protection Services<br />

operation) will be speaking between 4.40 pm<br />

and 5.00 pm. Insurance is a key element of any<br />

holistic risk management strategy, but very few<br />

people know its real value or true importance.<br />

Morris will discuss the importance of<br />

insurance while focusing on understanding the<br />

subject from the point of view of security<br />

professionals who want to talk risk<br />

management strategies with business leaders.<br />

Terrorism trends in Europe<br />

Track 1 of Day 2 at conference kicks off with<br />

Glenn Schoen’s session on ‘Jihadi Terrorism<br />

Trends in Europe: A Look Ahead’. Between 9.10<br />

am and 9.55 am, Schoen (CEO at<br />

Boardroom@Crisis) will offer a dynamic<br />

presentation centred on the evolving Jihadi<br />

terrorist threat in Europe and stress the need<br />

for improved resilience in the wake of recent<br />

lessons learned.<br />

This includes gaining insight on situations<br />

some ASIS members are likely to have to deal<br />

with in 2018, such as the World Cup in Russia<br />

during June and July, the threat around various<br />

upcoming political elections and far-right/farleft<br />

extremist reactions to terrorist activity.<br />

Also covered will be recent changes in<br />

terrorist tactics and emerging Best Practice<br />

when it comes to managing acute threats for<br />

staff based in office environments.<br />

‘ESRM: A Management Philosophy’ runs in<br />

parallel within Track 2 at conference. Being<br />

adaptive to new types of risk is at the core of<br />

ESRM: the practice of managing a security<br />

programme through the use of risk principles.<br />

It’s a philosophy of management that can be<br />

applied to any area of security and any task<br />

that’s performed by security, such as physical,<br />

cyber, information and investigations.<br />

John Petruzzi CPP (vice-president of<br />

integrated security solutions for G4S in the<br />

Americas) will demonstrate the value of ESRM<br />

in addressing today’s emerging risks.<br />

12<br />

www.risk-uk.com


TCP/IP<br />

network<br />

PAVIRO<br />

Public Address and Voice Evacuation System<br />

with Professional Sound Quality<br />

Flexibility from the start<br />

PAVIRO offers you smart features making system specification and installation faster, simpler<br />

and more efficient than ever before. Design a complete system with just a few parameters. Avoid<br />

unexpected costs thanks to the system’s extreme flexibility and low operational costs. What‘s<br />

more? The new Dante network interface module ensures IP networking functionality allowing<br />

larger areas with more audio channels with up to four decentralized controllers.<br />

Find out more at boschsecurity.com


The Centre of Intelligence<br />

The complexity of creating a reliable and<br />

sustainable IoT infrastructure has led to a<br />

situation where companies must find effective<br />

ways to manage sensors, networks, data<br />

storage and data analytics in order to leverage<br />

this information and drive improvements.<br />

The online world is<br />

expanding rapidly,<br />

while the Internet of<br />

Things (IoT) is already<br />

exerting a positive<br />

influence upon how<br />

people, property and<br />

other assets can be<br />

protected. Simon<br />

Chapman examines in<br />

detail the impact of<br />

the IoT, the ways in<br />

which it’s enhancing<br />

the advantages of<br />

remote monitoring via<br />

Intelligence Centres<br />

and what today’s<br />

security professionals<br />

can expect from it as<br />

time moves forward<br />

Kevin Ashton, the British technology<br />

pioneer and co-founder of the Auto-ID<br />

Centre at the Massachusetts Institute of<br />

Technology, is generally considered to have<br />

coined the term the Internet of Things (IoT)<br />

during a presentation delivered at Procter &<br />

Gamble back in 1999. After a relatively slow<br />

start, the number and variety of enabled<br />

devices is growing exponentially, and the IoT<br />

has now turned itself from being just another<br />

‘buzz phrase’ into a ubiquitous term for<br />

describing our connected world.<br />

The scope of the IoT is incredibly wide.<br />

People and machines are now being connected<br />

to networks and each other, facilitating the<br />

ability to share vast amounts of valuable data,<br />

which can make our lives and businesses more<br />

efficient. IoT-based devices collect a great deal<br />

of personal data. For example, smart meters<br />

can tell when a person’s inside a building and<br />

what devices are being used at any given time.<br />

However, if we think what we produce today<br />

represents Big Data then we need to think<br />

again. IDC’s analysts predict that, by 2020, IoTbased<br />

devices will collectively create, copy and<br />

consume about 44 zettabytes of data. That’s 50<br />

times more than in 2012. That’s a lot of<br />

information which will have to be moved,<br />

processed and stored in Data Centres across<br />

the planet. Not only that, but as more<br />

connected devices are introduced, it’s harder to<br />

remain fully aware of everything these devices<br />

are capturing. In turn, this makes the<br />

effectiveness of an organisation’s monitoring<br />

and management software absolutely vital.<br />

Careful thought required<br />

Data protection is a hot topic at the moment<br />

and security, legal and regulatory compliance,<br />

as well as data loss and leakage risks, are high<br />

on the list of reasons why the use of the IoT<br />

needs to be carefully thought through.<br />

Enterprises are right to be concerned. On 25<br />

May, the General Data Protection Regulation<br />

(GDPR) becomes European law. The primary<br />

objectives of the GDPR are to give citizens and<br />

residents control of their personal data and<br />

simplify the regulatory environment for<br />

international business by unifying regulation<br />

within the European Union (EU). It requires any<br />

organisation that operates in the EU, or handles<br />

the personal data of people residing within the<br />

EU, to implement a strong data protection<br />

policy encompassing access, secure storage<br />

and destruction. It’s all about a company’s legal<br />

ability to protect data held about staff,<br />

customers and anyone else with whom it deals.<br />

What’s worrying is that, according to a study<br />

carried out by Symantec, 96% of companies<br />

still don’t fully understand the GDPR, while 91%<br />

of 900 businesses polled in the UK, France and<br />

Germany harbour concerns about their ability<br />

to become compliant by the time this new law<br />

comes into effect.<br />

Onwards and upwards<br />

This is all very well, I hear you say, but what<br />

does the IoT mean for electronic and physical<br />

security? Well, developments in Internet<br />

Protocol (IP)-based technology have meant that<br />

a wide variety of building services can now be<br />

controlled over a single network infrastructure.<br />

It’s now possible for services including security,<br />

access control, fire detection, voice, data,<br />

wireless devices, audio visual, energy<br />

management, lighting controls and heating,<br />

ventilation and air conditioning systems to<br />

operate over copper or fibre optic cabling.<br />

The good news for the security industry is<br />

that, for those able to provide remote<br />

monitoring, network connectivity makes this<br />

service far more ‘intelligent’. By using the<br />

benefits of the IoT, building services,<br />

infrastructure and even individual products can<br />

14<br />

www.risk-uk.com


Opinion: Security Business Sector Insight<br />

be monitored and managed, in turn offering a<br />

number of distinct advantages.<br />

Increasingly referred to as Intelligence<br />

Centres, one of the main reasons for using<br />

these facilities is to reduce overheads.<br />

Certainly, the potential cost savings an<br />

Intelligence Centre offers are enormous.<br />

A large business premises will often have one<br />

dedicated person to provide access for<br />

deliveries and allow on-site employee and<br />

visitor parking, etc. While this is obviously<br />

important from a security point of view, there<br />

may well be long periods where that operative<br />

is doing very little. An Intelligence Centre is<br />

able to carry out such functions as part of a<br />

broader range of activities.<br />

Analysis capabilities<br />

Where an Intelligence Centre really comes into<br />

its own is due to its ability to drill down and<br />

analyse individual products and systems and<br />

ascertain whether they’re faulty or otherwise<br />

not working to optimum capacity. A<br />

supermarket, for example, is now able to fit a<br />

sensor on a freezer unit that sends an alert to<br />

an Intelligence Centre if the unit’s temperature<br />

strays outside of certain parameters and<br />

indicates a fault. Facilities personnel can then<br />

be alerted instantly in order to remedy the<br />

problem and ensure operational uptime.<br />

Furthermore, organisations can benefit from<br />

remote monitoring in the event that an in-house<br />

security system becomes compromised. Linking<br />

a surveillance system to an Intelligence Centre<br />

provides a 24/7/365 service that also ensures<br />

that the appropriate response is provided in the<br />

event of a fire, a break-in or even a cyber<br />

security breach episode.<br />

Building management<br />

With far more connected workplaces a certainty<br />

within a matter of a few years, security<br />

providers need to think wider still. Lowering<br />

energy consumption is high on the list of<br />

priorities for most organisations these days.<br />

Although a given premises might indeed have a<br />

building management system (BMS) in place,<br />

any failure to regularly maintain that system<br />

means that it will not operate at its optimum<br />

level. This results in wasted energy, but can<br />

also have a dramatic effect on a building’s<br />

comfort conditions by making certain<br />

areas/zones either too hot or too cold.<br />

An Intelligence Centre can address this issue<br />

by making sure that a BMS’ set-points are<br />

correctly configured and properly maintained at<br />

all times. Energy efficiency and security may<br />

also be enhanced by remotely turning lights off<br />

in unoccupied areas and even switching<br />

computers and other networked devices off<br />

when they’re left on.<br />

While remote monitoring has traditionally<br />

focused on the use of electronic technology, it’s<br />

now possible to integrate security guarding into<br />

the mix. Knowing when personnel report for<br />

duty, when and where incidents occur, response<br />

times and resolution details helps in building a<br />

more advanced picture – or ‘resource-to-risk’<br />

model – concerning where guarding can be<br />

most effectively used, as well as identifying any<br />

‘hotspots’ where incidents frequently occur.<br />

Retailers are leading the way in this area. A<br />

growing number are adopting software<br />

analytics platforms in Intelligence Centres to<br />

study customer behaviour, identify repeat<br />

offenders and therefore reduce instances of<br />

crime. In addition, security officers in a<br />

Shopping Centre’s public areas can be notified<br />

of where help is needed and provide an<br />

immediate response. Health and Safety-related<br />

issues such as slips, trips and falls within<br />

various locations may be monitored and the<br />

relevant action taken.<br />

Diverse skill sets<br />

Those working in Intelligence Centres have the<br />

opportunity to develop more diverse skill sets –<br />

ones that better represent the integration<br />

between technology and security guarding. At<br />

the end of the day, the IoT and the data<br />

produced by it needs people who can analyse it<br />

and make it meaningful. In addition, the use of<br />

technology can enable security officers to<br />

become more effective and allow them to<br />

demonstrate the effectiveness of what they do<br />

against defined Key Performance Indicators.<br />

The IoT is transforming everyday physical<br />

objects that surround us in ways that would<br />

have previously seemed the preserve of science<br />

fiction. Although we’re still some way off from<br />

witnessing the full potential of the IoT in the<br />

security industry, it’s clear that the data it<br />

produces – when analysed by experts in<br />

Intelligence Centres – has the potential to<br />

optimise a security strategy, reduce crime and<br />

provide a genuine return on investment.<br />

At a time when it might appear that we need<br />

more physical security, the IoT and Intelligence<br />

Centres are highlighting that, in fact, less can<br />

be more and that smarter thinking on this issue<br />

should always be encouraged.<br />

Simon Chapman:<br />

CEO of Cardinal Security<br />

*Security Business Sector Insight<br />

is the space where members of<br />

Cardinal Security’s management<br />

team examine current and often<br />

key-critical issues directly<br />

affecting today’s companies and<br />

their customers. The thoughts and<br />

opinions expressed here are<br />

intended to generate debate and<br />

discussion among practitioners<br />

within the professional security<br />

and risk management sectors. If<br />

you would like to make comment<br />

on the views outlined on these<br />

pages, please send an e-mail to:<br />

brian.sims@risk-uk.com<br />

**Cardinal Security was formed<br />

back in 2003 and is a privatelyowned<br />

company delivering<br />

innovative security solutions<br />

throughout the UK, Europe and the<br />

US. The business is a leading<br />

supplier of security officers, store<br />

detectives and key holding to the<br />

retail and logistics industry and<br />

works with many well-known<br />

brands including Arcadia, Asda,<br />

Dixons Carphone, Footasylum,<br />

House of Fraser, Morrisons and UK<br />

Mail. Cardinal Security is a<br />

Security Industry Authority<br />

Approved Contractor and in the Top<br />

5% of all security providers<br />

“Where an Intelligence Centre really comes into its own is<br />

due to its ability to drill down and analyse individual<br />

products and systems and ascertain whether they’re faulty<br />

or otherwise not working to optimum capacity”<br />

15<br />

www.risk-uk.com


Nedap’s Global Client Programme<br />

Standardise your security worldwide<br />

<br />

always up to date?<br />

The Global Client Programme by Nedap Security Management supports you in implementing,<br />

maintaining and updating AEOS – the leading access control system – across multiple<br />

international sites.<br />

We’ll be at ASIS Europe 2018 in Rotterdam from Wednesday 18 to Friday 20 April. Call by to<br />

<br />

As an ASIS member, you’re welcome to join us at our ASIS welcome party on 18 April.<br />

www.nedapsecurity.com/how-we-help/global-client


BSIA Briefing<br />

As the deadline for compliance with the<br />

European Union’s General Data Protection<br />

Regulation (GDPR) looms large, companies<br />

and organisations across the UK should have<br />

been taking steps to ensure that they fall into<br />

line with the new procedures. A crucial part of<br />

this process focuses on procuring the right<br />

services to ensure that all data storage regimes<br />

adhere to the changes.<br />

From May this year, organisations will not<br />

only have to prove that they’ve taken an audit<br />

of their data, but also that they’ve enacted the<br />

right measures to destroy any data that’s no<br />

longer relevant. Subsequent to 25 May, any<br />

company proven not to be in full compliance<br />

with the new rules enacted by Brussels is at<br />

risk of compromise and potentially hefty fines.<br />

What, then, are the tangible risks? Top of the<br />

list will be a raft of financial penalties being<br />

issued by the Information Commissioner’s<br />

Office (ICO) or even the threat of prosecution.<br />

At present, the ICO can issue businesses<br />

displaying poor data management in breach of<br />

the Data Protection Act with fines of up to<br />

£500,000. The largest of these fines to date has<br />

been £400,000 issued to two separate<br />

companies, namely Keurboom Communications<br />

Ltd and the TalkTalk Telecom Group plc. In<br />

addition, there have been just shy of 20<br />

prosecutions for criminal offences committed<br />

under the Data Protection Act.<br />

In the last 12 months alone, in fact, over £4.1<br />

million worth of fines have been issued to<br />

businesses for failure to comply with the Data<br />

Protection Act. Under the GDPR, the fines levied<br />

may be up to 4% of an organisation’s annual<br />

global turnover or 20 million Euros, whichever<br />

sum is the greater.<br />

The other most common risk will be<br />

reputational damage leading to the potential<br />

for lost business. As customers are becoming<br />

increasingly more aware of and concerned<br />

about how businesses collect and use their<br />

personal information, so those same<br />

businesses run the risk of losing customer<br />

confidence in the brand where the customer<br />

feels that their privacy isn’t being protected or<br />

respected. A loss in customer confidence<br />

ultimately leads to financial losses.<br />

Information destruction<br />

One of the most vulnerable periods of the data<br />

processing cycle is that point at which data is<br />

no longer required and needs to be disposed<br />

of. If data isn’t adequately disposed of at the<br />

end of its lifecycle, it can fall into the wrong<br />

hands and be unlawfully processed.<br />

Under the Data Protection Act 1998, everyone<br />

responsible for using data has to follow the<br />

Data Destruction:<br />

Avoiding Any Costly Mistakes<br />

What exactly does it mean to be compliant with the European<br />

Union’s General Data Protection Regulation, which comes<br />

into force at the end of May this year, and how should<br />

businesses go about becoming so? As James Kelly outlines in<br />

detail for the readers of Risk UK, seeking professional help in<br />

disposing of confidential and business-sensitive data is a<br />

wise investment for any organisation<br />

data protection principles. These include<br />

ensuring that data is used fairly and lawfully for<br />

limited and specifically stated purposes and<br />

that it’s used in a way that’s adequate, relevant<br />

and not excessive. Data must be kept for no<br />

longer than is absolutely necessary, handled<br />

according to people’s data protection rights,<br />

kept safe and secure and not transferred<br />

outside of the European Economic Area without<br />

adequate protection measures being in place.<br />

When it comes to information destruction,<br />

the seventh principle of the Data Protection Act<br />

stipulates that appropriate measures must be<br />

taken against accidental loss, destruction or<br />

damage to personal data and against unlawful<br />

processing of that data. When the GDPR comes<br />

into force, companies in both the private and<br />

public sectors will need to prove that data is<br />

securely erased in line with the new European<br />

Union guidelines and show that they’re fully<br />

accountable for monitoring, reviewing and<br />

assessing all relevant processing procedures.<br />

Secure data destruction is the process of<br />

destroying confidential materials to the point at<br />

James Kelly: CEO of the British<br />

Security Industry Association<br />

17<br />

www.risk-uk.com


BSIA Briefing<br />

which they cannot be reconstituted. These<br />

materials can take many forms, including paper,<br />

computer hard drives and branded products.<br />

Crucially, all hold the potential to cause<br />

problems for businesses, employees or<br />

customers if they fall into the wrong hands.<br />

How might companies mitigate potentially<br />

expensive and reputational hazards when it<br />

comes to disposing of data that’s no longer<br />

needed? Shredding confidential material is a<br />

costly and time-consuming process which, for<br />

some firms at least, means that in-house data<br />

shredding simply isn’t a viable option. This is<br />

certainly true for those operations handling<br />

vast amounts of data across a variety of sites.<br />

In these situations, outsourcing to a regulated<br />

information destruction organisation is the<br />

most practical alternative.<br />

Highest possible standards<br />

Engaging a company specialising in this service<br />

and harbouring a high-security shredding<br />

facility affords organisations the reassurance<br />

that data destruction is being correctly<br />

conducted. Registered data shredders have to<br />

comply with the highest industry standards<br />

which are regularly updated.<br />

On that note, service providers must<br />

demonstrate that they’re certified to EN15713 –<br />

the European Standard for data destruction.<br />

EN15713 sets out the measures that<br />

organisations should take in order to maintain<br />

the security of confidential data and provides<br />

recommendations relating to the management<br />

and control of the collection, transportation and<br />

destruction of confidential material to ensure<br />

that such material is disposed of both safely<br />

and securely.<br />

Whether confidential materials are shredded<br />

on-site or at a high-security shredding facility,<br />

businesses outsourcing their shredding to a<br />

professional service provider can be assured<br />

that the data will be completely destroyed.<br />

Additionally, the services provided by<br />

professional information destruction companies<br />

often extend far beyond the actual destruction<br />

of confidential material to include secure<br />

document storage, data security advice and<br />

guidance, office clearance and recycling.<br />

The GDPR represents a great opportunity for<br />

information destruction companies. In the<br />

current climate there has been an increased<br />

“When the General Data Protection Regulation comes into<br />

force, companies in both the private and public sectors will<br />

need to prove that data is securely erased in line with the<br />

new European Union guidelines”<br />

demand for their specialist services from both<br />

new and existing customers, all of them asking<br />

about the GDPR and how information<br />

destruction can assist. Even with all of this help<br />

at hand, though, there’s still confusion around<br />

what it means to be fully GDPR compliant (and<br />

not just from the point of view of the customer,<br />

but also in terms of how it affects the industry<br />

as the holder of its own data).<br />

Industry feedback from customers highlights<br />

varying levels of concern, from companies<br />

looking for accreditation through to others<br />

happy with a downloaded template data policy<br />

or standard Terms and Conditions and on again<br />

to those simply choosing to ignore the looming<br />

EU deadline.<br />

From an industry standpoint there are three<br />

elements that could affect information<br />

destruction businesses: their own data<br />

responsibilities, their shredding services<br />

provided for the destruction of data as a data<br />

processor and marketing to opted-in clients (be<br />

they either existing or prospective).<br />

These elements are all currently open to<br />

interpretation both by experts and customers.<br />

They’re most likely common across all<br />

industries, so it’s arguable that even with all of<br />

this information to hand, companies are still<br />

not fully aware of their obligations, no matter<br />

how robustly they’ve been laid out by the ISO.<br />

Of course, some of these issues open up<br />

opportunities for companies dealing with data<br />

destruction to create new services, but they<br />

also highlight that, even at this late juncture,<br />

there’s still much work to be conducted in<br />

communicating what companies need to do in<br />

advance of what is a major data milestone.<br />

Severe consequences<br />

Every business will collect and generate<br />

confidential information relating to its<br />

operations, its employees or its customers.<br />

When this information is no longer required,<br />

there can be severe consequences for the data<br />

subjects if the information isn’t correctly<br />

disposed of and falls into the wrong hands.<br />

Therefore, any business that collects, holds,<br />

processes or disposes of a person’s personal<br />

information has a responsibility to ensure that<br />

it’s protected from loss or theft. In fact, since<br />

the Data Protection Act was passed into law in<br />

1998, there has been a legal obligation for<br />

businesses to act responsibly in terms of how<br />

they use personal information.<br />

The data protection landscape is all set to<br />

change in May when the GDPR comes into full<br />

effect and exerts potentially significant impacts<br />

on the ways in which UK businesses collect and<br />

process the personal data of individuals.<br />

18<br />

www.risk-uk.com


Do you know the people in your building?<br />

<br />

or security incident. However in the event of an emergency you may also need to be<br />

able to evacuate mobility impaired visitors and staff safely.<br />

Evac+Chair provide a universal solution for smooth stairway descent in an emergency<br />

evacuation, suitable for dual and multiple level buildings of any height.<br />

The Evac+Chair is the World’s No.1<br />

Emergency Stairway Evacuation Chair<br />

Call 0121 796 1372 now for a FREE evacuation<br />

assessment or visit www.evacchair.co.uk


The Global Context: Cyber Risks,<br />

Reputation and the Real World<br />

Cyber security, the<br />

EU’s upcoming GDPR,<br />

reputational risk and<br />

regulation and<br />

compliance are among<br />

the chief concerns for<br />

businesses voiced by<br />

some of the UK’s<br />

leading risk experts as<br />

they look ahead into<br />

2018. In the second<br />

instalment of an<br />

exclusive series for<br />

Risk UK, Nicola<br />

Crawford outlines the<br />

main points to be<br />

considered by today’s<br />

practising<br />

professionals<br />

Nicola Crawford CFIRM:<br />

Chair of the Institute of Risk<br />

Management<br />

This year will be the one when the world<br />

recognises that the majority of assets in<br />

the modern economy are intangible and<br />

the rapid movement to just-in-time and cloudbased<br />

economies creates significant<br />

vulnerabilities. More events will revolve around<br />

the impacts of cyber attacks on the real world.<br />

It will be less about data loss or ransomware<br />

attacks and more about the ‘real economy’ (as<br />

we saw in 2017 with Merck Pharmaceuticals<br />

and Reckitt production operations, including<br />

the extended supply chain being impacted).<br />

In other words, the cyber world and the<br />

extended supply chain will merge in terms of<br />

risk exposures. This will create new challenges<br />

for practising risk professionals.<br />

Alexander Larsen CFIRM, president of<br />

Baldwin Consulting and IRM trainer for Bitcoin<br />

and CryptoCurrencies Bubble, stated: “2018<br />

will be the year that Bitcoin goes mainstream.<br />

Having had a meteoric rise in 2017 with an<br />

increase of nearly 1,000% in price, Bitcoin has<br />

been receiving significant coverage in the<br />

media which has brought it to the attentions of<br />

the general public. A number of factors are<br />

coming together to indicate that 2018 will be<br />

the year that big money comes rushing into the<br />

cryptocurrency, including the intention of major<br />

funds to start investing as well as new<br />

platforms being introduced and making it<br />

easier to trade for individuals.”<br />

Larsen feels that Bitcoin is already volatile,<br />

although a less volatile investment than most<br />

cryptocurrencies which are known to swing by<br />

as much as 30%-40% per day and on occasions<br />

as much as 1,000% in a day. “This new money<br />

flooding the market will no doubt drive the<br />

price up to new heights,” said Larsen, “which<br />

leads me to believe that a major crash and<br />

correction will be on the horizon for 2018. Many<br />

people will lose a lot of money, although it<br />

remains to be seen if Bitcoin will survive or if<br />

the bubble will finally have burst.”<br />

Something that’s certainly likely is major<br />

regulations being put in place to control the<br />

trading of bitcoin, cryptocurrencies and the<br />

issuance of new tokens.<br />

Reputational risk<br />

Reputations take years to build and can be<br />

destroyed in seconds, as they say. The risk of<br />

reputational damage to organisations,<br />

Governments and individuals appears to be<br />

higher than it has ever been. This is a trend<br />

that’s likely to continue.<br />

A reputation is put at risk when some<br />

unethical or incompetent behaviour becomes<br />

public knowledge. This can be through the<br />

actions of an individual or something more<br />

systemic at an organisational or Governmental<br />

level. The media has been full of recent<br />

examples involving organisations (FIFA, IAAF),<br />

Governments (Brazil, Angola, and Zimbabwe),<br />

companies (VW, Rolls-Royce), industries in<br />

general (Hollywood) and individuals.<br />

The damage caused can manifest itself in the<br />

shape of lost revenues, increased costs and, in<br />

the case of listed companies, reduced<br />

shareholder value. Usually, heads roll as well.<br />

Where a company’s reputation is its main<br />

asset, damage can result in failure, as was the<br />

case with Arthur Anderson.<br />

Heart of the problem<br />

So why is this trend likely to continue? “Well,”<br />

said Ray Flynn CMIRM (independent risk<br />

consultant and IRM director), “the heart of the<br />

problem in each case – complacency and, in the<br />

extreme, arrogance – is unlikely to change. The<br />

mentality of ‘this will never happen to us’ and<br />

‘we have systems in place to prevent this from<br />

happening’ is hard to shake off. Very few have<br />

the foresight to address this particular risk until<br />

there’s an ‘issue’ that forces them to act. The<br />

risk of exposure is also increasing. There’s an<br />

element of iconoclasm and bloodletting<br />

involved as the gap between the ‘haves’ and<br />

‘have nots’ increases, which supports<br />

whistleblowing and places direct pressure on<br />

regulatory bodies to act.”<br />

The frequency of prosecutions for bribery,<br />

particularly in the UK and the US, but also<br />

elsewhere, as well as the level of fines imposed<br />

are increasing rapidly. This is another trend<br />

that’s highly likely to continue.<br />

“The bad news is that this comes with public<br />

battle weariness and shock fatigue,” added<br />

Flynn. “Those exposed are likely to suffer less<br />

and less damage. The good news is that sound<br />

risk management is the best way to protect a<br />

reputation including, as advocated in the<br />

guidance to the UK Bribery Act, having a fresh<br />

pair of eyes to carry out an independent review<br />

of systems already in place.”<br />

20<br />

www.risk-uk.com


Risk Predictions for 2018 and the Risk Agenda 2025 (Part Two)<br />

Alyson Pepperill CFIRM (client projects<br />

director for UK Retail at Arthur J Gallagher and<br />

chair of the IRM’s Charity Special Interest<br />

Group) explained: “Regulation and compliance<br />

will continue to be a key theme. There will be<br />

continued scrutiny of the charity sector by<br />

regulators, whether it be the Charity<br />

Commission, the Fundraising Regulator or the<br />

Information Commissioner’s Office. In 2017,<br />

selected charities were hauled over the coalsby<br />

all three. We don’t see this pattern changing.”<br />

The European Union’s General Data<br />

Protection Regulation (GDPR) has been a key<br />

focus of many charities’ efforts to be compliant<br />

ahead of the looming May 2018 deadline. This<br />

focus will continue up to and beyond the<br />

deadline for most.<br />

Linked to the GDPR, and in line with many<br />

‘for profit’ organisations, the broader context of<br />

cyber risks and their management remains a<br />

struggle for charities. Charities are known as<br />

innovators and will try new ways of generating<br />

funds that can potentially increase their<br />

exposure to cyber risks.<br />

“A more particular sector risk is the need for<br />

charities to measure through evidence-based<br />

reporting what they do and how successful they<br />

are at their delivery,” asserted Pepperill. “The<br />

expectations around how this is reported to key<br />

stakeholders have been increasing and, for<br />

many charities, represents a significant risk. If<br />

they fail to be accountable, the funding could<br />

then dry up.”<br />

Finally, we still see financial sustainability as<br />

a real challenge for many charities reliant on<br />

local Government and National Health Service<br />

contracts, as well as funding from central<br />

Government continuing to be cut back.<br />

Volunteering has reduced over the past year<br />

and this could place further strain on charities<br />

to balance the books. They have to care,<br />

respond to their mission with determination<br />

and create impact, keep costs down and comply<br />

with all manner of regulations.<br />

“The request for support never goes away,”<br />

concluded Pepperill, “but charities continue to<br />

be squeezed and squeezed. This is likely to<br />

result in some charities having to close or<br />

perhaps an increase in mergers.”<br />

Shift to renewable energy<br />

A major shift from oil and gas towards<br />

renewables is already happening on a global<br />

scale. This isn’t only occurring in terms of<br />

power generation, it must be said. It’s also<br />

occurring in the sphere of transportation.<br />

The EU has already targeted 2035 as being a<br />

year in which all new cars sold will be electric.<br />

Many individual countries like Scotland have<br />

announced more aggressive targets, while<br />

several Scandinavian countries are already well<br />

on their way towards becoming an electric cardriving<br />

nation.<br />

This major shift places significant pressure<br />

on oil and gas companies as well as car<br />

manufacturers to reconsider their strategies<br />

and business models. Companies in the sector<br />

will need to evaluate their target markets and<br />

offerings carefully, while also thinking seriously<br />

about what they want their company to look<br />

like in ten-to-20 years’ time.<br />

Oil and gas companies will need to position<br />

themselves for developing economies, while<br />

also making a decision on how heavily they<br />

wish to invest in renewable energies or if<br />

there’s any appetite to look at mining materials<br />

for batteries. For car manufacturers, there will<br />

have to be a blueprint for future development<br />

work on electric vehicles. Like the oil and gas<br />

companies, they too will need to decide how<br />

heavily they wish to be involved.<br />

Decisions made during 2018 could well turn<br />

out to be the difference between success<br />

and/or failure in the future.<br />

Longer Term: Risk Agenda 2025<br />

The Institute of Risk Management<br />

has also been involved in a major<br />

project entitled the Risk Agenda<br />

2025 led by IRM director Clive<br />

Thompson CFIRM. Key<br />

Boardroom concerns for the<br />

longer term include reputation,<br />

risk appetite, scenario planning<br />

and emerging risks. In terms of<br />

risk process priorities, concerns<br />

are to be found in risk<br />

connectivity, developing<br />

benchmarks and designing<br />

integrated risk assurance<br />

models. For risk professionals,<br />

the concerns centre on risk<br />

ownership and accountability,<br />

risk culture, risk education and<br />

training. Read the Executive<br />

Summary online at<br />

https://www.theirm.org/media/3<br />

398022/Risk-Agenda-Executive-<br />

Summary-A4_web.pdf<br />

“More events will revolve around the impacts of cyber<br />

attacks on the real world. It will be less about data loss or<br />

ransomware attacks and more about the ‘real economy’”<br />

21<br />

www.risk-uk.com


Acting on Auto: Autonomous Vehicles<br />

and the Terrorism Threat<br />

Developments in selfdriving<br />

technology<br />

suggest that fullyautonomous<br />

vehicles<br />

will be on our road<br />

networks in the near<br />

future, but just how far<br />

are we from the point<br />

of introduction?<br />

Importantly, is the<br />

advent of such<br />

vehicles potentially<br />

going to signal an<br />

increase in the<br />

terrorism threat?<br />

Paul Woodhouse<br />

evaluates the security<br />

mechanisms that must<br />

be put in place<br />

Paul Woodhouse:<br />

Marketing Manager of The<br />

Vindis Group<br />

An autonomous car (also known as a<br />

driverless car, a self-driving car or a robotic<br />

car) is, in essence, a vehicle that’s capable<br />

of sensing its surrounding environment and<br />

navigating without benefit of human input.<br />

Such vehicles employ a variety of techniques to<br />

detect their surroundings, such as radar, laser<br />

light, GPS, odometry (ie the use of data from<br />

motion sensors to estimate changes in position<br />

over time) and ‘computer vision’.<br />

In use, advanced control systems interpret<br />

sensory information to identify appropriate<br />

navigation paths, as well as obstacles and<br />

relevant signage. Autonomous cars must<br />

possess control systems capable of analysing<br />

sensory data in order to distinguish between<br />

different cars on the road.<br />

The potential benefits of fully-autonomous<br />

vehicles include reduced mobility and<br />

infrastructure costs, increased safety, enhanced<br />

mobility and a heightened degree of customer<br />

satisfaction. The hope is that there’ll be a<br />

significant reduction in traffic collisions and the<br />

resulting injuries and related costs, including<br />

less need for insurance.<br />

Autonomous cars are also predicted to<br />

increase traffic flow, provide enhanced mobility<br />

for children, the elderly, the disabled and the<br />

poor, relieve travellers from driving and<br />

navigation chores, lower fuel consumption,<br />

significantly reduce the need for parking space<br />

and facilitate business models for<br />

Transportation-as-a-Service, notably via the<br />

sharing economy.<br />

As Google tests its own self-drive vehicles,<br />

clocking more than 200,000 miles in a fleet of<br />

self-driving cars retrofitted with sensors, and<br />

the authorities in Las Vegas begin trials of selfdriving<br />

shuttle buses, it would appear that<br />

we’re not too far away from witnessing fullyautonomous<br />

vehicles on our roads.<br />

What are the risks?<br />

While there are a small number of issues that<br />

have been outlined in the trials so far, there<br />

could well be a more serious risk posed by<br />

autonomous vehicles that needs to be<br />

considered. In a recent article published by The<br />

Guardian, lawmakers have warned that<br />

autonomous vehicles must have secure and<br />

safe technology in place to prevent their use as<br />

an accessory in terrorist attacks.<br />

In recent times, trucks and vans have been<br />

the ‘weapon of choice’ in terror attacks across<br />

the globe. Last year alone, there were seven<br />

terrorist attack episodes that made use of<br />

vehicles. All of them realised disastrous<br />

consequences, costing the innocent lives of<br />

multiple individuals here in the UK as well as in<br />

Spain, Canada, Germany and Sweden.<br />

Unfortunately, instead of engendering a<br />

feeling of excitement around this new<br />

technology, talk of the development of selfdriving<br />

trucks and vans has left some practising<br />

security and risk management professionals<br />

extremely worried that terrorists will indeed<br />

look to take advantage of fully-autonomous<br />

vehicles in future attacks.<br />

Self-driving technology<br />

Modern-day cars are already showcasing some<br />

of the capabilities of self-driving technology,<br />

with many drivers progressively trusting their<br />

vehicles to carry out tasks which, in days gone<br />

by, would always need to be conducted on a<br />

manual basis.<br />

We already benefit from systems which keep<br />

us in our lanes on dual carriageways and<br />

motorways, technology that can help to parallel<br />

park our vehicles for us and software that<br />

automatically maintains a safe, steady speed<br />

on the UK’s roads – with some cars even<br />

advanced enough to also have automated<br />

braking systems when tracking the vehicle in<br />

front. Fair to say that self-driving technology is<br />

revolutionising the driving experience.<br />

Organisations trialling self-driving vehicles<br />

have found that, for the safe driving of these<br />

vehicles on our roads, they need to mirror<br />

human driving behaviour while eliminating<br />

human driving errors. What next, then?<br />

For fully-autonomous vehicles, manufacturers<br />

need to converge sensor-based technologies<br />

and connected-vehicle communications so that<br />

they can deliver safer self-driving techniques<br />

than could be realised by each approach being<br />

developed and then acting on its own.<br />

The use of vans and trucks as part of terrorist<br />

attacks has grown in frequency because of their<br />

size and anonymity. They’ve been used to drive<br />

into crowded pedestrian areas at high speeds<br />

with devastating results. It has been predicted<br />

that such vehicles will be among the first fullyautonomous<br />

vehicles on our roads.<br />

22<br />

www.risk-uk.com


Autonomous Vehicles – The Security Threat Dimension<br />

Consequently, officials know that they need to<br />

play a crucial role in mitigating the use of<br />

trucks as lethal rolling weapons.<br />

If terrorists can use a self-driving vehicle as a<br />

weapon in future terror attacks, then those<br />

vehicles become a weapon that separates the<br />

instigator from the event. Terrorists would no<br />

longer have to sacrifice their lives for attack<br />

episodes, and it would become harder to trace<br />

the suspect(s) if they don’t need to be at the<br />

scene of the attack when it happens.<br />

Cyber dimension<br />

Due to the nature of this threat, industry<br />

professionals and lawmakers are keen to point<br />

out that all self-driving vehicles must be fitted<br />

with specialist cyber technology to prevent<br />

terrorists from employing them in attacks.<br />

Lawmakers are passing legislation to say that<br />

all autonomous vehicles must be armed with<br />

cyber security technology so that they cannot<br />

be used as an accessory in a terror attack. This<br />

technology aims to make it incredibly hard, if<br />

not impossible, to hack vehicles for a hijack,<br />

meaning that potential terrorists cannot use<br />

autonomous technology as an accessory.<br />

The intention is that self-driving vehicles will<br />

not be able to be programmed by terrorists to<br />

break standard safe driving laws, either,<br />

meaning that the potential for high-speed<br />

driving attacks could potentially be eliminated<br />

if the cyber technology is indeed a success.<br />

Van hire and rental companies should also be<br />

aware of stricter rules and regulations that will<br />

be implemented. Many trucks and vans used in<br />

terror attacks around the world are rental<br />

vehicles. In recent attacks, hire vehicles have<br />

been used to cause mass disaster. It has been<br />

suggested that companies should have access<br />

to a wider database that reveals more sensitive<br />

information in the future, such that companies<br />

are aware of suspect individuals.<br />

While databases currently check against<br />

identities, credit ratings and insurance policies,<br />

the threat of terrorism may lead to a more<br />

detailed and sensitive database. The overriding<br />

aim is to afford rental companies access to<br />

police records and, in some cases, companies<br />

will be able to see if the individual is being<br />

watched on suspicion of having committed – or<br />

being about to commit – terrorist crimes.<br />

Stricter regulations should help companies to<br />

identify individuals who could be potential<br />

risks, in turn allowing them to alert the<br />

authorities of any suspicious individuals.<br />

The TRIP Suite<br />

Furthermore, the UK’s first suite of Terrorism<br />

Risk and Incident Prevention (TRIP) products<br />

and training to support fleet operators has<br />

been developed by Fleet Source, a leading<br />

provider of training and auditing services for<br />

the road transport industry. The overriding aim<br />

is to reduce the risk of commercial vehicles<br />

being used as weapons in terror attacks.<br />

The products and services available serve to<br />

educate fleet operators, managers and drivers<br />

of the risks of terrorism, the nature of the<br />

threat and safety precautions that can be<br />

implemented to reduce the possibilities of their<br />

vehicle being hijacked, stolen or otherwise<br />

employed in a terrorist incident.<br />

The Government also hopes to develop geofencing<br />

systems to prevent unauthorised<br />

vehicles from entering particular areas of a city.<br />

These systems create a virtual barrier that’s<br />

used to slow down vehicles and control their<br />

speed as soon as they enter the sensitive area<br />

by way of tracking satellites. In practice, the<br />

satellite system would automatically connect<br />

with the vehicle and take control of it such that<br />

the vehicle only travels at a safe speed within<br />

the defined area, thus acting as a ‘virtual<br />

barrier’ or ‘virtual bollard’ to stop the vehicle.<br />

The Government needs to act now before<br />

self-driving vehicles are readily available.<br />

Implementing rules and regulations from the<br />

word ‘Go’ means that everyone’s aware of the<br />

process from the start. Thankfully, with<br />

strategies such as TRIP already actively<br />

engineering safety precautions, we already find<br />

ourselves a crucial step ahead in the game.<br />

Sources<br />

*https://www.theguardian.<br />

com/technology/2017/sep/<br />

06/self-driving-carsterrorism-cybersecuritytechnology<br />

*https://www.inverse.com/<br />

article/29402-self-drivingtech-might-mitigate-terroristtruck-attacks<br />

*https://www.cnsnews.com/<br />

news/article/susanjones/autonomous-vehiclesprovide-avenue-terrorismcongress-told<br />

*http://www.fleetsource.co.<br />

uk/fleet-source-launches-uksfirst-terrorism-risk-andincident-prevention-trainingto-help-prevent-vehicle-as-aweapon-related-incidents/<br />

*http://edition.cnn.com/2017<br />

/05/03/world/terroristattacks-by-vehicle-fastfacts/index.html<br />

“Terrorists would no longer have to sacrifice their lives for<br />

attack episodes, and it would become harder to trace the<br />

suspect(s) if they don’t need to be at the scene of the attack”<br />

23<br />

www.risk-uk.com


Making Water Security Work<br />

Proposed changes in<br />

the 2019 Price Review<br />

formula for the water<br />

industry devised by<br />

regulator Ofwat could<br />

be pointing the way<br />

towards the sector<br />

having to elevate<br />

perimeter protection<br />

for key-critical sites<br />

such that it becomes a<br />

major issue of focus<br />

for a given company’s<br />

Board of Directors, as<br />

Jason Hunter discovers<br />

24<br />

www.risk-uk.com<br />

More commonly known as Ofwat, the<br />

Water Services Regulation Authority is<br />

the body responsible for economic<br />

regulation of the privatised water and sewerage<br />

industry in England and Wales. Ofwat is<br />

primarily responsible for setting limits on the<br />

prices charged for water and sewerage<br />

services, taking into account proposed capital<br />

investment schemes – such as building new<br />

wastewater treatment works – and expected<br />

operational efficiency gains.<br />

Every five years, Ofwat sets limits on the<br />

prices which water companies in England and<br />

Wales can charge to their customers. The<br />

process is known as a Price Review. There have<br />

been five Price Reviews so far, taking place in<br />

1994, 1999, 2004 and 2009 with the most<br />

recent in 2014. The 2009 Price Review, for<br />

instance, set the price limits for 2010-2015.<br />

These limits are set on a so-called ‘K Factor’<br />

which determines the average value of price<br />

rises above the current rate of inflation for the<br />

next five-year asset management plan period.<br />

Recently, Ofwat published the final<br />

methodology for its forthcoming 2019 Price<br />

Review – PR19 – which sets out the<br />

organisation’s expectations and requirements<br />

for water companies currently in the throes of<br />

preparing their 2020-2025 business plans. In<br />

essence, Ofwat’s assessments challenge the<br />

water companies to ‘step up’ on four key<br />

themes: customer service, affordability,<br />

innovation and long-term resilience.<br />

Further, Ofwat expects those same water<br />

companies to provide value for money bills and<br />

‘challenge themselves to push the efficiency<br />

frontier’ with a view towards providing scope<br />

for price reductions.<br />

On publication of its latest methodology,<br />

Ofwat stated: “The only way in which water<br />

companies will achieve all of this is to find new<br />

and better ways of delivering their services. Our<br />

2019 Price Review enables, incentivises and<br />

encourages water companies to achieve exactly<br />

that such that customers will receive more of<br />

what really matters to them.”<br />

Assessing vulnerability<br />

Tellingly for those operating in the perimeter<br />

protection and security field, vulnerability will<br />

be an explicit part of the Price Review for the<br />

very first time. Business plans will be assessed<br />

on how well companies use good quality data,<br />

how effectively they engage with other utilities<br />

companies and organisations to support the<br />

vulnerable and how targeted and efficient their<br />

measures really are when it comes to<br />

addressing vulnerabilities.<br />

In my view, when looking back on days past,<br />

all-too-often organisations have seen perimeter<br />

protection purely as a measure for protecting<br />

their facilities. In the case of water, other<br />

utilities and Government or military<br />

installations, we’ve referred to this as<br />

protecting sites of Critical National<br />

Infrastructure. The emphasis has always been<br />

on premises, equipment, machinery, ordinance<br />

and resources, and more recently on data and<br />

software, but very rarely on people.<br />

Historically, the overriding aim of perimeter<br />

protection has been to secure premises in order<br />

to prevent losses, while at the same time not<br />

hindering day-to-day business. This has often<br />

been achieved within budgets that, according<br />

to the ‘bean counters’ and those who hold the<br />

purse strings, should always be as low as is<br />

reasonably possible.<br />

The basic premise is that perimeter<br />

protection doesn’t contribute to the business<br />

and the bottom line, either by increasing<br />

revenue or by reducing cost. Indeed, so the<br />

argument goes, it simply adds to costs and,<br />

therefore, cuts profit. Interestingly, the<br />

methodology now adopted by Ofwat and which<br />

underpins the 2019 Price Review will directly<br />

challenge this approach and force water<br />

companies to regard reducing their<br />

vulnerability as a crucial investment.<br />

Perimeter protection isn’t simply about<br />

securing infrastructure or data. Enacted<br />

properly, it should be about appropriate risk<br />

management against both cyber and terrorist<br />

attack as well as more traditional forms of<br />

threat and, in turn, actually realise an<br />

opportunity for the host business to improve<br />

customer service, increase business efficiency<br />

and reduce overall costs.<br />

First and foremost, people should be at the<br />

heart of the process in terms of safety and<br />

security of premises and resources and also<br />

when it comes to planning and decision-making<br />

around appropriate protection measures. The<br />

water sector encapsulates this philosophy, and<br />

especially so in this age of increased fear<br />

around deliberate and shockingly lifedisregarding<br />

terrorist attacks wherein the<br />

sanctity of the water supply is so critical.<br />

For instance, the Thames Water desalination<br />

plant at Beckton – which cost £250 million to<br />

construct and started delivering clean drinking


Perimeter Protection: Solutions for the Utilities Sector<br />

water back in March 2010 – can produce<br />

anything from 140 to 150 million litres of water<br />

per day, which is enough for one million people<br />

in north east London. The impact of any<br />

infection of a supply such as this could make<br />

the final death toll in America on 9/11 appear<br />

somewhat minuscule in number by comparison.<br />

Integrated solutions<br />

We’ve found that perimeter protection is best<br />

planned as part of an integrated solution which<br />

includes physical, electronic and human<br />

measures, while also incorporating access<br />

control and other elements of facilities<br />

management in one holistic whole. Of course,<br />

this will require the usual security risk<br />

assessment to be conducted. Personally, I<br />

favour what’s often referred to as the ‘ABC’<br />

model here. This considers the ‘Area’,<br />

‘Boundary’ and ‘Contents’.<br />

We would recommend an increasing level of<br />

security the closer an intruder is to the most<br />

critical and sensitive assets. The perimeter<br />

serves as the first ‘cordon of security’ in these<br />

successive levels of protection, though some<br />

now argue that, given the increasing power and<br />

definition of radar and CCTV, you could even<br />

establish security layers external to the<br />

physical perimeter itself.<br />

This principle was perfectly, but sadly<br />

tragically illustrated only three months ago by<br />

the story of former England one-day<br />

international cricket captain Adam Hollioake,<br />

who remained in the Alokozay International<br />

Cricket Ground in Kabul, where he was working<br />

as a coach at the time, while a bomb blast<br />

killed at least three people.<br />

Hollioake explained: “The protocol is that we<br />

have three stages of security here. Attackers<br />

have to breach the first stage, which was<br />

probably 100 metres from the ground. Then<br />

there’s the second stage, which is around 50<br />

metres from the stadium, and the final stage is<br />

about 15 to 20 metres away. In this particular<br />

episode, the man involved was caught at the<br />

first checkpoint and, on being apprehended,<br />

detonated his device. Unfortunately, several of<br />

our security team and some members of the<br />

general public were killed.”<br />

Layers of security<br />

Our approach is to design from the perimeter<br />

inwards towards the centre, taking each<br />

successive boundary as an opportunity to<br />

harden security, thwart intruders and enable<br />

security personnel to respond to any attempted<br />

security breach. Security and risk managers<br />

should consider electronics for the outer layers<br />

and at doorways to gather intelligence about<br />

attackers and relay that intelligence direct to<br />

security officers’ mobile phones.<br />

Monitored pulse fencing can be of assistance<br />

when it comes to hardening either more<br />

vulnerable areas of the perimeter or assets that<br />

require additional levels of security. This<br />

consists of a grid of energised, high tensile<br />

wires that can be constructed inside a new or<br />

existing perimeter fence.<br />

The monitored wires detect unauthorised<br />

entry or exit into defined areas and trigger<br />

instant alerts. Attempts to breach the perimeter<br />

are deterred by an energised pulse sent around<br />

the perimeter fencing line. Zoned fences allow<br />

voltage levels to be adjusted to meet varying<br />

needs: high for maximum deterrent and low for<br />

periods of low risk.<br />

A networked perimeter security solution<br />

incorporates sensors that continuously<br />

measure and report on wire tension and<br />

monitor fence structure vibration or movement.<br />

Sensors can be used with or without an<br />

energised pulse to detect intrusion without the<br />

intruder being aware.<br />

Monitored pulse fencing systems intelligently<br />

differentiate between serious breaches and<br />

disturbances by wildlife, birds or harsh weather<br />

conditions. False alarms are prevented, and<br />

intruders are unable to use the cover of adverse<br />

weather in a determined attempt to breach the<br />

fence undetected.<br />

Jason Hunter:<br />

Business Development<br />

Manager (Perimeters) for<br />

Gallagher Security (Europe)<br />

“Monitored pulse fencing can be of assistance when it<br />

comes to either hardening more vulnerable areas of the<br />

perimeter or assets that require additional levels of security”<br />

25<br />

www.risk-uk.com


Powerful web based<br />

controller, powered<br />

by smart devices.<br />

DESIGNED<br />

IN<br />

A U ST R A<br />

R<br />

LIA<br />

Inception is an integrated access control and security<br />

alarm system with a design edge that sets it apart<br />

from the pack. Featuring built in web based software,<br />

the Inception system is simple to access using a web<br />

browser on a Computer, Tablet or Smartphone.<br />

With a step by step commissioning guide and<br />

outstanding user interface, Inception is easy to<br />

install and very easy to operate.<br />

For more information simply scan the QR code<br />

or visit innerrange.com.<br />

Security<br />

Alarm<br />

Access<br />

Control<br />

Automation<br />

No Software<br />

Required<br />

Multiple<br />

Devices<br />

Easy Setup<br />

with Checklist<br />

Prompting<br />

Send IP Alarms via<br />

the Multipath-IP<br />

Network<br />

T: +44 845 470 5000<br />

E: ireurope@innerrange.co.uk<br />

W: innerrange.com


Transport Security: Video Surveillance in Real-Time<br />

With a number of high-profile attacks on<br />

mass transport systems across Europe,<br />

and Scotland Yard recently warning that<br />

the UK’s terrorism threat level will remain at<br />

‘Severe’ for some time to come, it’s abundantly<br />

clear that the industry simply cannot be<br />

complacent when it comes to security<br />

investment. While funding remains a challenge,<br />

this must be weighed up against the<br />

requirements for public transport authorities to<br />

provide both an efficient and safe service.<br />

As per the three core principles prescribed by<br />

the UK Government’s Centre for the Protection<br />

of National Infrastructure in protecting assets,<br />

first of all a threat should be deterred, then<br />

detected and then delayed. It’s unlikely that an<br />

organised threat will be deterred by a security<br />

system which is only capable of providing an<br />

historical record of an attack episode. The<br />

system must also be able to provide real-time<br />

detection and allow countermeasures to be<br />

initiated in a timely manner.<br />

While the international transport market<br />

continues to keep pace with the latest<br />

developments in real-time network camera<br />

technology, the UK has stagnated in its<br />

adoption. Despite plans for pan-network IP<br />

systems to be installed in many areas, and<br />

certain transport providers leading the way,<br />

significant parts of the UK’s transport<br />

infrastructure are still to be upgraded from<br />

analogue. This is partially due to the lack of a<br />

modern communications infrastructure capable<br />

of handling large amounts of data.<br />

The UK: an early adopter<br />

Despite the relatively limited use of IP video<br />

technology across UK transport infrastructures,<br />

the UK was actually an early adopter of modern<br />

network cameras. Network Rail led the way<br />

with a comprehensive upgrade of Reading<br />

Station back in 2013, while London<br />

Underground followed close behind with its<br />

first fully-IP station at Canary Wharf in 2014.<br />

However, there are still significant parts of<br />

the rail network that are yet to be given the<br />

same attention.<br />

In a bid to understand the key challenges<br />

involved with upgrading to a networked<br />

solution, Axis Communications commissioned a<br />

survey in collaboration with Union<br />

Internationale des Transports Publics (the<br />

global public transport organisation) that<br />

deliberately targeted stakeholders in areas<br />

such as rail, bus and ferry transport. With<br />

virtually all respondents explaining that they<br />

had some form of video surveillance installed,<br />

85% also stated that they would consider IP<br />

camera adoption at some point in the future.<br />

From Forensics to Real-Time:<br />

Developing Transport Security<br />

Evolving technology has driven a shift across Europe from<br />

legacy analogue CCTV to network video solutions providing<br />

immediate and significant benefits when it comes to securing<br />

critical transport systems. As the UK struggles to keep pace,<br />

Lucas Young discusses the business case for protecting<br />

transport infrastructures with IP camera and audio technology<br />

When asked about obstacles to upgrading,<br />

the most common response was the perceived<br />

“lack of a clear business case”. This highlights<br />

that technology vendors perhaps haven’t<br />

played a big enough role in highlighting the<br />

safety, security and business benefits of<br />

upgrading to IP. Three quarters of those same<br />

respondents had analogue cameras in place,<br />

suggesting that more education is needed<br />

around the benefits of IP video systems beyond<br />

the forensic capabilities of CCTV.<br />

Latest IP technology<br />

While video surveillance technology is widely<br />

used in the transport sector, the UK must<br />

accelerate its adoption of the latest IP<br />

technology if it’s to keep pace with the rest of<br />

Europe. Educating key decision-makers on the<br />

benefits of integrating systems to deliver realtime<br />

video and alerts will be key, while also<br />

demonstrating the operational and business<br />

intelligence benefits to be realised.<br />

Ultimately, transport operators stand to gain<br />

in the form of a return on their investment from<br />

an enhanced ability to integrate IP cameras<br />

with business performance optimisation<br />

technology. This assists organisations to derive<br />

long-term value from their fiscal investment,<br />

adapting and scaling it in line with not only<br />

security, but also more traditional operational<br />

business needs.<br />

Real-time usage with analytics<br />

Real-time usage with analytics is on the rise as<br />

public transport system operators seek to<br />

respond to security events as and when they<br />

happen. Given that those operators are faced<br />

with hundreds of live feeds, automated alerts<br />

can assist in managing the large amounts of<br />

data generated, subsequently assisting with<br />

both monitoring and prioritisation.<br />

Incidents being reported in real-time means<br />

that there will be more opportunity for live<br />

feeds to be shared with third parties.<br />

Lucas Young:<br />

Business Development<br />

Manager for the<br />

Transportation Sector at Axis<br />

Communications<br />

27<br />

www.risk-uk.com


The Changing Face of Security Services: Customer Service<br />

Security companies<br />

providing contracted<br />

services to customers<br />

are having to raise the<br />

bar externally in order<br />

to satisfy ever-more<br />

stringent demands<br />

around service<br />

delivery. They’re also<br />

having to satisfy their<br />

internal customers – ie<br />

their employees – to<br />

attract and retain good<br />

quality people, as<br />

David Mundell outlines<br />

David Mundell: Managing<br />

Director of Axis Security<br />

Customer Service is King<br />

There are many factors feeding the need for<br />

development and change in the security<br />

business sector at present. These range<br />

from a more sophisticated and customer<br />

service-led approach for the security provision<br />

itself through to an upsurge in terrorist activity.<br />

Change is also being driven by recruitment<br />

difficulties brought on by low unemployment<br />

and comparatively poor remuneration packages<br />

in the sector when compared to some others<br />

with ‘nine-to-five’ responsibilities.<br />

Clearly, the more successful companies will<br />

have to fully embrace these challenges. In a<br />

service sector like ours, it pays to recognise<br />

your employees as your strongest asset.<br />

Employers need to have strategies to cover<br />

every facet of an individual’s journey with the<br />

company including their learning and<br />

development, reward and remuneration and<br />

health and well-being. Employees need to feel<br />

engaged by dint of a positive culture that’s top<br />

down in the business as well as bottom up.<br />

It’s a strategy that will only succeed if there’s<br />

universal ‘buy-in’ throughout the company. It<br />

cannot be stagnant. Rather, it has to be everevolving<br />

in nature. A work in progress capable<br />

of reacting to changing factors.<br />

Security is a demanding job, and it will<br />

always be imperative that officers are provided<br />

with the very best training and education,<br />

making sure they’re equipped to carry out their<br />

work and given the confidence to progress their<br />

careers. If we’re to raise the bar, and create a<br />

higher benchmark of excellence, employers<br />

need to go beyond the basic, required courses<br />

such as First Aid training and CCTV and look at<br />

other skills like hostile reconnaissance and<br />

terrorism awareness to widen the value that<br />

security provision can offer.<br />

Responding to need<br />

Businesses must also respond to the needs of<br />

customers and find innovative ways in which to<br />

build upon the traditional security offer.<br />

Security will always be the priority, but that<br />

doesn’t need to be at the exclusion of good<br />

customer service, for example.<br />

Clients increasingly expect more dedication<br />

to customer service from members of the senior<br />

team through to those on the front line. I<br />

suspect this is a trend that other solution<br />

providers are also seeing, so it’s not something<br />

that can be paid mere lip service. There needs<br />

to be a sea change across the sector in terms of<br />

how we tackle customer service.<br />

Every business will take a different approach,<br />

but our natural response has been to consult<br />

the experts. It was for this reason that Axis<br />

Security recently became a member of the<br />

Institute of Customer Service. We’re now in a<br />

position to use the Institute’s expertise and<br />

advice as we look to continue enhancing our<br />

service delivery and raising industry standards.<br />

Through the Institute’s bi-annual Customer<br />

Survey, companies can benchmark themselves<br />

against other sectors and industries. The<br />

Institute assists and supports businesses in<br />

their efforts to become ‘the employer of choice’<br />

within their chosen industry.<br />

Unemployment is at an all-time low, while the<br />

recruitment and development of high calibre<br />

individuals is of paramount importance not only<br />

to us, but also to an industry battling against<br />

historically low pay rates and huge pressure<br />

being placed on margins. Investing in people<br />

will only become more important with time.<br />

Obviously, that investment has to be paid for.<br />

That being so, we – much like many others also<br />

trying to raise the bar – very much hope that<br />

the ‘race to the bottom’ in terms of pricing has<br />

ended and that higher customer expectations<br />

will be matched by enhanced pay rates and<br />

sensible margins.<br />

With a clear focus on customer service, we’ve<br />

now added a new category to our Axis Security<br />

Annual Awards. The inaugural Customer Service<br />

Excellence Award was recently bestowed upon<br />

James Kassim (pictured above with Jonathan<br />

Levine, CEO of Axis Group Integrated Services),<br />

who works on the Crown Estate St James’<br />

Market contract, for providing a very high<br />

standard of customer service and exhibiting a<br />

great work ethic and level of commitment.<br />

28<br />

www.risk-uk.com


SECURITY WORKFORCE<br />

MANAGEMENT PLATFORM<br />

One platform providing actionable insights in real-time, from anywhere.<br />

160 000 +<br />

FACILITIES<br />

200 000 +<br />

USERS<br />

35<br />

COUNTRIES<br />

DRIVE OPTIMAL<br />

SECURITY DECISIONS<br />

SAVE MONEY<br />

IMPROVE PRODUCTIVITY<br />

& GROW REVENUE<br />

GAIN TIME<br />

INCREASE MOBILE<br />

OPERATIONAL PERFORMANCE<br />

OPTIMIZE SECURITY<br />

OPERATIONS<br />

LIMIT OVERTIME<br />

OUR CLIENTS<br />

“Digital transformation<br />

for security services? Not<br />

without TrackTik.”<br />

Matthieu Leroy, CEO<br />

“The very best<br />

in<br />

guard management<br />

software”<br />

Bill Barthelemy, COO<br />

“Enables data-driven drive<br />

security decisions”<br />

Luc Dupont, VP<br />

CONNECT WITH US<br />

+44 808 178 5442 TRACKTIK.COM DEMO@TRACKTIK.COM


The Changing Face of Security Services: The ‘Total FM’ Approach<br />

Security’s Eggs and the ‘Total FM’ Basket<br />

One of the biggest<br />

changes confronting<br />

the security industry is<br />

an increasing<br />

association with the<br />

FM world. While much<br />

of this association has<br />

realised very positive<br />

consequences, it can<br />

also be said to present<br />

several challenges.<br />

Some trepidation is<br />

required to avoid any<br />

negative fall-out that<br />

might result from<br />

being caught up in the<br />

‘Total FM’ tide, writes<br />

Amanda McCloskey<br />

Amanda McCloskey:<br />

Sales and Marketing Director<br />

for CIS Security and CIS Front<br />

of House<br />

30<br />

www.risk-uk.com<br />

As an industry, we’ve had to brace our profit<br />

margins as a result of the bundled service<br />

approach to which some customers are<br />

attracted. On the flip side, the increased<br />

competition can be seen to be a driver for ‘out<br />

of the box’ thinking. It can also mean improved<br />

collaboration between security and other soft<br />

services, subsequently resulting in added value<br />

for the end user customer.<br />

However, the extent of our integration is<br />

debatable. Security is a skilled and educated<br />

profession in its own right. Evolving threats<br />

such as terrorism and cyber crime mean that<br />

security requires even more specialist skills,<br />

‘ear to the ground’ expertise and continued<br />

training and development than ever before.<br />

The recent collapse of facilities management<br />

(FM) giant Carillion reminded me of the ‘eggs in<br />

one basket’ proverb. Questions are now being<br />

asked about how this very public crash could<br />

have been allowed to happen to such a large<br />

organisation presumed to be operating<br />

alongside some of the most rigorous worldclass<br />

financial experts. Was it a case of too<br />

many cooks and not enough real responsibility<br />

and accountability, perhaps?<br />

In terms of the security role within an<br />

organisation, what happens if the security<br />

function fails compared to, say, the cleaning or<br />

the waste management operation? It’s<br />

undeniable that any significant security failures<br />

are potentially crippling for any organisation.<br />

Fascinating complexity<br />

FM is a sector which is developing quickly and<br />

with fascinating complexity. Some customers<br />

may benefit from total FM handling, but most<br />

organisations who operate in the corporate,<br />

cultural and education sectors take risks in<br />

doing so because of the implications of a ‘Total<br />

FM tsunami’. Just because functions are<br />

grouped under the facility manager’s role in a<br />

given building/company, it doesn’t necessarily<br />

follow suit that they should be grouped and<br />

managed by the same supplier.<br />

Physical and Intellectual Property are some<br />

of the weightiest portions of the assets of an<br />

organisation at the professional end of the<br />

market with which I work, not to mention the<br />

Health and Safety of its users. How can anyone<br />

with a true stake in their business really entrust<br />

responsibility for this to a bundled FM service<br />

provider who may contract out the work to a<br />

potentially inexperienced, poorly vetted<br />

company prepared to risk property losses or PR<br />

catastrophes – perhaps even the ultimate<br />

safety of users – for a profit?<br />

Looking at the situation that has transpired<br />

at Carillion of late, one wonders how many<br />

individuals at the top were noticing problems<br />

and asking questions, and whether something<br />

could have been done earlier. A quick scan of<br />

some ‘Employer Review’ websites reveals a<br />

pattern of entries reporting a perceived lack of<br />

managerial visibility and support.<br />

Nurturing a culture<br />

Any accomplished security company will know<br />

that modern security isn’t just about managing<br />

security officers. It’s also focused on cultivating<br />

and nurturing a security culture which actively<br />

extends the reach of security managers and<br />

officers outwards and into the realms of the<br />

host of our services: the end user.<br />

In today’s climate, this means significant<br />

effort in developing relationships and<br />

communication channels between security<br />

teams and their end users. It also means<br />

regular engagement with targeted training for<br />

end users, encouraging daily chats to build<br />

trust and share knowledge about current<br />

threats and conveying the reporting of general<br />

observations into the norm.<br />

Without wishing to undermine the value of<br />

some FM functions, I do feel that a better<br />

balance should be struck such that security<br />

matters are not dwarfed by other more<br />

‘showbiz’ FM-centric features such as interior<br />

design or sustainability.<br />

It’s our responsibility as leaders in the<br />

security business sector to share stories about<br />

what’s going on in our world and both<br />

encourage and incentivise innovation among<br />

our rising stars. Subsequently, this will enable<br />

us to better reflect and relay how far we’ve<br />

come, as well as generate excitement about the<br />

promising path ahead of us.


We go above<br />

and beyond.<br />

Axis Security – exceeding expectations in customer service.<br />

• Our employees – are highly trained, valued and rewarded<br />

• Our proactive management approach – ensures service is continually improving<br />

• Our intelligent technology – ensures open lines of communication and transparency<br />

• Our prestigious industry recognition – includes 3 Security Guarding Company of the Year awards<br />

T. 020 7520 2100 | E. info@axis-security.co.uk | axis-security.co.uk


The Changing Face of Security Services: Risk Management<br />

For a long time,<br />

security was often sold<br />

thanks to an element<br />

of fear (ie the idea that<br />

if a company didn’t do<br />

X, then bad things<br />

could happen to that<br />

organisation, so it had<br />

better do X). Alas, this<br />

is seemingly still the<br />

case today, though<br />

thankfully to a lesser<br />

degree, suggests<br />

Mark Folmer<br />

Mark Folmer CPP MSyI:<br />

Vice-President for the Security<br />

Industry at TrackTik<br />

Is Security Poised for Progress?<br />

Today, the many true security professionals<br />

who view security risks as a whole, either<br />

through the perspective of Enterprise<br />

Security Risk Management (ESRM) or other<br />

standpoints, strive to define X, calculate<br />

likelihood and define an appropriate response.<br />

That’s how they choose to succeed.<br />

Clearly, there’s a concerted move away from<br />

‘guns, gates and guards’, fear mongering and<br />

the ‘no news is good news’ mindset. I’m not<br />

sure if it’s because of ESRM, convergence or<br />

simply a function of time and technology, but<br />

the industry is most certainly maturing. To that,<br />

I would say: “It’s about time.”<br />

Today, the security industry is being<br />

challenged to do more with less. Not<br />

necessarily an ideal scenario, but this situation<br />

has forced us to improve upon how we plan<br />

security and offer security services in order to<br />

both respond to and fulfil these new plans.<br />

What about the laggards, though? Those who<br />

are not embracing technology in its multiple<br />

forms to provide for better security? Well,<br />

they’re still doing things the way in which<br />

they’ve always done them and continuing to<br />

hope for the best. Interestingly, this approach<br />

applies to both corporate security buyers and<br />

security service providers alike.<br />

Focusing on ESRM<br />

As today’s security threats become more<br />

advanced and complex, organisations are<br />

sometimes lacking in their segmented<br />

approach towards the key discipline of risk<br />

management. The solution lies in ESRM.<br />

Essentially, this is an holistic strategy that<br />

targets the wide variety of protection issues<br />

faced by an organisation under one lens using<br />

internationally-recognised principles.<br />

With ESRM, a given organisation is able to<br />

assess the range of its current security risks –<br />

everything, in fact, from cyber security through<br />

to petty crime and on again to terrorism – and<br />

manage the situation across the board.<br />

ESRM is a proactive way in which to protect<br />

your organisation from all variables. Integrating<br />

ESRM into corporate strategy is critical for risk<br />

management success.<br />

There are a few points to consider. Identify<br />

the purpose behind your goals of asset<br />

protection and risk mitigation. Allocate proper<br />

resources that efficiently secure corporate<br />

assets and identify risks. Enable the front line’s<br />

contribution to the overall security programme<br />

by harnessing the data that’s generated and be<br />

equipped by turning the data that’s gathered<br />

into intelligence for the organisation.<br />

If you’re asking yourself how to adapt and<br />

succeed in the current security industry, the<br />

answer, I believe, rests with data – plain and<br />

simple. I’m not sharing anything new here,<br />

though. Corporate security people have been<br />

using data for years in the risk assessment<br />

process. Data is at the root of how you assess<br />

the likelihood of an incident happening,<br />

whether your preferred approach is a ‘worse<br />

case’ or ‘most likely’ scenario.<br />

Hub of information<br />

If integrated into your security programme,<br />

data, connectivity and mobility allow you to be<br />

the first to know. You can be the hub of<br />

information for your organisation. With tools<br />

like these in hand, you have the opportunity to<br />

step up and elevate your security programme<br />

from a purely operational concern to one<br />

contributing strategic value. By being the<br />

person that feeds senior management with<br />

value-building information, you may well earn<br />

yourself a seat at the decision-making table.<br />

The security industry is poised for change.<br />

Are you the one who will connect the dots,<br />

identify the trends and protect your<br />

corporation’s assets? Will you be perceived as a<br />

business enabler or as an old school thinker<br />

steadfastly set in your ways?<br />

I would like to leave you with a question. OK,<br />

a few questions, then… Do you agree that the<br />

security industry is poised for change? What<br />

have you done to support this change? What<br />

has worked in your business to drive change?<br />

Please feel free to send me your answers via e-<br />

mail (mark@tracktik.com)<br />

32<br />

www.risk-uk.com


Security and Fire Management<br />

BE SMART!<br />

Read Risk UK Magazine on<br />

your tablet or smartphone<br />

using the FREE app


Meet The Security Company<br />

This is the ninth<br />

instalment in a<br />

monthly series of<br />

articles for the readers<br />

of Risk UK where we<br />

shine the spotlight on<br />

NSI-approved<br />

businesses for the<br />

benefit of risk and<br />

security managers<br />

who purchase security<br />

guarding as well as<br />

systems-focused<br />

solutions. Answering<br />

our key questions this<br />

month is Graham Tilly,<br />

managing director of<br />

Risk Management<br />

Security Services<br />

Risk UK: Can you briefly describe your<br />

business’ activities and what you consider to<br />

be your USP as an organisation?<br />

Graham Tilly: Risk Management Security<br />

Services provides solutions across three main<br />

security disciplines that include security<br />

guarding, mobile security patrols and<br />

keyholding/alarm response. Within each<br />

discipline, we look to deliver many sub-services<br />

such as reception staff, Post Room operatives,<br />

locks/unlocks and complete combined<br />

solutions that actively integrate elements of<br />

each individual service.<br />

The business occupies a position within the<br />

industry between the very small ownermanaged<br />

companies and the very large<br />

national suppliers. This enables us to<br />

demonstrate the standards and policies<br />

required by large corporate organisations while<br />

maintaining the type of personal service that<br />

can be offered by the smaller companies.<br />

Risk UK: What do your clients value most<br />

about the services you deliver?<br />

Graham Tilly: Through our experienced and<br />

stable management team we maintain close<br />

working relationships with each customer. This<br />

About the National Security Inspectorate<br />

The National Security Inspectorate (NSI) is a wholly-independent, not-for-profit<br />

company limited by guarantee and operates as a UKAS-accredited certification<br />

body specialising in the security and fire safety sectors.<br />

For over 40 years, the NSI has served to protect businesses, homeowners<br />

and the general public alike, raising standards by providing robust and high<br />

quality audits of both security and fire safety service providers.<br />

enables us to fully understand their<br />

requirements and deliver a service that<br />

absolutely matches what was discussed at the<br />

point of sale.<br />

Customers also take great comfort in the fact<br />

that we operate our own 24-hour Control Centre<br />

and that we’ve maintained a specialism within<br />

the security sector without being tempted to<br />

diversify into other soft services.<br />

We adopt a completely honest approach<br />

when holding discussions with our customers,<br />

and in particular if there’s a problem to be<br />

solved or a challenge to be faced. This allows<br />

us to gain the trust of our customers and build<br />

true business relationships whereby we can<br />

work together to reach a satisfactory solution.<br />

Risk UK: How do you feel accreditations have<br />

assisted your company?<br />

Graham Tilly: Accreditation within the industry<br />

has really set up a base level of acceptable<br />

working practices that provides potential and<br />

existing customers with some comfort that the<br />

service they receive or that they’re looking for<br />

is consistent, suitable and appropriate. On a<br />

procedural front, this allows customers to have<br />

a base level which is a minimum standard that<br />

can be easily compared between those<br />

companies that have it and those that don’t.<br />

The fact that we operate to security<br />

standards BS 7499, BS 7984-1 and BS 7858,<br />

and the fact that these are voluntary, is<br />

basically saying to the market that we do things<br />

properly. We don’t cut corners and always<br />

demonstrate transparency in all that we do.<br />

Everything is validated by a third party.<br />

This is particularly relevant for larger end<br />

user organisations where many of these<br />

aspects have become very much a pass/fail<br />

aspect. Without them, you fall at the first<br />

hurdle. Accreditation as a base level also<br />

enables us to change the discussion away from<br />

basic functionality and allows us to focus more<br />

on the relationship aspects and how we work.<br />

We’re able to concentrate more on our USP.<br />

For smaller organisations and those<br />

customers who don’t know a lot about our<br />

34<br />

www.risk-uk.com


Meet The Security Company: Risk Management Security Services<br />

In association with the<br />

industry, accreditation also acts as a sort of<br />

‘qualification’ that really provides a level of<br />

comfort. Customers know that they’re<br />

discussing their security requirements with a<br />

reputable organisation.<br />

Risk UK: Specifically, what value does ACS<br />

registration and NSI Guarding Gold approval<br />

bring to your business and its clients?<br />

Graham Tilly: Approved Contractor Scheme<br />

(ACS) registration offers a toe in the door,<br />

enabling the security business to tender for<br />

work. For those who don’t know the ins and<br />

outs of the industry, it lends some weight to the<br />

services that we’re providing.<br />

The ACS is, of course, run by the Security<br />

Industry Authority (SIA), a Government body.<br />

This affords legitimacy to the services we offer<br />

our customers. It also helps us to build a<br />

working platform on which to do business and<br />

ensure that we’re not only delivering a great<br />

service, but also looking after our people.<br />

NSI Guarding Gold is slightly different. This is<br />

based more around ensuring and<br />

demonstrating that we have systems,<br />

processes, procedures and policies in place to<br />

support what it is that we do. NSI Guarding<br />

Gold brings together the product standards, the<br />

quality standards and day-to-day business<br />

operations. It assists in setting a foundation<br />

throughout our business and affords a platform<br />

on which to build an excellent service.<br />

NSI Guarding Gold adds some weight to what<br />

we do and the way that we do it. It<br />

demonstrates our transparency due to its<br />

voluntary nature and third party approval<br />

process, and also assists in keeping everyone<br />

focused on the tasks at hand.<br />

Risk UK: In practice, what are the main<br />

differences between ACS registration and NSI<br />

Guarding Gold approval?<br />

Graham Tilly: NSI Guarding Gold is focused<br />

around service quality (ISO 9001), functionality<br />

(security product standards) and service<br />

whereas ACS registration with the Regulator is<br />

more about being a reputable organisation, the<br />

softer aspects (such as people management or<br />

KPI monitoring) and compliance with licensing<br />

and the SIA’s specific requirements.<br />

NSI Guarding Gold is made up of compliance<br />

with British and international standards/Codes<br />

of Practice which affords security companies<br />

wider scope to use them as a framework and<br />

build their business model around them in<br />

order to support day-to-day operations in a<br />

systematic way and ensure that the very best<br />

possible service is provided to customers on a<br />

consistent basis.<br />

The ACS is focused around service delivery<br />

and demonstrating that we do what we say we<br />

do as a company. NSI Guarding Gold really<br />

helps us to run the business effectively,<br />

whereas the ACS is more of an addition to<br />

demonstrate our commitments to different<br />

areas of the business and the softer aspects<br />

involved with client and people management.<br />

Risk UK: How do you feel technology has<br />

changed the industry over the last couple of<br />

years and what do you believe will be the<br />

direction of travel in the future?<br />

Graham Tilly: Many companies have looked at<br />

the integration of technology to support<br />

existing security measures and, in some cases,<br />

have used technology to reduce the reliance on<br />

security guarding. We’ve seen many companies<br />

review traditional methods of securing sites,<br />

such as guarding, and replace them with<br />

technology-based solutions either as single<br />

solutions or combined with other practices.<br />

A large number of clients subscribe to our<br />

combined security solution that provides<br />

similar – and, in some cases, better – levels of<br />

security, but offers year-on-year savings of<br />

between 30% and 60%. Typically, this type of<br />

solution uses a combination of security<br />

guarding, mobile patrols and keyholding<br />

supported by security systems with each<br />

element being deployed on a measured basis to<br />

avoid unnecessary services being delivered or<br />

hours being covered.<br />

Risk UK: When it comes to negotiating<br />

contracts and responding to tender requests,<br />

what aspects are of most value to customers<br />

and how are these changing?<br />

Graham Tilly: Our ability to maintain a stable<br />

workforce of suitably trained and<br />

knowledgeable staff is very important to our<br />

customers, as is our ability to provide effective<br />

levels of management support.<br />

Over the last ten years, we’ve seen greater<br />

demands placed upon security staff and duties<br />

continuously increasing to provide enhanced<br />

levels of service and greater value for money.<br />

The days of a security officer simply providing<br />

access control and searches have gone. We’re<br />

experiencing security personnel forming an<br />

integral part of the facilities operation at many<br />

sites. This demonstrates a shift in expectation<br />

and changes traditional guarding services.<br />

As an industry, we need to work closely with<br />

customers to ensure that they have a better<br />

understanding of the challenges this can bring<br />

if pay rates don’t increase to accommodate<br />

these specific requirements. We’ve also seen an<br />

increase in requests for recommendations to be<br />

Graham Tilly:<br />

Managing Director of Risk<br />

Management Security<br />

Services<br />

35<br />

www.risk-uk.com


Meet The Security Company: Risk Management Security Services<br />

Name<br />

Graham Tilly<br />

Job title<br />

Managing Director<br />

Time in security business<br />

sector<br />

I’ve worked in the security<br />

business sector with Risk<br />

Management Security<br />

Services for 23 years. Prior to<br />

becoming managing director,<br />

I served in the roles of<br />

business development<br />

manager, business<br />

development director and<br />

operations director<br />

Location of the business<br />

High Wycombe,<br />

Buckinghamshire<br />

Areas of expertise<br />

Security guarding, mobile<br />

security patrols and<br />

keyholding/alarm response<br />

Accreditations<br />

NSI Guarding Gold, SIA ACS,<br />

SafeContractor, ACS<br />

Pacesetters<br />

provided as to how the service required can be<br />

delivered by using alternative methods. This is<br />

where a combined solutions package and the<br />

integration of security systems can prove to be<br />

an attractive solution.<br />

Some years ago, we experienced a trend of<br />

companies outlining contracts based on a<br />

‘Total FM’ solution and placing all of their soft<br />

services needs with a single supplier. We’re<br />

now seeing such solutions being challenged<br />

and replaced by companies that require<br />

specialists in key areas of their business such<br />

that they can gain benefits through<br />

management expertise and knowledge.<br />

Technology is also playing a key role in the<br />

changing face of security at many levels, and is<br />

very often a significant element of the tender<br />

requirement. The use of technology links<br />

directly to another key requirement of security<br />

companies: the need to continuously reduce<br />

our impact on the environment.<br />

Risk UK: How has Government legislation<br />

(eg the National Minimum Wage, the<br />

National Living Wage and holiday pay)<br />

affected your business? Do you believe such<br />

legislation is a good thing?<br />

Graham Tilly: To date, this has had very<br />

minimal impact on our business as our rates,<br />

across the majority of our locations, far exceed<br />

both the National Minimum Wage and the<br />

National Living Wage. As a company, we don’t<br />

believe in quoting low and unsustainable<br />

wages. While we do operate at a small<br />

percentage of sites where the wage rates are<br />

not in line with our model, we work with these<br />

clients to increase them to suitable levels.<br />

Legislation is important as it avoids<br />

companies offering unsustainable rates of pay<br />

to staff, which can only have a negative effect<br />

on the quality of people in the industry.<br />

However, we do still see companies using the<br />

Minimum Wage as their model to price up new<br />

business (excluding TUPE). While this may<br />

offer a tempting solution to companies<br />

sourcing security, as very often it’s one of the<br />

largest spends a company will make, you have<br />

to question how suitable security staff can be<br />

recruited at such wage levels.<br />

Some caution does need to be employed.<br />

Many organisations are looking to reduce their<br />

spend on security, not increase it. While wage<br />

increases are great for the individuals<br />

benefiting from them, someone has to pay for<br />

this and that’s only ever going to be the people<br />

buying the service. As wage rates increase,<br />

some customers will have to look very carefully<br />

at what they can justify paying for the services<br />

received, no matter how good they are.<br />

Risk UK: What are the most important<br />

attributes you look for in your security<br />

officers and staff members in general?<br />

Graham Tilly: Experience within the sector is<br />

critical. We’re seeing an influx of new security<br />

officers who are entering the industry, having<br />

received assistance to gain an SIA licence, but<br />

who have little understanding of how the<br />

industry works (ie shift work, 12-hour shifts,<br />

lone working, etc). It’s therefore vital that we<br />

recruit security staff who have experience in<br />

this type of environment and, furthermore, can<br />

offer reliability and loyalty.<br />

One of the most important aspects is<br />

attitude. People have to want to work in the<br />

industry. They have to want to do a good job<br />

and have to want to show up. You cannot teach<br />

people attitude. If they’re the sort of character<br />

that likes to cut corners or has a ‘take it or<br />

leave it’ approach towards their work then that<br />

isn’t going to cut it in a customer-facing sector.<br />

Within the company, we also look for staff<br />

members who fit the culture of our business in<br />

terms of understanding our philosophies and<br />

methods for delivering the service. We employ<br />

staff who can demonstrate a positive approach<br />

to service delivery at all times.<br />

Risk UK: How can the SIA, the NSI and<br />

industry standards best serve the sector in<br />

addition to the needs of your company’s<br />

clients and the wider public interest? Will<br />

the introduction of business licensing be a<br />

positive step?<br />

Graham Tilly: The standards outlined by both<br />

the NSI and the SIA need to be observed by all<br />

companies operating in the sector and be<br />

directly linked to business licensing that will<br />

hopefully then create an elite list of companies<br />

as originally expected when the ACS was born.<br />

I attended a meeting of industry companies<br />

prior to individual licensing and ACS<br />

assessment. The (then) chairman of the SIA<br />

advised that security companies would be able<br />

to charge customers an additional 35% due to<br />

officer licensing and registration with the ACS.<br />

That was 13 years ago. I sincerely hope that, if<br />

business licensing does come to fruition,<br />

companies within the industry can work with<br />

the SIA and the NSI to develop that elite list<br />

and raise standards even further.<br />

If business licensing enables customers to<br />

genuinely identify suppliers in the upper<br />

echelon of the industry, then it has to be a<br />

positive step. If it simply becomes another<br />

membership for the existing ACS companies –<br />

and bear in mind it has been suggested ACS<br />

companies will fast track to business licensing<br />

– then I cannot see any benefits arising.<br />

36<br />

www.risk-uk.com


3 July 2018<br />

Hilton London Canary Wharf<br />

ONE DAY DAY – – MULTIPLE SOLUTIONS TO YOUR CHALLENGES<br />

eet Meet with with the the most most trusted solution providers, learn from industry thought leaders and and connect with with<br />

eers peers over over the the course of of the the Summit, which is entirely FREE to attend for for security professionals.<br />

opics Topics covered covered include: include: Access Access Control •• Anti-Virus Browser •• Security Data Data • Theft/Loss • • Malware • Malware<br />

Mobile • Mobile Security Security • Network • Network Security Security Management • Trojan Detection • • UK UK Cyber Cyber Strategy Strategy<br />

For more information and to register, please contact Emily Gallagher<br />

on: 01992 374085 or e.gallagher@forumevents.co.uk.<br />

@SECIT_SUMMIT #SITSUMMIT<br />

SECURITYITSUMMIT.CO.UK<br />

MEDIA & INDUSTRY PARTNER<br />

HOSTED BY


Examining The Role of Insurance in<br />

Converged Security Solutions<br />

“Risk comes from not<br />

knowing what you are<br />

doing. Price is what<br />

you pay. Value is what<br />

you get. Someone’s<br />

sitting in the shade<br />

today because<br />

someone planted a<br />

tree a long time ago”<br />

Warren Buffett’s<br />

words are apt in<br />

describing today’s<br />

security environment.<br />

The more that we work<br />

together in generating<br />

holistic solutions, the<br />

better the results in<br />

the long term. Rachel<br />

Anne Carter focuses<br />

on the role of the<br />

insurance industry in<br />

the delivery of security<br />

solutions<br />

38<br />

www.risk-uk.com<br />

The security profession as we understand it<br />

includes a variety of security generalists<br />

and specialists: corporate and commercial<br />

security practitioners, police and law<br />

enforcement professionals, intelligence<br />

operatives and military personnel. However,<br />

when thinking more broadly of those who<br />

provide solutions to security breaches, we also<br />

have insurance providers, lawyers and others<br />

whose work directly affects security outcomes<br />

or regulates behaviour, and thus brings in<br />

different bands of membership from corporates<br />

or Government departments.<br />

Holistic solutions are essential. When there’s<br />

a lack of collaboration and an entrenchment of<br />

the silos, there’s a duplication of resources and<br />

an escalation in costs. Even worse, there’s the<br />

danger that certain threats will fall into the<br />

cracks between them.<br />

Within the security profession, it’s now being<br />

recognised that cyber security should not be<br />

regarded as a silo. Rather, it’s everyone’s<br />

business. Converged security solutions are<br />

necessary. The exact same principle applies to<br />

the integration of other specialisms.<br />

The insurance industry is one of those<br />

sectors resting on the outer edge of the<br />

security industry, and not always certain of its<br />

place within the security sector. Insurance is, of<br />

course, a security measure. Greater knowledge,<br />

learning and mutual benefits will emerge from<br />

breaking down the existing silos, generating a<br />

more communicative experience and achieving<br />

holistic security strategies. As a direct result,<br />

many insurance companies are now seeking to<br />

engage with the security business sector on a<br />

somewhat more effective footing.<br />

Taking the example of cyber insurance, as we<br />

innovate, adapt and develop product and<br />

service offerings, we’re seeking to be part of a<br />

holistic security experience. Although insurance<br />

is critical to the economic security of a<br />

company, entity or individual after a cyber<br />

attack, we do of course recognise that<br />

insurance alone isn’t enough.<br />

In order to address cyber risks, we seek to<br />

develop a joined-up approach where we can<br />

look at the problem of cyber threats and its<br />

transformation as a multifaceted issue and then<br />

respond accordingly.<br />

Understanding and insight<br />

Insurers have the best possible understanding<br />

and insight into economic protection against<br />

business risks. There’s often a convergence of<br />

physical and cyber risks. In some cases, the<br />

physical risk may be about access to a building<br />

or access to computer systems or servers, for<br />

example. This requires specialists in both areas<br />

to work together, and both types of specialist to<br />

have a strong working knowledge of the other’s<br />

domain. In the future, the distinction between<br />

the two may well disappear entirely.<br />

The insurance industry also relies upon<br />

technical cyber professionals who have<br />

specialist knowledge of IT and cyber<br />

infrastructure, vulnerabilities and programming<br />

capabilities and who can implement technical<br />

solutions. The ability of insurance, physical<br />

security and technical cyber experts to work<br />

together to generate holistic solutions will be<br />

preferable to a pure economic solution.<br />

The economic aspect of the solution within a<br />

broader security strategy will, however, aid the<br />

recovery process and enable a company to have<br />

the cashflow required to continue their<br />

operations after an event has transpired.<br />

Security breaches rarely affect only one part<br />

of a business. Rather, they’re more likely to<br />

impact several areas and may even affect the<br />

overall functionality and operability of a


The Security Institute’s View<br />

business (even if only temporarily). On that<br />

basis, a solution accounting for the various<br />

impacts is key. Generating the required<br />

information about the potential impact(s) of<br />

security breaches involves intelligence<br />

gathering, understanding of technical<br />

intricacies and behavioural and other<br />

observations. This understanding and holistic<br />

approach towards mitigating the threat and any<br />

potential implications takes into account<br />

minimisation, prevention and recovery from<br />

security breaches.<br />

Intelligence gathering as well as physical<br />

surveillance can monitor individuals, groups,<br />

potential state actors or others involved in<br />

generating the greatest physical, cyber or other<br />

security threats and the broad threat<br />

groupings. Law enforcement has a role to play<br />

in dealing with criminality, primarily after it<br />

happens, and prosecuting where possible those<br />

engaged in cyber crime. A joined-up approach<br />

will also help facilitate the identification of<br />

patterns used by adversaries to carry out<br />

attacks and put in place solutions to combat<br />

these as well as isolate any potential losses.<br />

It’s fair to suggest that collaboration is the<br />

strongest force we have available to us.<br />

Collaboration is key<br />

In addition to enhancing understanding,<br />

collaboration facilitates cost and time<br />

efficiencies as well as an enhanced likelihood<br />

of preventing many more security breaches<br />

(physical and/or virtual).<br />

Using the same cyber example, a security<br />

solution involves taking into account physical<br />

risks and ways of minimising these risks, cyber<br />

professionals being more prescriptive about<br />

what clients and stakeholders must or should<br />

do (and regularity) to ensure that systems are<br />

as safe as possible and that insurance adapts<br />

and optimises its offer while ensuring clarity in<br />

existing offerings.<br />

The bringing together and selling of such<br />

products and services will benefit all and<br />

provide far more robust solutions for clients.<br />

This will take the stress, time and<br />

inconvenience away from clients otherwise<br />

having to source their own vendors to meet a<br />

variety of different security objectives.<br />

For the provision of security and the level of<br />

insurance cover offered, it’s likely that a higher<br />

degree of security will be afforded and that<br />

insurance solutions may have higher limits or<br />

more extensive coverage. Optimal solutions<br />

protecting against all security eventualities will<br />

be provided to companies who understand their<br />

risks and vulnerabilities and abide by – or are<br />

willing to nurture – a strong security culture.<br />

Collaboration will inherently focus on<br />

solutions, but it also has an educational<br />

element attached to it. The different sectors<br />

within the security community can educate<br />

each other and also learn from each other.<br />

Opening and widening the dialogue between<br />

the different sectors is likely to create new<br />

business opportunities for all those involved.<br />

Whenever a breach of security occurs,<br />

whether it manifests itself in a physical, cyber<br />

or other medium, it’s in everyone’s best interest<br />

that the breach is contained and minimised,<br />

with a strategy for resilience and returning to a<br />

state of ‘business as normal’ as soon as<br />

practicable duly put into operation.<br />

Breaking down traditional barriers<br />

The breaking down of traditional barriers to<br />

promote a joined-up approach sends a very<br />

powerful signal to our adversaries. Together, we<br />

are stronger. By sharing knowledge, we make it<br />

harder for the adversary to exploit the gaps<br />

where information doesn’t filter through from<br />

one silo to the next. Instead, it provides a<br />

stronger position to analyse past events, learn<br />

from them and adapt accordingly.<br />

Ultimately, if there’s a loss event, it’s best<br />

that everyone’s on board from the security<br />

sector, as the only winners from these events<br />

are the cyber adversaries who’ve been able to<br />

exploit our own entrenched silo system to their<br />

own advantage. This is a plea to organisations<br />

that they ought to take guidance from the<br />

words of business magnate Warren Buffet and<br />

start to plant the necessary seeds now.<br />

All-encompassing profession<br />

Security is an all-encompassing profession<br />

focusing on the safety of people, business and<br />

communities. Insurance is part of the solution,<br />

providing an economic and financial buffer.<br />

As the year is yet young, let this one stand to<br />

be a turning point whereby there’s greater<br />

collaboration, adaptation and modernisation of<br />

the way in which various security risks are both<br />

perceived and then actively remedied.<br />

Let us become a united force for the future<br />

and a growing seed of resentment for our<br />

adversaries who are looking to carry out<br />

security breaches. If we grow stronger together,<br />

then the cyber attackers will realise they’re<br />

faced with a harder task when it comes to<br />

conducting their criminal escapades.<br />

The Security Institute’s View<br />

is compiled and edited by Dr<br />

Alison Wakefield FSyI<br />

(Chairman of The Security<br />

Institute) and Brian Sims BA<br />

(Hons) Hon FSyI (Editor of<br />

Risk UK)<br />

Dr Rachel Anne Carter MSyI:<br />

Director of Research and<br />

Policy at The Security Institute<br />

and Cyber Innovation Lead at<br />

AmTrust<br />

“Holistic solutions are essential. When there’s a lack of<br />

collaboration and entrenchment of the silos, there’s a<br />

duplication of resources and an escalation in costs”<br />

39<br />

www.risk-uk.com


Developing a Career in Security and<br />

Intelligence: The Pathway to Success<br />

The Young<br />

Professionals Group<br />

was created by ASIS<br />

UK to establish a<br />

comfortable<br />

environment both for<br />

members new to<br />

security and future<br />

leaders wishing to<br />

engage with ASIS<br />

programmes and<br />

activities. Its core<br />

mission is to develop<br />

and educate young<br />

careerists in the<br />

security industry.<br />

Recently, Jerry Ross<br />

was asked to speak at<br />

an ASIS Young<br />

Professionals Group<br />

event and give an<br />

account of how she<br />

embarked on a career<br />

in the field of<br />

intelligence and,<br />

subsequently, security<br />

Jerry Ross: Regional Intelligence<br />

Analyst at Securitas UK<br />

40<br />

www.risk-uk.com<br />

Though incredibly nerve-wracking, it was an<br />

honour to be asked to share my<br />

experiences on developing a career within<br />

the security business sector with the invited<br />

audience, the key points of which are now<br />

being shared here among the readers of Risk<br />

UK. After graduating from Oxford Brookes<br />

University in 2011 with a BA (Honours) degree<br />

in English Literature and Geography, like many<br />

graduates fresh out of university I wasn’t<br />

entirely clear on the way forward. I’ve always<br />

had an interest in the Armed Forces and<br />

counter-terrorism, in the main prompted by<br />

media coverage of the Iraq and Afghanistan<br />

wars, so I initially considered joining the Armed<br />

Forces or the police service.<br />

I’ve always harboured an inquisitive nature,<br />

enjoying the analysis and research I completed<br />

in my studies, whether that be researching<br />

people, events or history. It was a combination<br />

of these factors that led me to make up my<br />

ideal job title – Intelligence Researcher. It just<br />

so happened that this kind of role did actually<br />

exist, and so the pursuit of a role began.<br />

After extensive travelling and with some<br />

direction as to what career path to pursue, I hit<br />

the job market with a vengeance to track down<br />

the perfect starting job. In February 2013, I<br />

applied for – and duly secured – my first<br />

position as intelligence researcher with Surrey<br />

Police. Based in Staines, the role involved<br />

monitoring and investigating crimes in the local<br />

area, among them high-value burglaries,<br />

kidnapping and drug offences.<br />

Intelligence was gathered on a daily basis via<br />

open and closed sources to compile profiles on<br />

suspects and identify trends in criminal activity.<br />

The intelligence was used to proactively<br />

minimise and prevent repeat incidents. The<br />

responsibility and experience I gained from<br />

running my own operations on dangerous<br />

individuals, combined with the support of<br />

amazing colleagues, made this the perfect<br />

hands-on role for me.<br />

Eventually, it was time to join the on-call<br />

team, in turn dealing with crisis situations<br />

including kidnappings and extortion. I can still<br />

remember being called to assist with an<br />

incident on my first day with the unit and then<br />

on my last day with the force.<br />

In January 2014, I took the opportunity to<br />

transfer from criminal intelligence to Surrey<br />

Police’s Special Branch and begin combating<br />

terrorism. In this role, I continued<br />

investigations and assumed responsibility for<br />

gathering more in-depth open source<br />

intelligence. It was in this role that I began my<br />

unexpected journey as an open source<br />

intelligence specialist with the force, using<br />

bespoke software and investigation tools.<br />

I built up solid experience in open source<br />

intelligence, and was starting to train fellow<br />

colleagues in Best Practice methods and the<br />

use of specialist software. Training and<br />

upskilling are important aspects of any role in<br />

intelligence, as it’s very much the case that you<br />

have to stay ahead of the latest developments<br />

in systems, monitoring and technology.<br />

Come January 2016, and after two years in<br />

counter-terrorism, I transferred to the Anti-<br />

Corruption Unit within Surrey Police. This role<br />

was part of a small and specialised team<br />

focused on exposing corrupt individuals and<br />

practices within the force. During this time, our<br />

team received a Chief’s Commendation. That<br />

was an important highlight for me.<br />

After four-and-a-half exciting years with<br />

Surrey Police, I decided the time was right to<br />

make a change and focus on a new challenge. I<br />

was particularly keen to step out of my comfort<br />

zone and explore new opportunities. That being<br />

so, I set out to extend my professional network.<br />

One of the first events I attended was the<br />

Security and Counter-Terrorism Expo that ran at<br />

London’s Olympia in March 2016. It was here<br />

that I was first introduced to the ASIS UK<br />

Women in Security Group, a sub-group of the<br />

organisation that supports and assists women<br />

in the security sector and also encourages new<br />

entrants into the profession.<br />

Indeed, this was the first of many ASIS<br />

networking events I would subsequently<br />

attend. ASIS International is the largest<br />

organisation for security professionals, with<br />

more than 35,000 members worldwide,<br />

including 800 here in the UK.<br />

An intriguing career<br />

While attending the Expo, I met ASIS UK<br />

director Dawn Holmes CPP (at that time the<br />

lead for the ASIS UK Women in Security Group)<br />

who had just taken up the role of technical<br />

security specialist at Bloomberg LP. Up until<br />

this point, I hadn’t considered security as a


In the Spotlight: ASIS International UK Chapter<br />

career choice, but meeting Dawn as well as<br />

other professional women in the industry<br />

heightened my awareness and interest.<br />

In September 2016, I left Surrey Police to<br />

take on the role of intelligence researcher for<br />

the British Transport Police (BTP). As part of the<br />

change, I relocated from Guildford to London<br />

and, within a few short weeks, I was tasked<br />

with developing the open source intelligence<br />

policy, capability and training for the BTP.<br />

Then, in March last year, I attended the ASIS<br />

UK Spring Seminar where I met Iskander<br />

Jefferies CPP from Securitas. At this point, I had<br />

limited knowledge of Securitas or the private<br />

security sector in general. However, Iskander<br />

explained to me that there might be an -<br />

ntelligence position in the pipeline.<br />

Suddenly, the possibility of a new career and<br />

further professional development was<br />

presenting itself. Having never before placed<br />

much faith in the power of networking, I<br />

suddenly found new doors beginning to open.<br />

Starting a career in security<br />

Last July, the new role of regional intelligence<br />

analyst at Securitas came to fruition and I left<br />

BTP to begin my career in security. A few<br />

thoughts were running through my mind at the<br />

time, with some of them keenly focused on<br />

making the transition from the public to the<br />

private sector and what this would actually<br />

entail. Nevertheless, I was looking forward to a<br />

new challenge and broadening my horizons.<br />

I’ve been with Securitas for seven months<br />

now and I’ve fully immersed myself in the<br />

security industry.<br />

Law enforcement agencies have been<br />

scrutinised and under pressure in recent years.<br />

One positive takeaway from my experience with<br />

Surrey Police is an understanding of the<br />

importance of intelligence and how it can be<br />

gleaned through open source investigation.<br />

Although the security industry has made some<br />

headway, many organisations could do a lot<br />

more to investigate this pool of information.<br />

This is now my ambition: to bring open<br />

source investigation to the forefront of private<br />

security as a crucial means of safeguarding our<br />

clients and assets. As a business, Securitas<br />

understands the power of intelligence and<br />

enhanced vetting with a number of customers<br />

expressing an interest in this service. The<br />

ability to gather intelligence to counteract or<br />

prevent incidents and offer predictive security<br />

is critical, and particularly so in the aftermath<br />

of so many premeditated and targeted attacks<br />

across the UK in recent times.<br />

Today’s companies have to face a number of<br />

threats, and in particular the insider threat.<br />

This is where enhanced vetting comes into its<br />

own, and notably so for those roles with a<br />

heightened requirement for discretion.<br />

The development of the web and social<br />

media channels has presented many positives,<br />

but this has also opened the door to negative<br />

activity. Social media platforms are a primary<br />

source of communication for many, meaning<br />

that there’s an enormous amount of information<br />

and intelligence with which to work. People<br />

report suspicious behaviour, post images and<br />

videos of attacks and cover a whole host of<br />

interesting topics. They even report 101<br />

information to the police service through social<br />

media channels.<br />

The intelligence field is always evolving so<br />

it’s crucial to stay ahead and keep up-to-date<br />

on the latest developments with a heightened<br />

emphasis on the technology side of matters.<br />

Engaging with ASIS UK’s Women in Security<br />

Group and the ASIS Young Professionals Group<br />

has changed the direction of my career which<br />

has been an exciting and rewarding journey.<br />

That said, I believe there’s much more<br />

adventure still to come. I’m looking forward to<br />

learning much more about the security sector.<br />

I often think back to advice given by one of<br />

my former teachers when I was trying to decide<br />

what to study at university. I was urged to<br />

“stick to the core subjects” (which I did). I<br />

enjoyed my degree, but I’m glad I embarked on<br />

a completely different career path.<br />

“Training and upskilling are important aspects of any role<br />

in intelligence, as it’s very much the case that you have to<br />

stay ahead of the latest developments in systems,<br />

monitoring and technology”<br />

41<br />

www.risk-uk.com


Often, fire detection in<br />

large open spaces has<br />

proven to be<br />

somewhat<br />

challenging. Although<br />

BS 5839-1 provides<br />

clear guidelines for<br />

detection at the<br />

ceiling, some<br />

designers have been<br />

embarrassed to<br />

receive customer<br />

complaints of<br />

detection failing to<br />

respond to a fire<br />

outbreak despite the<br />

systems installed<br />

being compliant with<br />

the Code of Practice.<br />

Robert Yates and Peter<br />

Massingberd-Mundy<br />

investigate<br />

Robert Yates: Technical<br />

Manager at the Fire Industry<br />

Association<br />

Shedding Light on the<br />

Detection of Stratified Smoke<br />

The cause of poor fire detection system<br />

performance can often be attributed to<br />

stratification. This is where the fire has<br />

insufficient energy for the resultant smoke<br />

plume to rise to the ceiling because it has<br />

cooled to the temperature of the surrounding<br />

air and lost buoyancy, spreading out in a layer<br />

below where the detection equipment is sited.<br />

The challenge for system designers, then, is<br />

to predict when and where stratification may<br />

occur. In practice, it’s almost impossible to<br />

reliably predict the height at which the smoke<br />

layer will form because it depends upon the<br />

size and energy of the fire and the temperature<br />

gradient in the protected space.<br />

That gradient can in itself be influenced by<br />

many factors such as differing weather<br />

conditions, the time of day, building occupation<br />

and heating control, etc. As a consequence, it’s<br />

often simply argued that, as the fire develops,<br />

the heat output increases, hotter smoke will<br />

break through any thermal barrier and ceilingmounted<br />

detectors will eventually operate.<br />

In those spaces where smoke stratification is<br />

considered to be a risk, BS 5839-1 (and other<br />

similar Codes of Practice) has, for many years,<br />

recommended that a layer of several beam<br />

detectors is installed, with the detectors<br />

spaced sufficiently close to each other such<br />

that the rising smoke plume is unlikely to pass<br />

through the layer undetected. In reality, this<br />

recommendation is rarely followed because the<br />

number of beam detectors needed is<br />

prohibitively expensive.<br />

Instead, many fire protection system<br />

designers instinctively apply the use of angled<br />

beam detectors in the expectation that they will<br />

be obscured by the smoke layer no matter the<br />

height at which it happens to form.<br />

Research project<br />

This alternative approach using angled beams<br />

was first included in BS 5839-1 in 2013, but no<br />

specific guidance was provided as to where to<br />

place the beam detectors because such an<br />

approach had never been fully researched.<br />

On that basis, the Fire Industry Association<br />

(FIA) accepted a proposal from some of its<br />

member companies to invest in a research<br />

project purposefully designed to investigate the<br />

effectiveness of angled beams and provide data<br />

to support guidance as to where they should<br />

best be positioned.<br />

The research project was sponsored by the<br />

FIA in conjunction with Laluvein Consulting Ltd,<br />

Fire Fighting Enterprises Limited and Xtralis<br />

(UK) Ltd (part of Honeywell), all of them<br />

member organisations of the FIA.<br />

Using software called Fire Dynamic Simulator<br />

(FDS), the FIA (working in partnership with fire<br />

science researchers from the BRE’s Centre for<br />

Fire Safety Engineering at the University of<br />

Edinburgh) modelled a series of fire scenarios<br />

in a 25 metre-high space to simulate the effect<br />

of key variables such as fire size and<br />

temperature gradient on the characteristics of<br />

the smoke layer.<br />

The BRE’s Centre for Fire Safety Engineering<br />

exists to equip tomorrow’s leaders in the field<br />

with the skills they require, support today’s fire<br />

safety teams with multidisciplinary research,<br />

provide first-class education in fire safety<br />

engineering and structural fire engineering,<br />

deliver fire safety consultancy services to<br />

industry and other consultancies and<br />

disseminate information about advances and<br />

research in fire safety engineering through<br />

courses, symposia and publications.<br />

For those readers of Risk UK unfamiliar with<br />

FDS, it uses complex computerised<br />

mathematical modelling systems to simulate<br />

and predict the way in which smoke travels and<br />

how it rises within a building. Moreover, it<br />

includes models that can be used to predict the<br />

activation of smoke detectors (including beam<br />

detectors and aspirating smoke detectors).<br />

These models were fundamentally improved as<br />

part of the project to accurately model angled<br />

beams (of which there were over 100 included<br />

in the simulations).<br />

Useful insights<br />

As is the case with all such analysis, the<br />

absolute accuracy of the results cannot be<br />

relied upon until it has been verified. Despite<br />

this caveat, the results provide useful insights<br />

into the relative performance of detectors in<br />

different positions, while the visualisation<br />

afforded by SmokeView sheds some light on<br />

how the smoke layer develops.<br />

The first finding was that the tight spacing<br />

(¼ height) recommended in BS 5839-1 (for<br />

interstitial beams intended to detect the rising<br />

column of smoke) shouldn’t be relaxed. For<br />

example, if the interstitial beams are installed<br />

at 12 metres they need to be spaced every 3<br />

42<br />

www.risk-uk.com


FIA Technical Briefing: Detecting Stratified Smoke<br />

metres – requiring five times more devices than<br />

with the 15-metre spacing recommended for the<br />

ceiling-mounted beam detectors.<br />

The second finding was that the predicted<br />

response of angled beam detectors passing<br />

through a stratified layer of smoke (resulting<br />

from a small fire when there’s a temperature<br />

gradient) is similar to the response of beam<br />

detectors positioned on a ceiling (to the same<br />

small fire when there’s no temperature gradient<br />

to cause the smoke to stratify). This is an<br />

important finding as it confirms that angled<br />

devices are likely to be effective.<br />

One observation, and which differs from<br />

common/intuitive thinking, is that the<br />

horizontal velocity in the smoke layer reduces<br />

as the layer spreads. The research project<br />

indicates that the smoke layer doesn’t continue<br />

to stretch outwards across the room<br />

indefinitely, but instead tends to deepen<br />

around the centre and become more dense.<br />

When considering a design with angled beams,<br />

it’s therefore important that due attention is<br />

afforded to the extent – and speed – of the<br />

spread of the smoke layer.<br />

Applying the research<br />

The findings thus far are reflected in the current<br />

advice contained within BS 5839-1 for installing<br />

angled beam detectors, and particularly in the<br />

note under Clause 22.5d.<br />

One additional recommendation from the<br />

research which hasn’t been reflected in BS<br />

5839-1 as yet is that, when installing angled<br />

beams, they’re best deployed in a criss-cross<br />

arrangement. This is specifically intended to<br />

ensure that the distance to a beam at any given<br />

height isn’t in any way excessive.<br />

From this relatively short overview of the<br />

research underpinning the current<br />

recommendations for angled beams, it’s clear<br />

that further analysis and validation is needed.<br />

In anticipation of this, the FIA has agreed to<br />

sponsor a second phase of research into the<br />

challenges of detecting stratified smoke.<br />

The FIA’s Fire Detection and Alarm Council’s<br />

primary purpose is to find solutions to such<br />

technical issues on behalf of the fire industry.<br />

Council is comprised of roughly 30 individuals<br />

from FIA member companies, with selection<br />

conducted through an election process. The<br />

majority of those on Council have a senior<br />

background, an extensive range of experience<br />

and a deep knowledge and understanding of<br />

both British and European Standards.<br />

All of this means that technical guidance<br />

documents can be created to the highest<br />

industry standard based on the FIA’s research<br />

and partnerships with leading universities, the<br />

British Standards Institution and other<br />

standards bodies.<br />

The FIA acts as the springboard between<br />

industry and research at top Higher Education<br />

institutions, providing the industry with<br />

solutions and guiding standards by way of<br />

scientific evidence. The research helps in<br />

leading the FIA’s training and qualifications in<br />

fire detection and alarm systems.<br />

Specialist qualifications<br />

On that note, the FIA can now offer four new<br />

specialist qualifications: one each for the<br />

design, installation, maintenance and<br />

commissioning of fire detection and alarm<br />

systems. The qualifications have been carefully<br />

developed over time by a range of experts in<br />

the field to raise the level of professional<br />

knowledge and understanding of those working<br />

within the sector.<br />

These qualifications have been produced in<br />

consultation with industry leaders and<br />

employers, matching the needs of the industry<br />

with what learners really need to understand.<br />

The FIA has worked with reference to the<br />

National Occupational Standards, current UK<br />

legislation and published standards, along with<br />

Codes of Practice and industry Best Practice to<br />

give learners the opportunity to expand their<br />

knowledge and understanding in a format that’s<br />

in-depth and delivered under expert guidance.<br />

Further information<br />

concerning optical beam<br />

detection may be gathered by<br />

visiting the Resources Section<br />

of the FIA’s website<br />

(www.fia.uk.com) where an<br />

extensive technical library can<br />

be accessed<br />

Peter Massingberd-Mundy:<br />

Technology and Expert Practices<br />

Manager at Xtralis (a Member<br />

Company of the FIA)<br />

“The research project indicates that the smoke layer<br />

doesn’t continue to stretch outwards across the room<br />

indefinitely, but instead tends to deepen around the centre<br />

and become more dense”<br />

43<br />

www.risk-uk.com


Mental Health: Are You Doing Enough<br />

to Support Your People?<br />

With workplace stress<br />

on the increase and<br />

mental health issues<br />

now firmly on the<br />

agenda, this really<br />

should be something<br />

that security<br />

businesses are<br />

tackling head on. Yet,<br />

according to the<br />

charity Mind, 30% of<br />

employees questioned<br />

in a recent survey<br />

disagreed with the<br />

statement: “I would<br />

feel able to talk<br />

openly with my line<br />

manager if I was<br />

feeling stressed”.<br />

Louise McCree<br />

investigates<br />

44<br />

www.risk-uk.com<br />

Clearly, some managers don’t appreciate the<br />

implications of failing to address mental<br />

health issues within their organisation.<br />

Those who are aware of the consequences<br />

seem unclear about what the correct course of<br />

action should be. This is upheld by further<br />

statistics from Mind which state that,<br />

disappointingly, “56% of employers said that<br />

they would like to do more to improve staff<br />

well-being, but don’t feel they have the right<br />

training or guidance in order to do so.”<br />

Unfortunately, the number of people<br />

reporting mental health conditions seems to be<br />

on the increase. It’s unlikely that this situation<br />

will change. Part of the reason could be due to<br />

longer working hours and employees very often<br />

feeling obliged to take work home with them.<br />

Combined with this is an inability on the part of<br />

some people to ‘switch off’, and particularly so<br />

if they’re contactable all of the time.<br />

Exacerbating the situation is the rapid<br />

advance of technology, with individuals<br />

spending more time in front of screens. Most<br />

readers of Risk UK will already be aware of the<br />

harmful effects of blue light emitted from<br />

electronic devices and how this can impact our<br />

sleep. Also, the British Heart foundation<br />

reported last year that more than 20 million<br />

adults in the UK are failing to meet Government<br />

guidelines for physical activity, leading to all<br />

sorts of related health complications.<br />

On Thursday 1 February, Mind ran its ‘Time to<br />

Talk’ day, the idea being to promote a culture of<br />

speaking openly about mental health issues. If<br />

you missed this, then perhaps the charity’s<br />

‘Time to Change’ pledge may be something to<br />

look into? This could form part of the overall<br />

well-being strategy within your organisation.<br />

Complicated issue<br />

Mental health is a complicated issue. It’s a<br />

sensitive topic and often an emotive one for<br />

many. Therefore, the approach taken towards it<br />

needs to be considered and unhurried. Do<br />

nothing about it at your peril, though. More<br />

than one-in-five (21%, in fact) respondents to a<br />

recent Mind-orchestrated survey stated that<br />

they had called in sick to avoid work when<br />

asked how workplace stress had affected them.<br />

Other scenarios for not being equipped to deal<br />

with mental health issues in the workplace are<br />

PR disasters, potential tribunals and, most<br />

serious and devastating of all, suicide attempts.<br />

Rest assured that there are various ways in<br />

which a security business can prepare itself to<br />

tackle mental health issues and support its<br />

people. The best place to start is with a plan.<br />

Raise awareness. Ensure that employees feel<br />

comfortable talking about mental health issues<br />

and encourage discussions about stress and<br />

anxiety. Also, remember that mental health<br />

issues include eating disorders, panic attacks<br />

and addiction. These should be incorporated<br />

into any written policy. Mental Health<br />

Awareness Week commences in May, so why<br />

not plan ahead and schedule in some activities<br />

or functions that raise awareness?<br />

Consider creating a Well-Being Policy. Be<br />

aware that simply drawing up a policy will not<br />

solve all of the issues involved. It’s a helpful<br />

exercise to begin compiling the things which<br />

your business currently does in order to<br />

support members of staff. It’s also a good way<br />

to identify gaps. Furthermore, a policy is a<br />

simple and effective way of communicating<br />

what you do to clients and members of staff<br />

alike. It also gives those employees who are<br />

struggling something to which they can refer.<br />

Train your managers. This is vital as<br />

managers are likely to be the first people to<br />

notice any change in an employee. Managers<br />

should be taught to look for signs that an<br />

employee is struggling (for example, lack of<br />

concentration, an increase in absenteeism, a<br />

short temper, being emotional at work or a<br />

sudden change in performance level).


Security Services: Best Practice Casebook<br />

Employee Assistance Programmes<br />

Introduce an Employee Assistance Programme<br />

(EAP). Implementing an EAP is usually a<br />

relatively low cost exercise and a great way of<br />

offering additional, external support. Very<br />

often, an employee may not feel comfortable<br />

discussing a personal matter with a colleague.<br />

An EAP is a good alternative. Not only do they<br />

provide counselling, but they also afford<br />

practical advice (for example on matters such<br />

as financial debt or divorce which can often<br />

contribute towards a person’s depression).<br />

If as a business you already have an EAP in<br />

place, determine to make sure that your people<br />

know it’s there and that they make good use of<br />

it. Very often, schemes are paid for, but are<br />

then poorly communicated.<br />

Promote wellness initiatives. As an employer,<br />

you have a Duty of Care, meaning that you<br />

should take all reasonable steps to ensure the<br />

well-being of your employees. Introducing a<br />

wellness programme doesn’t have to be timeconsuming<br />

or expensive. It may be something<br />

as simple as providing a free fruit bowl on each<br />

of your floors at headquarters.<br />

If your organisation already has a ‘Cycle to<br />

Work’ scheme then make sure it’s adequately<br />

promoted. Consider corporate gym membership<br />

or providing a ‘quiet room’ at work wherein<br />

employees can retreat for ten minutes (the<br />

room should be a device-free zone). A number<br />

of companies have run campaigns designed to<br />

encourage staff to take proper breaks at work,<br />

while Stylist Magazine is relaunching its<br />

‘Reclaim Your Lunchbreak’ campaign.<br />

On that note, there’s significant evidence to<br />

suggest that taking even a 30-minute break<br />

away from their desk increases productivity and<br />

boosts an employee’s focus. In addition, it<br />

works wonders for creativity and, most<br />

importantly, mood.<br />

Create and foster a culture of openness,<br />

acceptance and support. A business might do<br />

this by appointing a wellness representative,<br />

ensuring regular communications about health,<br />

exercise, support and training or including such<br />

detail in client presentations or newsletters.<br />

Another great way of embedding the<br />

importance of talking about mental health<br />

issues is to align wellness with various existing<br />

policies and processes. This could include the<br />

annual appraisal or monthly reviews, such that<br />

employees understand what’s expected of<br />

them, what to look for in others and where to<br />

seek help if they should require it.<br />

Make the commitment<br />

In addition to Mind’s ‘Time to Change’ pledge,<br />

there are various other commitments your<br />

“Managers should be taught to look for signs that an<br />

employee is struggling (for example, lack of concentration,<br />

an increase in absenteeism, a short temper, being emotional<br />

at work or a sudden change in performance level)”<br />

business can undertake to make the workplace<br />

a happier and much healthier environment. One<br />

of these is the Healthy Workplace Charter. In<br />

essence, this is a set of standards that<br />

organisations set out to meet in order to<br />

receive an official accreditation.<br />

Mental health is different for everyone and,<br />

as such, you cannot – and, indeed, should not –<br />

approach it as a ‘one-size-fits-all’ solution. The<br />

one thing that many businesses really struggle<br />

with is what to do on a practical level if an<br />

employee has mental health concerns. There<br />

are some key steps to note here.<br />

Manage the employee in the same way as<br />

you would any other medical issue. By this, I<br />

mean ensure that the process you follow is<br />

consistent and in line with the normal company<br />

medical capability process. Meeting with the<br />

employee is essential to understand what’s<br />

going on. You may wish to allow them the right<br />

to be accompanied by a friend or a member of<br />

their family, even though this isn’t obligatory. It<br />

may well make them feel more at ease.<br />

Look at obtaining a medical report (you will<br />

need the employee’s consent for doing so). This<br />

will enable you to gain valuable insight and<br />

advice from a professional. Consider referring<br />

the employee to occupational health.<br />

Sometimes, it can be the case that someone<br />

completely independent and removed from the<br />

process is better able to offer support.<br />

Making reasonable adjustments<br />

Be mindful that you may need to make<br />

reasonable adjustments for the person<br />

concerned. These could include shortened<br />

hours, ‘buddying up’, counselling, adjusting<br />

workload or encouraging the employee to use<br />

some of their annual holiday entitlement for a<br />

break away from the business.<br />

Most importantly of all, though, you should<br />

remember that, because all mental health<br />

issues are different, you must never fall into the<br />

trap of making assumptions about a given<br />

individual’s condition.<br />

In observing that rule, you will undoubtedly<br />

bring about numerous positive changes to your<br />

organisation. You should see productivity<br />

increases, absenteeism reductions, Public<br />

Relations improvements leading to a more<br />

competitive edge and, most significantly of all,<br />

a happier and more motivated workforce.<br />

Louise McCree MCIPD:<br />

Founder of effectivehr<br />

45<br />

www.risk-uk.com


Hardware Cyber Security:<br />

From the Active to the Passive<br />

Iain Deuchars focuses<br />

on hardware cyber<br />

security, examining<br />

the possible<br />

approaches that an<br />

attacker might take<br />

before proceeding to<br />

describe the features<br />

within active network<br />

equipment that can<br />

prevent such attacks<br />

from being successful.<br />

Although<br />

concentrating on IP<br />

security and<br />

surveillance networks,<br />

what follows applies<br />

to any Ethernet-based<br />

network and, as such,<br />

covers a much wider<br />

scope of markets<br />

The term ‘Cyber Security’ is a common one<br />

in our world today, and can affect anything<br />

and anyone from national Governments<br />

and global corporate entities through to<br />

individuals both young and old. Due to its<br />

ubiquitous association, our comprehension of<br />

cyber security is based around the global<br />

Internet where software attacks, such as<br />

malware and DDoS episodes, threaten our<br />

working days and everyday lives. Websites can<br />

become unreachable and corporate servers are<br />

hacked, with expensive consequences for<br />

owners and operators alike.<br />

What we fail to relate cyber security to is the<br />

threat posed to autonomous computer<br />

networks. Here, a third party physically breaks<br />

into a system via its infrastructure devices<br />

resulting in the system being compromised or<br />

failing completely with disastrous outcomes<br />

from either scenario.<br />

Due to their nature, security and surveillance<br />

networks put network connections in both<br />

secure and unsecured locations. Vulnerable<br />

positioning provides ample opportunities for<br />

the would-be attacker, so due care and<br />

attention must be paid to equipment<br />

protection. However, installers must also treat<br />

secure sites in exactly the same way. The point<br />

of attack could originate from a source fully<br />

entitled to be within an area. On that basis, no<br />

chances can be taken.<br />

An Ethernet network comprises both active<br />

and passive equipment. Active equipment is<br />

defined as that which needs electrical power to<br />

operate, while passive equipment is that which<br />

doesn’t require electrical power. Active<br />

equipment includes Ethernet switches (this<br />

article is centred on Layer 2 Ethernet switches<br />

based on MAC addresses and not Layer 3<br />

devices that can switch on either IP or MAC<br />

address) and media converters, and the passive<br />

a combination of cables, connectors and<br />

management such as cabinets, which might<br />

also include additional active equipment<br />

(environmental conditioning and monitoring<br />

systems, for instance).<br />

Ethernet switches act like cable<br />

concentrators, bringing together signals from<br />

different edge devices and then relaying those<br />

signals to other devices based on address<br />

information attached to the signal. They can<br />

have combinations of electrical and optical<br />

ports (connections) in varying port densities.<br />

A media converter is a simple device that<br />

converts electrical signals to optical and viceversa.<br />

The security threat to the network at this<br />

level results from a third party physically<br />

connecting to the switch, or by removing an<br />

edge device from the network and attaching<br />

unauthorised equipment in its place.<br />

The connection could be to an optical port,<br />

but that would require the third party to have<br />

the correct optical interface so, for<br />

opportunistic reasons, it tends to be a<br />

connection via an electrical interface.<br />

Electrical Ethernet ports are based around an<br />

industry standard, so connecting to these is<br />

relatively simple. As every laptop today<br />

harbours such a connection, the probable<br />

weapon of attack is readily available.<br />

Active Equipment Defence<br />

Ethernet switches are available in managed or<br />

unmanaged forms, where the managed<br />

platform has many more features and allows<br />

the end user to configure and remotely monitor<br />

the device. The unmanaged unit has no such<br />

facilities. It simply does the basic job based on<br />

its shipped configuration. Media converters<br />

tend to be in an unmanaged format only.<br />

Where security is concerned, managed units<br />

offer a number of facilities to prevent<br />

unauthorised entry to the network. Unmanaged<br />

units don’t, so managed Ethernet switches<br />

should be used throughout your network.<br />

46<br />

www.risk-uk.com


Hardware Cyber Security: IP Security and Surveillance Networks<br />

It tends to be the case that the simplest<br />

features offer the best security, and with<br />

Ethernet managed switches that persists. The<br />

ability to disable a switch port that’s not being<br />

used in the current network configuration<br />

through the management interface might<br />

seem an obvious security feature, but it’s one<br />

that a lot of network operators fail to employ<br />

and may not even know exists on their devices.<br />

If the port isn’t being used then disable it<br />

such that no unwarranted party can plug<br />

directly into your network. If the port needs to<br />

be used for legitimate traffic in the future then<br />

simply open it via the management system.<br />

While we’re talking about the simplest<br />

features being the best, the default username<br />

and password that every managed Ethernet<br />

switch is shipped with to enable you to gain<br />

access should be changed to a username and<br />

password commensurate with your security<br />

policy. There’s no point in applying all of this<br />

security if it could be changed by our attacker<br />

connecting to the comms port of the switch and<br />

gaining access simply by reading the manual.<br />

Note that the communications port on an<br />

Ethernet switch is a serial data communications<br />

port that allows local access to the<br />

management configuration once a correct<br />

username and password are entered.<br />

Once a link has been established between<br />

two active units in the network, a link<br />

acknowledgement (normally an LED indication)<br />

is generated and dropped immediately the link<br />

is broken. This simple hardware-based trigger<br />

can be used to shut down a port on the basis<br />

that the loss of a link is a potential attack. The<br />

feature can be further expanded to shut down<br />

ports in the event that power is lost to the<br />

active device just in case our attacker has the<br />

smart idea of switching connections once the<br />

switch is powered down.<br />

If any units are deployed in unsecured<br />

locations then the port receiving<br />

communications from that site should be<br />

activated with this feature to counter link<br />

breaks in these areas.<br />

Any IP-based edge device such as a CCTV<br />

camera or speaker will have an Ethernet MAC<br />

address. This can be used to logically connect<br />

the associated Ethernet switch port to that<br />

particular MAC address. If a MAC address that’s<br />

not registered tries to connect, the switch will<br />

simply prevent access. Bear in mind, though,<br />

that the more knowledgeable attacker could<br />

use spoofing to find and copy your MAC<br />

address. This form of protection may buy you<br />

valuable time, but not complete safety.<br />

With the IP address of connected devices<br />

known, the switch can set up a polling routine<br />

“Where security is concerned, managed units offer a number<br />

of facilities to prevent unauthorised entry to the network,<br />

whereas unmanaged units don’t. Managed Ethernet<br />

switches should be used throughout your network”<br />

with the edge device and then run a preprogrammed<br />

procedure if there’s no response<br />

to the poll. Depending on the switch and the<br />

manufacturer, there could be a number of<br />

response procedures employed based on site<br />

security protocols.<br />

One could be to immediately shut the port<br />

down and, at the same time, generate a Simple<br />

Network Management Protocol (SNMP) trap.<br />

This is like an alert flag that tells the<br />

centralised management system something has<br />

happened to the device running SNMP and to<br />

start ringing the alarm bells if required. Another<br />

response could be to simply send the trap and<br />

keep the port open or, if the switch was<br />

supplying power to the edge device, a power<br />

cycle procedure could be run if the user thinks<br />

that the device has either stalled or hung-up.<br />

802.1x User Authentication is an IEEE-defined<br />

standard that should be available on all fullymanaged<br />

switches. It defines an authentication<br />

procedure for devices that wish to join the<br />

network. The standard defines three parties in<br />

the procedure: a Supplicant that wants to join<br />

the network, an Authenticator (which is the<br />

Ethernet switch) and the Authentication Server.<br />

In the system, the Ethernet switch acts to<br />

protect the network until the server has verified<br />

the credentials of the Supplicant and has either<br />

allowed or denied it access to the network.<br />

Passive Equipment Security<br />

Security should be applied to the passive<br />

components of the network as well as the<br />

active ones. How many times have you walked<br />

along the pavement and observed the door of a<br />

utilities company’s street cabinet hanging off,<br />

or the access flap open on a lamppost? The<br />

reason is that, in most cases, the system owner<br />

or operator has no idea that the door of their<br />

cabinet is open and their system isn’t secure.<br />

If any part of the network is housed within an<br />

enclosure, some form of sensor must be on the<br />

door to tell you if it’s open or closed. If the door<br />

is open and you’re not aware of it, then you’re<br />

providing an easy target for any attacker.<br />

Bear in mind that it doesn’t just need to be<br />

active equipment. If the enclosure simply<br />

houses cable management then that could<br />

present an attacker with the opportunity to<br />

break in to the network. Ignore the basics of<br />

network security at your peril.<br />

Iain Deuchars:<br />

Business Development<br />

Manager at ComNet<br />

47<br />

www.risk-uk.com


As part of their overall<br />

risk management<br />

posture, organisations<br />

worldwide can make a<br />

significant<br />

contribution towards<br />

reducing the impact of<br />

road traffic collisions<br />

by providing<br />

appropriate training in<br />

both medical and<br />

vehicle rescue<br />

capabilities for key<br />

members of staff and<br />

locations. Here, Neil<br />

Pedersen examines<br />

the main points of this<br />

strand of corporate<br />

risk mitigation<br />

A ‘Cut’ Above The Rest?<br />

Did you know that a figure of circa 1.2<br />

million represents the yearly death toll on<br />

road networks around the world? That<br />

figure doesn’t even include the further 50<br />

million or so individuals who are injured in<br />

traffic collisions. What’s more, the former<br />

statistic is one that’s expected to rise to 1.4<br />

million deaths per annum by the year 2030.<br />

In addition to the grief and suffering they<br />

cause, road traffic accidents constitute an<br />

important public health and development<br />

problem given the significant health and<br />

socioeconomic costs realised. Considerable<br />

economic losses are not only incurred by the<br />

victims and their families, of course, but also by<br />

organisations and, indeed, nations as a whole.<br />

Crashes on the roads actually cost most<br />

countries between 1% and 3% of their gross<br />

national product.<br />

As well as ensuring that members of staff,<br />

guests and clients are protected in the event of<br />

an emergency scenario, the added skills that<br />

can be delivered by specialist training in this<br />

area could also contribute towards the local<br />

emergency response arrangements in remote<br />

locations and assist in building positive local<br />

relationships in surrounding communities.<br />

For many years, it was only possible to have<br />

a sufficient rescue capability if you had a large<br />

hydraulic generator, hydraulic hoses and large<br />

heavy rescue tools to hand. This meant that it<br />

wasn’t realistically possible to provide a<br />

portable rescue provision in relation to traffic<br />

accidents. However, advancements in hydraulic<br />

tool design coupled with developments in<br />

battery technology now mean that it’s possible<br />

to produce tools capable of in excess of 50<br />

tonnes of cutting and spreading forces that can<br />

be combined into smaller and lighter tools<br />

without the need for generators or hoses.<br />

State-of-the-art capability<br />

As a direct result, it’s now possible to have a<br />

state-of-the-art rescue capability in your own<br />

vehicle which will allow you to enact an<br />

immediate rescue intervention on the scene of<br />

any accident or incident.<br />

There’s now a wide range of small, yet<br />

powerful rescue tools which will permit rescue<br />

operations and greatly increase survivability<br />

rates by allowing the rapid extraction of injured<br />

casualties whatever the location. These tools<br />

and associated training will be particularly<br />

useful to security and close protection teams,<br />

corporate risk management, military units and<br />

Special Forces, counter-terrorism teams,<br />

emergency responders and those tasked with<br />

transporting goods in remote locations.<br />

However, it’s vitally important that these<br />

tools are used in the correct manner and that<br />

personnel are familiar with the wide multitude<br />

of techniques employed during rescue<br />

operations. Any failure here could result in<br />

damage to those tools used or, even worse,<br />

injury to the users themselves.<br />

Many corporations around the world operate<br />

in remote environments and in countries with<br />

poor road infrastructures. Due to location, it’s<br />

often necessary to travel long distances on<br />

dangerous roads made so by the driving<br />

standards of other road users, adverse weather<br />

conditions and poorly maintained roadways.<br />

As part of their corporate risk assessment<br />

procedures, companies often overlook the fact<br />

that one of the biggest risks posed to<br />

personnel and any visiting guests is the journey<br />

from point of arrival to the final destination or<br />

those journeys undertaken while visiting<br />

specific sites around a given country.<br />

Basic rescue interventions<br />

In the event of a vehicle incident, in many areas<br />

of the world it’s highly unlikely that there will<br />

be any type of rescue services in close<br />

proximity and occupiers of vehicles could be<br />

trapped and injured for extremely long periods<br />

of time before any assistance arrives (if at all).<br />

Therefore, it’s vitally important to have an onboard<br />

capability to carry out basic rescue<br />

interventions and provide life-saving<br />

48<br />

www.risk-uk.com


Training and Career Development<br />

emergency medical equipment. Rescue options<br />

can range from having a single battery-powered<br />

hydraulic combination tool in the rear of your<br />

vehicle to having a fully-equipped support<br />

vehicle attached to your convoy.<br />

More important, however, is the necessity<br />

for having personnel who are both medically<br />

and technically trained in the event of an<br />

emergency and who are capable of rescuing<br />

and maintaining life until specialist support<br />

arrives at the scene.<br />

For many years, colleagues of ours in the<br />

close protection sector and the military have<br />

told us that what’s really needed while<br />

transporting their clients and personnel is the<br />

ability to carry out an emergency rescue<br />

immediately following a vehicle incident,<br />

whether that incident is accidental or a<br />

deliberate attack on their vehicles. Those<br />

vehicles may even be armoured, in turn<br />

presenting even further rescue difficulties.<br />

While in the UK we’re fortunate enough to<br />

have some of the best Emergency Services and<br />

rescue specialists in the world, that isn’t always<br />

the case overseas. If you’re lucky enough to<br />

gain access to a local service, it’s likely not to<br />

be carrying equipment capable of transacting a<br />

rescue from a modern vehicle boasting modern<br />

construction techniques.<br />

All of these factors greatly reduce the<br />

chances of survival following a vehicle incident,<br />

and especially so when time is of the essence.<br />

After all, you cannot effectively treat a casualty<br />

unless you can extract them from the vehicle.<br />

Combined approach<br />

Security and close protection teams are also<br />

responsible for ensuring the safety of their<br />

clients and, as a result, should be prepared for<br />

all eventualities. Clients of protection teams<br />

will be reassured that those teams carry rescue<br />

tools and are trained to use them during an<br />

emergency scenario, which also provides a<br />

further reason as to why their services should<br />

be employed to protect their clients.<br />

The way to view rescue provision is to<br />

consider the assertion that it has an equal<br />

weighting in relation to the problem. This<br />

means that, ideally, the methodology is 50%<br />

technical/physical rescue and 50% medical<br />

rescue. These two ideally work in harmony<br />

alongside each other to simply save life in the<br />

context of a vehicle accident.<br />

Of course, additional dynamics like the<br />

severity of the incident, geographical location<br />

and the time of day are all factors that can<br />

affect the situation. It must be borne in mind,<br />

though, that even with the odds stacked<br />

against you, having a technical rescue<br />

“As part of their corporate risk assessment procedures,<br />

companies often overlook the fact that one of the biggest<br />

risks posed to personnel and any visiting guests is the<br />

journey from point of arrival to the final destination”<br />

capability and a medical capability to hand is<br />

never to be underestimated. There are many<br />

examples of where this technical/medical<br />

capability hasn’t existed and lives have been<br />

lost. We cannot undo what is already done, but<br />

we can adapt, prepare for and be ready to react<br />

and respond better to similar incidents next<br />

time around. Why wait for tragedy to strike if<br />

you can play a part in reducing it?<br />

Consider your team travelling in a vehicle in a<br />

location that’s remote or has limited local<br />

rescue capability compared to the UK. A vehicle<br />

accident occurs. Consider then if, within that<br />

team or a following vehicle, there’s the<br />

capability to proactively react and carry out<br />

effective rescue operations and medical<br />

interventions. You can literally have UKstandard<br />

Fire and Rescue Service capability in<br />

the boot of a vehicle, but what’s really key here<br />

is the ability to use it to its full potency.<br />

Medical aspects are vital<br />

The approach adopted may be titrated and<br />

multifaceted to accommodate wide-ranging<br />

needs. Certainly, the medical aspects are vital.<br />

Consider travel in those areas or locations<br />

where medical response is poor, non-existent,<br />

ill-equipped or just too far away from where an<br />

incident has occurred. The option of dialling the<br />

Emergency Services and knowing that a<br />

response will attend the scene simply isn’t<br />

there in many places around the globe.<br />

The solution is to be self-sufficient, skilled,<br />

equipped and able to help yourselves and/or<br />

your team/colleagues. The medical<br />

methodology adopted should ideally be borne<br />

out of military experience, humanitarian<br />

experience, professional rescue experience and<br />

exposure gained from operational functionality<br />

over a prolonged period. It’s a methodology<br />

that works, achieves results and can literally<br />

mean the difference between life and death.<br />

Approaches to trauma and injury should be<br />

evidence-based, proven and honed from<br />

experiences gained in extreme situations.<br />

These approaches ought to be taught in an<br />

assertive and disciplined sense to deal with<br />

problems in order of severity, and are often<br />

underpinned by lessons learned in those<br />

extreme environments. If a given approach<br />

works in such environments, often hours away<br />

from definitive care, then it can work anywhere.<br />

Weber Rescue Systems UK’s<br />

E-Force battery-powered<br />

hydraulic rescue tools<br />

Neil Pedersen:<br />

Founder and Business Director<br />

of the International Road<br />

Rescue and Trauma<br />

Consultancy (IRRTC)<br />

49<br />

www.risk-uk.com


Risk in Action<br />

Risk in Action<br />

The Flood Company<br />

installs heavy duty<br />

flood mitigation<br />

solution for retailing<br />

giant Sainsbury’s<br />

The Flood Company has<br />

recently completed the<br />

installation of a heavy duty<br />

flood mitigation solution for<br />

nationwide supermarket<br />

giant Sainsbury’s at its store<br />

in Carlisle.<br />

The Flood Company was tasked with surveying the site, designing an<br />

aesthetically pleasing solution and installing flood prevention measures after<br />

the store was forced to close for several weeks as a direct result of flooding<br />

following the advent of Storm Desmond in 2015.<br />

The supermarket chain was left with a multi-million pound insurance claim<br />

following the disaster, which also saw its insurers threaten to increase the<br />

firm’s premium or even withdraw flood cover altogether should preventative<br />

measures not be implemented to protect from future flooding episodes.<br />

To provide a solution that matched the current appearance of Sainsbury’s<br />

supermarkets, The Flood Company innovated a Buffalo panel system. This has<br />

been retrofitted to the building and creates an exterior flood-proof seal.<br />

The Flood Company has installed Buffalo glass, which is an aesthetically<br />

pleasing barrier used in public areas, as well as a Buffalo HD barrier system<br />

around doors and loading bays.<br />

In addition to these three types of barriers, The Flood Company has also<br />

installed secondary pumps and control systems to control the flow of water and<br />

create a secondary line of defence for the store. The design underpins a system<br />

which is 95% passive. This means that only doors and loading bays require<br />

manual operation for the system to be implemented. The process may be<br />

completed in under an hour by four members of staff.<br />

The complete system minimises downtime for the store in the event of a<br />

flooding episode and has satisfied the insurer to re-insure the site.<br />

Warefence uses Hadley Group’s<br />

UltraFENCE palisade-style security<br />

solution to protect top car marques<br />

Founded back in 1981 and based in Oxfordshire,<br />

Warefence has established an enviable<br />

reputation for the supply and installation of<br />

security and access control fencing solutions<br />

leading to a strong working relationship with<br />

Hadley Group for the use of the manufacturer’s<br />

UltraFENCE palisade system as well as other<br />

products. This includes recent work at a<br />

prestigious new car showroom in Newbury.<br />

Warefence has chosen to once again make<br />

use of the proven UltraFENCE security solution<br />

in its contract at the Marshall Jaguar Land Rover<br />

dealership on the Greenham Business Park in<br />

Newbury having used it very successfully on<br />

other similar projects in the past.<br />

Hadley Group’s UltraFENCE exceeds the<br />

requirements of BS 1722 Part 12: 2006 while<br />

aiding the construction of boundaries which are<br />

both attractive and fully-functional as an<br />

effective deterrent to unauthorised entry. In this<br />

instance, some 50 metres of the 2.4-metre high<br />

UltraFENCE 200 option is employed to secure<br />

rear access to the vehicle yard, with another<br />

short stretch being erected at the front.<br />

UltraFENCE is quick to install. The system<br />

makes use of well-engineered and highly<br />

durable components including UltraRail,<br />

UltraPOST and UltraPALE.<br />

Videx completes bespoke door<br />

entry system installation at<br />

Connaught House<br />

Working in partnership with Enterprise<br />

Security Technologies, Videx has successfully<br />

installed a complex door entry management<br />

system at Connaught House, which provides<br />

private residential housing and commercial<br />

office space right in the heart of London.<br />

The key access control requirement was to<br />

provide a secure and easy-to-use system with<br />

24-hour video door entry for visitors, affording<br />

a clear image of the person(s) arriving.<br />

Talking about the installation, Ben Davies<br />

(South East sales manager at Videx)<br />

explained: “Most residents at Connaught<br />

House are internationally-based, some of<br />

them as far away as Saudi Arabia and India.<br />

They use their apartment as a London base,<br />

but mainly live elsewhere. Providing secure<br />

and convenient access control on site was a<br />

top priority for this project.”<br />

Davies continued: “A key aspect of the<br />

project was to install a system that’s<br />

specifically designed to meet the client’s<br />

needs. A bespoke panel was created such that<br />

the old panel could be replaced using existing<br />

cables without any unnecessary expense or<br />

time spent on making alternations to the<br />

surrounding brickwork or repairing damage<br />

realised by a completely new installation.”<br />

Enterprise Security Technologies<br />

recommended and installed Videx’s flagship<br />

VX2200 digital door entry system to ensure<br />

the security of the building as a whole.<br />

50<br />

www.risk-uk.com


Technology in Focus<br />

Technology in Focus<br />

Checkpoint Systems’ NEO heralds dawn of “EAS revolution”<br />

for retail sector specialists<br />

Checkpoint Systems, the supplier of<br />

source-to-shopper solutions for the<br />

global retail industry, has<br />

announced a “radical shake-up” of<br />

its range of electronic article<br />

surveillance (EAS) antennas with the<br />

introduction of a “revolutionary”<br />

new electronics platform. NEO will deliver enhanced detection and connectivity<br />

for retailers, in turn enabling them to improve store operations.<br />

The powerful new electronics are said to represent “a seismic shift” in the<br />

way radio frequency (RF)-based EAS solutions perform in store and enable the<br />

sensors to become a key part of the connected store environment.<br />

Available immediately, NEO debuts in a range of new and more aesthetically<br />

pleasing antenna designs, subsequently aiding those retailers who are looking<br />

to create a more enticing shop entrance.<br />

A ‘first’ for the retail industry, NEO-enabled antennas feature wireless<br />

Bluetooth connectivity. This means that stores will no longer have to connect<br />

antennas via underfloor cabling, which is both costly and time-consuming.<br />

www.checkpointsystems.com<br />

SoloProtect Go badged as<br />

“smallest and lightest” lone<br />

worker safety device<br />

International lone worker safety<br />

company SoloProtect is announcing<br />

several new developments within its<br />

product range for 2018, starting with the<br />

addition of SoloProtect Go. This is a fobstyle<br />

device supplied as part of the<br />

company’s range of solutions and<br />

accredited to BS 8484:2016.<br />

SoloProtect is primarily known for delivering solutions around its identity<br />

card device form-factor, Identicom and the SoloProtect ID, of which a combined<br />

260,000 devices have been supplied to lone workers directly and through a<br />

network of authorised partners. With SoloProtect Go, the company is<br />

diversifying its offer to cater for a wider set of customer requirements and<br />

afford SoloProtect solutions an even greater appeal.<br />

SoloProtect Go is a compact and easy-to-use, dedicated lone worker device<br />

affording discreet and simple operation. It’s also “the world’s lightest and<br />

smallest” dedicated lone worker device available to organisations<br />

implementing BS 8484-approved staff protection measures.<br />

The solution is supplied with all of the usual functionality expected of<br />

SoloProtect’s specialist lone worker devices including the ‘Device Check’,<br />

‘Amber Alert’ and ‘Red Alert’ functions as standard. The device is also water<br />

resistant to an IPX6 rating and configurable for those lone workers with a risk<br />

of incapacitation.<br />

SoloProtect Go is enabled with haptic (ie touch) feedback to discreetly make<br />

a given device user aware that their situation is being monitored and reassure<br />

them that appropriate action is being taken on their behalf.<br />

SoloProtect Go is supported by the company’s in-house, EN 50518-accredited<br />

Alarm Receiving Centre (ARC). This is a 24/7/365 resource and the only<br />

dedicated lone worker ARC in the UK to meet this European-level standard.<br />

www.soloprotect.com<br />

AMG brings benefits of enterpriselevel<br />

10 GB Ethernet networks to<br />

businesses of all sizes<br />

Pressures on business data networks are<br />

intensifying at an unprecedented rate as<br />

more and more devices rely on constant<br />

connectivity and speed which is bandwidth<br />

intensive. Standard 1 GB Ethernet networks<br />

may no longer meet the needs of even<br />

medium-sized businesses, but according to<br />

networking and transmission specialist AMG<br />

Systems there’s now an available solution.<br />

AMG’s Commercial Layer 2+ 10 GB<br />

managed Ethernet switch series brings the<br />

business benefits of high performance and<br />

low latency 10 GB Ethernet to businesses of<br />

all sizes. These switches are purposedesigned<br />

for both medium and large network<br />

environments and specifically aim to<br />

strengthen network connectivity.<br />

The products in AMG’s managed Ethernet<br />

switch range boast 8, 24 or 48 GB ports,<br />

with or without Power over Ethernet support,<br />

and 1/10 GB SFP+ uplink ports.<br />

www.amgsystems.com<br />

OPTEX integration to Genetec<br />

Security Center “heralds new era”<br />

for critical infrastructure security<br />

Laser scanning technology from OPTEX can now<br />

be integrated with Genetec’s Restricted Security<br />

Area (RSA) surveillance module to deliver “a<br />

new era” in security and detection for outdoor<br />

and indoor environments at airports and other<br />

critical infrastructure sites.<br />

Via the RSA module, OPTEX’s REDSCAN laser<br />

sensors can now send real-time events and<br />

alarm data to Genetec’s unified security<br />

platform, alerting Control Room operators to<br />

any intrusion in the surveillance area.<br />

Intrusions can be tracked on site maps.<br />

www.optex-europe.com<br />

51<br />

www.risk-uk.com


“<br />

You have to be here if you want<br />

to be regarded as a key player<br />

in the security market.<br />

“<br />

27,658<br />

visitors from<br />

116 countries<br />

79%<br />

of visitors come to<br />

source new products<br />

£20.7bn<br />

total budget of<br />

visitors to IFSEC 2017<br />

Enquire about exhibiting at IFSEC 2018: ifsec.events/international<br />

Proud to be supported by:


Appointments<br />

Andy Neal<br />

Cardinus Risk Management<br />

has acquired the talent and<br />

expertise of Protaris<br />

founder and expert Andy<br />

Neal to head up the<br />

company’s all-new Security<br />

Division. This move actively<br />

expands Cardinus’ solutions<br />

to cover the risks presented<br />

to its clients’ assets and workforces from the<br />

increasing work-related threats posed by lone<br />

wolf terrorism, safe travel (both national and<br />

international) and lone working.<br />

Neal’s existing on-site courses in travel<br />

safety, conflict management, hostile<br />

environments and responding to the threats of<br />

lone wolf terrorism will be enhanced by adding<br />

specialist e-Learning courses to Cardinus’ suite<br />

of Health and Safety, environmental and<br />

compliance courses. Neal is also an expert in<br />

behavioural safety, profiling and strategic asset<br />

protection having previously worked for major<br />

international organisations.<br />

Neal is also an expert in personal security<br />

and, to date, has advised Governments, royal<br />

families, major companies and high-profile<br />

celebrities in a career spanning 22 years. His<br />

military background coupled with a deep<br />

understanding of the commercial world is<br />

unique and provides the framework for a strong<br />

and well-established set of services that will be<br />

enhanced by Cardinus’ scope and global reach.<br />

Speaking about this move, Neal informed<br />

Risk UK: “I’m absolutely delighted to be joining<br />

Cardinus Risk Management. The business has a<br />

world class client list. At the present time, it’s<br />

clear that security and personal safety is a key<br />

risk for organisations and I very much look<br />

forward to working with the team here to help<br />

our clients manage this increasing risk.”<br />

Alan Nathan<br />

Axis Security has appointed Alan Nathan to<br />

the newly-created national position of<br />

business continuity and risk manager. Nathan<br />

has more than ten years of commercial<br />

security experience, primarily focusing on<br />

national and international client account<br />

management, and most recently completed a<br />

contract in Kazakhstan designing and<br />

managing security operations within the oil<br />

and gas industry.<br />

“Axis Security is dedicated to providing<br />

clients with support and solutions for their<br />

specific operational needs,” explained Nathan.<br />

“I’ve already begun to engage with both<br />

existing and potential clients in order to<br />

Appointments<br />

Risk UK keeps you up-to-date with all the latest people<br />

moves in the security, fire, IT and Government sectors<br />

Derek McGee<br />

Fusion Risk Management, the specialist<br />

provider of business continuity risk<br />

management software and services, has added<br />

two senior sales executives to its UK team.<br />

Derek McGee and Laura Sloan have joined the<br />

business as the company moves to expand its<br />

European operations in order to meet rapidly<br />

growing demand for the firm’s solutions.<br />

McGee brings 20 years of experience of<br />

providing solutions in the technology and<br />

software sector having served enterprise<br />

organisations in the UK and around the globe.<br />

As a senior sales and business development<br />

executive, McGee excels at understanding<br />

customers’ unique business requirements and<br />

brings a clear focus on providing flexible<br />

solutions to ensure success.<br />

McGee informed Risk UK: “Fusion Risk<br />

Management’s top position in the market for<br />

enterprise business continuity risk management<br />

software is affirmed by the company’s<br />

outstanding roster of globally-recognised<br />

clients, its leadership position in the Gartner<br />

Magic Quadrant Report, ongoing industry<br />

awards and also Fusion’s significant investment<br />

in Europe to meet growing demand. This is an<br />

exciting time to be joining the organisation.”<br />

Sloan also joins Fusion with more than 20<br />

years of experience gained in serving enterprise<br />

customers across a wide range of industries,<br />

and with a keen focus on client requirements for<br />

next generation business continuity solutions.<br />

develop our risk management and business<br />

continuity credentials.”<br />

Reporting to operations director John<br />

Fitzpatrick, Nathan’s immediate task is to<br />

review and develop Axis Security’s emergency<br />

notification and incident management<br />

capability for both the company’s staff safety<br />

assurance and clients’ own emergency<br />

notification and management procedures.<br />

David Mundell, managing director of Axis<br />

Security, explained to Risk UK: “Alan joins Axis<br />

Security in this new and important role with a<br />

wealth of experience in the industry, having<br />

designed and managed numerous large-scale<br />

security operations over the years. His<br />

appointment will further enhance the<br />

company’s support capability to its clients.”<br />

53<br />

www.risk-uk.com


Appointments<br />

Gary Frith<br />

Security product and service provider Webeye has just<br />

announced the appointment of Gary Frith as business<br />

development director. Frith brings with him 30 years of<br />

sales and business development experience and has a<br />

wealth of knowledge within the security industry.<br />

Before joining Webeye, Frith was the UK and Ireland<br />

commercial agent for RSI Video Technologies, the French<br />

manufacturer of battery-operated visual verification<br />

security products, growing it from a start-up position to<br />

become the major supplier of easily-deployable video alarms.<br />

Frith’s early career was spent in Germany working for REHAU AG and Co and<br />

Alexander Proudfoot plc, where his talents were quickly recognised. Frith<br />

oversaw a 30% productivity improvement after implementing an action plan<br />

involving new working methods and systems.<br />

On returning to the UK, Frith worked in consultancy roles for several<br />

companies including Ramtech Electronics, where he set up a CCTV business<br />

within the organisation specialising in IP network video.<br />

“Gary is joining Webeye at a very exciting time,” stated managing director<br />

Clive Mason in conversation with Risk UK. “We feel Gary will be the ideal fit to<br />

build on the already phenomenal global growth of Webeye.”<br />

Stephen James<br />

BAFE, the independent<br />

register of quality fire<br />

safety service providers,<br />

has appointed Stephen<br />

James as compliance<br />

manager. This new role<br />

has been introduced to<br />

acknowledge the<br />

substantial growth in<br />

BAFE-registered company numbers in recent<br />

years and also the responsibility the<br />

organisation shares with its certification bodies<br />

to ensure registered businesses remain<br />

compliant with the BAFE schemes.<br />

James brings a wealth of knowledge and<br />

experience having been part of the fire industry<br />

for over 35 years. He began his career covering<br />

the refilling, refurbishing and testing of<br />

portable fire extinguishers, while also working<br />

on hose reels, dry risers and fire hydrants.<br />

James developed into an extinguisher<br />

engineer and, later, a service manager<br />

responsible for quality procedures including<br />

ISO 9001 and third party certification.<br />

Stephen Adams, BAFE’s CEO, told Risk UK:<br />

“With an ever-growing demand for competent<br />

providers of fire protection works, it’s vital that<br />

we continue to ensure the BAFE marque of<br />

approval is used by competent and compliant<br />

organisations. Stephen will be a great addition<br />

to the organisation, duly assisting the BAFE<br />

scheme management, our partner certification<br />

bodies and registered companies in reviewing<br />

and acting upon any instances of nonconformities,<br />

while also helping to police the<br />

BAFE brand at all times.”<br />

Simon Shawley<br />

Wavestore, the British<br />

developer of open<br />

platform and highly<br />

secure Linux-based Video<br />

Management Software<br />

(VMS), has appointed<br />

Simon Shawley as its<br />

new sales director to<br />

oversee the company’s<br />

sales strategy and drive significant growth<br />

across the EMEA region.<br />

Shawley boasts over 25 years’ experience in<br />

the electronic security market having previously<br />

held senior sales and business development<br />

positions for major companies including<br />

Hanwha Techwin and DVTel.<br />

“It’s great to join the Wavestore team at such<br />

an exciting juncture,” enthused Shawley.<br />

“Organisations are increasingly using VMS to<br />

maximise their investment in electronic<br />

security. Wavestore’s ability to bring together<br />

third party devices and sub-systems such as<br />

cameras, intruder detection, access control and<br />

video analytics from the world’s leading brands<br />

on a common, future-proof and easy-to-operate<br />

platform delivers for clients in terms of both<br />

technology and total cost of ownership.”<br />

James Keith<br />

Safety and security<br />

solutions provider<br />

Allegion has appointed<br />

James Keith as end user<br />

solution strategy<br />

manager for its UK<br />

business to strengthen<br />

the company’s profile<br />

among customers.<br />

Keith joins Allegion following 13 years in<br />

product, brand and category management<br />

roles across the automative, Health and<br />

Safety and home improvement industries.<br />

His previous roles have seen him engage in<br />

project-led work, managing full portfolios<br />

and implementing key product roadmaps.<br />

Keith’s role at Allegion will involve direct<br />

engagement and involvement with end users<br />

and the challenges they face, bringing<br />

complete solution packages to full fruition.<br />

Specifically, he’ll deliver differentiated<br />

offerings to targeted vertical markets.<br />

Marc Lengahan, commercial director of<br />

Allegion UK and Ireland, said: “We’re thrilled<br />

to welcome Keith as part of the end user<br />

business development team. He will play an<br />

integral role in making Allegion a trusted<br />

advisor in the marketplace, in part by<br />

providing industry thought leadership.”<br />

54<br />

www.risk-uk.com


Vista adds new features and<br />

more functions to Viper<br />

Vista launched the Viper Family in 2017 and is continually working on developing the range in<br />

line with customer requirements and feedback to ensure that the perfect solution can be offered.<br />

The overall purpose of the Viper Family is to provide a multi-format recording platform, allowing end users to<br />

pull together Viper High Definition analogue DVRs and Viper IP NVRs into a single, seamless system. The Viper Virtual Matrix Controller provides<br />

complete control of the system through the uniform and intuitive central management software. The flexible range gives users the opportunity to<br />

upgrade their systems at their own pace, with Vista providing high quality service throughout.<br />

The latest addition to the range is Viper-Remote, the app that allows operators to be in constant contact with their security system. The app<br />

provides alarm notifications straight to the user’s device, the ability to view live and recorded images remotely, various display options and an<br />

intuitive navigation system. The wide-ranging search options also ensure that time is saved when reviewing footage and important events can be<br />

found with ease. The app also allows for the management of devices in the system providing the opportunity to add and remove devices whenever<br />

necessary from any remote location.<br />

Vista has also been working to enhance the functionality of the H5 range of NVRs. The latest development is the de-warping function that allows<br />

360-degree cameras to be viewed in a more user-friendly, 180 degree view. This helps to improve user experience by making reviewing images as<br />

simple as possible. In response to ‘Voice of Customer’ feedback and suggestions, Vista has also been working on making the range compatible<br />

with Immix. This is another hugely beneficial function which is on its way.<br />

Bob Forehand, Vista’s technical manager, comments: “The Viper Family is an incredibly flexible range that allows end users to ‘mix-and-match’<br />

Viper units, combining both IP and analogue systems. The flexibility of the range means that the solution can be developed over time, saving on<br />

upfront costs and accounting for the requirements of growing or developing systems.<br />

The addition of Viper Remote, Viper<br />

Central and the upcoming introduction<br />

of Immix make the already<br />

differentiated and<br />

comprehensive offering<br />

even more inviting.”<br />

For more information visit www.vista-cctv.com, contact us via<br />

e-mail at info@vista-cctv.com or telephone 0118-912 500


Best Value Security Products from Insight Security<br />

www.insight-security.com Tel: +44 (0)1273 475500<br />

...and<br />

lots<br />

more<br />

Computer<br />

Security<br />

Anti-Climb Paints<br />

& Barriers<br />

Metal Detectors<br />

(inc. Walkthru)<br />

Security, Search<br />

& Safety Mirrors<br />

Security Screws &<br />

Fastenings<br />

Padlocks, Hasps<br />

& Security Chains<br />

Key Safes & Key<br />

Control Products<br />

Traffic Flow &<br />

Management<br />

see our<br />

website<br />

ACCESS CONTROL<br />

KERI SYSTEMS UK LTD<br />

Tel: + 44 (0) 1763 273 243<br />

Fax: + 44 (0) 1763 274 106<br />

Email: sales@kerisystems.co.uk<br />

www.kerisystems.co.uk<br />

ACCESS CONTROL<br />

ACCESS CONTROL<br />

ACT<br />

ACT – Ireland, Unit C1, South City Business Park,<br />

Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100<br />

ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,<br />

Warrington, WA3 7GB. Tel: +44 161 236 9488<br />

sales@act.eu www.act.eu<br />

ACCESS CONTROL<br />

COVA SECURITY GATES LTD<br />

Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards<br />

Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68<br />

Tel: 01293 553888 Fax: 01293 611007<br />

Email: sales@covasecuritygates.com<br />

Web: www.covasecuritygates.com<br />

ACCESS CONTROL & DOOR HARDWARE<br />

ALPRO ARCHITECTURAL HARDWARE<br />

Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,<br />

Waterproof Keypads, Door Closers, Deadlocks plus many more<br />

T: 01202 676262 Fax: 01202 680101<br />

E: info@alpro.co.uk<br />

Web: www.alpro.co.uk<br />

ACCESS CONTROL – SPEED GATES, BI-FOLD GATES<br />

HTC PARKING AND SECURITY LIMITED<br />

St. James’ Bus. Centre, Wilderspool Causeway,<br />

Warrington Cheshire WA4 6PS<br />

Tel 01925 552740 M: 07969 650 394<br />

info@htcparkingandsecurity.co.uk<br />

www.htcparkingandsecurity.co.uk<br />

ACCESS CONTROL<br />

INTEGRATED DESIGN LIMITED<br />

Integrated Design Limited, Feltham Point,<br />

Air Park Way, Feltham, Middlesex. TW13 7EQ<br />

Tel: +44 (0) 208 890 5550<br />

sales@idl.co.uk<br />

www.fastlane-turnstiles.com<br />

ACCESS CONTROL<br />

SECURE ACCESS TECHNOLOGY LIMITED<br />

Authorised Dealer<br />

Tel: 0845 1 300 855 Fax: 0845 1 300 866<br />

Email: info@secure-access.co.uk<br />

Website: www.secure-access.co.uk<br />

ACCESS CONTROL MANUFACTURER<br />

NORTECH CONTROL SYSTEMS LTD.<br />

Nortech House, William Brown Close<br />

Llantarnam Park, Cwmbran NP44 3AB<br />

Tel: 01633 485533<br />

Email: sales@nortechcontrol.com<br />

www.nortechcontrol.com<br />

Custom Designed Equipment<br />

• Indicator Panels<br />

• Complex Door Interlocking<br />

• Sequence Control<br />

• Door Status Systems<br />

• Panic Alarms<br />

<br />

• Bespoke Products<br />

www.hoyles.com<br />

sales@hoyles.com<br />

Tel: +44 (0)1744 886600<br />

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES<br />

UKB INTERNATIONAL LTD<br />

Planet Place, Newcastle upon Tyne<br />

Tyne and Wear NE12 6RD<br />

Tel: 0845 643 2122<br />

Email: sales@ukbinternational.com<br />

Web: www.ukbinternational.com<br />

Hoyles are the UK’s leading supplier of<br />

custom designed equipment for the<br />

security and access control industry.<br />

From simple indicator panels to<br />

complex door interlock systems.<br />

BUSINESS CONTINUITY<br />

TO ADVERTISE HERE CONTACT:<br />

Paul Amura<br />

Tel: 020 8295 8307<br />

Email: paul.amura@proactivpubs.co.uk<br />

BUSINESS CONTINUITY MANAGEMENT<br />

CONTINUITY FORUM<br />

Creating Continuity ....... Building Resilience<br />

A not-for-profit organisation providing help and support<br />

Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845<br />

Email: membership@continuityforum.org<br />

Web: www.continuityforum.org<br />

www.insight-security.com Tel: +44 (0)1273 475500


CCTV<br />

CCTV<br />

Rapid Deployment Digital IP High Resolution CCTV<br />

40 hour battery, Solar, Wind Turbine and Thermal Imaging<br />

Wired or wireless communication fixed IP<br />

CE Certified<br />

Modicam Europe, 5 Station Road, Shepreth,<br />

Cambridgeshire SG8 6PZ<br />

www.modicam.com sales@modicameurope.com<br />

CCTV SPECIALISTS<br />

PLETTAC SECURITY LTD<br />

Unit 39 Sir Frank Whittle Business Centre,<br />

Great Central Way, Rugby, Warwickshire CV21 3XH<br />

Tel: 01788 567811 Fax: 01788 544 549<br />

Email: jackie@plettac.co.uk<br />

www.plettac.co.uk<br />

CONTROL ROOM & MONITORING SERVICES<br />

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS<br />

ALTRON COMMUNICATIONS EQUIPMENT LTD<br />

Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ<br />

Tel: +44 (0) 1269 831431<br />

Email: cctvsales@altron.co.uk<br />

Web: www.altron.co.uk<br />

ADVANCED MONITORING SERVICES<br />

EUROTECH MONITORING SERVICES LTD.<br />

Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring<br />

• Vehicle Tracking • Message Handling<br />

• Help Desk Facilities • Keyholding/Alarm Response<br />

Tel: 0208 889 0475 Fax: 0208 889 6679<br />

E-MAIL eurotech@eurotechmonitoring.net<br />

Web: www.eurotechmonitoring.net<br />

CCTV<br />

G-TEC DISTRIBUTION<br />

Gtec House, 35-37 Whitton Dene<br />

Hounslow, Middlesex TW3 2JN<br />

Tel: 0208 898 9500<br />

www.gtecsecurity.co.uk<br />

sales@gtecsecurity.co.uk<br />

DISTRIBUTORS<br />

SPECIALISTS IN HD CCTV<br />

MaxxOne<br />

Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP<br />

Tel +44 (0)161 430 3849<br />

www.maxxone.com<br />

sales@onlinesecurityproducts.co.uk<br />

www.onlinesecurityproducts.co.uk<br />

CCTV & IP SECURITY SOLUTIONS<br />

PANASONIC SYSTEM COMMUNICATIONS COMPANY<br />

EUROPE<br />

Panasonic House, Willoughby Road<br />

Bracknell, Berkshire RG12 8FP UK<br />

Tel: 0207 0226530<br />

Email: info@business.panasonic.co.uk<br />

AWARD-WINNING, LEADING GLOBAL WHOLESALE<br />

DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.<br />

ADI GLOBAL DISTRIBUTION<br />

Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company<br />

also offers an internal technical support team, dedicated field support engineers along with a suite of<br />

training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified<br />

time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online<br />

account, installers can order up to 7pm for next day delivery.<br />

Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk<br />

COMMUNICATIONS & TRANSMISSION EQUIPMENT<br />

KBC NETWORKS LTD.<br />

Barham Court, Teston, Maidstone, Kent ME18 5BZ<br />

www.kbcnetworks.com<br />

Phone: 01622 618787<br />

Fax: 020 7100 8147<br />

Email: emeasales@kbcnetworks.com<br />

TO ADVERTISE HERE CONTACT:<br />

Paul Amura<br />

Tel: 020 8295 8307<br />

Email: paul.amura@proactivpubs.co.uk<br />

DIGITAL IP CCTV<br />

SESYS LTD<br />

High resolution ATEX certified cameras, rapid deployment<br />

cameras and fixed IP CCTV surveillance solutions available with<br />

wired or wireless communications.<br />

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG<br />

Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333<br />

Email: info@sesys.co.uk www.sesys.co.uk<br />

www.insight-security.com Tel: +44 (0)1273 475500


THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS<br />

CONTROL AND INTRUDER DETECTION SOLUTIONS<br />

NORBAIN SD LTD<br />

210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP<br />

Tel: 0118 912 5000 Fax: 0118 912 5001<br />

www.norbain.com<br />

Email: info@norbain.com<br />

INTEGRATED SECURITY SOLUTIONS<br />

INNER RANGE EUROPE LTD<br />

Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,<br />

Reading, Berkshire RG74GB, United Kingdom<br />

Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001<br />

Email: ireurope@innerrange.co.uk<br />

www.innerrange.com<br />

UK LEADERS IN BIG BRAND CCTV DISTRIBUTION<br />

SATSECURE<br />

Hikivision & MaxxOne (logos) Authorised Dealer<br />

Unit A10 Pear Mill, Lower Bredbury,<br />

Stockport. SK6 2BP<br />

Tel +44 (0)161 430 3849<br />

www.satsecure.uk<br />

IDENTIFICATION<br />

PERIMETER PROTECTION<br />

ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS<br />

GJD MANUFACTURING LTD<br />

Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX<br />

Tel: + 44 (0) 1706 363998<br />

Fax: + 44 (0) 1706 363991<br />

Email: info@gjd.co.uk<br />

www.gjd.co.uk<br />

PERIMETER PROTECTION<br />

GPS PERIMETER SYSTEMS LTD<br />

14 Low Farm Place, Moulton Park<br />

Northampton, NN3 6HY UK<br />

Tel: +44(0)1604 648344 Fax: +44(0)1604 646097<br />

E-mail: info@gpsperimeter.co.uk<br />

Web site: www.gpsperimeter.co.uk<br />

COMPLETE SOLUTIONS FOR IDENTIFICATION<br />

DATABAC GROUP LIMITED<br />

1 The Ashway Centre, Elm Crescent,<br />

Kingston upon Thames, Surrey KT2 6HH<br />

Tel: +44 (0)20 8546 9826<br />

Fax:+44 (0)20 8547 1026<br />

enquiries@databac.com<br />

POWER<br />

INDUSTRY ORGANISATIONS<br />

POWER SUPPLIES – DC SWITCH MODE AND AC<br />

DYCON LTD<br />

Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER<br />

Tel: 01443 471900 Fax: 01443 479 374<br />

Email: sales@dyconpower.com<br />

www.dyconpower.com<br />

TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY<br />

BRITISH SECURITY INDUSTRY ASSOCIATION<br />

Tel: 0845 389 3889<br />

Email: info@bsia.co.uk<br />

Website: www.bsia.co.uk<br />

Twitter: @thebsia<br />

INTEGRATED SECURITY SOLUTIONS<br />

UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />

ADEPT POWER SOLUTIONS LTD<br />

Adept House, 65 South Way, Walworth Business Park<br />

Andover, Hants SP10 5AF<br />

Tel: 01264 351415 Fax: 01264 351217<br />

Web: www.adeptpower.co.uk<br />

E-mail: sales@adeptpower.co.uk<br />

SECURITY PRODUCTS AND INTEGRATED SOLUTIONS<br />

HONEYWELL SECURITY AND FIRE<br />

Tel: +44 (0) 844 8000 235<br />

E-mail: securitysales@honeywell.com<br />

UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />

UNINTERRUPTIBLE POWER SUPPLIES LTD<br />

Woodgate, Bartley Wood Business Park<br />

Hook, Hampshire RG27 9XA<br />

Tel: 01256 386700 5152 e-mail:<br />

sales@upspower.co.uk<br />

www.upspower.co.uk<br />

www.insight-security.com Tel: +44 (0)1273 475500


SECURITY<br />

ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS<br />

INSIGHT SECURITY<br />

Units 1 & 2 Cliffe Industrial Estate<br />

Lewes, East Sussex BN8 6JL<br />

Tel: 01273 475500<br />

Email:info@insight-security.com<br />

www.insight-security.com<br />

CASH & VALUABLES IN TRANSIT<br />

CONTRACT SECURITY SERVICES LTD<br />

Challenger House, 125 Gunnersbury Lane, London W3 8LH<br />

Tel: 020 8752 0160 Fax: 020 8992 9536<br />

E: info@contractsecurity.co.uk<br />

E: sales@contractsecurity.co.uk<br />

Web: www.contractsecurity.co.uk<br />

EXPERTS IN X-RAY SCANNING SECURITY EQUIPMENT SINCE 1950<br />

TODD RESEARCH<br />

1 Stirling Way, Papworth Business Park<br />

Papworth Everard, Cambridgeshire CB23 3GY<br />

United Kingdom<br />

Tel: 01480 832202<br />

Email: xray@toddresearch.co.uk<br />

FENCING SPECIALISTS<br />

J B CORRIE & CO LTD<br />

Frenchmans Road<br />

Petersfield, Hampshire GU32 3AP<br />

Tel: 01730 237100<br />

Fax: 01730 264915<br />

email: fencing@jbcorrie.co.uk<br />

INTRUSION DETECTION AND PERIMETER PROTECTION<br />

OPTEX (EUROPE) LTD<br />

Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre<br />

optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B<br />

Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ<br />

Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311<br />

Email: sales@optex-europe.com<br />

www.optex-europe.com<br />

ONLINE SECURITY SUPERMARKET<br />

EBUYELECTRICAL.COM<br />

Lincoln House,<br />

Malcolm Street<br />

Derby DE23 8LT<br />

Tel: 0871 208 1187<br />

www.ebuyelectrical.com<br />

LIFE SAFETY EQUIPMENT<br />

C-TEC<br />

Challenge Way, Martland Park,<br />

Wigan WN5 OLD United Kingdom<br />

Tel: +44 (0) 1942 322744<br />

Fax: +44 (0) 1942 829867<br />

Website: www.c-tec.com<br />

PERIMETER SECURITY<br />

TAKEX EUROPE LTD<br />

Aviary Court, Wade Road, Basingstoke<br />

Hampshire RG24 8PE<br />

Tel: +44 (0) 1256 475555<br />

Fax: +44 (0) 1256 466268<br />

Email: sales@takex.com<br />

Web: www.takex.com<br />

SECURITY EQUIPMENT<br />

PYRONIX LIMITED<br />

Secure House, Braithwell Way, Hellaby,<br />

Rotherham, South Yorkshire, S66 8QY.<br />

Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042<br />

www.facebook.com/Pyronix<br />

www.linkedin.com/company/pyronix www.twitter.com/pyronix<br />

SECURITY SYSTEMS<br />

BOSCH SECURITY SYSTEMS LTD<br />

PO Box 750, Uxbridge, Middlesex UB9 5ZJ<br />

Tel: 0330 1239979<br />

E-mail: uk.securitysystems@bosch.com<br />

Web: uk.boschsecurity.com<br />

INTRUDER AND FIRE PRODUCTS<br />

CQR SECURITY<br />

125 Pasture road, Moreton, Wirral UK CH46 4 TH<br />

Tel: 0151 606 1000<br />

Fax: 0151 606 1122<br />

Email: andyw@cqr.co.uk<br />

www.cqr.co.uk<br />

SECURITY EQUIPMENT<br />

CASTLE<br />

Secure House, Braithwell Way, Hellaby,<br />

Rotherham, South Yorkshire, S66 8QY<br />

TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042<br />

www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity<br />

www.twitter.com/castlesecurity<br />

QUALITY SECURITY AND SUPPORT SERVICES<br />

CONSTANT SECURITY SERVICES<br />

Cliff Street, Rotherham, South Yorkshire S64 9HU<br />

Tel: 0845 330 4400<br />

Email: contact@constant-services.com<br />

www.constant-services.com<br />

SECURITY PRODUCTS<br />

EATON<br />

Eaton is one of the world’s leading manufacturers of security equipment<br />

its Scantronic and Menvier product lines are suitable for all types of<br />

commercial and residential installations.<br />

Tel: 01594 545 400 Email: securitysales@eaton.com<br />

Web: www.uk.eaton.com Twitter: @securityTP<br />

SECURE CONNECTIVITY PROVIDERS<br />

CSL<br />

T: +44 (0)1895 474 474<br />

sales@csldual.com<br />

@CSLDualCom<br />

www.csldual.com<br />

SECURITY SYSTEMS<br />

VICON INDUSTRIES LTD.<br />

Brunel Way, Fareham<br />

Hampshire, PO15 5TX<br />

United Kingdom<br />

www.vicon.com<br />

www.insight-security.com Tel: +44 (0)1273 475500


NOTHING MISSED<br />

Independent left and right detection<br />

with BX Shield PIRs<br />

BX Shield<br />

Outdoor curtain PIRs<br />

up to 12m per side<br />

wired/wireless & anti masking<br />

The BX Shield sensors combine superior outdoor performance with<br />

a versatile, modern design. The result is a range of easy-to-install curtain<br />

sensors protecting the immediate boundary of your premises against intrusion.<br />

With two pyro-elements on the left, and two on the right, the motion sensors<br />

detect completely independently on each side and up to 12m to suit the needs<br />

of your property. Not affected by small animals or by environmental changes,<br />

it is a perfect trigger for outdoor CCTV cameras providing visual verification<br />

for residential or commercial applications.<br />

For more information visit www.optex-europe.com<br />

or contact us at +44(0) 1628 631 000<br />

INDOOR DETECTION | OUTDOOR DETECTION | TAILGATING DETECTION | PEOPLE COUNTING | ENTRANCE DETECTION

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!