RiskUKNovember2017

November 2017
www.risk-uk.com
Security and Fire Management
What’s in the Pipeline?
Risk Management for the Extractive Industry
Security Systems: Requirements for Continuous Availability
Venturing into the Datasphere: An Examination of Storage
Training and Career Development: Lessons in Cyber Security
Fire Safety Management and Installation Supplement

“
MY PASSION IS
ALWAYS GOING THAT
EXTRA MILE -
WHATEVER THE JOB
”
Steve Lang, CNC Programmer/Operator, 3 years with Jacksons
OUR PASSION
IS YOUR SECURITY
We combine the highest quality
perimeter security fencing and
gates with seventy years of expertise
to provide you with the right solution
for your project, large or small.
www.jacksons-fencing.co.uk
0800 953 3730
Jacksons
Fencing

November 2017
Contents
31 Fire Safety Management and Installation
The FIA, Kentec, Xtralis and Klaxon all feature in our regular Fire
Safety Management and Installation Supplement
Security in the Extractive Industry (pp24-25)
5 Editorial Comment
6 News Update
ONS on latest crime figures. Linx International Group publishes
training study. Home Office determines to tackle violent crime
8 News Analysis: National Cyber Security Centre
Brian Sims delves into the detail contained within the National
Cyber Security Centre’s 44-page Annual Report
11 News Special: ‘Creating A Security Culture’
The Security Institute has launched ‘Creating A Security Culture’
in partnership with ITN Productions. Brian Sims reports
12 News Special: IRM International Certificates
International Certificates in Enterprise Risk Management and
Financial Services Risk Management are available through the
IRM. Brian Sims outlines the core content
14 Opinion: General Data Protection Regulation
Andrew Joss offers his views on the implications of the European
Union’s upcoming GDPR for security and risk professionals
16 Opinion: Security Business Sector Insight
Graham Allison explains why security services providers need to
offer sustainable careers for their employees and ensure that
end user customers receive the highest levels of service
19 BSIA Briefing
James Kelly discusses the current biometrics market and some
future trends in the sector well worth keeping an eye on
42 Venturing into the Datasphere
Andrew Palmer evaluates in great detail precisely why storage is
the fundamental beating heart of today’s surveillance systems
45 Under Surveillance
Jonathan Sturley on remote monitoring for video surveillance
48 View From On High
Stephen Smith reviews PSIM solutions in the public sector
51 On The Right Tracks
Key and equipment management at TfL addressed by Ben Farrar
54 Meet The Security Company
Risk UK turns the spotlight towards Omni Security Services
56 The Security Institute’s View
58 In The Spotlight: ASIS International UK Chapter
60 FIA Technical Briefing
62 Security Services: Best Practice Casebook
64 Cyber Security: Advanced Persistent Threats
66 Training and Career Development
68 Risk in Action
70 Technology in Focus
73 Appointments
76 The Risk UK Directory
22 Advancing the Science of Risk-Based Design
Philip Strand examines the science underpinning security
designs in today’s built environment
24 Failing to Invest is Investing to Fail
There’s an increasing demand for more effective, holistic and
integrated security arrangements in the extractive industry, as
Philip O’Sullivan duly observes
27 The Requirement for Continuous Availability
It’s crucial for security systems to be fully-operational around
the clock. Duncan Cooke describes Best Practice approaches
ISSN 1740-3480
Risk UK is published monthly by Pro-Activ Publications
Ltd and specifically aimed at security and risk
management, loss prevention, business continuity and
fire safety professionals operating within the UK’s largest
commercial organisations
© Pro-Activ Publications Ltd 2017
All rights reserved. No part of this publication may be
reproduced or transmitted in any form or by any means
electronic or mechanical (including photocopying, recording
or any information storage and retrieval system) without the
prior written permission of the publisher
The views expressed in Risk UK are not necessarily those of
the publisher
Risk UK is currently available for an annual subscription rate of
£78.00 (UK only)
www.risk-uk.com
Risk UK
PO Box 332
Dartford DA1 9FF
Editor Brian Sims BA (Hons) Hon FSyI
Tel: 0208 295 8304 Mob: 07500 606013
e-mail: brian.sims@risk-uk.com
Design and Production Matt Jarvis
Tel: 0208 295 8310 Fax: 0870 429 2015
e-mail: matt.jarvis@proactivpubs.co.uk
Advertisement Director Paul Amura
Tel: 0208 295 8307 Fax: 01322 292295
e-mail: paul.amura@proactivpubs.co.uk
Administration Tracey Beale
Tel: 0208 295 8306 Fax: 01322 292295
e-mail: tracey.beale@proactivpubs.co.uk
Managing Director Mark Quittenton
Chairman Larry O’Leary
Editorial: 0208 295 8304
Advertising: 0208 295 8307
3
www.risk-uk.com

Connect your life to your
home and your security
Interact, control and integrate your Texecom security system like never before
The Texecom Connect App allows you to control your security directly from your compatible
system events and monitor cameras or activity from anywhere in the world.
www.texe.com
Sales: +44 (0)1706 220460
Watch the Texecom
Connect App video

Texecom Connect App
New smartphone application for
iOS operating systems
Texecom Connect SmartCom
Texecom Connect ethernet
communicator
Texecom Connect SmartPlug
Ricochet ® enabled
wireless plug
Editorial Comment
IoT at the Double
Vodafone has recently published its fifth annual Internet of
Things (IoT) Barometer Report. This is a document widely
recognised as the leading global survey of business
sentiment regarding investment and innovation in the IoT.
The latest missive reports that the percentage of companies
with more than 50,000 active connected devices has doubled in
the last 12 months, while 84% of IoT adopters say that their use
of the IoT has grown in the last year. 51% of adopters are
adamant that the technology is increasing revenues or opening
up new revenue streams and 66% of all companies agree that
digital transformation is impossible without the IoT.
Businesses in the Americas have led the way in embracing
large-scale IoT projects, it seems. Here, 19% of companies using
the IoT have more than 10,000 connected devices compared to
13% in Europe and 7% in the Asia Pacific region. These largescale
users also report some of the biggest business gains with
67% of them highlighting significant returns from IoT usage.
Interestingly, energy and utility companies are at the forefront
of the largest IoT projects worldwide, with applications such as
smart meters and pipeline monitoring very much to the fore.
Meanwhile, the range of benefits that end users are gaining
from the IoT is also widening as adoption increases. Greater
business insights, reduced costs and improved employee
productivity top the list globally. In the Asia Pacific region, 53%
of respondents cite increased market competitiveness as the top
benefit compared to 35% in the Americas and 33% in Europe. In
the automotive sector, 51% of companies comment that the IoT
is helping them to improve brand differentiation.
As the scale of IoT projects increases, the comprehensive
report also notes a rise in connectivity requirements. Companies
are looking to use a mix of technologies from fixed line to low
power Wide Area Networks (LP WANs) depending on the
application. Typically, large-scale projects employ four different
connectivity options with mobile and Wi-Fi the two most popular.
There’s increasing interest in the newer technologies such as
Narrowband IoT. Indeed, 28% of all companies are now
considering this and other LP WAN options for new IoT projects.
It’s perhaps not surprising to learn that security around the IoT
remains the biggest barrier for organisations when it comes to
deployment. That said, in those companies with 10,000 or more
connected devices in operation, only 7% of them highlight
security as their top worry. Organisations are taking more steps
to tackle security concerns including an increase in security
training for existing staff, working with specialist security
providers and recruiting more IT security specialists.
“What’s evident is that the IoT is becoming an important part
of our lives,” writes Ben Dickson on the TechCrunch website. “Its
security is one of the major issues that must be addressed via
active participation by the entire global tech community. Will we
be able to harness this most-hyped emerging technology that
will revolutionise the world, or will we merely end up opening a
Pandora’s Box that spirals the world into a new age of mayhem?”
The fervent hope must be for the former outcome.
Brian Sims BA (Hons) Hon FSyI
Editor
December 2012
5
www.risk-uk.com

“Rising crime shows no sign of abating”
in wake of latest ONS figures and analysis
Police forces appear to be struggling to stem
the tide of ‘genuine increases’ in crime. Figures
published by the Office for National Statistics
(ONS) show that police-recorded crime has
risen by 13% in the last 12 months with huge
increases in violent crime (up by 19%), sexual
offences (also up by 19%) and police-recorded
theft (which has escalated by 11%).
Despite the old adage that improved
recording processes have resulted in rising
crime in recent years, the experts responsible
for collating the statistics judge that there have
indeed been ‘genuine increases’.
John Flatley, crime statistics and analysis
specialist at the ONS, commented: “The latest
figures suggest that the police are dealing with
a growing volume of crime. While improvements
made by police forces in recording crime are
still a factor in this increase, we judge that
there have been genuine increases in crime,
and particularly so in some of the low
incidence, but more harmful categories.”
Flatley continued: “Police figures cannot
provide a good measure of all crime in society,
since we know that a large volume of criminality
never comes to their attention. The recent
increases in recorded crime do need to be seen
in the context of the overall decline in crime
indicated by the Crime Survey for England and
Wales, which remains our best guide to longterm
trends for crime in general.”
Calum Macleod, vice-chairman of the Police
Federation of England and Wales, observed: “I
can see little chance of this sorry state of affairs
changing any time soon. Every day, officers set
out to protect their communities from harm, but
every day their job is being made more difficult
due to cuts in funding and cuts in their number,
yet the demand for their services isn’t
dwindling. It’s the public that suffers and it’s
the public’s safety that’s compromised.”
According to the Police Federation, the
“dangerous reality of policing” is “plain to see”
with violent crime continuing to rise, including
knife crime climbing at a startling rate and
exhibiting a 26% increase in offences across the
last 12 months (with 36,998 offences compared
to 29,476 the previous year). Offences involving
a firearm also spiked by a substantial 27%
(6,696 offences compared to 5,269).
In conclusion, Macleod went on to state: “We
know from our own research that officers suffer
significantly at the hands of volatile and
dangerous individuals. These ONS figures paint
a disturbing picture of the reality they face
when responding to calls for help. Quite frankly,
the Government needs to wake up to what’s
happening right in front of its eyes. Police
forces are always trying to play their part in
meeting demand, but it cannot be all one-way
traffic. More needs to be done to support them
in achieving their goals.”
Linx International Group publishes results of detailed training trends study
The Linx International Group has just revealed the results of an extensive survey conducted by the
company with a view to investigating the attitudes of security professionals towards training. The
survey highlights a clear commitment to professional and personal development, the desire to raise
industry standards and the sense that security is now becoming a serious long-term career path.
The findings reveal that security professionals are taking their careers and skills development
seriously, with Continuing Professional Development (76%), certification/training (71%) and
personal development (64%) cited as the three main drivers for undertaking training. This attention
to personal and professional progression is reflected in how training is being paid for, with just over
half (51%) of all respondents paying for training themselves, while 45% of training is being funded
by the employing organisation and the remainder via other means.
The survey results also highlight a widespread acknowledgement of the importance of
recognised training qualifications, with 81% of respondents stating its importance to them as an
individual, 68% acknowledging training’s importance to the organisation and 74% recognising the
positive impact that training qualifications have on their respective industries.
Ken Livingstone MSc FSyI (pictured), group training director for the Linx International Group,
informed Risk UK: “There’s a clear trend towards upskilling and individuals taking responsibility for
their own career development and advancement, as well as a demand from industry for better
qualified, certified and accredited professionals.”
Focus areas in which professionals are looking to gain more expertise are security management
(63%), security consultancy (61%), counter-terrorism (55%) and crisis management (47%).
6
www.risk-uk.com

News Update
Home Office announces package of
new measures specifically designed
to tackle violent crime
Prison sentences for those who repeatedly
carry corrosive substances without good
reason for doing so are among a set of new
laws being proposed by the Home Office with
the key aim of tackling serious violence.
The measures include a new offence of
possession of a corrosive substance in public
without a good or lawful reason. It would
place the onus on the individual caught in
possession to explain why they’re carrying
such a substance, rather than on the police
service to prove that the substance was
intended to cause injury. Those convicted of
this offence for a second time would face a
mandatory minimum sentence in line with the
existing knife possession laws.
The proposals are part of the consultation
on new legislation around offensive and
dangerous weapons. This duly sets out
legislative measures to reduce violent crime,
respond to recent rises in police-recorded
knife and firearms offences and deal with the
emergence of attacks where acids and
corrosive substances are being used.
Home Secretary Amber Rudd (pictured)
explained: “All forms of violent crime are
totally unacceptable, which is why we’re
taking action to restrict access to offensive
weapons and crack down on those who carry
acids with intent to do harm. Acid attacks can
devastate lives and leave the victims with both
emotional and physical scars. By actively
banning the sale of the most harmful corrosive
substances to those under the age of 18 and
introducing minimum custodial sentences for
individuals who repeatedly carry corrosive
substances with intent to cause harm, we’re
sending out a message that the cowards who
use these substances as weapons will not
escape the full force of the law.”
Measures on which the Government will now
consult in detail are new offences pertaining
to the sale of acids and the most harmful
corrosive substances to people aged under 18,
possession of a corrosive substance in public
and restricting online sales of knives such that
they cannot be delivered to a private
residential address and must instead be
collected at a place where age ID can be
checked and verified.
Sarah Newton, the Minister for Crime,
Safeguarding and Vulnerability, has just
announced the launch of the £500,000
Community Fund for local projects aimed at
tackling knife crime in tandem with more than
£280,000 of successful bids for community
work determinedly focused on ending gang
violence and exploitation.
BRE Global/LPCB Attack Testing
Zone set for expansion at IFSEC
International 2018
Security is the biggest challenge the world is
facing at present, with the need to safeguard
people and property arguably now greater
than at any point in the past. On that basis,
end users need to know the products and
solutions about which they’re making critical
purchasing decisions are fit for purpose.
With this in mind, IFSEC International’s
organiser UBM EMEA will once again be
partnering with the experts at BRE Global and
the LPCB to host the 2018 event’s Attack
Testing Zone.
Following the hugely successful introduction
of this new demonstration area in June, the
Attack Testing Zone will be expanded and
moved to a prominent position in the Borders
and Infrastructure area of IFSEC International
2018, in turn providing dramatic
demonstrations of the capabilities of worldclass
security solutions.
Expert technicians from BRE Global/LPCB
will actively demonstrate the effectiveness of
a range of physical security solutions. All of
the products on display are LPCB Red Bookapproved
and will have met the stringent
conditions laid down by a range of UK and
European standards. That being so, end users
in attendance at London’s ExCeL next June will
be watching ‘Best in Class’ products taken to
task in real-time scenarios.
Richard Flint, technical and business
development manager for physical security at
BRE Global, explained to Risk UK: “BRE Global
is delighted to once again partner with IFSEC
International in order to continue with the
Attack Testing Zone. We were hugely
impressed with the volumes and quality of the
visiting audience this year and, such was the
level of interest generated, we made sure the
IFSEC International team would both expand
and relocate this area for 2018. It’s a unique
opportunity for security professionals to see
leading products being tested in real-time and
showcases the impressive levels of security
and protection these solutions can provide.”
Gerry Dunphy, brand director for IFSEC
International, stated: “The Attack Testing Zone
was the star performer at IFSEC International
2017, with visiting customers standing fourdeep
around the area just to try and obtain a
view of what was going on. It’s clearly a major
area of interest for industry professionals.”
7
www.risk-uk.com

National Cyber Security Centre prevents
“thousands of attacks” in first 12 months
A 44-page report
marking the first
anniversary of the
National Cyber
Security Centre (NCSC)
has shone light on the
vital work the
organisation has
already conducted to
make the UK a safe
place in the online
world. The NCSC,
which is part of
GCHQ*, brought
together elements of
its parent organisation
with previously
separate parts of
Government and
intelligence to create a
‘one-stop shop’ for
UK cyber security.
Brian Sims reports on
progress made to date
While there’s still much work to be done,
in its first 12 months of operations the
NCSC has prevented thousands of
attacks and provided vital support for the UK’s
Armed Forces. Cyber experts received a total of
1,131 incident reports, with 590 of them being
classed as ‘Significant’.
Across the last 12 months, the NCSC has
launched Active Cyber Defence, which blocks
tens of millions of attacks every week and has
reduced the average time that a phishing site is
online from 27 hours to just one hour.
In point of fact, the organisation has
responded to upwards of 590 significant
incidents, co-ordinating Government’s response
and providing reassurance to the public, and
also led the UK’s response to the global
WannaCry incident – which directly affected 47
NHS Trusts – by providing vital assistance and
advice to those directly affected.
The NCSC has created a website to provide
easy-to-understand advice and information for
the public. The site received 100,000 visitors in
a single month and 2,000 tweets were issued
over the year. Furthermore, the organisation
hosted 2,300 delegates and 173 speakers at its
three-day CyberUK conference in Liverpool to
share insights and build on the understanding
of cyber security.
In parallel, the NCSC has overseen a 43%
increase in visits (4,000 visitors per month) to
the Cyber Security Information Sharing
Partnership (CiSP), which allows the community
to share information about cyber threats.
In addition, the NCSC has produced 200,000
physical items for 190 customer departments
through the UK Key Production Authority, in
turn securing and protecting the vital
communications of our Armed Forces and the
national security community.
Importantly, the NCSC has created the
pioneering ‘Industry 100’ initiative to work with
or embed 100 industry professionals within the
organisation in a bid to provide challenge and
generate innovation. The organisation has also
made an impact on the future of cyber security,
helping to foster a talent pipeline of the next
generation of experts and working alongside
business and academia to create a culture
wherein technology can thrive.
Jeremy Fleming, director of GCHQ, explained:
“In an increasingly digital world, cyber is
playing an ever-more important part in our daily
lives and, indeed, in the UK’s approach to
security. The threats to the UK are evolving
rapidly as technology advances. Our response
has been to transform in order to remain ahead
of them. The NCSC is a pivotal element of that
transformation. It’s a critical component not
only of GCHQ, where it benefits from the data
and expertise to which it has access as part of
the intelligence community, but also of how
Government as a whole works to keep the UK
safe. The NCSC has brought together
unparalleled skills, capabilities and
partnerships and, in its first year, has taken
enormous strides when it comes to increasing
and improving upon our cyber capabilities. It’s
on the front line in protecting the UK against a
growing number of cyber attacks.”
Crucial for national security
Ciaran Martin, CEO of the NCSC, added: “Cyber
security is crucial to our national security and
prosperity. We’re incredibly proud of what we’ve
achieved in our first year at the National Cyber
Security Centre, bringing together some of the
best cyber security brains in the country in a
single place, but the threat remains very real
and growing. Further attacks will happen, and
there’s much more for us to do in order to make
the UK the safest place in the world in which to
live and transact business online. We look
forward to working with our partners in the
year ahead in pursuit of that vital goal.”
Commenting on the news that more than
1,000 incidents were reported to the NCSC in its
8
www.risk-uk.com

News Analysis: National Cyber Security Centre Annual Report
first year of operation, Joe Hancock (cyber
security lead at Mishcon de Reya) stated:
“1,000 attacks may seem like a large number,
but the reality is that this is the tip of the
iceberg. The majority of attacks on business,
Government and third sector organisations go
unreported and often undetected. Behind these
high-profile incidents, there are millions of
online crimes that affect individuals every day.”
Hancock continued: “We routinely deal with
these issues, and it’s clear to us that more
needs to be done to support law enforcement
in helping responders and victims to better
detect and recover from cyber episodes. The
recent Equifax breach shows the potential
downsides of large-scale data collection where
there’s apparently little consent. The level of
cyber security isn’t globally consistent: we’re
always only as strong as the weakest link.
We’re extremely keen to see the NCSC’s
strategy broadened with further investment.”
Although operational since October 2016, the
NCSC’s new London headquarters was officially
opened by Her Majesty The Queen and HRH The
Duke of Edinburgh in February this year. As well
as co-ordinating the Government’s response to
those 590 significant incidents referred to
earlier, the NCSC has prevented waves of
attacks through its aforementioned Active
Cyber Defence programme.
As part of GCHQ, the NCSC is proud to deliver
vital work nationally and internationally and,
across the last year, has worked with officials in
more than 50 countries across five continents,
including signing NATO’s groundbreaking
Memorandum of Understanding on Cyber.
The UK Government is fully committed to
defending the nation against cyber threats and
addressing the cyber skills gap to develop and
grow talent. The NCSC was created as part of
the Government’s five-year National Cyber
Security Strategy. Announced in 2016, that
strategy is supported by £1.9 billion of
transformational investment.
Tightening the law
Counter-terrorism laws are to be updated to
keep pace with modern online behaviour and
address the issue of online radicalisation,
Home Secretary Amber Rudd has announced.
The Government intends to change the law
such that those individuals who repeatedly
view terrorist content online could face up to 15
years behind bars.
The proposed changes are designed to
strengthen the existing offence of possessing
information likely to be useful to a terrorist
(Section 58 of the Terrorism Act 2000) such that
it applies to material viewed repeatedly or
“In an increasingly digital world, cyber is playing an evermore
important part in our daily lives and, indeed, in the
UK’s approach to security”
streamed online. Currently, this power only
applies to online material which has been
downloaded and stored on the offender’s
computer, is saved on a separate device or
printed off as a hard copy.
The move to tighten the law around the
viewing of terrorist material comes as part of a
wide-ranging review of the Government’s
counter-terrorism strategy in the wake of this
year’s terror attacks, and will help in providing
an important and effective way of intervening
earlier in an investigation and disrupting
terrorist activity.
The legal changes will also increase the
maximum penalty if found guilty from ten to 15
years’ imprisonment in order to reflect the
seriousness of the offence and ensure that
perpetrators are locked up for longer periods.
The new maximum penalty of 15 years behind
bars will also apply to terrorists who publish
information about members of the Armed
Forces, the police and the Security and
Intelligence Services for the purposes of
preparing acts of terrorism (Section 58a of the
Terrorism Act 2000).
There have been a number of prosecutions
for terrorism offences featuring Armed Forces
personnel (or military establishments) as the
targets of attacks, including last year’s
successful conviction of Junead Khan for
planning to attack personnel at a USAF airbase
in Norfolk and of those responsible for the
horrific murder of Fusilier Lee Rigby.
The updated offence will ensure that only
those found to repeatedly view online terrorist
material will be captured by the law. This will
serve to safeguard those who click on an
Internet link by mistake or who could argue
that they did so out of curiosity rather than with
any criminal intent in mind. A defence of
‘reasonable excuse’ would still be available to
academics, journalists or others who may have
a legitimate reason to view such material.
*Government Communications Headquarters
(GCHQ) is one of the three UK Intelligence and
Security Agencies, along with MI5 and the
Secret Intelligence Service (MI6). GCHQ works
to protect the UK and its citizens from a range
of threats posed to national security, including
those attributable to terrorism, serious and
organised crime and cyber attack. It also works
to protect and safeguard the UK’s Armed
Forces wherever they may be deployed
Jeremy Fleming:
Director of GCHQ
Ciaran Martin: CEO of the
National Cyber Security Centre
9
www.risk-uk.com

They see a well secured airport.
You see smart data to
optimize traveler flow.
Bosch empowers you to build a safer and more secure
world. And with built-in video analytics as of the IP 4000
cameras, we allow you to use video data for more than
security alone. Like identifying interruptions and
patterns in airport traffic.
Find out more at boschsecurity.com
+1
People counting
Queuing alarm
Enforcing safety
regulations

News Special: ‘Creating A Security Culture’
The Security Institute launches ‘Creating
A Security Culture’ with ITN Productions
The recent terrorist attacks on the very
doorsteps of democracy are an acute
reminder of the ongoing public security
battle we face, with the nation having
experienced a severe increase in terrorist
activity over the last few years.
With this in mind, ‘Creating A Security
Culture’ looks at how security professionals are
working together to realise a unified dialogue
and fight against this global threat. It also
examines how digital surveillance is enhancing
the quality and quantity of footage captured, as
well as the ability companies currently have to
store and interrogate large amounts of data.
Anchored by celebrated national newsreader
Natasha Kaplinsky, ‘Creating A Security Culture’
also makes a point of delving into the spheres
of corporate espionage and hacking, social
unrest and the Government’s campaigns
designed to educate the public on coping
mechanisms. The programme explores in some
degree of detail the phenomenal innovation in
this sector, turning towards products such as
virtual laser ‘ceilings’, satellite surveillance and
even ceramic ball technology.
Drawing upon ITN’s 60-year heritage and
expertise in storytelling, this news-style
venture combines key interviews and
sponsored editorial profiles from a wide range
of industry experts including the Engineering
and Physical Sciences Research Council,
EtherSec, GJD Manufacturing, Kaba, OPTEX,
Scandef and Seagate Technology.
The programme will form part of an extensive
communications campaign featuring experts in
the security business sector as well as relevant
journalists, writers and bloggers.
Andrew Nicholls, deputy chairman of The
Security Institute, said: “For almost 12 months
now, The Security Institute has been working
closely with ITN Productions to help support
this very special programme about the
important work of security professionals. The
production illustrates the wide range of
essential work being carried out across the
security industry and also explains some of the
key developments in technology which are
helping to keep us all secure.”
Simon Shelley, head of industry news at ITN
Productions, added: “ITN Productions is
delighted to have partnered with The Security
Institute to explore this critical and complex
profession that works to keep society safe. By
The Security Institute and ITN Productions have launched a
news and current affairs-style programme entitled ‘Creating
A Security Culture’ that features in-depth perspectives on
international security, investigating how emerging threats to
global security are being tackled decisively thanks to the use
of sophisticated technology and a heightened awareness
around public safety. Brian Sims reports
examining the technologies behind
security systems and engaging
with key organisations and
individuals right across the sector,
the programme will contribute to
the ongoing debate on how to
continue to improve security in
what are now increasingly
challenging environments.”
Group membership
At the organisation’s Annual
Conference 2017, held on Tuesday
3 October in central London, The Security
Institute announced that it has now entered
into a Group Membership arrangement with the
Civil Aviation Authority (CAA), the UK’s
specialist aviation regulator.
The scheme will enable security specialists
within the CAA’s Aviation Security Directorate to
become members of the Institute and obtain
professional membership status. The new
arrangement will enable around 50 members of
the CAA’s security team to join the Institute.
Peter Drissell, the CAA’s director of aviation
security, stated: “The CAA is delighted to enter
into this partnership with The Security Institute
which will ensure that our team of security
professionals remains up-to-date with the
latest industry advancements and has the
opportunity for ongoing development.”
Andrew Nicholls added: “We’re delighted to
make this announcement at our Annual
Conference and very much look forward to
working with the CAA in the future.”
*The Security Institute is the UK’s largest
professional membership body for security
professionals with over 2,500 members. Since
2000, the Institute has been working to
promote the highest possible standards of
integrity and professional competence in the
business of security
National newsreader Natasha
Kaplinsky is the chosen
presenter for ‘Creating A
Security Culture’
11
www.risk-uk.com

News Special: IRM Certificates in Risk Management
Qualifications “assist in developing
transferable skills” urges the IRM
The Institute of Risk
Management (IRM) is
perfectly placed to
help risk managers
and their members of
staff remain up-tospeed
in the
discipline, no matter
what stage of their
career they’ve
reached. The globallyrecognised
International
Certificates in
Enterprise Risk
Management and
Financial Services Risk
Management will help
individuals to become
effective risk
professionals, as
Brian Sims reports
Nicola Crawford CFIRM:
Chair of the Institute of Risk
Management
12
www.risk-uk.com
With the current business climate now
increasingly uncertain, organisations
need competent, efficient and
knowledgeable staff to manage threats.
Focusing on cyber security, data breach, supply
chain and people risk, an enterprise-wide risk
management approach will help the host
organisation to maximise opportunities and
mitigate risks in the business environment.
Nicola Crawford CFIRM, chair of the IRM,
informed Risk UK: “IRM qualifications are a
solid platform which give the broad background
of risk and help to develop transferable skills. I
came from a banking back office environment
and then a strategic planning background. I’ve
seen what happens when Enterprise Risk
Management (ERM) isn’t embedded within an
organisation’s key processes. Understanding
other organisational functions is an important
element of being able to help businesses learn
how ERM fits into the rest of the organisation
and where the key changes need to occur in
order to make this happen.”
Whether practitioners are just starting out on
their career or considering how to make the
most of existing options, qualifications attained
with the IRM offer them the chance to become
pivotal players in any organisation.
Completing either International Certificate
through distance or blended learning (which
offers a more face-to-face approach) can take
just six months and earns the IRMCert
designation, enabling professionals to stand
out from their peers with an internationallyrecognised
and respected qualification.
The IRM boasts learners from all over the
world and in every sector, from aviation,
healthcare, infrastructure and oil and gas
through to the public sector. The International
Certificates are aimed at anyone with
responsibility for risk in any organisation and in
any business sector around the globe.
Course details in brief
Individuals don’t require any prior experience
or qualifications to study for the International
Certificates with the IRM.
The qualifications consist of two modules.
Studied together, each module is assessed by
examination. Candidates sit their exams for
both modules in the same exam period. The
IRM has examination centres around the globe
and recently launched its blended learning
option in the UK for those who do prefer a more
face-to-face approach.
The International Certificate in Enterprise
Risk Management provides an entry route into
the International Diploma focused on the same
discipline. On completing the International
Certificate, as stated professionals will then be
able to use the internationally-recognised
membership designation IRMCert.
This is the first step towards becoming a
Certified Member of the IRM (CMIRM). Students
have two years to complete the certificate
modules from the date of enrolment.
Recently, the IRM hosted a webinar to explain
its qualifications in more detail and how they
can help individuals reach certified status.
Available to view at www.theirm.org/training/
webinars.aspx, the webinar features past
students’ experiences and how qualifications
have helped them in their roles. Both
examiners and module coaches also talk at
length about the syllabus and course content.
The IRM also offers a range of in-house and
open training courses to suit specific training
requirements, from the Fundamentals of Risk
Management through to Risk in the Boardroom.
The courses are all interactive, giving learners
the greatest impact in the time available.
All courses have been selected not just for
their theoretical content, but also for their
practical impact such that learners leave their
studies with tools and techniques they can put
into action immediately. Further detail is
available at www.theirm.org/training
Vinay Shrivastava FIRM, director of Turner &
Townsend Infrastructure and a Board member
of the IRM, observed: “The IRM qualifications
are a necessary quality benchmark in our
Industry. I receive dozens of CVs on a weekly
basis and candidates who are IRM-qualified
stand out for consideration for our roles as this
indicates that, beyond having a demonstrable
core skills set, these particular individuals take
professional development seriously and are
committed to a career in risk management.”
If you look at global infrastructure, cyber
security, energy, defence and security as well as
all major projects, they all have one thing in
common: someone somewhere has to manage
the risks and opportunities they present.
Make sure your company has qualified staff
in post to manage risk both efficiently and
effectively on an ongoing basis.

SkyHawk AI
The hawk is back and
smarter than ever.
Gain the commercial edge with SkyHawk AI,
built for AI-enabled surveillance systems,
and now protected by SkyHawk Health.
WWW.SEAGATE.COM
©2017 Seagate Technology LLC. All rights reserved.

Tackling the EU’s GDPR: Strength of
Conviction and Purpose is Required
The European Union’s
General Data
Protection Regulation
(GDPR) comes into
force in less than a
year. At its heart, the
GDPR is designed to
give consumers more
control over how their
data is stored and
processed, and will
help to hold
businesses to account
for any proven
careless data handling
procedures. Andrew
Joss offers his views
on the GDPR’s
implications for
today’s risk and
security professionals
Across the last few months, the GDPR has
finally begun to gain traction in the
Boardroom as an urgent matter – and with
good reason. One of the most highly-publicised
aspects of the legislation is the threat of noncompliance
fines up to the greater of €20
million or 4% of annual global revenues.
Companies that fail to bring their data
management procedures into line are at risk of
having their finances seriously damaged. No
matter how big a business happens to be, the
GDPR fining system has the potential to drain a
large proportion of revenues if the offence is
deemed serious enough.
That’s without mentioning the huge
reputational damage that will arise with a GDPR
non-compliance case. Consumers are now more
sensitive than ever to how their personal data
is processed and protected, and as the GDPR
impacts consumer rights, it has the potential to
cause highly-publicised cases that will run in
the press as ‘The People versus Corporations’.
In other words, if you fail to comply with the
GDPR, you’re opening yourself up to
reputational disaster.
Technology leaders like Chief Data Officers
and Chief Information Officers must see this
oncoming regulatory challenge as an
opportunity to take the lead in building
compliance into company processes. In doing
so, they can not only appease the regulators,
but also help their companies to achieve
multiple benefits. Ultimately, GDPR compliance
is about having a comprehensive view of – and
detailed control over – the personal data you
process. In the connected era, that data can be
a source of real business benefits.
At this point, it’s important to caveat that
GDPR compliance must always come before
business benefits. Businesses must do what’s
necessary to protect the personal data they
control and, for some, this may run contrary to
their financial interests. However, for many
companies, improving their data management
stance will afford them an opportunity to use
their improved insight for commercial purposes
once compliance has been achieved.
From removing operational silos and creating
more efficient internal processes to improving
customer personalisation programmes, good
data makes for a successful business. Data is
the fuel that drives intelligent decisions:
everything from Netflix’s movie
recommendation system to Google’s query
corrections and your smart phone’s auto-correct
function are powered by data that has been put
to intelligent and effective use. Put simply,
having a clear view of what data you hold
makes it easier to use that data.
The same principles can and should apply to
business decisions. Companies may use the
data they hold on their customers to provide
insights which can guide their marketing
strategy, product roadmap and branding. When
handled properly, it can make businesses work
more cohesively as a unified whole and helps
them to adapt to new challenges in the future.
Ingrained opposition
Companies have to invest to protect data under
their control and develop a roadmap that will
deliver value over time. As a result, for the past
decade the technological and financial barriers
have inhibited progress.
As one example of specious thinking, some
might ask why they ought to dedicate Capex to
a data management project if the business is
already running well? For that reason, data
governance has sometimes been seen as an
add-on rather than a necessity.
There’s also a cultural barrier to overcome in
many cases. Gaining full control of your data
often means changing the way in which the
company works. This can bring with it
difficulties of its own. It can be a long and
arduous process to carve out an integrated
approach, ensuring team leaders are aware of
the aims of the programme and that this
trickles down to all levels. For a company to
truly make the most of its data assets,
everyone needs to be enfranchised. If some
divisions within continue to treat data
carelessly, not only will they be missing out on
the benefits outlined above, but they’ll also be
at risk of non-compliance.
Now, the approach of the GDPR deadline may
force the issue. With the C-Suite more focused
than ever on the importance of good data
management, the Chief Data Officer should
take responsibility for making the company
data-centric and then help it reap the rewards.
With this in mind, there are several points we
consider could be important to help your
business on its GDPR initiative journey.
14
www.risk-uk.com

Opinion: European Union General Data Protection Regulation
Don’t see the GDPR as an enemy. Financial
services companies are used to building many
of their processes around regulation, but many
other industries are not. That can lead them to
feel threatened by the coming change, but
there’s no need to be afraid of making the
necessary preparations. Instead, treat them as
an opportunity for competitive differentiation.
Preparing for the GDPR can help businesses
in gaining a good, in-depth understanding of
the personal data they process. In that sense,
compliance can be a benefit as well as a
challenge. It might damage those who are not
prepared for it, but on the other hand it can
afford others plenty of valuable insights to help
drive growth and customer engagement.
Planning your programme
Plan your compliance programme carefully. The
journey towards GDPR compliance is often a
long one. It’s important to be able to show
regulators and stakeholders alike that you’re
intentional and serious about reaching
compliance by the deadline of May next year,
and that you have control over your data. Begin
as soon as you can and stick with it.
Also, map out your data. A good way to start
on GDPR compliance is identifying how your
organisation processes personal information
across its ecosystem so you can appropriately
process and effectively secure it. To do that, we
think you would want a clear view of your entire
data landscape. Think of it like a macro version
of ‘Where’s Wally?’ If you can only search part
of the picture, you might find Oswald or Wenda,
but you’re probably not going to find Wally.
As a result, organisations may wish to
consider automating the data discovery
process. Manually sorting through the huge
amounts of data involved often takes a lot
longer than predicted and, as your data is
evolving all the time, your insights will be stale
almost as soon as you produce them.
Automated data discovery and management
can speed up the process and help you to keep
pace with shifting data inputs. By generating a
risk score for relevant data, today’s
organisations can then begin to understand
how to start prioritising remedial activities.
Involve the whole company. This isn’t just a
problem for application developers: the entire
business from the top down needs to be on
board with making GDPR compliance and data
centricity a success. This means the Chief Data
Officer needs to ensure that senior
stakeholders such as the CEO are involved and
committed right from the start, as they can
help to unify the company around the single
goal of achieving compliance.
In addition, maintain a good dialogue with
your Legal Department. The professionals
operating within are a key part of protecting the
company and can help you to understand the
scope of what’s required.
External expertise
Bring in the right external expertise.
Technology alone isn’t enough for this task. It’s
an accelerator for a GDPR initiative, but it’s only
one part of the story.
You may also require switched-on business
consultancy to go hand-in-hand with it.
Ultimately, companies may need to re-engineer
their entire operational structure to
accommodate the new GDPR, so it’s entirely
possible they’ll also need insightful strategic
counsel to help them do so.
Start now, not later. Potentially, Chief Data
Officers face a long and uphill task to meet the
GDPR’s requirements, so starting now is key.
Like the proverbial bird, the company that
begins early will catch the compliance worm
and the market share that comes with it. The
tools and techniques are available to do so.
Last year, organisations could afford to
theorise about the EU’s GDPR. We believe now
is the time for concerted action.
Andrew Joss:
Head of Industry Consulting
(EMEA) at Informatica
“With the C-Suite more focused than ever on the importance
of good data management, the Chief Data Officer should
take responsibility for making the company data-centric”
15
www.risk-uk.com

Pay Rates in Security: The Highs and Lows
Although the pay rates
that security officers
are awarded remain a
cause for concern, the
issue points to a wider
problem regarding
training and skills
development, not to
mention the way in
which personnel are
deployed. In the first
instalment of a new
regular section for the
readers of Risk UK,
Graham Allison
explains why security
services providers
need to offer
sustainable careers for
employees in order to
increase their value
and ensure that
customers receive the
highest levels of
service at all times
According to PayScale, a security officer can
start out on a pretty low wage of £7.73 an
hour. That figure is just 23 pence higher
than the National Minimum Wage. A selfinflicted
culture of competitive undercutting, an
obsession with market share and the inability
to professionalise the industry by offering
talented young people a career path has led to
a situation wherein the majority of customers
simply don’t place a high enough value on their
security guarding operations – and will not pay
a penny more than they have to for the service.
This status quo has far-reaching implications
for customers, some of whose preoccupation
with lowest cost is increasingly proving to be a
false economy. At a point in time when their
security strategies should be watertight, many
customers don’t have adequate measures in
place to counter risks or threats.
Revamped security regime
Similarly, tenders are often carried out on an ‘as
is’ basis simply because purchasers are
concerned that the outlay for implementing
measures different than those already in place
will cost them more. While this can indeed be
the case, it’s equally possible that a revamped
security regime could cost less: a more
optimised service will be more efficient.
While at first glance it might appear that this
issue has little to do with low pay, the fact is
that a more holistic strategy will reduce
response times, lower security-related
expenditure for retailers and improve the
quality of the security operatives deployed.
What it also means is that security officers are
given a real opportunity to demonstrate Return
on Investment against a defined set of Key
Performance Indicators (KPIs). In turn, this
drives up their skills, value and, therefore, pay.
However, we still have a long way to go. The
problem is that the approach to loss prevention
and protecting organisations from those with
malicious intent is fundamentally the same as it
has always been. Traditional Shopping Centre
security, for example, encourages a silo-based
mentality wherein, as well as paying a service
charge for the security guarding of public areas,
retailers also procure their own in-store
operatives. This often leads to a fragmented,
costly and ineffective security strategy that
doesn’t enable adequate measures to be put in
place to counter any risks or threats and
proactively deal with them when they happen.
Problem solving
By using existing technology and adopting
smarter thinking this issue could be resolved. If
a panic button were to be installed within each
store, security officers in a Shopping Centre’s
public areas could be notified via a smart
phone, tablet or even a remote monitoring
centre where and when help is needed and
provide an immediate response. Such a
‘clustered’ solution eliminates the need for
retailers to employ their own personnel – or at
least it can prompt them to reduce their
number – and reassures them that help is at
hand at the press of a button.
It’s an approach that has benefits for all
interested parties, as it reduces expense for
retailers by dint of them not having to pay twice
over for security. It also increases margins for
the security services provider and allows them
to deploy more highly-trained and skilled
personnel. The same logic applies to retail
parks, business and technology parks and even
multi-tenanted office spaces.
To ensure standards of response are
maintained regardless of the size of the
organisation, KPIs can be agreed in advance.
Security operatives can use smart devices for
live incident reporting and organisations may
work together, talk to each other and create a
more cohesive security solution with no silos
and greater degrees of information sharing.
Gathering the right data means that security
16
www.risk-uk.com

Opinion: Security Business Sector Insight
officers can be deployed more effectively and
helps them provide a better level of service.
Added value
A security strategy can only ever be as effective
as the people charged with implementing it on
a day-to-day basis. The aforementioned
‘intelligent guarding’ approach combines
technology, and the data produced by it, with
people who are able to deal with the outputs of
these systems. As we’ve stated on previous
occasions, knowledge about loss prevention,
report writing, behavioural analysis and
profiling, Health and Safety, data and
intelligence gathering and First Aid, in tandem
with excellent customer service skills, is now
vital for the modern security officer, as is their
ability to work and function as part of a team
with non-security based personnel.
Likewise, in these uncertain times the threat
posed by terrorist activity must be taken
seriously and there are obviously some
locations at higher risk of attack than others.
Again, those with specialist training in counterterrorism
strategies will be able to undertake
an appraisal of the threat posed and outline the
communications system, infrastructure and
decision-making processes necessary in the
event of an attack.
It’s by focusing on the development of these
skills that the overall worth of the security
officer’s role can be elevated. Investing in
employees ensures that they’re given the
requisite knowledge to develop their careers.
This facilitates a virtuous circle, whereby if a
company looks after its employees, those
employees will look after its customers who, in
turn (and by retaining the security company’s
services long-term), will enhance profitability.
It also engenders a corporate ethos of
inclusivity, pride, loyalty and commitment, as
well as increasing staff retention.
Upping the game
If this concept is promoted, acknowledged and
accepted then margins might start to improve
and, as a result, more talented individuals will
consider working in the security business
sector as an attractive career choice. It could
also start to tackle the lack of diversity in terms
of gender, ethnicity and age in the industry,
which is nothing short of shocking.
If a security officer doesn’t possess the skills,
talent and basic training needed to use the
technology-based tools at their disposal, then
at the end of the day the concept of intelligent
guarding will never progress.
However, it mustn’t be forgotten that, above
all else, security guarding is a people-focused
service. The key to long-term success involves
bringing the two worlds together.
Added to that, with so much change
happening in the industry, knowledge provision
shouldn't be seen as a ‘quick fix’. On the
contrary, companies must invest in the
Continuing Professional Development of their
employees and create a culture of ongoing
improvement. This means that employees will
perform to the standards required. It’s the kind
of expertise that can literally be the difference
between life and death.
The security industry clearly has much to do
in terms of increasing the professionalism of
those working within it, but at times can be its
own worst enemy. A business sector that
employs in excess of 350,000 professional and
licensed operatives should be doing much more
to address the negative perceptions held of it
within wider society. There’s currently a distinct
lack of knowledge and appreciation for the role
that security personnel play in keeping people,
property and assets safe.
Sadly, it would appear that trade bodies have
little interest in promoting the positives of the
security guarding sector. Therefore, the security
services industry must do more to communicate
the positives it offers. Frankly, if it doesn’t do so
then it will continue to struggle attracting high
quality individuals from what’s now a rapidly
diminishing pool of talent.
Looking ahead
The commoditisation of security services and
those who perform them is by no means a
recent phenomenon and, to a greater or lesser
extent, the industry only has itself to blame. It
needs to adapt in order to meet the demands of
the future through innovative ways of working
which are already offering Return on
Investment, while also elevating the position of
security officers and increasing their pay.
Although some customers will always expect
‘champagne for beer money’, forward-thinking
organisations across a diverse array of vertical
sectors are already beginning to realise the
benefits of information sharing and appreciate
precisely why skilled security personnel are
worth the investment.
It’s therefore beholden upon security service
providers to build on this by investing in their
people and offering them the types of careers
deserving of such a vital role.
Graham Allison: Managing
Director of Cardinal Security
*Security Business Sector Insight
is the space where members of
Cardinal Security’s management
team examine current and often
key-critical issues directly
affecting today’s companies and
their customers. The thoughts and
opinions expressed here are
intended to generate debate and
discussion among practitioners
within the professional security
and risk management sectors. If
you would like to make comment
on the views outlined on these
pages, please send an e-mail to:
brian.sims@risk-uk.com
**Cardinal Security was formed
back in 2003 and is a privatelyowned
company delivering
innovative security solutions
throughout the UK, Europe and the
US. The business is a leading
supplier of security officers, store
detectives and key holding to the
retail and logistics industry and
works with many well-known
brands including Arcadia, Asda,
Dixons Carphone, Footasylum,
House of Fraser, Morrisons and UK
Mail. Cardinal Security is a
Security Industry Authority
Approved Contractor and in the Top
5% of all security providers
“A sector that employs in excess of 350,000 professional
and licensed operatives should be doing much more to
address the negative perceptions held of it in wider society”
17
www.risk-uk.com

Cybersecurity?
Buckle up.
At Axis, we do everything we can to mitigate the risks of cyber attack. We have 100% focus on
cybersecurity. We build protection right into your network camera solutions. And we work hard to make
it easy for you to play your part. But we really can’t do it without you.
Because cyber protection is a lot like the seatbelt in your car. It won’t keep you safe unless you use it.
Learn Visit more about axis.com/about-axis/cybersecurity Axis’ quality assurance work
at axis.com/quality and find out how to stay protected!

BSIA Briefing
Biometrics is the technical term for body
measurements and calculations and refers
to metrics related to human
characteristics. Biometric authentication, which
is sometimes referred to as ‘realistic
authentication’, is used in computer science as
a form of identification and access control. It’s
also employed to identify individuals in groups
that are under surveillance.
Biometric identifiers are distinctive and
measurable characteristics used to describe
individuals. They’re often categorised as
physiological versus behavioural
characteristics. The former are related to the
shape of the body, with examples including
(but not limited to) fingerprints, palm veins,
facial recognition, DNA, palm prints, hand
geometry and iris recognition.
Behavioural characteristics are related to the
pattern of behaviour of a person, including (but
not limited to) their walking gait and voice.
Indeed, some researchers have coined the term
‘behaviour metrics’ to describe this particular
class of biometrics.
More traditional means of access control
include token-based identification systems,
such as a driver’s license or passport, and
knowledge-based identification systems (such
as a password or PIN). Since biometric
identifiers are unique to individuals, they’re
viewed as being far more reliable when it
comes to verifying identity than token and
knowledge-based methods. However, there has
been much debate over the years about the fact
that the collection of biometric identifiers raises
privacy concerns around the ultimate use of
gathered information.
What is biometric security?
Essentially, all biometric systems work by
unobtrusively matching patterns of live
individuals’ data in real-time against enrolled
records. Data is initially read with an
‘enrolment’ reader and then ‘encoded’ into a
template which is usually stored in an access
control database or on a smartcard for use at
some later juncture.
The encoding process ensures that the data
cannot be reproduced from the template, but
only compared against a recent read sample for
a pass or fail result.
Biometrics have been recorded and used
within society since the late 19th Century, with
fingerprint identification being used by police
agencies around the world to identify both
suspected criminals as well as the victims of
crime. Since then, and as mentioned,
approaches have extended to the iris, face,
hand geometry and, more recently, the heart.
Biometrics: An Alternative
View of Security Management
Alongside incredible advancements in medicine and science,
innovative methods of accessing systems using the human
body have led to an explosion in biometric security solutions.
Here, James Kelly discusses the current biometrics market
and some future trends worth keeping an eye on for today’s
practising security management professionals
In an era where personal information leaks
from major organisations now appear to be
increasingly common, security has had to
evolve far beyond traditional physical locks and
keys. Scientists and engineers have developed
innovative ways of using unique identifiers
within the human body to create access control
systems that are ‘un-hackable’ to even the most
tech-savvy of criminals.
Just this year, researchers at the University of
Buffalo in New York announced that they’ve
developed a security method that uses the
measurements of an individual’s heart to
identify and authenticate a user. This futuristicsounding
method makes use of low-level
Doppler radar to determine the heart’s
dimensions. With the initial scan taking roughly
eight seconds, the system can then
continuously monitor the heart of the user to
make sure another user hasn’t stepped in to
work on the machine.
Beyond making it much easier to log in and
log out, this method makes it incredibly difficult
– if not actually impossible – for criminals or
imposters to infiltrate a system as every user’s
James Kelly: CEO of the British
Security Industry Association
19
www.risk-uk.com

BSIA Briefing
*For more information on
biometric technology, take a
look at the BSIA’s ‘Access
Control: Biometrics User
Guide’ which provides an
invaluable overview of the
main types of biometrics,
system architectures and the
advantages and
disadvantages of today’s
systems as well as the factors
to be considered when
choosing the right solution.
Download the BSIA’s Guide
at: www.bsia.co.uk/
web_images//publications/
181_Access control_
biometrics_user_ guide.pdf
heart dimensions are different and certainly
unique to them.
Fingerprint technology
Fingerprint technology has also developed in
recent years in order to thwart criminals from
counteracting security regimes by taking
impressions of fingerprints. With fake finger
tips capable of mimicking human skin available
to criminals, advances in optical sensor
implementation have now made it possible for
fingerprint readers to look beyond the surface
of the print to the subcutaneous layers of the
skin (such as the capillaries underneath) which
would not be as easily replicated.
Iris recognition is another area of biometrics
that has raised the bar when it comes to
accuracy. In comparison with fingerprint-based
systems, when they were first introduced, iris
systems were producing hundreds or
potentially thousands of fewer false
acceptances. These systems take an image of a
person’s iris and apply pattern recognition
algorithms. The next time the iris is presented
to the recognition reader, a comparison can
then be made with the stored pattern.
Iris systems tend to be seen most regularly in
airports, but with the introduction of biometric
passports they’re now becoming less common.
However, due to their abilities they do have a
place in specialist high security applications.
Like iris systems, facial recognition
technology has been widely available in recent
years. Apple has made use of the technology in
the creation of its new Face ID feature available
on the iPhone X which is due to be released
this month. According to Apple, the new system
is 20 times more secure than Touch ID, the
fingerprint-based system previously included
on the company’s products.
With Face ID, Apple has implemented a
secondary system that exclusively looks out for
attempts to fool the technology. Both the
authentication and spoofing defence are based
on machine learning, but while the former is
trained to identify individuals from their faces,
the latter is used to look for signs of cheating.
According to Apple: “An additional neural
network that’s trained to spot and resist
spoofing defends against attempts to unlock
your phone with photos or masks.” If a
completely perfect mask is made which fools
“Like iris systems, facial recognition technology has been
widely available in recent years. Apple has made use of the
technology in the creation of its new Face ID feature
available on the iPhone X”
the identification neural network, the defensive
system will still notice – as, indeed, would a
human. All that said, Apple’s Face ID is not
without its restrictions. The Cupertino,
California-based company has reported that it’s
not suitable for users under the age of 13 or
those with identical twins.
Advantages of biometrics
Biometric technology can be extremely
advantageous in terms of playing a
fundamental role in an extensive security
strategy. In regards to access control, the
technology is attractive to users for a number of
reasons, primarily because information cannot
be passed along to another person in the same
way that an access card or PIN might be. This
can also be useful in terms of Human Resources
management, reducing identification fraud
among employees during ‘clocking-in’.
The technology can help to eliminate security
threats that may arise when cards or PINs are
either lost or borrowed, not to mention the cost
savings made by removing the management of
lost, stolen or forgotten access cards.
This is not to say that biometric technology
doesn’t have its disadvantages, with readers
sometimes taking slightly longer to identify
users than card-based systems, particularly as
users usually have to stop and properly identify
themselves to biometric readers.
Not everyone can use biometric systems,
either. Such solutions rarely suit an external or
exposed location and, in extreme cases,
fingerprint readers can fail to identify those
users with damaged, dirty or worn fingerprints.
Additionally, it’s important to note that the
correct management of biometric systems is
critical in ensuring that any data protection
concerns are always alleviated.
As mentioned, biometrics based on brain
(electroencephalogram) and heart
(electrocardiogram) signals have emerged. A
research group at the University of Kent led by
Ramaswamy Palaniappan has shown that
people have certain distinct brain and heart
patterns specific to each individual.
The advantage of such ‘futuristic’ technology
is that it’s more fraud resistant than
conventional biometrics. However, this
technology is generally more cumbersome and
still has noted issues (such as lower accuracy
and poor reproducibility over time).
This new generation of biometric systems
has been dubbed ‘the biometrics of intent’. The
technology will analyse physiological features
such as eye movement, body temperature or
breathing and predict dangerous behaviour or
hostile intent before it translates into action.
20
www.risk-uk.com

ENCRYPTED HIGH SECURITY
CLASS 5
Encrypted High Security
End of Line Modules Are Only the Beginning
Inner Range’s Infiniti Integriti Class 5
is High a complete Security Hardware/Software
System
solution is a complete designed Hardware/Software
specifically for
Class solution 5/Zone designed 3 installations. specifically for
High Security installations.
Our range includes:
Our All range Software includes:
Hardware All Software Controllers
End Hardware of Line Controllers Modules
Power End of Supplies Line Modules
Keypads Power Supplies
Enclosures Keypads
Communications Enclosures Devices
Access Communications Control Readers Devices
Credentials
Access Control Readers
Why Credentials take chances?
Full
Why
End
take
to End
chances?
Encryption
compliant Full End to with End AS/NZS Data Encryption 2201.1:2007
Class Externally 5 Externally Certified Certified
BEST NEW PRODUCT
OF THE YEAR
MEMBER
AUSTRALIAN SECURITY INDUSTRY
ASSOCIATION LIMITED
T: +44 +61 3 (0)845 9780 4300 470 5000
E: integriti@innerrange.com
IREnquiries@innerrange.com
W: innerrange.com
T: 1300 319 499 W: csd.com.au

There’s full agreement
within the security and
risk management
industry that technical
security systems
should be designed
according to the
unique risk profiles of
those systems’
intended recipients.
This makes sense: the
arrangement and
capabilities of security
systems required for a
retail outlet to prevent
petty theft are far
different from those
that a nuclear power
plant needs to guard
against acts of
terrorism. With this in
mind, Philip Strand
examines the science
of security design
Advancing the Science of
Risk-Based Security Designs
Risk profiles are normally determined by
risk managers who carry out Risk, Threat
and Vulnerability (RTV) assessments.
Unfortunately, while many organisations are
able to conduct such assessments, the
information derived from them is often not
complete enough or not rendered in a format
that can be readily used by security system
designers and engineers.
When RTV assessments are written without a
practical understanding of security system
design, there’s a risk of reports being produced
that lack the basic information required to
select and design appropriate security systems.
This can lead to excessive delays in project
timelines as additional information then has to
be gathered. Additional workshops and
meetings may need to be held, photographs
may not show designers what they need to see
and/or the capabilities and intents of threat
actors might not be discussed in a sufficient
enough degree of detail. In the worse case
scenarios, inadequate security systems might
be selected, purchased and installed.
Whether a company is a specialist in risk
management, security system design or both,
it’s worth the time of those professionals within
to ensure that there’s an efficient process in
place for incorporating the findings of RTV
assessments into security system designs.
These two products should be viewed as subcomponents
of a single holistic security
solution planning process.
Discussed in isolation
It takes only a cursory review of literature
regarding ‘RTV Assessments’ and ‘Technical
Security Design and Engineering’ to see that
these two subjects are often discussed and
written about in isolation from one another.
The body of knowledge related to risk
management is saturated. Terms have been
defined and theories and methodologies are in
advanced stages of evolution.
Industry Best Practices have been
established through professional bodies
designed to promote risk-based decisionmaking.
Indeed, most Best Practices have been
codified further by international (ie ISO) and
national-level (ie BS EN) standards.
The body of knowledge related to ‘Technical
Security Design and Engineering’ is also fullysaturated
in terms of literature defining
industry Best Practices. Those Best Practices
are fully-supported through professional
bodies, training curriculums, licensing schemes
and, again, via international and national-level
standards. Literature concerning technical
designs is primarily vocational and lacks many
of the theoretical frameworks inherent to social
science subjects. However, this would appear to
be both expected and justifiable given the
technical nature of engineering.
What’s noteworthy here is that, despite the
fact that nearly all recognised engineering
processes describe the importance of
‘customer’ (ie operational) requirements,
there’s no industry-wide accepted process for
ensuring that the operational requirements for
security systems are derived from the unique
risk profiles of systems’ individual recipients.
Equally lacking here, risk management
literature recognises the importance of
identifying threats and risks, but there’s no
clear process for ensuring that relevant and
accurate information is subsequently translated
into technical security designs. At an industry
level, any push to research and develop a
process for aligning these two products would
measurably improve designers’ abilities to
generate risk-based security designs.
Bridging the gap
Fortunately, companies wishing to develop a
single process don’t have to begin their quest
from ‘zero’. The Centre for the Protection of
22
www.risk-uk.com

Risk and Security Management
National Infrastructure’s ‘Operational
Requirements Report’ is an example of an
existing product that endeavours to bridge the
gap between RTV assessments and security
system designs. One document, however, isn’t
a ‘process’ and there are still a few challenges
that the industry – not to mention individual
companies – have yet to overcome.
First, there are often knowledge and
communication gaps between ‘risk assessment’
professionals and security system designers.
The fact that risk assessors cannot efficiently
write for designers if the former don’t actually
know the designers’ process is an obvious
potential difficulty.
Even more basic than this is the fact that
there are still no commonly-accepted
definitions for many risk-related terms. ISO
31000 – Guide 73: 2009 – Risk Management
Vocabulary is an example of an effort to
standardise terminology, but some of the terms
are vague, illogical when closely examined, not
accepted in colloquial speech or industry
parlance and (most importantly) not always
known by designers and engineers.
Non-risk professionals commonly use the
terms ‘risk’ and ‘threat’ interchangeably. The
definitions of ‘risk tolerance’ and ‘risk appetite’
are also commonly confused.
Some companies may be challenged by the
different computer programs and software
favoured by risk assessment professionals
versus security system designers. Many risk
management professionals are heavily reliant
on basic software like that of the Microsoft
Office Suite. Security system designers often
have access to more powerful alternate
software (ie CAD and other professional-level
rendering programs) that demands more
powerful computers (which designers also
normally have). While designers’ unique need
for more powerful tools is justifiable given their
roles, differences become problems when
people in different departments cannot readily
exchange drawings and site plans.
Unclear standards
Other challenges may be related to unclear
standards for both RTV assessments and
‘Technical Security Design and Engineering’
products. While it’s good that there are
numerous accrediting bodies, standards and
guidelines to promote professional quality work
within the industry, it’s not good that different
risk and design individuals adhere to different
standards and guidelines. It’s not always clear
which sets of standards people are working to
and, if risks are not clearly described and
prioritised in RTV assessments, then designers
“Non-risk professionals commonly use the terms ‘risk’ and
‘threat’ interchangeably. The definitions of ‘risk tolerance’
and ‘risk appetite’ are also commonly confused”
may underestimate or overestimate the
specifications required.
Many of the challenges mentioned appear
easy to overcome and, in some cases, they may
be. However, when it comes to efficient
processes, the devil is always in the detail.
It may be a bit much to believe that a single
company will be able to, for example, singlehandedly
standardise terms across the
industry, but in-house workshops that include
both risk assessment professionals and
security system designers are very achievable
and worthwhile investments. The output of
such a workshop will be that terminology is
codified to create a common language between
risk assessment professionals and security
system designers.
Another workshop that normally helps an
organisation when it comes to refining their
security solution planning process should be
aimed specifically at identifying the exact
products and services deemed to be integral to
both risk management and security designs.
Most organisations conducting this sort of
exercise are highly likely to find that there are
fewer distinct work packages related to risk
management projects than there are for
security design and engineering projects.
Each work package must be identified,
defined, scoped and ordered according to
production sequence and priority. This will
provide stakeholders with an in-depth
knowledge of each work package, which then
allows links to be drawn between the work
packages in both departments. Designers’
needs become known to risk assessors and the
latter can then ensure that every part of their
report provides key information.
Enough research, examination and
experimentation is likely to lead to the
successful development of a process that
begins with an RTV assessment and finishes
with a risk-based technical security design.
Investments of time and effort can ensure that
new processes are more closely matched to
identified threats and risks than anything an
organisation has seen before.
Analysing, designing and testing new
processes for informing technical security
designs can lead to new tools for
communicating risk-related (ie qualitative)
information to engineers who require technical
(ie quantitative) information.
Dr Philip Strand PhD MBA:
Senior Risk Consultant at
CornerStone GRG
23
www.risk-uk.com

Failing to Invest is Investing to Fail
Security threats posed
to the extractive
industry are changing.
Improvements in
technology, the
continuing
proliferation of small
arms and advances in
criminal/militant
group intelligencegathering
processes
are driving an
increasing demand for
more effective, holistic
and integrated
security arrangements,
as Philip O’Sullivan
duly observes
24
www.risk-uk.com
Intelligence and experience demonstrates
that aggressors are better equipped, better
armed and increasingly better prepared to
carry out a range of damaging activities against
extractive projects than in times past. Growing
global geopolitical tensions are further
catalysing this increase in risk.
Among such drivers are worsening grievances
motivating militant groups such as the
Movement for the Emancipation of the Niger
Delta, increasing levels of organised crime and
heightening resource scarcity. The mitigation of
threats to extractive projects from political and
criminal violence is obviously heavily within the
interests of both the insurer and the insured.
The insurance industry has significant vested
interest in reducing risk and liability for the
consequences of political and criminal violence
in the extractive sector. At the same time,
developments in corporate manslaughter
legislation are further motivating businesses to
ensure the safety of their personnel.
One way of achieving this is by specifying
security, medical and contingency services
within a policy in order to minimise the
likelihood and consequences of an ‘event’.
Such provisions significantly benefit both
parties. For the insured, there’s the potential for
substantial reduction in premiums, not to
mention the safeguarding of human,
shareholder and reputational well-being. For
the insurer, these provisions mitigate the risk or
size of potential claims. Insurers are now
developing relationships with emergency
response, intelligence and security providers.
The extractive industry presents a unique
range of vulnerabilities, characterised as it is by
large static sites, high numbers of personnel,
operations in volatile, inhospitable regions and
the handling of high value materials and
machinery. These vulnerabilities, combined
with the high value resources and assets
involved, make extractive projects an attractive
target for criminal, militant and terrorist groups.
From the beginning
Given such increasing physical, legal and
insurance requirements for security provision,
it’s highly advisable for protective and
preventative measures to be integrated into an
extractive project from the very beginning. It’s
no longer adequate to have one or two armed
security personnel as an afterthought catering
to the security of the entire operation. The
increasing dynamism of the security
environment necessitates intelligence-led
practices, appropriate security and medical
measures and rapid crisis response services.
In order to address these extractive security
challenges, a comprehensive and bespoke
intelligence, security and emergency response
package is necessary to meet the specific
operating requirements of the region, project
and client involved. Insurers should select their
chosen intelligence, security and emergency
response organisation with great care and
diligence, consulting with each candidate to
determine who’s most suitable and effective.
In all honesty, many of these companies put
significant funding into marketing and their
public image while perhaps skimping on their
services and solutions.
There are four levels of security, in turn
focusing on intelligence and risk reports, preevent
physical security asset provision, tracking
and crisis response and extraction. Let’s take a
look at each of them.
Intelligence and risk reports
Regular, up-to-date intelligence reports using a
range of critically-assessed, rigorouslyanalysed
sources including dedicated satellite
imagery, human intelligence networks, social
media analytics and local news analysis should
inform the activities of clients. Such information
enables the avoidance of high risk areas
altogether, and therefore vastly reduces the risk
of an encounter with aggressors.
In addition, these reports should inform
regular employee safety training, scenario
simulation, crisis response drills and Best
Practice familiarisation. Such preparation forms
the key foundations of an holistic policy that
will save lives, assets and business reputation
while also minimising claims. This process must
begin at the earliest possible stage of a project
to ensure a suitable level of integration and
employee familiarity with security procedure.
A developing tool of particular note is social
media analysis. Intelligence gained from a
regional analysis of social media feeds
contributes to an ongoing localised threat
assessment, allowing the detection of dissent
or grievance within local communities.
Among other things, these tools also enable
the observation of the online activity of
company employees. This facilitates a degree of
protection against insider threat by highlighting
any irresponsible sharing of sensitive details or
the expression of negative or aggressive

Security Management in the Extractive Industry
sentiment towards the employer. Intelligenceled
prevention of high risk scenarios
contributes towards the minimisation of a crisis
for the insured or a claim for the insurer.
Physical security asset provision
Given the dynamism and unpredictability of
many operating environments, the appropriate
provision of adequate protective measures
(including armoured vehicles, multilingual
armed or unarmed security escorts and medical
teams) should be applied if recommended. The
chosen organisation named in the policy will
carry out comprehensive and informed risk
assessments and advise on the best measures
to be put in place.
The chosen security provider will put these
measures in place and co-ordinate and control
them out of their own Security Operations
Centre. The Operations Centre is a 24/7/365
communications hub based at the offices of the
organisation that will operate crisis control, coordinate
personnel and vehicle tracking,
command security/medical teams and organise
emergency response on the ground.
Tracking services are essential to maintain
up-to-date knowledge of the whereabouts of
personnel and assets. Small dedicated tracking
devices – some of which are available with
gyroscope, accelerometer and audiovisual
technology – should be distributed to
personnel to ensure they’re keeping to preagreed
travel itineraries and behaviours.
In addition, regular telephone or SMS ‘checkins’
should be arranged to ensure the safety
and location of personnel throughout the day
and night, with pre-agreed passwords to ensure
lack of clandestine duress. This provides a
capacity both to ensure the security of
employees and also maintain a comprehensive
picture of employee activities, at the same time
protecting against insider threats from
belligerent or irresponsible members of staff.
A particular risk that’s regularly faced by
extractive companies is basic vehicle theft.
Given the terrain and distances typically
encountered in extractive projects, such theft
can potentially be highly damaging to
operations. Vehicle hardening measures, as
well as live location vehicle tracking, should be
employed to prevent theft and also to pursue
and reacquire the vehicle in the event of theft.
Crisis response and extraction
The final level of a policy-integrated security
package is the emergency response provision.
Sometimes crises are unavoidable, whether
they’re due to natural disaster, accident,
illness, the sudden eruption of war or regional
conflict or a targeted criminal or terrorist
attack. In these cases, in order to reduce the
consequences for the insured and the insurer, a
quality rapid emergency response is essential.
The content of this service is highly
dependent on the situation, but will involve
appropriate measures designed to address
whatever challenges are presented by the
scenario. Following notification of ‘panic’ by a
client, the chosen organisation will immediately
initiate the emergency response. The Security
Operations Centre will co-ordinate and begin to
arrange the logistic, legal and practical
measures necessary to fulfil the objective of the
response (typically extraction and repatriation).
On arrival of the emergency response, the
security team will contain or neutralise the
threat in whatever form is necessary, while the
medical team will address any injuries
sustained by the client(s). Following on from
this, clients will be rapidly extracted and, if
necessary, repatriated. In a more complex
situation, ransom negotiation services will be
provided by the organisation involved.
It’s a common misconception that costs can
be reduced by limiting the security and risk
management programme for start-up
companies or enterprises. The reluctance to
invest in and prioritise these programmes can
often lead to significant financial losses which
could have been easily prevented.
Philip O’Sullivan MBA MSyl:
Senior Security Consultant at
Northcott Global Solutions
“The extractive industry presents a unique range of
vulnerabilities, characterised as it is by large static sites, high
numbers of personnel and operations in volatile regions”
25
www.risk-uk.com

Institute of Risk Management
Are your staff risk ready?
It is essential that your staff have a knowledge of the
principles and practices of effective risk management.
Enterprise Risk Management is designed to do just that.
What’s in it for employers?
> Managing risks effectively will
lower your costs.
> Turn threats to your business into
opportunities.
> Enhance business performance
and improve risk taking
approaches.
> Develop a motivated, skilled and
knowledgeable team.
> Attract high-calibre professionals
by investing in personal
development.
What’s in it for students?
> Enhance your ability to design
and implement effective risk
management strategies.
> Develop a critical understanding
of the relationship between
risk management, governance,
internal control and compliance.
> Gain an internationally
months.
> Join our global network of risk
management practitioners.
Distance
Learning
International
Recognition
Relevant for
All Sectors
Email: studentqueries@theirm.org
Phone: +44 (0)20 7709 4125
or visit www.theirm.org/risk-uk

Continuous Availability for Security Systems
Having achieved the true integration of a
diverse range of electronic security
systems, regretfully security personnel in
high security or mission-critical environments
can still not be guaranteed peace of mind. At
the risk of stating the obvious, it’s simply not
enough to integrate electronic security
systems: they all need to be working as close
to 100% of the time as possible.
Yet with IP network-based access control,
video surveillance, intruder alarms, perimeter
protection and also fire safety systems
increasingly reliant on software-based
management, even a well-designed and
maintained system is vulnerable to downtime
because of a simple server fault.
Further, we cannot ignore the threat posed by
cyber criminals. The recent Petya and WannaCry
ransomware attacks have made headline news
and, sadly, it appears that not a day passes
without some organisation being held hostage
by encryption-based ransomware.
While the protection of people, assets and
property is of paramount importance, video
surveillance and access control are increasingly
being used in support of compliance issues and
any unplanned downtime of such systems
could have a major impact on operational
activity. Indeed, in some cases it may result in
the temporary, but costly closure of a facility.
Government regulations and local licensing
laws, for example, will stipulate that a sporting
event attended by members of the general
public cannot take place unless the safety
officer in charge can certify that the venue’s
video surveillance system is operational and
100% effective. The same rules may
understandably be applied to night clubs and
other environments where members of the
public are likely to gather in large numbers.
Health and Safety compliance is no less an
issue within the industrial/production world.
Consider the requirements of a food processing
plant where the consequences of anyone with
an expired hygiene certificate being allowed to
work within could well be huge. An inspector
might insist that all foodstuffs on site be
destroyed and all machinery cleaned to avoid
the slightest risk of contamination.
Ensuring compliance
A network-based access control solution, ably
supported by Microsoft’s Active Directory, will
provide a powerful tool to ensure compliance
by generating reports which list those members
of staff who are in need of refresher training or
whose hygiene certificate is due to be renewed.
However, the system needs to be working
effectively 24/7/365.
Security Systems:
The Requirement for
Continuous Availability
Heightened security awareness has meant that it’s now
crucial for security applications such as access control,
intruder alarms, perimeter protection and video management
systems to be fully-operational around the clock. As Duncan
Cooke explains, the possibility of unplanned downtime if one
of these applications fails – and particularly so when part of
an integrated solution – represents a major threat to
organisations reliant on their electronic security and building
management systems 24/7/365
The IT industry offers a wide range of options
designed to keep security software applications
running or otherwise quickly restore them.
Perhaps the most simple approach to server
availability is to have basic back-up, data
replication and failover procedures in place
which will help speed the restoration of an
application and preserve data following a
server failure. However, if back-ups are only
occurring daily, there may only be a guarantee
of 99% availability, resulting in up to 87.5 hours
of unplanned downtime per year.
High availability systems can deliver 99.95%-
99.99% uptime, but this still represents up to
five hours of downtime per year. It’s only
continuous availability solutions that can
deliver 99.999% uptime. That’s the equivalent
of just five minutes of downtime per year.
Duncan Cooke:
Business Development
Manager (UK and Europe) at
Stratus Technologies
27
www.risk-uk.com

Continuous Availability for Security Systems
Supported by specialist continuous
availability software, two servers are linked and
continuously synchronised via a virtualisation
platform that pairs protected virtual machines
together to create a single operating
environment. If one physical machine should
fail, the application or software platform will
continue to run on the other physical machine
without any interruptions. In-progress alarms
and access control events, as well as data in
memory and cache, are thereby preserved.
Simply put, continuous availability means
that no single point of failure can stop a
security software platform from running and,
unlike high availability, back-up and failover
solutions, there’s no restart or reboot required
and, therefore, no downtime.
If a hardware component fails, a continuous
availability solution will substitute the healthy
component from the second system until the
failed component is repaired or replaced. Most
importantly, manufacturers who specialise in
continuous availability solutions are able to
offer end users the option of automatic
monitoring and diagnosis of their security
solution such that potential problems can be
anticipated before they occur.
It’s a solution that’s likely to be popular
among electronic security system installers
who may have limited IT knowledge. Quick and
simple to install, no application, software or
server modifications are necessary to provide
continuous availability out-of-the-box.
Case for virtualisation
The physical security sector is starting to
recognise the significance of the Internet of
Things. It presents installers and system
integrators alike with opportunities to generate
new revenue streams, while also offering end
user clients maximum benefit and high RoI by
delivering truly integrated solutions.
The emergence of smart buildings has
created a need to monitor and control many
disparate systems – security, IT, lighting, HVAC
and more. Virtualised platforms are really the
only cost-effective means of accomplishing all
of this, but may mean businesses are opening
themselves up to having a single point of
failure which could be their downfall. Herein
lies a major justification for the deployment of a
continuous availability solution.
“High availability systems can deliver 99.95%-99.99%
uptime, but this still represents up to five hours of
downtime per year. It’s only continuous availability
solutions that are able to deliver 99.999% uptime”
Worldwide, there are some excellent
examples of where continuous availability has
made a significant contribution towards
providing security and operational management
teams with peace of mind, in turn keeping the
nightmare scenarios at bay.
McCarran International Airport, the primary
commercial airport serving Las Vegas, all-toooften
experienced unplanned downtime of its
Pegasys 2000 access control and badge
tracking system. Whenever the access control
system failed, the airport was forced to deploy
personnel to monitor every door within the
airport’s secure areas and alert operators
stationed inside the site’s Control Centre of any
potential security issues.
As well as the additional labour costs
incurred, system downtime could also result in
Federal Transportation Security Administration
(TSA) fines and penalties, potentially including
the shutdown of operations and associated
revenue losses for the airport and the airlines it
serves. Furthermore, there were also issues
with the baggage handling system deployed to
help with the screening, storage, sorting and
transportation of arrival, departure and transfer
baggage. These outages required costly human
intervention in order to maintain customer
service levels, minimise safety risks and ensure
compliance with TSA requirements.
Following the deployment of a continuous
availability solution, the airport has enjoyed
zero unplanned downtime of the two systems.
Even when a new terminal opened, increasing
annual capacity to approximately 55 million
passengers, the solution played a key role in
allowing the IT staff to seamlessly scale the
physical security and baggage handling
systems to meet the expanded requirements,
while also ensuring continuous availability.
Is it time to invest?
Your response to several key questions will
help you to decide whether or not an
investment in a continuous availability solution
is required for your organisation.
From what failures does the organisation
need to be protected? How much unplanned
downtime can you tolerate? What skills are you
willing to acquire to manage the solution?
If your mind’s still not made up, download a
free copy of the ‘Availability for Dummies’
Handbook at http://go.stratus.com/availabilityfor-dummies.
As well as helping you to select
the availability option that best matches your
needs, the Handbook also describes how the
latest computing trends are now impacting
availability and increasing the need for
downtime prevention strategies and solutions.
28
www.risk-uk.com

The New Camera Line Mx6 Creates More Possibilities.
More Images, in All Light Conditions, in Every Standard
More Intelligence Is on the Way
The new Mx6 6MP camera system from MOBOTIX offers increased performance.
A frame rate that is up to twice as fast than that of other cameras allows it to capture
quick movements even better and simultaneously deliver sharp images in MxPEG,
MJPEG and, for the first time in H.264, the industry standard. The innovative Mx6
camera line is faster, more flexible and higher-performing, opening up new application
and integration opportunities for to you to meet all requirements.
MOBOTIX AG • Langmeil, Germany • www.mobotix.com

FIRE SAFETY
Management & Installation
Fire Protection and Prevention
with Technology and Innovation
Special Supplement in association with:

FIRE SAFETY
“The professional
qualifications consist
of a range of
competencies which
provide a guide to the
skills and knowledge
expected of fire alarm
system technicians
across the industry”
Time to qualify in fire
detection and alarm systems
The Fire Industry Association is pleased to offer a series of qualifications
developed by its own nationally-regulated Awarding Organisation for the
fire detection and alarm sector (namely the Fire Industry Association
Awarding Organisation). Ian Moore, CEO of the FIA, explains in detail
The qualifications have been produced in
consultation with industry leaders and
employers, matching the needs of the
industry with what learners need to understand.
We’ve worked with reference to the National
Occupational Standards, current UK legislation
and published standards, along with Codes of
Practice and industry Best Practice, to give
learners the opportunity to expand their
knowledge and understanding in a format that’s
in-depth and delivered under expert guidance.
If you’re looking to gain qualifications and
training for any part of the fire industry, the Fire
Industry Association (FIA) can assist. Each year,
we train over 4,500 delegates and boast an
impressive pass rate of over 93%.
We’re very proud to present our new range of
nationally-recognised formal qualifications.
These are equivalent to an A-Level and are the
new professional standard for the fire industry.
The qualifications are brought to you by our
team of experienced and dedicated trainers with
whom over 35,000 delegates have trained and
learned across the last decade.
The professional qualifications consist of a
range of competencies which provide a guide to
the skills and knowledge expected of fire alarm
system technicians across the industry. We’ve
worked with a range of experts and consulted
with employers to form a new regime of study
that will provide any delegate – whether new to
their job role or perhaps more experienced –
with a greater depth of understanding.
The new professional qualifications are
designed for anyone at any stage of their career
in the fire detection and alarm sector – from
maintainers and installers through to design
and commissioning-focused individuals.
We’ve undertaken extensive research,
listened to what employers in the fire sector
32
www.risk-uk.com

wanted most and then developed our new
qualifications with those requirements in mind.
Why study with the FIA?
Employers
• Grow your team’s knowledge and confidence –
all of our study courses are characterised by indepth
technical explanations presented in a way
that’s easy to understand
• Four nationally-recognised qualifications – fire
detection and alarm system installation,
maintenance, design and commissioning
• A portfolio of professional training
programmes – everything from portable
extinguishing to emergency lighting
• Learning programmes available nationwide
• Dedicated courses available in your workplace
• Use our qualifications as a unique selling
point for your business – assure your customers
that your staff are qualified technicians
Learners
• Experienced professional trainers
• Prove your knowledge and skills
• Instant credibility with employers
• Supported learning in a range of formats
• Backing for those with additional needs
• An opportunity to gain a Level 3 qualification
(equivalent to an A-Level)
How many units make up the new
qualification?
To gain the full qualification, learners must take
and pass the three mandatory units plus one
final unit. The final unit will determine which
qualification will be achieved, either in design,
installation, maintenance or commissioning.
Which units are mandatory?
All delegates must take the Foundation in Fire
Detection and Alarms Unit, which is the starting
point for each qualification. The Foundation in
FD&A Unit is compulsory and delegates will not
obtain the qualification without it.
In addition, delegates must take and pass
the Health & Safety at Work Unit and the
Environment Unit or give evidence that they’ve
met this requirement through other recognised
means (eg through the ECS card scheme).
If you’re unsure whether you need to take the
Health & Safety at Work Unit or the Environment
Unit, visit the FIA’s website or telephone head
office to find out what other evidence would be
“The new professional qualifications are designed for anyone
at any stage of their career in the fire detection and alarm
sector – from maintainers and installers to design and
commissioning-focused individuals”
acceptable in order to demonstrate competence
in these specific areas.
What qualifications are there?
The qualifications on offer have been developed
to reflect the job roles of the sector. They are:
• The FIA AO Level 3 in Fire Detection and Alarm
Design Theory and Regulatory Requirements
• The FIA AO Level 3 in Fire Detection and Alarm
Installation, Theory and Regulatory
Requirements
• The FIA AO Level 3 in Fire Detection and Alarm
Maintenance, Theory and Regulatory
Requirements
• The FIA AO Level 3 in Fire Detection and Alarm
Commissioning Theory and Regulatory
Requirements
What level are the qualifications?
The qualifications have been developed to Level
3 and registered on the Qualifications
Curriculum Framework, equivalent to a Level 4
on the European Qualifications Framework.
A QCF Level 3 qualification means that
learners are educated to A-Level standard in the
specialised field of fire detection and alarms.
About the Fire Industry Association
The Fire Industry Association is a not-for-profit organisation. We’re the leading
Trade Association for the fire industry in the UK. The education and training that
we offer through our qualifications and industry-recognised courses exists to
provide practitioners with a high level of knowledge and understanding that will
help them to develop their career and build their business.
The FIA’s courses are delivered by experienced professionals from the
industry who can not only deliver education, but also answer questions and
provide real-life examples, in turn enabling all delegates to deliver excellent
results for their organisations.
Combined with our website (www.fia.uk.com), we aim to provide a service
that both contributes to and promotes technical developments in the industry.
Standards are constantly being revised and updated and it’s vital to stay upto-date
with the changes. By taking our qualifications and courses and using
the extensive Resource Library on our website, practitioners can be sure that
they’ll be well informed of any recent changes as and when they happen.
The FIA’s range of professional qualifications and training programmes –
along with the organisation’s extensive membership benefits – are all designed
to support learners and their host businesses to grow, develop technical
knowledge and increase their business networks.
www.risk-uk.com
33

FIRE SAFETY
“Learners successfully
completing all of the
required criteria for
their chosen
qualification will be
awarded the FIA AO
qualification
certificate, duly
recognising their
achievement to Level
3 on the QCF”
Qualification structure
Each qualification is made up of four units, all of
which require a pass for the award of the
qualification. Three of the units are common to
all of the qualifications. Learners are required to
beging by completing the Foundation Unit
before progressing to any of the other units.
In what order must the units for
the qualification be studied?
The Foundation Unit must be taken first and
then any other unit can be studied in any order.
Will learners gain a certificate?
Yes. Learners successfully completing all of the
required criteria for their chosen qualification
will be awarded the FIA AO qualification
certificate, duly recognising their achievement
to Level 3 on the QCF.
Move towards qualifications
Why has the FIA shifted from training to new
qualifications? Are the old training courses still
valid? Simple answer? Yes. The existing FIA
units are still incredibly valuable. They serve the
industry very well and remain just as relevant
and current as they ever have done.
It will take a while for the industry to shift
across to the new formalised qualifications. For
that reason, the FIA will still continue to teach
the old courses until the switchover to the new
qualifications (which contain at least double the
amount of information than the old training
courses) at the beginning of 2018.
Technicians currently undertaking the old FIA
training courses will still gain indispensable
knowledge that will help them on the road to
success. While they might receive a certificate
of completion, that unfortunately doesn’t make
them ‘qualified technicians’. This is a phrase
that’s used frequently within the fire industry,
but as from the launch of the new qualifications,
only those that have actually undertaken the
qualifications and passed successfully will be
able to use the above term as a badge of
proficiency and professionalism.
Current FIA training courses remain popular
due to their high level of technical knowledge
and recognition within the industry among
employers and technicians alike. The standard
is high and well respected, but the new
qualifications go one step further, increasing
the amount of content delivered and the degree
of time spent in the classroom developing that
knowledge and understanding.
From now on, a higher bar has been set for
the fire industry in a determined bid to increase
the level of professionalism throughout.
If you’re still wondering whether the new
qualifications will be right for you, the
prospectus is available to download from the
Fire Industry Association’s website.
www.fia.uk.com
34
www.risk-uk.com

Protecting Infrastructure
Transitions in IT and communications infrastructure have surpassed traditional smoke detection
methodologies. Today’s precision, high-density IT and communication infrastructure require superior
detection technologies capable of performing in these challenging high airflow and dynamic environments.
Xtralis’ VESDA-E range of Aspirating Smoke Detection systems are designed to meet these exacting challenges.
Xtralis.com/VESDA-E

FIRE SAFETY
Kentec explains how
cutting-edge fire
safety technology is
impacting on
commercial buildings
insurance
www.kentec.co.uk
Fire technology and buildings insurance
ire poses risk in terms of safety to
Foccupants, building integrity, business
interruption and the economic health of a
community. Consequently, reduction in the risk
of fire for commercial buildings has been a
significant goal for society, achieved through a
better understanding of the myriad factors that
contribute towards fire risk.
Designing and building structures to comply
with building and fire code requirements, as
well as insurance industry guidelines,
contributes to the reduction of fire losses.
Loss control engineering
Loss control engineering and fire protection
engineering have their roots in the insurance
industry. On many projects, especially large
facilities and industrial buildings, insurance
companies would often provide fire protection
specifications to the design team early in the
process, be involved throughout the design and
construction of a building and provide
additional inspection services after the building
was occupied and in use. These activities, called
‘loss control engineering’, were viewed by
insurance companies as a sound investment. It
was considered to be in the insurer’s interest to
protect the building, operations and the
insured’s business continuity from loss.
Over the last 20-to-25 years, the insurance
industry’s involvement in fire protection design
has decreased. This shift is due, in part, to the
modern business environment where both
insurance companies and business corporations
are continually reorganising. Insurance
companies can no longer expect to insure a
facility for an extended time, and thus have less
incentive to make an investment in providing
ongoing loss control services.
As insurers cut back on loss control
engineering services, it’s more important than
ever that design professionals recognise the
value of the specialised field of fire protection
engineering. By working directly with owners, or
as an integral part of a design team, fire
protection engineers and building code
consultants have a greater opportunity to
influence a project, ensure appropriate fire
protection features are included at the crucial
preliminary design stage and avoid costly
changes or additions later in the construction.
Over time, an increased understanding of the
many factors that contribute to the risk of fire
has led to positive developments in the fire
protection of commercial structures.
Improvements in public fire protection systems
and services, as well as the increased use of
private active or passive systems through fire
protection and loss control engineering, has
meant an overall decrease in the cost of fire.
Intelligent fire systems: delivering significant cost savings and performance
Increasingly sophisticated predictive monitoring and servicing of fire alarm systems could allow potential problems to be resolved
before they arise. In particular, access to information at regular intervals or as events occur has the potential to deliver real benefits
for both building managers and insurers.
These advances in communication technologies lie behind Kentec’s all-new Taktis fire detection and alarm system that not only
provides solutions to the most technically challenging applications in life safety, but also delivers added value through ease of use,
displaying clear information to ensure that, when an event occurs, the appropriate action is taken on a swift basis.
Kentec’s Taktis combines the very latest in hardware and software to produce a control and indication system that’s both
powerful and sophisticated, yet simple to understand. Available in 2-8 loop or 2-16 loop versions and certified to EN 54-2 and EN 54-
4, Taktis is ideal for installation in larger buildings. Its capacity to be networked up to 128 panels and repeaters offers reassurance to
all building owners/operators that fire safety is in safe hands.
Taktis has been designed by Kentec with the practising end user very much in mind. The solution’s integrated touchscreen
interface and QWERTY keyboard make it simple to use and understand.
Access to the Taktis menu and control functions is through a unique six-digit code/control key switch, allowing up to 64 user
accounts to be configured with different profiles and access permissions.
Multiple protocol support on one panel (in banks of 2 loops) affords full flexibility. Its cause and effect capacity allows 5,000
cause and effect entries with up to 40,000 inputs/outputs across the network. Taktis will deliver added value. The solution supports
a 10,000-entry log with filtering that records system activity down to event type, dates, zone, panel and address.
36
www.risk-uk.com

Evacuate everyone
EN54-23 Approved Fire Beacons
Seminars
EN54-3 Sonders & Beacons
Nexus 105/110/120 Sounders
Sonos Sounder Beacon
Tel: +44 (0)1706 233879

FIRE SAFETY
Frederick Koons,
marketing
communications
director for Xtralis Fire
& Security Solutions
at Honeywell, takes
an in-depth look at
VESDA (Very Early
Smoke Detection
Apparatus), the worldleading
brand in
aspirating smoke
detection (ASD)
systems
Xtralis’ VESDA systems
continue to lead the way in
the aspirating smoke
detection (ASD) field.
Ongoing product and
market development has
witnessed the evolution of
ASD technology from being
a niche solution to become
the mainstay of the smoke
detection industry. Now
with addressable versions
as well, there are VESDA
solutions to suit virtually
all applications and
environments.
www.xtralis.com
38
Making the most of ASD
he introduction of aspirating smoke
Tdetection (ASD) systems back in the 1980s
was a big leap forward in the smoke
detection industry and marked the beginning of
a new era for very early and reliable smoke
detection. It works by constantly sampling the
air from the protected environment and then
filtering to remove contaminants from the air
sample before passing it through a detection
chamber where laser light scattering takes
place. The air is then sampled to detect smoke
particles which, in turn, triggers an alarm once a
pre-configured alarm
threshold is exceeded. The
system is constantly on watch
for any irregularity in the
sampled air. VESDA uses the
industry’s first and only clean
air barrier to protect the optics
used inside the chamber to
prevent contamination,
prolong the life of the detector
and support absolute smoke detection. As
recognised by independent experts in the
smoke detection industry, VESDA is the industry
benchmark for ASD. Technology never stands
still, and the introduction of the VESDA-E range
has set a new benchmark in the industry and
raised the bar to a much higher level than
experienced before. VESDA-E delivers up to 15
times higher sensitivity and up to six times
better dust rejection than the previous
generation VESDA and up to 80% increased
coverage due to longer pipe runs, not to
mention world-class connectivity options never
before experienced in an ASD solution.
Making the case for these systems is always
a balance between the application (ie end user)
detection needs, installation cost and ongoing
system maintenance. All of these factors have
an influence when specifying a smoke detection
system. The reason for the VESDA-E range
becomes clear on inspection. The improved
smoke detection performance provides earlier
warning for optimum asset protection and
business continuity, improved reliability via
reduced nuisance alarms which reduce the
operational cost, in addition to the ease of
installation, commissioning, monitoring and
maintenance and backwards compatibility with
the world’s most trusted ASD, VESDA VLP. All of
this helps to build a level of security around the
installed systems that enables the customer’s
operations to run as smoothly as possible.
Whether it’s a commercial premises such as a
warehouse, a cold store, a Data Centre, an
historic building or even a high-end residential
property, VESDA-E provides the right solution.
The latest VESDA-E VEA has been designed
to make the detection of smoke even more
targeted. As a response to customers and
building designers wanting a more addressable
and targeted smoke detection
system, VEA was conceived
from the start to address
these needs, duly resulting
in a flexible, expandable and
discreet system targeting these very
customer requirements.
Using a network of small
microbore tubes hat can be
discreetly installed almost anywhere,
this system allows each tube to have its own
address, therefore pinpointing any potential
issue. As a multi-channel addressable system,
the detector is able to divide a protected space
into sampling locations, enabling the
localisation of potential sources of fire for faster
incident response. This makes the VEA an ideal
technology for multi-occupancy installations
such as offices, educational facilities, retail
premises and prisons and also makes it ideal for
multi-storey properties and hotels.
The standard VEA detector supports 40
sampling points. This can be expanded to up to
120 using Expansion StaX, all managed from a
central location.
VESDA VEA holds a number of advantages for
the installer: less commissioning and
maintenance time and a central point of access
so that the entire system can be managed
allowing a single person to test and commission
the entire system. Centralised test and
maintenance in an easily accessed location
reduces service time by up to 90%, allowing
servicing of up to 500 addresses per day and
lowering TCO. Again, this makes the VEA an
ideal system when it comes to avoiding the
interruption of ongoing business operations or
in multi-storey and multi-occupancy buildings.
www.risk-uk.com

By Appointment to
Her Majesty The Queen
Supplier of Fire Detection Equipment
Kentec Electronics Ltd. Dartford
Taktis
Analogue Addressable
Fire Alarm Control Panels
The Future of
Life Safety Systems
EN54 Approved
Intuitive
Flexible
Customisable Interface
Easy to use for
end user & installer
Multi protocol
Scalable up to 8 Loops
Come and See us at
Firex International 2017
where we will be
showing the Taktis range
of panels plus our
comprehensive
Certified Fire Control
Panel Range
20 th - 22 nd June 2017
Excel London,
Stand E125 in
South Hall 2
+44 (0) 01322 222121
www.taktis.co.uk
360b/01
Life Safety System Specialists

FIRE SAFETY
Audible and Visual Protection
Pulse Alert Technology from Klaxon Signals is an award-winning beacon
warning system which produces a light output that can protect most
rooms with just a single device
“All buildings deserve
the latest fire
evacuation
technology, all fire
alarm systems should
be able to be
upgraded and
everyone deserves to
feel safe and secure”
odels in the Sonos Pulse range of EN54-
M23 compliant beacons and sounder
beacons are designed to ensure that all
personnel, including those individuals with
sensory impairments or working in sensory
depriving conditions, are notified of fire
emergencies. Featuring Pulse Alert Technology,
Klaxon’s EN54-23 compliant beacons enable
buildings to be evacuated much quicker, make
evacuation requirements clear and
unambiguous and allow personnel to feel safe.
Relying on audible fire alarm notification
alone disadvantages those people with hearing
impairments or those working, or living in
sound-reducing conditions. Even something as
simple as wearing a pair of headphones could
prevent someone from hearing an audible fire
evacuation warning. To evacuate everyone from
a building, fire systems need to signal
effectively using light as well as sound.
EN54-23 specifies the minimum performance
requirements for Visual Alarm Devices. Klaxon’s
Sonos Pulse beacons produce a light output
that can protect most rooms with the
installation of just a single device.
Optical systems disperse light evenly,
ensuring the most efficient distribution of light
to maximise effectiveness.
Klaxon’s Pulse Alert Technology affords all of
the benefits an EN54-23 compliant system can
bring, while at the same time answering all of
the design challenges.
Featuring the latest high-power LED
technology, Pulse Alert Technology contains
advance LED drive circuitry, further improving
efficiency, light output performance and longterm
device reliability. Sonos Pulse LED circuits
are designed to exceed five years of continual
operation without degradation of light output.
As a company, Klaxon firmly believes that all
buildings deserve the latest fire evacuation
technology, that all fire alarm systems should be
able to be upgraded and that everyone deserves
to feel safe and secure.
Installation
EN54-23 specifies three different classification categories for Visual Alarm Devices: Wall, Ceiling and Open. Wall and Ceiling mount
categories are specified at designated mounting heights and particular coverage pattern areas, as detailed by EN54-23. Open
classification allows the manufacturer to specify the coverage volume and coverage shape and doesn’t restrict mounting height.
Pulse Alert Technology has been designed to exceed the requirements of both Wall and Ceiling classifications, providing system
designers with simple device performance specifications.
Wall Classification
Wall-mounted devices provide a rectangular prism of light. Wall
classification devices with Pulse Alert Technology can be
mounted up to 3.1 m in height and cover an 11.3 m x 11.3 m area
Ceiling Classification
Ceiling-mounted devices provide a cylinder of light. Ceiling
classification devices with Pulse Alert Technology can be
mounted up to 3 m in height and cover a 15 m-diameter area
40
www.risk-uk.com

One Source. One Loop.
One Solution.
Nittan evolution 1
Touch Screen Single
Loop Addressable
Fire Alarm Panel
• 254 devices on the loop,
254 zones available
• EN54 Part 2 and Part 4
• Interactive 4.3” touch screen
• Intuitive and easy to use
menu structure
• Fully programmable from
touch screen or PC tools
• Built in network capabilities,
allowing 16 panel networking
with no additional hardware
The evolution 1 panel is a cost effective,
one source solution, fully compatible
with Nittans’s award winning evolution
device range.
Allowing up to 254 devices on the loop,
with a touch screen and intuitive menu
structure enabling everything from a
simple stand-alone panel to multi-panel
networked systems – the evolution 1 is the
only one loop solution that you need.
For further details, please contact:
email: sales@nittan.co.uk | tel: +44 (0) 1483 769555 | www.nittan.co.uk

Venturing into the Datasphere
To most, storage is a
commodity. A concept
of space. Something
we don’t really think
about until we run out
of it, but without
storage, even the
most sophisticated of
surveillance cameras
is ultimately a box
with a lens through
which light passes. In
the first of a two-part
series exclusive to
Risk UK, Andrew
Palmer looks to alter
our perspectives on
space and outline
how, rather than being
just one tiny
component of a
surveillance system,
storage is the
fundamental heart of
the solution
42
www.risk-uk.com
In just about every way imaginable, the world
around us is undergoing a dramatic
transformation. From intelligent personal
assistants through to autonomous cars, data
underpins everything we do as individuals,
consumers and businesses. It’s a change on the
scale of the industrial revolution. The dawn of a
new era wherein data is about more than just
record-keeping. Rather, it’s the lifeblood of
almost everything we do.
It’s a seismic shift that’s perhaps most
apparent in surveillance. With higher quality
footage, analytics and innovative new
applications of video footage, the scale and
function of surveillance is growing. Certainly,
‘The Data Age’ presents new opportunities
alongside a wealth of new challenges. In
parallel, it’s vital that storage keeps up.
The Global Datasphere is larger than ever
before and growing at a breakneck speed. By
2025, we will be amassing 163 zettabytes of
data (an astonishing 163 trillion gigabytes)
every single year and, just as society en masse
embeds more data into everything it does,
surveillance will follow suit.
As it stands, almost half of the world’s data is
generated through video surveillance.
According to market analyst IHS, we will be
recording 2,500 petabytes daily by 2019.
However, the real storage challenge isn’t that
video surveillance data is growing globally.
After all, no one organisation needs to store it
all in one place. Rather, the issue is that
businesses are capturing and archiving more
footage on an individual level. All of the
innovations we’ve seen in video surveillance
present new concerns for storage.
Today’s surveillance footage is high quality
and high in framerate. Many of us are capturing
thousands of hours of HD content and
supporting numerous IP and analogue cameras
in several locations. In what’s an increasingly
security-conscious world, even smaller
businesses are making committed investments
in CCTV, empowered as they are by the
decreasing costs of reliable IP cameras.
There continues to be a significant increase
in both the quality and quantity of surveillance
streams. The end result is larger files and more
of them. Data is now on a scale that demands a
new and specialised approach to storage.
Advances in analytics
Meanwhile, advances in analytics mean that
surveillance footage can do more than just
keep locations safe and secure. Data has
become a valuable business asset. It’s used to
collect actionable insights and power more
informed decision-making.
In the retail sphere alone, analytics have
begun to transform the way in which
surveillance footage is used and the return on
investment it delivers. Heat mapping allows
retailers to maximise the impact of promotional
stands. Queue management can be improved
with surveillance analytics software that alerts
staff if queues exceed a certain threshold.
We’re even seeing improvements in audio
analytics that can detect positive or negative
sentiments from customers.
Beyond retail, the applications are endless,
from temperature measurement on thermal
imaging devices to fault detection on critical
infrastructure. In a climate of Big Data,
businesses are finding exciting new ways in
which to leverage and capitalise on the masses
of surveillance data they’re already storing.
Of course, all this depends on rugged, robust
storage that can be deployed in a wide range of
environments. Put simply, today’s storage
needs to go wherever the data is.
With all these sophisticated analytics, CCTV
is no longer just a necessary purchase that
delivers some peace of mind and safeguards
against crime. It promises to become a key part
of increasing business performance and
profitability, but only if the data it realises can
be stored and accessed effectively.
With such an increase in the scale of
surveillance data and myriad new ways of using

Data Storage for Security Systems (Part One)
footage, it’s tempting to think that the future of
video surveillance storage is simply ‘bigger’.
For sure, larger capacity drives are an essential
part of our data-driven future. However, this is
just one part of the story.
It’s not just a case of storing more
information. Today’s businesses need their
video data stored in a more sophisticated way,
with fewer errors and increased accessibility.
The threat of lost or incomplete data has
always been a pressing issue in security. Packet
data loss could mean missing the most critical
moments of a recording. The impact of lost data
today, though, is unthinkable. When video data
is used for analytics, incomplete information
can lead to misinformed decisions and severe
miscalculations in terms of how a given
business should act and respond.
More than ever, video surveillance footage
needs to be stored in a way that’s resilient and
safeguarded, with integrity mechanisms
protecting the quality of recordings and, in
turn, the quality of the decisions they empower.
Desktop hard drives are – and always have
been – fundamentally incapable of delivering
the performance required for video surveillance
storage. For example, if a desktop hard drive
works eight hours per day, five days per week,
that’s approximately 2,000 hours every year. If
your surveillance is running 24 hours per day
every single day, that’s almost 8,000 hours.
Traditional drives are not designed for the
constant data writing involved with capturing
multiple streams of video, let alone on the
scale required by today’s increasingly common
ultra HD footage.
Meanwhile, poor hard drive performance can
be a significant obstacle to analytics. Even with
the fastest write speeds, slow reading makes
timely analytics and alerting impossible. Think
of hypercritical situations, such as traffic
control or driverless cars. Suddenly, read
speeds then become ultra-important.
Whether capturing and archiving video or
looking for new opportunities to leverage your
surveillance data, the end user’s choice of
storage is critical. In the worse case scenario,
ineffective storage could be the weak point in
your implementation: a burden that holds your
entire deployment back and reduces your
Return on Investment.
Bottom line impact
Stored and used appropriately, surveillance
data holds tremendous value. The more data
you have, the more wide-reaching the
implications for analysis and gathering
insights. However, using storage that’s poorly
matched to surveillance doesn’t simply limit
your opportunities. It comes with a very real
financial impact that stretches way beyond the
cost of lost data.
Across an estimated 3,000 hours of use every
year, the costs of running and maintaining
storage mount up. Power consumption alone
becomes a key factor when you’re running
multiple drives in a multi-drive environment.
As a result, it’s not enough for storage to be
scalable and speedy. Truly surveillance-grade
storage matches scale with sophistication,
using technologies like motion sensing and low
power modes that don’t compromise on
availability or ‘time-to-ready’.
At the same time, surveillance-grade storage
is built to last. Where desktop drives are built
for a low workload, the right drive for your
surveillance will be tailored to the extreme
workload that surveillance demands and
backed by an appropriate warranty.
In an environment of more data and more
intelligent usage of that information, desktop
hard drives are a false economy. Ask anyone
that has had their storage fail, taking all of their
crucial surveillance footage with it.
Just as the world around us has changed,
surveillance has changed, too. It’s not just that
technology powers higher quality streams (and
more of them). We’re in a period where security
and surveillance are evolving. They’re a source
of information and evidence, but also a
potential source of business intelligence and
competitive advantage.
More and more of us will embrace that
opportunity. According to the IDC and EMC,
only 3% of the digital universe’s potentially
useful data is analysed and tagged. However,
with so much data in motion, even an increase
to 5% places never-before-seen demands on
storage to perform.
Even for those us that are not ready for
advanced analytics, there’s no avoiding the
need for surveillance-specific storage. With
higher quality recordings and an increasing
number of streams, capacity alone is a pressing
issue. Storage needs to be bigger than ever
while maintaining its integrity and resilience.
On the small and large scales, in terms of
both quality and quantity and from security to
analytics, surveillance is fundamentally
changing. It’s essential that end user
approaches towards storage do the same.
Andrew Palmer:
Group Sales Manager
(Enterprise and Surveillance)
at Seagate Technology
“By 2025, we will be amassing 163 zettabytes of data (an
astonishing 163 trillion gigabytes) every single year and,
just as society en masse embeds more data into everything
it does, surveillance will follow suit”
43
www.risk-uk.com

Remote Monitoring for Video Surveillance Systems
Remote Video Response Centres (RVRCs)
have enjoyed significant growth over
recent times. The boom within the
construction industry, as well as a large number
of solar energy farms springing up all over the
UK, are just two examples of where
opportunities have been created for RVRCs to
offer a cost-effective alternative to having
security officers on site 24/7. This is in addition
to the demand for their services from a diverse
range of other vertical markets including the
luxury homes sector and car dealerships.
When we first established Arc Monitoring 18
years ago, it was a technical challenge to offer
a viable remote visual response service across
the whole of the UK. ISDN lines, which were the
primary method of transmitting video, were
extremely expensive to lease and, while
broadband was clearly offering an affordable
and practical alternative option, UK coverage
was extremely limited.
Also, there was no Best Practice established
for offering a professional level remote
monitoring service. It’s a proud fact for us that
Arc Monitoring was one of the pioneers in
developing policies and procedures which, in
due time, found their way into British Standard
BS 8418 covering the operational requirements
for RVRCs.
At that time, there was still a widely held
misconception that, in order to effectively
visually monitor a remote site, it was necessary
for operators to constantly watch a video
screen to look out for any unusual activity. This
was never going to be a sustainable, affordable
or effective business model.
Aside from the enormous cost of employing
large numbers of operators, there was the
question of how reliable the service could be as
very few human beings have the ability to
concentrate their attentions on a screen for
long periods of time without the risk of missing
something. Familiarity can – and sometimes
does – breed complacency.
Service Level Agreements
RVRCs quickly moved on to formulate Service
Level Agreements with end user clients which
had ‘exception reporting’ or ‘event-driven’ as
the modus operandi. Now, operators would
have processes in place, agreed in advance
with their clients, as to what actions to take
when it could be visually verified as to precisely
why an intruder or perimeter detection device
had been triggered.
In the early days of the intruder alarm
industry, the police service had to deal with
countless false alarms caused by unreliable
detectors. The problem was so great that, when
Under Surveillance
Jonathan Sturley explains how close working relationships
formed with installers have ensured that end users achieve
maximum benefit from their investment in a remotely
monitored video surveillance system, without having to live
with the consequences of false alarms which have plagued
the electronic security industry since time immemorial
the directors of the leading installation
companies formed an informal networking
association, they called it the ‘98% Club’ (which
jokingly reflected the fact that police time was
being wasted 98% of the time).
Of course, the police didn’t really appreciate
that particular joke and the Association of Chief
Police Officers introduced its Unique Reference
Number (URN)-focused Security Systems Policy.
Losing a URN due to false alarms meant that
the police would no longer automatically
respond to a report of an alarm activation.
Equally important, it meant that a company
might also lose its insurance cover or, at the
very least, witness its agreed premiums and
excess levels rise significantly.
Intrusion detectors will quite often generate
false alarms even though they’re doing what’s
expected of them. This may be because
members of the public have innocently entered
a site at an unexpected time or adverse
weather conditions have seen moving tree
branches triggering a ‘phantom’ alarm. That’s
why, during busy times, operators in Police
Control Rooms will always treat a report of
visually verified alarm activity as a higher
priority than a report of an alarm activation
Jonathan Sturley: Managing
Director of Arc Monitoring
45
www.risk-uk.com

Remote Monitoring for Video Surveillance Systems
triggered by a detector-only security system,
which brings me neatly on to the subject of
‘tough love’.
Ensuring Best Practice
Remotely-monitored security systems eliminate
the risk of the police having to respond to false
alarms. Instead, they place the burden on the
RVRC to filter them out and the cost of doing so
on to the end user. If false alarm incidents are
to be minimised, it’s therefore essential that
the installer and the RVRC work closely
together to ensure Best Practice when the
system’s being installed and commissioned.
Some installers may regard the RVRC as
being ‘difficult’ due to insisting on the following
procedures, but by complying they will ensure
that the cost of monitoring a detector-based
intrusion system will be minimised:
• Commissioning: This process must follow a
logical progression in order to verify that
detection devices and cameras are tested
• Daytime Walk Test: This involves an engineer
on site creating an alarm by walking around the
location such that every sensor installed
delivers an alarm image to the RVRC. In doing
so, the engineer should ensure that each
detector is correctly assigned to an appropriate
camera and, where a camera with telemetry is
installed, the correct pre-set is configured.
Testing of all arming and disarming devices
should be carried out at the same time
• Night-Time Image Testing: This is intended to
assess the quality of supplementary lighting
and image resolution
• Lighting Rating Scale: The RVRC should
complete a lighting report as part of the
commissioning process for all new connections,
with snapshot images taken from all cameras
during the day and then again at night. The
report will identify if there’s adequate visibility
in all lighting conditions or if poor visibility
necessitates the requirement for additional
lighting to be installed
• Seven-Day Environmental Soak Testing:
During this period, the system remains under
detailed review to allow for evaluation of the
effects of environmental influences
Harsh environments
A professionally-designed, installed and
commissioned remotely-monitored video
“Remotely-monitored security systems eliminate the risk of
the police having to respond to false alarms. Instead, they
place the burden on the RVRC to filter them out and the
cost of doing so on to the end user”
system can be effective and reliable even in the
most harsh of environments. Battery
technology has now advanced to the stage
where a system can be rapidly deployed to a
site where an electricity power supply may not
be readily available and, in the absence of
access to the network for transmission over
broadband, it’s now possible to use 3G, 4G or
even satellite technology to ensure
communication between a site and an RVRC.
Depending on the location of the site, pointto-point
wireless transmission is also an option
as it’s able to send high quality video over long
distances with extremely low latency. It’s not
unknown for a combination of satellite, pointto-point
wireless and broadband to be used to
meet the challenge of transmitting data and
audio as well as video over large distances.
The resolution of images captured by the
latest generation of HD cameras means that,
provided they’re correctly installed and
configured, it’s virtually guaranteed RVRCs will
receive video of sufficient clarity to enable
operators to rapidly decide on an appropriate
course of action when lighting and weather
conditions are good.
On that note, bear in mind that thermal
imaging cameras now offer an affordable
solution for those sites which may be subject to
low-light or variable weather conditions.
How to select RVRCs
There’s no shortage of monitoring centres who
will want your business, but their ability to
meet your expectations as an end user will vary.
Here are some tips to maximise the possibility
of you choosing an RVRC which is able to
deliver the service levels you require.
Visit the National Security Inspectorate’s
website at www.nsi.org.uk where you’ll find a
directory of accredited RVRCs that operate to
British Standards BS 5979 Category II and BS
8418. Also, seek confirmation that the selected
RVRC is independently inspected to the quality
standard ISO 9001:2000.
Further, check that the RVRC is approved to
operate the monitoring centre platforms – such
as Sureview Immix and Sentinel Plus – from
leading software developers, and that it’s able
to support IP, 3G and 4G transmission protocols
(as well as, if appropriate to you, legacy ISDN
and PSTN systems).
Last, but not least, ascertain if the RVRC has
field-based and in-house technical support
personnel on board who will liaise with your
installation company every step of the way,
from system design right through to
commissioning, in order to ensure optimum
performance of your security systems.
46
www.risk-uk.com

We’ve Got You Covered
Update to the BS5839-1:2017 states that “All MCPs
should be fitted with a protective cover.”*
All manual call points that are placed in vulnerable areas and are prone to false activation should be protected
STI supply a range of protective covers, from basic integral covers to sounder models for all applications
Contact us for further information on Call Point Protectors
www.sti-emea.com
info@sti-emea.com 01527 520 999
*British Standard Institution (2017) ‘BS5839-1:2017 Fire Detection and fire alarm systems for Buildings’

Even before the
tragedy at Grenfell
Tower in June, local
councils had been
looking at ways in
which they could
improve how they
respond to any form of
emergency situation.
With public sector
budgets being cut by
central Government,
though, there’s
tremendous pressure
to make savings
wherever possible.
How, then, do councils
improve responses
and provide a clearer
audit trail following an
event without blowing
the budget? Stephen
Smith has the answer
View From On High
Unfortunately, fire prevention and security
monitoring are two areas where financial
prudency may have to be the order of the
day, but cutting budgets doesn’t have to mean
placing residents in greater danger. Far from it,
in fact. It’s perfectly possible to use existing,
installed technologies and protect legacy
investments by virtue of the intelligent
application of new management systems that
afford councils greater control of their estate,
greater protection for their residents and better
value for the tax payer.
The days when a disparate security system
and a mobile patrol were enough to meet the
security needs of a council are long gone. Now,
there’s far more sophistication involved and
greater technological advancement. As such,
security managers are rightly demanding
significantly higher levels of functionality and
integration across all systems.
Let’s take a look at a council estate in North
London. The estate comprises two large
apartment blocks and is blighted by vandalism
and other anti-social behaviour. Even
equipment installed to protect residents, such
as CCTV cameras and door entry panels, has
often been ripped out, spray-painted over or
smashed to pieces. Creating a greater feeling of
safety was therefore of paramount importance
and a considerable challenge.
That challenge was even greater since the
council wanted to re-use equipment already
installed, but make it work in a more integrated
way. The answer was a new concierge and
Physical Security Information Management
(PSIM) solution. It’s a solution that enables
council employees to control door access and
manage fire and security systems across both
apartment blocks from anywhere within the
council’s estate.
The two buildings already feature Intergrated
Security Manufacturing’s (ISM) Ultimate door
entry systems as well as third party technology.
Thanks to the Genesys PSIM solution, all of
these technologies can be controlled,
regardless of manufacturer or who installed
them. This delivers greater flexibility and
control, eliminates the potential disruption
caused by installing new equipment and
protects the council’s legacy investment. It also
means that further buildings and apartment
blocks can be added over time as and when
required with minimal additional investment.
The Ultimate door entry system was chosen
because it has multiple speech paths that allow
numerous conversations to be had at one time.
It can be specified as a simple single exchange
for one building or multiple exchanges serving
a network of buildings, all controlled by the
software management system using Genesys.
Multiple systems
Genesys allows the integration not just of door
entry systems, but also multiple systems from
multiple manufacturers – all from one holistic
integrated security set-up. Every electronic
security or fire safety device from CCTV and
intruder alarms through to electronic locking
and Public Address (PA) may be monitored and
controlled from a single platform.
The Genesys system can also have control
over all electronic security systems installed at
each site including (but not limited to) guard
tour, intercoms, panic/affray alarms, perimeter
intruder detection, PA, radio paging, staff safety
systems, trunked radio, video content analysis
and building management systems.
Most importantly, Genesys features Migrating
3+ technology, a patented automatic failover
technology that adds higher levels of automatic
configurable redundancy and power. What this
means in practice is that control is effectively
distributed across multiple workstations, such
that if one PC fails, control is then ‘migrated’ to
another PC seamlessly with no interruption or
downtime. Therefore, the system isn’t restricted
in its performance by the size or capability of a
server, nor does it require the additional
48
www.risk-uk.com

Physical Security Information Management
expense of moving to server farms or using
clustering software.
This was also important for the council as it
wanted each of its Control Rooms to be
independent of one other, and yet when one
wasn’t manned, another could take control as
though it was ‘lead’ and perform all of the
functions that the ‘owner’ would have wanted.
Again, in simple terms this means that there’s
no interruption in service and no chance of an
important alarm being missed or ignored. Fire
alarms, access control and CCTV can all now be
controlled from one computer from anywhere
on the council’s network.
Ultimate control
To improve efficiency and afford faster response
times for residents, the council needed to
provide concierge services to all of its estates.
The development of third party integration into
the Genesys platform allowed the council to
combine technology, including CCTV and fire,
without going to the expense of replacing
legacy door entry equipment unnecessarily.
This is delivering a much-needed saving during
what are challenging economic times.
Genesys is a ‘true’ PSIM system built around
intuitive software that combines a range of
features and benefits including an enhanced
graphical user experience and 3D modelling, as
well as a comprehensive event management
database. Events and alarms are presented to
the council’s operators as and when they
happen so that the response can be immediate,
‘informed’ and based on real intelligence.
Standard operating procedures and
automated workflow options that guide the
operators through each event are also given. As
all events are handled in the same generic way,
training may be simplified and the efficiency of
system operators greatly improved.
The enhanced alarm handling incorporates
multiple automated actions that can occur due
to events being generated or by an operator’s
actions, such as on receipt of an alarm event,
when the operator accepts the alarm, if the
device changes state, when the system
automatically escalates the alarm, when an
operator manually escalates an event or an
alarm and when the event is reset.
For example, if a Perimeter Intrusion
Detection System alarm is triggered, Genesys
can immediately increase the frame recording
rate on the CCTB system, page security staff,
lock down perimeter doors on the access
control system, switch on perimeter lighting or
display the alarm event to the operator.
When the operator ‘accepts’ the alarm,
they’re presented with live CCTV images
together with pre- and post-event video
recording from the time the alarm was
generated. The workflow list can detail basic
functions for audit purposes such as ‘Check the
CCTV’ or ‘Call the Supervisor’. By selecting one
of these actions, the system will carry out the
automated function which will be checked off
the list and the operator can then proceed to
the next item. It’s possible to add events to the
workflow list such as ‘Lock down doors’.
Full system log
Once the event has been cleared and the
operator has reset the alarm, the system will
automatically revert back to a default position,
for example sending cameras back to their
home positions, switching monitors to default
view, returning the CCTV to a normal recording
state, switching off floodlights, normalising
doors and paging staff.
Genesys has a full system log that file
records the actions of the system detailing the
operator, the action and any automated actions
plus any responses to alarms that have been
recorded by the operator. This log incorporates
a search facility and is capable of producing
basic level reports, ensuring that any incidents
on the estate can be reported to the police with
sufficient evidence to bring any charges.
If a more detailed analysis of the logs is
required then the database can be exported
and interrogated by any ODBC program such as
ACCESS and Crystal Reports.
The PSIM software operates as a standalone
platform over LAN or WAN networks for remote
and local sites with workstations that can be
transferred to any operating Security Control
Room on the network. This offers the end user
flexibility when closing down sites or buildings
for off-peak or out of normal working hours or
in the unlikely event of any system failures.
The software is totally scalable – from control
of just a single building to multi-site, multicountry
Enterprise systems that can operate
over LANs or WANs. Events can be transferred
to any operating Security Control Room on the
network (either local or remote) by site,
discipline or alarm escalation, providing
effective monitoring and high-level
management of any situation. Should a Control
Room be evacuated for any reason, operators
can walk into the reserve Operations Centre
without the loss of alarms or functionality.
Stephen Smith:
Managing Director of ISM
“The days when a disparate security system and a mobile
patrol were enough to meet the needs of a council are long
gone. Now, there’s far more sophistication involved”
49
www.risk-uk.com

BENCHMARK
Smart Solutions
BENCHMARK
Innovative and smart solutions can add value and benefits to
modern systems for customers. With the technological landscape
rapidly evolving, the Benchmark Smart Solutions project assesses
the potential on offer from system integration, advanced
connectivity and intelligent technology. Bringing together field trials
and assessments, proof of concept and real-world experience of
implementing smart solutions, it represents an essential resource
for all involved in innovative system design.
Launching in 2017, Benchmark Smart Solutions will be the industry’s only real-world resource for
security professionals who are intent on offering added value through the delivery of smarter solutions.
@Benchmark_Smart
Partner Companies
www.benchmarksmart.com

Security in the Transport Sector: Access Control Case Study
Transport for London (TfL) is the integrated
transport authority responsible for
delivering Mayor of London Sadiq Khan's
strategy and commitments on transport. The
organisation runs the day-to-day operation of
the capital’s public transport network and
manages London’s main roads. The services it
operates include London Underground, London
Buses, the Docklands Light Railway, London
Overground, TfL Rail, London Trams, London
River Services, London Dial-a-Ride, Victoria
Coach Station, Santander Cycles and the
Emirates Air Line in Docklands.
TfL is funded from fares income (the largest
single source of its income) as well as
advertising revenues, property rental and
income from the Congestion Charge. In
addition, there’s grant funding from the
Department for Transport and the Greater
London Authority as well as Crossrail funding
(which, in 2017-2018, is largely being funded
through the Community Infrastructure Levy and
developers’ contributions). Borrowing and cash
movements complete the funding picture.
Every day, more than 31 million journeys are
made across the TfL network. It’s a staggering
figure, isn’t it? Each day also entails TfL
working to make journeys easier through the
use of technology and data. The organisation
provides modern ways for customers to pay for
its services through Oyster and contactless
payment cards and provides information in
numerous different formats to help people
move easily around the city.
As an integral element of the TfL network,
London Underground has now been operational
for 150 years and conveys over 1.265 billion
passengers each year. Every one of those
passengers is reliant upon the efficient running
of the service to travel across the capital.
Speaking on behalf of London Underground’s
signals maintenance managers and their
associated teams, Phil McCusker (signals
maintenance manager – North Signals for
London Underground) stated: “It’s our duty to
make sure we have the right systems in place
such that seamless journeys can take place.
Everything must be done to create a safe and
secure environment at all times.”
Of course, that last point is particularly true
in today’s turbulent times when the threat level
posed by terrorism is currently set at ‘Severe’
by the Joint Terrorism Analysis Centre and when
high profile locations such as London
Underground stations can be the target of
terrorist activity. The readers of Risk UK only
need to look back on the recent incident at
Parsons Green Station and, of course, the 7 July
2005 London bombings to highlight that fact.
On The Right Tracks
Arguably, no other city is as recognised by its transport
system as London, with the capital’s famous red buses, black
taxis and tube trains known the world over. Here, Ben Farrar
assesses key and equipment management on the London
Underground network in order to demonstrate how a
considered ‘small detail’ can impact the smooth running of
Transport for London for the benefit of staff and passengers
Seamless experience
As stated, alongside extending the network is
an ambition on the part of TfL to make journeys
easier through the efficient and effective use of
technology and data.
As journey processes become quicker, there’ll
be a natural and growing expectation from
passengers to see an increasingly seamless
journey experience being created for them by
TfL’s management. No-one likes delays at any
stage, especially so given the recently-installed
running of the Night Tube in the UK’s equivalent
of the ‘city that never sleeps.’ The Night Tube
runs on Fridays and Saturdays on the Victoria,
Jubilee and most of the Central, Northern and
Piccadilly lines.
While for passengers these ‘seamless
journeys’ mean that TfL must provide modern
ways in which to pay and offer as much salient
information ahead of journeys as possible,
behind the scenes it’s all about establishing
ways in which to improve the overall
efficiencies of everyday operations, taking all
detail into account. This includes what may
seemingly be perceived as the smaller details,
Ben Farrar:
Market Development Manager
at Traka UK
51
www.risk-uk.com

Security in the Transport Sector: Access Control Case Study
such as the vital task of key and equipment
management, for example.
The consequences of poor key management
are potentially devastating. It only takes one
key to be missing, one ‘weak link’ to a building
access event, an item of equipment or a vehicle
and its operator to cause major delays and
disruption. Unnecessary delays in such a timesensitive
process will become more poignant
and the consequences far more significant for
TfL (and notably so at peak travel times).
Traditionally for TfL, any attempt to manage
keys had relied upon a basic key box and
recording book whereby brief details of keys or
equipment taken and returned were entered by
hand and confirmed by an often illegible
signature. Not surprisingly, such an
arrangement was proving inefficient and
unreliable and made tracing keys and
equipment an almost impossible task.
While the legacy system relied heavily on the
diligence of employees, when under pressure,
or in a rush to arrive at a job, keys were being
taken by staff, but not always logged as such,
or otherwise were not always returned on time.
If equipment or a vehicle was needed by
another member of staff, valuable time and
resource was spent in searching for the relevant
keys. Managers would also be concerned that
untrained staff could operate expensive tools
such as electrical drills stored on site.
Intelligent management
To rectify this situation, tighten up on keeping
track of what’s going on and who has
equipment or keys at any given time, as part of
TfL’s efficiency drive an increasing number of
departments are now choosing intelligent
management tools. “It saves the team valuable
time and resources in our key access
processes,” explained Phil McCusker.
By automating the process, TfL can also
increase compliance with Health and Safety
standards as the element of human error is
minimised. The system decreases downtime
and improves work efficiencies, all enabling
different departments at TfL to manage the
everyday items crucial to the many processes
that keep the organisation running and ensure
continued operational excellence.
TfL has encountered further advantages in
the move towards more intelligent security and
access control systems. For one, key allocation
is now far quicker and easier, with staff no
longer needing to manually sign out keys. The
intelligent set-up allows 24/7 access to
response vehicles with no need for dedicated
staff issuing keys. “We can see live transactions
via the software reporting function,” added
McCusker. “This is via the cabinet’s data
display or instantly available on computer or
mobile devices.”
Critically for the smooth running of TfL, keys
are also very rarely misplaced because if an
employee takes a key, it must be returned
within a set amount of time. If it’s not returned,
the employee is then alerted to that fact, as is
their manager, in turn encouraging a more
responsible approach towards the use of
vehicles and equipment by members of staff.
“It’s all about traceability and
accountability,” observed McCusker. “Members
of staff know that, when they take a key, the
system logs this episode on their employee
record so, if they misplace it, we’ll know. The
system encourages staff to return keys on time
and also to leave vehicles and tools in good
condition. If a vehicle or a piece of equipment is
damaged, we can look back at who last had
access and speak to them about how the
damage occurred. All of this helps us to
successfully manage the departments.”
Keeping on track
Traka was selected as the key and equipment
management supplier of choice for TfL, for
whom a new approach around key and
equipment management has proven to make
such a positive difference. The company worked
closely with TfL’s signal maintenance team,
tailoring the system to exact requirements.
Importantly, the intelligent key and asset
management specialist also ensured
compliance with the very latest Health and
Safety standards, whereby the systems operate
so that unauthorised personnel simply cannot
access keys to any equipment that they’re not
meant to be using.
“The positivity of the Traka team in helping
us to install the right solution to suit our own
individual requirements has been a welcome
bonus and the main reason we’re now looking
to expand our use of such solutions across TfL’s
network,” concluded McCusker.
“While the legacy system relied heavily on the diligence of
employees, when under pressure, or in a rush to arrive at a job, keys
were being taken by staff, but not always logged as such, or
otherwise were not always returned on time”
52
www.risk-uk.com

Multi award winning security service provider
Supplying security services to Government Departments,
Local Authorities, Blue chip companies and Worldwide organisations
Services provided
Manned Guarding Service
Site Patrols
Reception Duties
Car Park Security Management
Front of House Service
Mobile Patrol Visits – Internal/External
Mail Room Service
Remote CCT Monitoring
Banks Men
Security Lodge/Gatehouse Duties
0800 772 3786
sales@magentasecurity.co.uk
www.magentasecurity.co.uk

Meet The
Security Company
This is the fifth
instalment in a new
series of articles for
the readers of Risk UK
where we shine the
spotlight on NSIapproved
businesses
for the benefit of risk
and security managers
who purchase security
guarding as well as
systems-focused
solutions. Answering
our questions on this
occasion is Peter Hale,
general manager of
Omni Security
Services
About the National Security Inspectorate
Risk UK: Can you briefly describe your
business’ activities and what you consider to
be your USP as an organisation?
Peter Hale: Omni Security Services has
established itself in the security industry as a
company that both promotes and adheres to
strong values. Our goal of uncompromising
integrity and high ethical conduct is something
of which the company is extremely proud.
Our core offerings are security guarding and
security dog services, the latter encompassing
general purpose patrol dogs, narcotics search
dogs and explosives detection dogs.
In terms of a USP, our approach to client care
is designed to ensure maximum flexibility for
the services we offer, enabling all at Omni to
work closely in partnership with our valued
customers and exceed their expectations.
Risk UK: What do your clients value most
about the services you deliver?
Peter Hale: A recurring theme that shines
through from our regular customer satisfaction
surveys is the dynamism and agility of the
service provided. We have a mature and layered
infrastructure that allows us to respond to
urgent requests for assistance from national
The National Security Inspectorate (NSI) is a wholly-independent, not-for-profit
company limited by guarantee and operates as a UKAS-accredited certification
body specialising in the security and fire safety sectors.
For over 40 years, the NSI has served to protect businesses, homeowners
and the general public alike, raising standards by providing robust and high
quality audits of both security and fire safety service providers.
customers with same day turnarounds for
quality officers on location with full RAMS
packs and associated documentation.
The accessibility and expertise of our senior
management in support of our front line
operators is also consistently mentioned.
Underpinning all of this is the performance
and quality of our front line operators. We
invest significant time in recruiting, training and
retaining each member of staff to ensure that
our organisational aims and objectives are
always lifted off the page and made real.
Risk UK: How do you feel accreditations have
assisted your company?
Peter Hale: In a word? Greatly. Omni Security
Services has made a commitment to superlative
service levels since 2002, when the company
first entered into the NSI regime at Bronze
level. From that point, the business progressed
to NSI Silver in 2003 and then NSI Gold in
2004, which it has held ever since.
Omni Security Services is very proud to be
one of the first specialist guarding companies
to have achieved the ISO 9001:2015 transition
within the NSI Guarding Gold framework. This
commitment to attaining the highest standards
of achievement has deeply embedded an
attitude of excellence in the organisation.
Security Industry Authority (SIA) Approved
Contractor Scheme (ACS) registration was
achieved in 2006 and has been held to date.
Risk UK: Specifically, what value does ACS
registration and NSI Guarding Gold approval
bring to your business and its clients?
Peter Hale: While some commercial processes
do ask for evidence of ACS registration, there
appears to be little understanding of the
scheme. In many cases all that’s required is an
answer in the affirmative.
We invest some considerable time and tender
column inches to expanding on the ACS, our
score within it and how this translates to value
for that particular prospective client as, quite
often, Procurement Departments simply don’t
know the appropriate questions to ask.
To us, the NSI Guarding Gold scheme is still
regarded as the most exacting inspection
service for businesses operating within the
security industry. The NSI Guarding Gold
‘brand’ is held in high regard and recognised as
54
www.risk-uk.com

Meet The Security Company: Omni Security Services
In association with the
an endorsement of an organisation’s
commitment to achieving excellence. There’s no
room for complacency, though, and continued
energy from the NSI in widely promoting the
scheme would be valuable.
Risk UK: In practice, what are the main
differences between ACS registration and NSI
Guarding Gold approval?
Peter Hale: I see the framework of the NSI’s
Guarding Gold scheme as a facilitator for
excellence if the application and endeavour are
accurate. Adherence to the requirements can
provide the machinery for efficiency, qualitative
outputs and delighted customers. It’s a nonnegotiable
indicator of commitment to quality.
The ACS provides a presentation of
achievement, but could arguably be said to be
more focused on the outcomes rather than a
consistently applied process.
To chase ‘points’ and provide the evidence
required for a particular score for a particular
element only is to miss the fundamental
sustainability and underpinning commitment
that should be part of the business process.
Risk UK: How do you think technology has
changed the industry over the last couple of
years and what do you feel will be the
direction of travel in the future?
Peter Hale: I believe that technology has
radically enhanced the industry. In the future,
increasingly symbiotic solutions involving
manned and technological resources are going
to be key to providing a total service.
The time of the ‘technophobe’ has long since
passed and, in fact, the word itself is likely to
have little relevance in the very near future
within the guarding sphere as all credible
suppliers will need to be able to demonstrate
service-enhancing technological resources and
embrace the changes they realise.
Risk UK: When it comes to negotiating
contracts and responding to tender requests,
what aspects are of most value to customers
and how are these changing?
Peter Hale: Unsurprisingly, many customers
still zero-in on the bottom right hand corner of
a proposal. We’re aware the security industry
can be driven by intense price competition that
may serve to drive down standards and quality
to provide the barest quotation.
At Omni, we’re endeavouring to drive
standards and quality in the industry upwards.
By focusing on RoI for customers and
demonstrating the clear layers of added value
that sustainable partnering can bring, we find
that negotiations move away from price points
and races to the bottom and settle more on our
complete support across all levels of a
customer’s business.
I’m pleased to say that there appears to be a
slowly-building appreciation of the benefits of
investing in a proper and well-designed
solution to security needs as opposed to a
cheap, quick and, ultimately, unsustainable fix.
Risk UK: How has Government legislation (eg
the National Minimum Wage, the National
Living Wage and holiday pay) affected your
business? Do you believe such legislation is
a good thing?
Peter Hale: I endorse any means to ensure that
decent officers are remunerated appropriately.
However, we shouldn’t just be relying on the
Government to achieve that goal for us.
Of course, there’s an inevitable ‘hit’ for
accounts based at the lower end of the wage
spectrum, but generally we in the industry are
the architects of our own issues if we’re pricing
work too narrowly to pay a decent wage just to
win the business in the first place.
I believe that the standard security guarding
licence is too easily obtained. This is an area
that should be reviewed in terms of rigour.
Risk UK: What are the most important
attributes you look for in your security
officers and staff members in general?
Peter Hale: While integrity, work ethic,
reliability and communication skills are all core
and basic requirements, I personally love to see
ambition in people. Specifically, I’m referencing
an ambition to be better and to be honest
about wanting to be better.
The private security industry offers genuine
career paths and healthy, focused and nurtured
ambition is the bullion for driving standards up
and taking the sector forwards.
Risk UK: How can the SIA, the NSI and
industry standards best serve the sector in
addition to the needs of your company’s
clients and the wider public interest? Will
the introduction of business licensing be a
positive step?
Peter Hale: Education of consumers and other
interested parties is key. We must shine a light
on professionalism and capability within the
industry and set alignments to be assimilated
within the mainstream consciousness.
The planned introduction of business
licensing could be a positive step, as long as
the regulatory focus is accurate. To my mind,
there seems little point in increasing the
regulatory burden if the outcome of doing so is
only recognised within the industry itself.
Name
Peter Hale
Job title
General Manager
Time in the security sector
18 years direct industry
experience at senior level
overseeing national accounts
for global brands. I’m
educated to post-graduate
level in Security and Risk
Management and an IRCAcertified
Quality Management
Systems (ISO 9001) lead
auditor. I also hold
certifications in employment
practice (through the
Chartered Institute of Legal
Executives) and equality and
diversity in the workplace
Location of the business
Omni Security Services’ head
office is based in Huntingdon,
Cambridgeshire. We have a
satellite office in London and
a national outreach
Areas of expertise
Security guarding (including
executive guarding
assignments), general patrol
security dogs and specialist
search security dogs
Accreditations
NSI Guarding Gold, SIA ACS,
SAFEContractor, CHAS
Accredited Contractor, BSIA
Member, NASDU Company
Member and Member of the
British Safety Council
Peter Hale: General Manager
at Omni Security Services
55
www.risk-uk.com

Crisis Management: The Challenges
Crisis management is
the process by which
an organisation deals
with a disruptive and
unexpected event that
threatens to harm
either the organisation
itself, its stakeholders
or the general public.
The study of crisis
management
originated with the
large-scale industrial
and environmental
disasters of the 1980s.
Given that the speed
and scale of disasters
has changed markedly
in recent times, how
might security and risk
practitioners deal with
them? David Rubens
offers some key words
of wisdom
Friday 13 October was the United Nations’
(UN) International Day for Disaster
Reduction, running only a month or so after
Hurricane Irma hit Puerto Rico. At the time of
the UN event, an announcement that
accompanied it stated: “Natural disasters are
inevitable, but it’s still possible to minimise the
damage that they cause and change the social,
economic and cultural issues that exacerbate
those impacts. It’s not just a matter for the
victims of natural disasters. The reduction of
risk concerns the whole world, whether
national leaders, bankers, meteorologists or
the media. With this in mind, the International
Day for Disaster Reduction proposes that
Governments and concerned people commit to
minimising risk through prevention and
mitigation as well as active preparation.”
As someone who has the opportunity to work
with senior risk managers around the world,
whether they’re engaged with Government
agencies, regional bodies, global corporations,
Critical National Infrastructure (CNI) or local
community groups, I’ve witnessed at first hand
both the commitment and professionalism that
people and organisations bring to those efforts
designed to build effective risk mitigation and
emergency response capabilities within their
own operating environments. I’ve also seen the
despair and frustration when their efforts are
overwhelmed by the forces of nature they’re
facing, be they earthquakes or hurricanes, etc.
Individuals involved in disaster and risk
reduction have the responsibility to ensure that
there’s a genuine understanding not only of the
impacts of natural disasters, but also of the
realities of what’s required for response and
recovery, both in terms of the immediate event
and long-term programmes that need to be
maintained and sustained over years rather
than weeks or even months.
It seems the problem isn’t that we cannot
deal with the external event, which in almost all
cases is outside of our control, or even that we
cannot manage the impacts, which are often
dramatic, chaotic and involve a level of
disruption and dislocation that goes beyond
the local capabilities to effectively manage.
Rather, the major challenge is our capability to
create a response structure that can respond
both speedily and appropriately to the wide
range of predictable issues that are likely to
arise in the immediate aftermath of any largescale,
high-impact event.
Crisis status
One of the main issues associated with the
strategic level of crisis response is the
responsibility to acknowledge the crisis status.
In many cases, it’s this that creates the
opportunity to respond in ways that would not
be possible under normal operating rules, and
then to manage the transition from a standard,
process-driven, bureaucratic decision-making
framework to one that’s more suited to the
demands and challenges – not to mention the
extreme time pressures – of a crisis event.
The announcement that, one month after
Hurricane Irma struck Puerto Rico with such
devastating effect, the US authorities had
finally authorised the deployment of National
Guard troops to this unincorporated territory of
the States is a classic example of a crisis
response framework being rendered completely
ineffective because the management
procedures associated with that framework
hadn’t considered the realities of crisis
response events.
The argument given that the necessary
procedures needed to be complied with before
troops could be deployed seems to miss the
fundamental objective of a fast response
operation, which is that it’s able to be deployed
at a moment’s notice.
Given that Hurricane Irma was known about
and expected, it would surely have been part of
the National Guard’s responsibility to prepare
itself to deploy to a location that would clearly
be in need of the specialist skills, equipment
56
www.risk-uk.com

The Security Institute’s View
and logistical management capabilities the
National Guard would bring.
Reading reports on the situation in Puerto
Rico, as well as other islands across the region
that have been equally hard hit by recent
events, one’s reminded of the words from the
Executive Summary of ‘Failure of Initiative’, the
Congressional Report on Hurricane Katrina: “It
remains difficult to understand how
Government could respond so ineffectively to a
disaster that was anticipated for years, and for
which specific dire warnings had been issued
for days. This crisis wasn’t only predictable, it
was predicted.”
The statement adds: “Government failed
because it didn’t learn from past experiences,
or because lessons thought to be learned were
not implemented. If 9/11 was a failure of
imagination, Hurricane Katrina was a failure of
initiative. It was a failure of leadership.”
Systemic failings
This isn’t a diatribe against the US Government,
though it seems there are deep-rooted systemic
failings identified by Hurricane Katrina that
haven’t been adequately dealt with in the
meantime. Rather, it’s a call for anyone
associated with emergency response and crisis
management to recognise the increasingly
challenging environments that we’re now called
upon to respond to, and the increasingly high
impact and often catastrophic impacts and
consequences that those events produce.
If we accept the fact that we cannot prevent
the external event, which is outside of our
control, then it’s possible we can influence the
impact and even manage the consequences. If
there’s one thing that we can claim to be in
control of, though, then that element is the
response operation.
One of the fundamental issues associated
with crisis management is the inescapable fact
that crises are rare events. For most of us, a
true crisis is something that we may only be
faced with once or twice in a career.
Here, I’m making the distinction between a
true crisis event and something that could more
correctly be labelled as a ‘routine emergency’
or ‘major incident’ which, although challenging,
doesn’t involve the level of catastrophic
destruction, disruption and dislocation
associated with a genuine crisis.
Even for those organisations that are
supposedly trained to deal with crisis
scenarios, the facts as seen in the Hurricane
Katrina episode – and, more recently, in the
Caribbean – clearly demonstrate that even
these organisations are often unable to deliver
their core services within the challenging
environment and operational pressures of a
crisis event.
Practice makes perfect
It’s for this very reason that every opportunity
to practice an emergency response or crisis
management procedure should be taken, as it’s
inevitable salient lessons will be learned and
skills and capabilities developed that cannot be
nurtured under even the most challenging of
training scenarios.
The decision to deploy troops in support of
policing operations in the immediate aftermath
of the Manchester Arena bombing incident in
May was an example of a genuine situation
with real needs being used to practice
strategic, tactical and operational skills,
including the critical issue of co-ordination and
collaboration between different units that
would not normally be working together under
such circumstances. Benefits will be gained
from such interaction that have real impact on
the effectiveness of future operations, whether
under normal operating conditions or in the
heat of an emergency response.
It’s true that the ‘crisis events’ we’re now
facing are becoming more frequent, with a
higher level of destructive impact and
disruptive consequences, whether that’s
because of climate change, natural disasters,
technological dependency, the degradation of
CNI, global supply chains, pandemics, social
instability or any one of a dozen other issues
approaching the increasing likelihood of
suffering catastrophic failure. The single feature
that’s common to all of these scenarios is
complexity – complexity of the problems,
complexity of the environments they cause and
complexity of the solutions they’ll require.
No right to be wrong
It’s no longer acceptable that anyone
associated with emergency response or crisis
management can claim the plans were good,
but that the complexity of the event was the
cause of ultimate failure.
As Rittel and Webber wrote almost 45 years
ago in their groundbreaking work on ‘wicked
problems’: “The planner has no right to be
wrong”. The world around us may now be
indescribably more complex in 2017 than it was
back in 1973, but the responsibility to ‘get it
right’ remains precisely the same.
Dr David Rubens DSyRM CSyP
FSyI MSc: Managing Director
of Deltar Training Solutions
“If we accept the fact that we cannot prevent the external
event, which is outside of our control, then it’s possible we
can influence the impact and even manage the consequences”
57
www.risk-uk.com

ASIS 2017: From Artificial Intelligence
and Robotics to Perspectives on Risk
ASIS International –
the world’s largest
association for
security management
professionals –
recently delivered its
63rd Annual Seminar
and Exhibition
(otherwise known as
ASIS 2017) in Dallas,
Texas. Produced in
partnership with
InfraGard and the
ISSA, the four-day
programme between
23-28 September
attracted 22,000
registrants from 96
countries and drew
rave reviews from
attendees, exhibitors
and industry partners
alike. Tom Langer and
Mike Hurst review the
event for the readers
of Risk UK
Tom Langer CPP:
President of ASIS International
and Vice-President of Security
for BAE Systems
58
www.risk-uk.com
There was an unmistakable ‘buzz’ in Dallas.
Despite several natural disasters around
the globe in the weeks leading up to the
show, security professionals attended in their
droves to exchange ideas, discuss Best Practice
and experience first-hand the new products and
services on the market.
Key themes included the importance of a
global community of peers for support,
understanding the risks and opportunities
inherent with the technologies that are
reshaping our personal and professional lives
and, most importantly, the necessity for
security professionals to become empowered
leaders in the security space.
Keynote speakers set the tone for each day.
On the Monday morning of the show, the 43rd
US President George W Bush sat down with
ASIS International’s CEO Peter O’Neil for a
conversation about leadership and lessons
learned in the White House. In his remarks,
Bush outlined what he believes to be the key
characteristics of an effective leader, stating:
“Leadership means trying to understand what
someone else is saying. Leadership means
sharing the credit and taking the heat when
things go bad. Leadership means building a
culture not around a person, but around a
concept greater than a person.”
During the luncheon interval, entrepreneur
and the NBA’s Dallas Mavericks owner Mark
Cuban shared advice with attendees, noting
that “the only constant is change”. Cuban said
that he spends about two or three hours each
day learning new ideas and concepts. “Now,”
he ventured, “it’s all about Artificial
Intelligence, accessing Amazon Web Services
and teaching myself how to create machine
learning algorithms or educating myself about
neural networks and deep learning.”
This commitment to lifelong learning rings
true for us as security professionals. As threats
evolve rapidly, it’s critical for us all to stay
informed of the risks and opportunities in
today’s rapidly changing business environment.
Cuban went on to discuss the rise of Artificial
Intelligence (AI) and machine learning. He
voiced concern regarding the security risks if
the US lags in these competencies. “If the
Chinese win the robotics race… If the Chinese
win the AI race... If the Russians win the AI
race… and both the Russians and the Chinese
have said this is a top priority. Vladimir Putin
has suggested that whomever controls AI is the
dominant country. That’s scary.”
As far as Cuban’s concerned, robotics and AI
need to become a core competency in the
United States or “we will find ourselves on the
outside looking in”.
Perspectives on risk
On the Tuesday of the show, futurist Scott
Klososky outlined his perspectives on the risks
– as well as the potential – posed by the
various technologies that are reshaping society
and the way in which we do business. He noted
that we often integrate technology into our
lives without fully understanding the
consequences and, while many innovations
bring benefits, they also present opportunities
for criminals, bad political actors and those
looking to inflict harm. “It’s probably time for
us to become a little wiser,” urged Klososky.
The Global Responses to Global Threats
panel discussion, which included input from the
City of London Police’s Detective Chief
Superintendent Paul Barnard, focused on
private-public sector collaboration designed to
combat the growing terrorist threat. Key points
included not only the need for a plan, but also
the requirement to practice that plan.
Collaboration is also essential. You cannot
build a trusting relationship during a crisis.
Strong working relationships need to be built
between private-public sector colleagues
before an event happens.
Military aviation pioneer and F-14 Tomcat
pilot Carey Lohrenz closed out the week with a
call for fearless leadership. Lohrenz described
the primacy of identifying the most important
work you should be doing: work that requires
purpose, focus and discipline.
Lohrenz observed: “If you lose sight of the
most important work you should be doing,
you’re then guaranteed to lose the fight.”
Lohrenz also encouraged attendees to accept
failure, see it as an opportunity to grow and
look to “banish your limiting beliefs”.
The formal education programme featured
more than 180 sessions spanning the security
spectrum. New for this year, the first day of the
programme was dedicated solely to education,
with a focus on immersive and interactive
learning formats for attendees at all experience

In the Spotlight: ASIS International UK Chapter
levels. Another 2017 innovation, namely ‘Global
Access LIVE!’, provided live streaming of select
education sessions and Keynotes for those
security professionals who were unable to
travel to Dallas.
The reimagined exhibition hall opened on the
Tuesday and featured more than 575 exhibitors
showcasing new and emerging products and
technologies, such as machine learning and
forensic analysis. The show floor also hosted
two ‘impact learning’ theatres, a careers centre,
an international trade centre, a virtual reality
zone and the ASIS International Hub (a onestop
shop for all things ASIS including ‘fireside’
chats, council booths and livestream interviews
with Chuck Harrold of Security Guy Radio).
Exhibitor satisfaction was at an all-time high,
reflected not only in the feedback heard onsite,
but also in terms of stand bookings for ASIS
2018 in Las Vegas. Already, 80% of the net
square footage of the upcoming show floor has
been committed for next year, with 35
companies increasing their space allocation.
In addition, notable brands like the Mobotix
Corporation, the Ford Motor Company,
UrgentLink and others who didn’t exhibit in
Dallas have already committed for 2018.
“ASIS 2017 delivered a prime audience to
promote our software solutions that leverage
emerging technologies such as mixed reality, AI
and machine learning,” said Drew Weston,
director of sales and marketing at CodeLynx.
“The addition of the high quality content on the
show floor not only offered us an opportunity to
learn ourselves, but also drove attendees to the
exhibition and created a ‘buzz’. We had
consistent stand traffic and positive
interactions with buyers, and we’ve already
reserved our spot for Las Vegas.”
Benefits of networking
This year also saw a significantly improved
networking event line-up with an opening night
celebration on Sunday 24 September at
Gilley’s, Dallas and the President’s Reception at
the AT&T Stadium on Wednesday 27
September. Both events drew significant
crowds and provided ideal ‘bookends’ to the
week of learning, as well as opportunities to
welcome new and returning members and form
new working friendships.
For Peter O’Neil, the benefits for attendees at
the show reach well beyond the educational
sessions or tours of the exhibition floor.
“Attendees left empowered with the
information, access to professional networks
and exposure to products and services they
need to protect the people, property and
assets entrusted to their care.”
It was great to catch up with ASIS UK’s
Chapter vice-chairman Mike Hurst, whom I last
saw at ASIS Europe 2017 in Milan. Mike is a
prime example of the dedicated worldwide
members who contribute so much to the
international culture of ASIS. “I was delighted
to contribute to the opening ceremony welcome
video,” stated Hurst, “and it was great to see
my sentiments echoed by colleagues and
friends from ASIS Chapters across the world.”
Mike is planning to attend the leadership
meeting to be held in Washington DC in
January. “As a volunteer leader, I’ve been on
four overseas trips for ASIS this year,” said
Hurst, adding that: “It’s time out of the office
and away from the day job, but the contacts
and friends you make and the knowledge and
experiences gained are invaluable.”
Importantly, Mike went on to add: “One thing
that strikes you about the Annual Seminar and
Exhibition is the sheer scale of the event and
scope of the subjects covered. Enterprise
Security Risk Management, the cyber-physical
debate, Duty of Care and travel security were
just some of the topics discussed during the
educational sessions I attended. I particularly
enjoyed one of the CSO Centre sessions on how
developing your emotional intelligence can
benefit leadership skills.”
Mike Hurst FIRP MSyI:
Vice-Chairman of ASIS UK and
Director of HJA
“Attendees left empowered with the information, access to
professional networks and exposure to products and
services they need in order to protect the people, property
and assets entrusted to their care”
59
www.risk-uk.com

The readers of Risk UK
may not be fully aware
that there have been a
number of changes
made to British
Standard BS 5839 Fire
Detection and Fire
Alarm Systems for
Buildings – Part 1:
Code of Practice for
the Design,
Installation,
Commissioning and
Maintenance of
Systems in Non-
Domestic Premises
following the release
of the 2017 update.
Will Lloyd outlines the
fine detail
Will Lloyd: Technical Manager at
the Fire Industry Association
Changes to BS 5839-1: Fire
Detection and Alarm Systems
Not only is it important to understand BS
5839, but also to keep up-to-date with
any changes so that they can be
addressed and implemented at a given site.
Unlike other sectors where standards are used,
technically speaking there’s no ‘overlap’ or
‘phased entry periods’ for standards within the
fire industry. On that basis, if you haven’t
updated matters pertaining to your site(s) then,
unfortunately, you’re already behind the curve.
The Fire Industry Association (FIA) was
heavily involved in the update procedure for BS
5839-1. The last change to this British Standard
was back in 2013 and, since then, there has
been new research conducted which led to
some of the changes that have been made.
In combination with a number of other
stakeholder groups, the FIA determined to
investigate the causes of false alarms. At the
point of study, no-one knew precisely the exact
reasoning behind false and unwanted fire alarm
events as, in the main, any recording of such an
event is usually simply labelled as exactly that.
No-one knew with any great degree of certainty
why false fire alarms were occurring. This was
the starting point for a research project carried
out with the BRE under the heading ‘Live
Investigations of False Fire Alarms’.
An investigator linked up with the Scottish
Fire and Rescue Service in Glasgow to
investigate the true cause of false or unwanted
alarm signals. The data realised was then
collated and outlined by a researcher.
A surprising result was unearthed. One of the
main causes was actually through accidental
activation (ie people pushing the manual Call
Point button when there wasn’t really a fire in
progress). Sometimes, this was because
members of staff were working with large
trolleys (particularly in hospitals, factories or
warehouses where bulky or heavy items need
to be transported) and accidentally crashed
into the manual Call Point or otherwise knocked
it from the side, in turn activating the alarm.
In other instances, the unwanted signal was
activated when, quite innocently, individuals
pushed the manual Call Point button instead of
the ‘open door’ button when the Call Point was
sighted next to the door, or when staff thought
they could smell smoke. Occasionally, false fire
alarms were due to malicious activations.
As a response to this new research, the FIA’s
Fire Detection and Alarm Councils, along with
other FIA Council groups, reviewed the new
information generated and worked on adding
some changes to the British Standard in a bold
bid to reduce the number of false alarms.
The main change is that all new manual Call
Points must have some variety of protective
cover. This should help in preventing accidental
activation from impact and also force end users
of the fire alarm system to lift the cover before
activation, thereby adding an extra action to the
process of pressing the alarm. This ought to
assist in cutting back on the number of times
the button is pressed accidentally and make
anyone who intends to push the manual Call
Point (whether maliciously or not) think about
whether the alarm should actually be triggered.
Of course, covers for manual Call Points are
not new pieces of equipment. Many
manufacturers have been producing them for
some time now. However, the thing to
remember here is that any new installation
work must use a manual Call Point cover.
Does this mean retrofitting Call Point covers
on all currently existing Call Points? The simple
answer is: ‘No, not necessarily’.
The British Standard only really covers this
point for any new work undertaken since the
publication of the document. However, should a
client request an upgrade then of course this
can be provided. Alternatively, the upgrade can
be carried out at the next convenient juncture,
for example at the next service. The decision
about whether to retroactively fit covers on all
manual Call Points in a given building is down
to the ‘Responsible Person’ or duty holder.
‘Place of ultimate safety’
Another change in the update to BS 5839-1 is
point 20.1 referencing the ‘place of ultimate
safety’, wherein the clause has been expanded
to place emphasis on this.
The reason for the change here is because
not all exits from a building are specifically
designed as fire exits and, during the course of
a fire, people will use any exit (regardless of
whether it’s a designated fire exit). For
example, some openings in the building
envelope (such as a roller shutter door) are not
normally considered as a pedestrian exit, but in
an emergency are likely to be used as such.
Therefore, manual Call Points should be
located on escape routes and, in particular, at
all storey exits and all exits to open air that
60
www.risk-uk.com

FIA Technical Briefing: Amendments to British Standard BS 5839-1
lead to the aforementioned ‘place of ultimate
safety’ (whether or not the exits are specifically
designated as fire exits).
Multi-sensor detectors
In addition, the British Standard has been
updated in regards to multi-sensor detectors.
Those that have fire sensitivity of BS EN 54-7
are now acknowledged as suitable for fire
escape routes, but their configuration must
include smoke detector mode.
The updated BS 5839-1 also makes clear
about the method of inspection and servicing
for multi-sensor detectors. Clause 45.4 states
recommendations for the inspection and testing
of a given system over a 12-month period. In
the first instance: ‘Multi-sensor detectors
should be operated by a method that confirms
the products of combustion in the vicinity of the
detector can reach the sensors and that a fire
signal can be produced as appropriate.’
In addition: ‘The guidance of the
manufacturer on the manner in which the
detector can be functionally tested effectively
should be followed’, while: ‘Multi-sensor fire
detectors should be physically tested by a
method that confirms any products of
combustion in the vicinity of the detector can
reach the sensors and that the appropriate
response is confirmed at the CIE’.
Where the detector or system design permits,
each sensor on which a fire detection decision
depends (eg smoke, heat, CO) should be
physically tested individually. Alternatively,
individual sensors may be physically tested
together if the detection system design allows
simultaneous stimuli and individual sensor
responses to be verified either individually or
collectively. On completion of tests, the system
should be returned to its normal configuration.
It’s also worth noting the update to the
British Standard states that fire detectors
should be sited at the top of a stairway and on
each main landing. This is to ensure that there’s
adequate coverage at every level of the building
as plumes of smoke are unpredictable. There’s
no exact way of knowing where the smoke will
go, meaning that if detectors are not sited
correctly, there could be a delay in the amount
of time between the fire starting and the
system activating an alarm. In reality, a matter
of minutes – or even a few seconds – may be
the difference between the fire being small and
containable and a huge emergency arising.
Put simply, the sooner a fire is detected, the
sooner it can be extinguished.
There have also been a number of other
changes written into the updated British
Standard, including an update of the term
‘false alarms’ to include ‘unwanted alarms’,
more detail on the siting of optical beam
detectors and further information on many
other areas (including cables, wiring and other
interconnections).
Within the scope of this article it’s not really
possible to go into great detail on every single
change, but thankfully the FIA boasts a number
of good resources to help you do just that if
you’re not fully up-to-speed as yet.
Upon the release of the updated British
Standard, the FIA ran a series of seminars
across the UK, from London all the way up to
Glasgow. These heavily-subscribed sessions
proved extremely useful to those who attended
as all of the changes in BS 5839-1 were
presented in an excellent degree of detail.
A video of one of these sessions is now
available both on the FIA’s YouTube channel
and also on the FIA’s website at
www.fia.uk.com (access ‘Video’ under the
‘Resources’ tab). This is meant to be watched
with the seminar slides alongside such that you
can follow along. The seminar slides may be
downloaded from the FIA’s website (or, handily,
direct from the video).
“The main change is that all new manual Call Points must have
some variety of protective cover. This should help in preventing
accidental activation from impact and also force end users of
the fire alarm system to lift the cover before activation”
61
www.risk-uk.com

TUPE Regulations: Is The Security
Business Sector Missing A Trick?
The Transfer of
Undertakings
(Protection of
Employment)
Regulations
(commonly known as
TUPE) staff transfer
process affords
security businesses a
real opportunity to not
only benchmark
themselves, but also –
and more importantly
– engage people from
the outset. Why, then,
is it the case that, alltoo-often,
this
opportunity is lost?
Louise McCree
confronts the issue
62
www.risk-uk.com
During late September, I hosted a webinar
on the subject of ‘Recruitment,
Engagement and Retention Strategies for
the Security Industry’. The free-to-attend online
event was aimed exclusively at senior leaders,
Human Resources (HR) professionals and inhouse
recruitment specialists working for UKbased
companies (including ‘not for profit’
organisations). One of the areas discussed was
my strong conviction that a TUPE transfer
process is a golden opportunity for effective
personnel engagement.
However, it’s my view that, more often than
not, a TUPE transfer ends up being a wasted
opportunity. This could be in part due to the
sheer volume of transfers which occur within
the industry at any one time. As is the case with
most things, the more frequently something
occurs, the more likely it is that people become
complacent about the whole procedure. It’s
then also less likely that the TUPE process will
be seen as an exciting opportunity to make a
connection with new employees.
In those industries where TUPE transfers are
infrequent, I’ve found that the process is
treated with a great deal of respect. The staff
transfers are carefully planned and with great
attention to detail. Sufficient time is devoted to
the process. This ensures employees feel cared
for and looked after. Additionally, it provides
companies with a great way of gathering
information as well as ensuring employee ‘buyin’
from the outset. Finally, it gives the incoming
contractor an opportunity to complete a robust
check of all paperwork and ID documents (an
aspect of process control which is now more
important than ever in the security industry).
Ultimately, TUPE consultations provide
businesses with a moment to pause and listen
to their people. I’ve seen TUPE transfers
completed well, but I’ve also seen some which
were handled badly. The bottom line is that the
more time and effort invested at the beginning
of a TUPE process, the more respect will be
gained from those transferring. In turn, this will
promote better employee engagement.
Due diligence procedures
The due diligence process is often led by an
organisation’s operational or commercial team,
whereupon the focus is primarily on the
financial detail of the transfer (and perhaps
rightly so). Questions such as: ‘Which
contractual benefits are we obliged to honour?’
often arise. Sometimes, the response is: ‘Let’s
only offer what we have to’. It’s no wonder,
then, that some employees are inherently
suspicious of the TUPE process.
In addition, because non-contractual benefits
don’t have to be honoured, they’re often
removed as the business may not be able to
support them financially. It’s fair to say that not
all transfers proceed like this, but there’s no
doubt that the focus needs to shift back
towards the employees. We must recognise that
people are central to all of this. What may be a
relatively inexpensive and easy-to-maintain,
non-contractual benefit might be the very thing
that’s keeping a number of employees
motivated and engaged.
A one-to-one TUPE consultation is a chance
to ask the transferring employees what they felt
about the outgoing contractor and to highlight
any problems they had experienced. It also
affords businesses an opportunity to discover
what motivates the staff and whether there are
any favoured practices that they might be able
to continue. It’s an efficient method of
gathering ideas and suggestions of ways in
which matters could be improved. After all,
people on the front line are probably those best
placed to identify possible solutions.
What areas, then, should be considered
before, during and after a TUPE transfer?
Before the transfer process takes place,
decide which managers and senior leaders will

Security Services: Best Practice Casebook
need to be involved and then arrange to contact
them. Agree on how and when employees are
going to be informed and what messages are to
be delivered. Messages need to be
communicated sensitively as TUPE can be an
unnerving process for some employees.
When it comes to preparing for the transfer,
review employee liability information (this must
be received from the outgoing employer no
later than 28 days prior to the transfer). Book
consultations and allow plenty of time for oneto-one
meetings. Identify exactly who will
transfer. Consider your incoming team’s
uniform, equipment and supplies needs.
Don’t forget to include all those employees
who are not currently at work. For example,
those on maternity/paternity leave, long-term
sick leave or on holiday will all need to be
contacted and informed. Start the knowledge
sharing process. Review all ID documentation,
right to work certification and vetting
information in great detail.
For the transfer itself, appoint a
representative – ideally someone who will be
on site and available all day – to deal with any
queries or concerns. Make sure that the team
have all the relevant contact details (including
those for the Payroll Department, HR and their
respective line managers).
After the transfer process has actively
concluded, undertake an induction programme,
always ensuring that incoming employees both
understand and support the organisation’s
strategic direction. Ensure regular contact with
the site, and encourage new employees to
interact with existing teams in order to build
rapport and create a culture of inclusion from
the outset. In addition, consider establishing an
online survey to evaluate the success of the
transfer and gather information about the ways
in which the process could be improved.
Obligation to consult
The checklist mentions those who are absent
from work at the time when a transfer is taking
place. This is particularly relevant as a business
must ensure that it fulfils an obligation to
consult. Plans must be made to undertake
consultations with those who are away from
work, whether that’s over the telephone, by
writing to them or arranging to visit them –
either at home or at a neutral venue.
Of course, this assumes that they agree to
participate in the consultation process.
Employees, regardless of whether they’re
physically at work, are entitled to know and
understand what’s going on and the business
has an obligation to communicate with them.
In general, any employee who’s part of the
group which is about to transfer is protected by
the TUPE Regulations, including those
employees who are absent on
maternity/paternity or sick leave.
However, there are always exceptions to the
rule. In the recent case of BT Managed Services
Ltd versus Edwards we learned that an
employee who had been on sick leave since
2008 – and for whom there was no likelihood of
a return to work – was not part of the transfer.
The decision came down to the fact that Mr
Edwards hadn’t participated in (and wasn’t
expected to participate in) the economic
activity of an ‘organised grouping’ of
individuals. A person who’s not involved in the
performance of the work cannot be a member
of that group and, as such, isn’t assigned to it
and would not be subject to the transfer.
For its part, BT argued that Mr Edwards
should transfer and appealed the original
decision that he was not part of the ‘organised
grouping’. BT was unsuccessful with its appeal
in front of His Honour Judge Serota QC.
This case highlights the importance of being
very careful when identifying which individuals
are covered by the TUPE Regulations. Merely
looking at where an employee’s assigned will
not be sufficient in this process.
Terms and Conditions
One of the most common questions regarding a
TUPE transfer is: ‘Can I harmonise Terms and
Conditions?’ and, if so: ‘How soon?’. In the
majority of cases, any attempt to vary the
employment contracts of transferring
employees will be void as it’s normally
connected to the transfer.
Employers should also bear in mind that
having an employee’s agreement to a variation
isn’t enough. If the change is a direct result of
the transfer then it’s automatically void. There
are exceptions to this rule, namely that if a
variation is due to an economic, technical or
organisational reason then it may be justifiable.
An example of this might be the introduction of
obligatory new technology as it could result in
fewer employees being required on site.
However, an employer must be able to
demonstrate a genuine business reason for any
variation. The employer should always ensure
it’s fully aware of the potential risks before
proceeding with any kind of harmonisation.
Louise McCree MCIPD:
Founder of effectivehr
“After the transfer process has actively concluded,
undertake an induction programme, always ensuring that
incoming employees both understand and support the
organisation’s strategic direction”
63
www.risk-uk.com

Stopping Persistence From Paying Off
According to global
technology
association ISACA,
74% of organisations
believe they’ll be
targeted by an
Advanced Persistent
Threat at some point,
but only 67% state
that they’re ready to
respond to such an
occurrence when it
does happen. Daniel
Driver offers salient
security advice for
professionals looking
to prevent cyber
criminals’ continued
efforts from paying off
An Advanced Persistent Threat (APT) is a
general name for malware that remains
resident within a network, harvesting data
over a prolonged period of time without
detection by security software. Typically, an APT
may initiate by using techniques such as social
engineering, causing a user to inadvertently
install an exploit on their device. However, an
APT could also manipulate a device from
outside the organisation’s network. If this is
initiated by the user, it’s more likely to subvert
the malware protection mechanisms typically in
place on a given network.
Once network access is gained, the threat
will elevate its level of access to systems and
data, while covering its tracks to minimise the
likelihood of detection. It’s at this point that the
malicious actor has access to all necessary
systems and can begin the intended task(s).
These follow-on stages of the attack could
consist of outbound communications with a
Command and Control server to receive
instructions, perform reconnaissance and
exfiltrate data that’s valuable to the attacker.
APTs blend into background network activity,
making them difficult to identify as malicious
behaviour individually. However, when these
behaviours are correlated together, they begin
to build a picture of suspicious activity over
longer periods of time. For example, periodic
Domain Name Service look-ups to Domain
Generation Algorithm-style addresses, followed
by the transfer of data outside of the network,
would be a potential indication that some form
of persistent threat is operating, whereas none
of these behaviours individually are necessarily
identified as a threat.
To detect this type of activity, an organisation
needs good visibility of its network and control
of the configuration. An APT will likely be ‘less
noisy’ than most malware as they’re often
designed specifically for a particular network
and organisation, rather than a less
sophisticated attack deployed to infiltrate a
mass target list. There may be evidence of
authentication failures, or user accounts being
accessed across multiple devices, as well as
unusual internal communications where
privilege escalation is being attempted,
perhaps alongside unusual outbound sessions
and the egress of key data.
Correlation of multiple behaviours and data
sources can be used to identify activities of
interest. However, depending on the
sophistication of the attack, detection may be
very difficult as an attacker might be using their
‘best tools’ to exploit devices and access data.
Plugging the cyber gap
Education is always key to making employees
aware of the risks associated with clicking on
links or downloading attachments. Security
teams must also understand their risks in the
domain and the APT groups that are likely to
attack. Understanding the tactics, techniques
and procedures used to attack a network will
allow for best preparation in terms of defence.
Enterprises must ensure that the basic
security measures are in place, such as making
certain of adequate patch management, user
access controls, user training and tight
management of devices connected to the
network. Enterprises must then assess their
security risk and what level of security maturity
they need, both from a risk/cost perspective
and a policy perspective.
There are many tools available to ensure that
an enterprise can achieve all the visibility
necessary to monitor the network and the data
that resides within it. However, it’s important
not to let this result in too much information
generating a substantial data monitoring
problem, whereby it’s then impossible to find
the proverbial needle in the haystack.
It’s important to move to an active defence
methodology by monitoring all behaviour on a
64
www.risk-uk.com

Cyber Security: Advanced Persistent Threats
network and having the right tools to pinpoint
the signal from within the network noise. It’s
therefore unlikely that you’ll be able to identify
the APT by performing simple host-based
analysis, since that’s the sort of security APT
attacks are specifically designed to bypass.
Neither may a standard firewall at the
perimeter and anti-virus software on the
endpoint be sufficient to detect APT activity,
especially so if these are threats that haven’t
been seen before. The addition of network
behavioural monitoring to complement these
more traditional security tools provides a
means for detecting ongoing behaviours, even
if they’ve bypassed these other defences.
Blended security architecture
Having a blended security architecture such as
this ensures that, even in the event some
security layers are subverted, a backstop is in
place to prevent ongoing damage. No network
will be 100% secure. It’s vital that, in the event
an APT is present on your network, you’re able
to clearly see when and where it’s active such
that you can take the necessary remedial steps
with the minimum amount of disruption.
Given that APTs are designed to be
persistent, if you’re performing long-term
analysis and correlation it’s possible to identify
the behaviours associated with the APT in order
to prevent it from causing real damage.
Defences should be regularly tested to
ensure that an attacker cannot gain access and
also to make certain that the security tools
employed are identifying the attack in progress.
Business continuity procedures should also be
regularly reviewed and exercised. Consider all
options of an attack and have measures in
place to identify, limit and remove the threat,
recover quickly from the episode and limit
service interruption for the business overall.
APTs are evolving to become more stealthy,
for example by cleaning up any event logs that
have been made by operations performed.
They’re also often aware of virtual machines, so
sandboxing techniques are now proving to be
less effective. APTs tend to use any resources
that they have available on the exploited host
in order to reduce the ability of detection.
This applies to any attack, whether it be from
an APT or mainstream malware, as they’re
always developing to ensure they remain
undetected on a network or device for as long
as possible. File-less malware has become
more prevalent of late, meaning that existing
security solutions watching for evidence of
exploit from activities such as malware
installation on to the hard drive and/or registry
changes are no longer detecting occurrences.
“Defences should be regularly tested to ensure that an
attacker cannot gain access and also to make certain that
the security tools are identifying the attack in progress”
Many APTs are aimed at highly sophisticated
organisations with advanced security, meaning
that gaining ‘legitimate’ access through
techniques such as social engineering or
credential theft are a ‘must’ for them. For
example, it’s often the case that users re-use
passwords which may be exposed in unrelated
data breaches. Attackers can then employ them
to gain access to the network.
There’s no magic trick to shortcut the
detection of APTs, and don’t assume that APTs
are going to be detected in a short timeframe,
either. It can often take a significant amount of
time, resources and tooling to identify the
threat and then perform the forensics needed
to understand what actually happened.
Technology developments such as the Cloud
and BYOD add convenience to an organisation,
but at the potential risk of security. Steps can
be taken to secure sensitive data such as
issuing secured devices and making sure some
areas of the network are ‘air-gapped’.
Some enterprises react to the threat by
installing the most advanced and expensive
tools, without fully understanding what they
offer and how to use them effectively. Equally,
enterprises may install tools simply to meet
policies and ‘tick the box’. It’s always the case
that an organisation should implement a
strategic and measured approach to security.
Persistence can pay off when trying to gain
access to a network, and it’s likely that
someone who’s determined to break in will
almost certainly be successful in doing so.
Organisations must architect a network to
minimise the impact should a breach occur.
Have a backstop in place. Should the APT
make it through your primary and secondary
security defences, its time on the network and
resulting damage can be limited. Network
behavioural monitoring can play a vital role
here. The staged and covert nature of APTs
means correlation of behaviours over time is
critical in their identification and isolation.
Using more traditional network security tools to
deliver anomaly detection or using the latest
reputation feeds are helpful, but they will
certainly not be enough to allow you to identify
the threat and reduce your exposure.
An educated approach to security is crucial,
ensuring Best Practice is in place such that all
networks, endpoints and services are secure
and all end users suitably trained.
Daniel Driver:
Head of Perception Cyber
Security at Chemring
Technology Solutions
65
www.risk-uk.com

Board Members: Adopt Cyber Security
Training to Reduce Enterprise Risk
victim to divulge sensitive personal information
such as corporate log-ins.
Often, the user may never suspect they’ve
been caught out, but with their stolen log-ins,
or thanks to the malware they’ve accidentally
installed in the background, hackers may gain
access to the corporate network. From there,
it’s a short hop to customer data stores, highly
sensitive IP information and trade secrets.
It’s worth noting here that phishing attacks
are on the rise as user training continues to fail.
Verizon claimed earlier this year that the tactic
was present in a fifth (21%) of data breach
attacks in 2016, which is up from just 8% of
attacks the previous year.
A recent UK
Government study
found that over twothirds
(68%) of FTSE
350 Board members
haven’t received any
training to be able to
deal with cyber
incidents. They should
be in no doubt that
effective training is
absolutely vital to
ensure risk
management regimes
are fit-for-purpose,
turning the
organisation’s
weakest link – its staff
– into a strong line of
defence. Alan Levine
examines the subject
The discovery that so few FTSE 350 Board
members are well-versed in the discipline
of cyber security is concerning news.
Senior management are very often picked as
targets for cyber attack and fraud themselves.
Without having engaged in any form of cyber
security training, it’s unlikely these senior
decision-makers will recognise the inherent
value in training and awareness instruction for
all their members of staff.
Board members need to understand exactly
what’s at stake here, then ensure any resulting
training programme produces the desired
behavioural changes. Technology and policy
will only go so far. In the real world, effective
risk mitigation demands employees that know
how to deal with cyber incidents.
Why is cyber security training so important?
Just take a look at the threat landscape. Today’s
organisations face an unprecedented variety
and volume of cyber attacks, privacy challenges
and fraud attempts. Most take advantage, in
some way or another, of gaps in user
awareness and understanding.
Take phishing, for example. This is a triedand-tested
tactic in which victims are usually
sent e-mails spoofed to appear that they
emanate from a trusted source. They either
contain a malicious attachment or link, which
the user is socially engineered into clicking on
or opening, or else e-mails can persuade the
Open to compromise
Then there’s Business e-Mail Compromise
(BEC). This is a relatively new threat requiring
zero malware. It’s basically a giant con trick in
which a cyber criminal e-mails a member of the
finance or accounts payable team and typically
pretends to be the CEO or the CFO. They usually
spoof the sender’s e-mail address to make the
message more convincing, requesting that the
recipient transfer a large sum of corporate
funds to a third party bank account.
Due to the fact that such attacks don’t
involve malware, there’s little that traditional
cyber security tools can do to block them.
Instead, business leaders are reliant upon their
staff to remember their training – if they’ve
been given any – and raise the alarm.
It sounds easy to spot, but the FBI reckons
that firms lost over £4 billion to BEC attacks
between October 2013 and December 2016.
We’ve also seen a surge in ransomware over
recent years, with Trend Micro alone blocking
82 million such threats in the first half of 2017.
This threat also typically arrives in the form of
unsolicited e-mails. All it takes is a misplaced
click from an untrained employee to infect the
entire network, potentially causing service
outages and impacting staff productivity.
The global WannaCry and NotPetya attacks in
May and June of this year even hit big name
firms with large cyber security budgets, in turn
showing that no organisation is 100% safe from
harm. Interestingly, British consumer goods
giant Reckitt Benckiser recently admitted that
NotPetya may yet cause £100 million in losses
as it interfered with the firm’s manufacturing
and distribution systems.
66
www.risk-uk.com

Training and Career Development
First comes the mistake
Major breaches and security incidents like this
often stem from user mistakes brought about
by a lack of training and expertise. They expose
the victim organisation to the risk of
diminished share price and revenue, brand
value and reputation, competitiveness and, of
course, security.
Verizon claimed that “errors” led to 14% of
breaches last year, but that 81% of hackingrelated
incidents were the result of stolen or
weak passwords. Good password management
is another cornerstone of any effective cyber
security training programme.
The Information Commissioner’s Office (ICO)
has good visibility into the impact of human
error. Its most recent statistics show a 20%
increase in data e-mailed to the incorrect
recipient and a 32% increase in failure to redact
data. Separate research has revealed that
nearly half of all breaches reported to the ICO
during 2013-2016 arose as a direct result of
human error by members of staff.
It resulted, for example, in a major privacy
breach at Dyfed-Powys Police in Wales last year
when a member of a local community scheme
was accidentally e-mailed the personal details
of eight local sex offenders by an officer. That
one misplaced click led to a £150,000 fine for
the force. Another cost that it will now have to
absorb alongside ongoing public sector cuts.
Biggest-ever breaches
Phishing attacks designed to trick employees
into handing over their log-ins or downloading
malware have been responsible for some of the
world’s biggest-ever data breaches.
These include the 2014 attack on Sony
Pictures Entertainment, where hackers sent
fake Apple ID verification e-mails to some of the
firm’s top executives. With these credentials,
and information available on LinkedIn, the
criminals managed to ‘guess’ their way into the
Sony network because several victims had used
the same password for their Apple and
corporate log-ins: a classic mistake made by
poorly-trained employees.
The result was a disaster for the firm, both in
terms of the estimated $35 million spent on
repairing its IT systems from the destructive
malware attack and the PR fall-out from leaked
internal e-mails criticising several Hollywood
stars, which eventually led to the resignation of
co-chairman Amy Pascal.
In short, Sony Pictures Entertainment
exposed itself to unnecessarily huge
reputational and financial risks thanks to
mistakes by senior executives which effective
training may well have remedied.
“The global WannaCry and NotPetya attacks in May and
June of this year even hit big name firms with large cyber
security budgets. No organisation is 100% safe from harm”
Preparedness begins with awareness.
Computer users need to know what’s right
before they can do what’s right. From the shop
floor to the Boardroom, from the trainee to the
CEO, everyone must understand the risk,
acknowledge their part in cyber defence and be
trained to respond when it matters most. These
efforts must flow from the top down.
Effective cyber training
What, then, does an effective cyber security
training programme look like?
Every organisation is different so there’s no
one-size-fits-all template that works here.
However, a good place to start is to baseline
current levels of awareness such that you know
the scale of the task in front of you.
Essentially, you need a training platform
which teaches users via real world scenarios,
and one that offers a high degree of
customisation such that you might then
immerse staff in a variety of situations.
Keep lessons short and highly focused: 15-
minute sessions staggered at multiple times
throughout the year will educate without
overwhelming and provide immediate and
practical feedback. Given that the threat
landscape is constantly evolving, this
continuous learning approach is the perfect fit.
It also works well in industry sectors like
healthcare and finance, where busy staff might
well have unpredictable schedules.
In May 2018, two pieces of legislation from
Brussels will result in most – if not all – UK
organisations being required by law to
implement some form of cyber security training.
Given that the maximum fines for noncompliance
within the EU’s General Data
Protection Regulation and the NIS Directive are
likely to be £17 million or 4% of global annual
turnover, this should focus the minds of Boardlevel
executives up and down the country.
Don’t wait for the new regulations to take
hold. Effective training always has and always
will be Best Practice when it comes to
mitigating cyber-related risk. After all, it’s not a
case of ‘If’ your organisation is going to be hit
by a cyber attack, but rather ‘When’.
Leadership can be sensitised to crucial cyber
issues in the same way that end users may be
sensitised to behave and react safely. The key
here is education. Raise cyber awareness and
then you can begin to raise the cyber bar.
Alan Levine: Security Advisor
to Wombat Security
67
www.risk-uk.com

Risk in Action
The Axis Academy
partners with GOSH to
provide specialist
First Aid training
The Axis Academy is now
working with Great Ormond
Street Hospital (GOSH) to
deliver First Aid training
courses for the latter’s Young
People’s Forum (YPF).
The YPF was set up for
patients, ex-patients and
siblings of patients who’ve
been looked after at GOSH and a number of other hospitals around the UK,
including Birmingham Children’s Hospital. It’s designed for 11-to-25 year-olds
who want to have fun, meet new people and learn new skills, with one of the
skills on offer this year being a First Aid/CPR course delivered by The Axis
Academy. The first training day took place on Saturday 14 October.
The First Aid session was developed by the dedicated training team at The
Axis Academy. The company also delivers a number of accredited First Aid
courses through one of the UK’s Awarding Organisations, namely Qualsafe
Awards, ensuring both quality and formal recognition of learning.
Duaine Taylor, head of learning and development at The Axis Academy, told
Risk UK: “The YPF aims to further the enjoyment and skills of young people
connected to GOSH and many other children’s hospitals throughout the UK, and
we’re very pleased to have been chosen to help with this worthwhile cause.”
The Axis Academy is already helping to develop the careers of Axis Security,
Acuity and Axis Cleaning and Support Services employees by delivering an
extensive range of courses. In partnering with GOSH, it’s furthering its goal of
offering services to clients, third party providers and private individuals alike.
In addition to First Aid, other courses provided by The Axis Academy are
categorised under the fundamentals of Customer Service, Fire Safety, Health
and Safety, Security and Supervisor/Management.
More sector-specific courses are tailored within each of these categories, for
example Control and Restraint and Food Hygiene.
Delta Security installs Salto access
control system at Gesher School
Delta Security is ensuring the safety of pupils
and employees at the recently-opened Gesher
School with the installation of a sophisticated
Salto access control and ID pass system.
Based in North London, Gesher School is an
independent primary school that caters for
Jewish children with special educational needs.
It’s entirely funded by way of charitable
donations, and currently has ten children who
receive specialist care from two teachers, five
teaching assistants and four therapists.
The Salto access control solution provides
secure and convenient day-to-day access for
authorised users, and enables school staff to
print temporary ID passes for additional staff
and visitors as required. The system’s easy-touse
software is capable of granting and
restricting access to personnel according to
their authorised areas and duration of visits.
The school shares its site with another local
authority children’s programme so it’s
particularly important that it’s able to restrict
access and have a reliable system at all times
to ensure members of staff know exactly who’s
on site at any given moment.
Gianna Colizza, head teacher of Gesher
Primary School, stated: “The most important
thing for us is to ensure we’re doing everything
we can to safeguard our children.”
LSO selects Advanced protection
for ‘Discovery’ programme
LSO St Luke’s, home of the London Symphony
Orchestra’s (LSO) community and education
programme ‘Discovery’, is now protected by
fire panels from Advanced.
LSO St Luke’s is an 18th Century Grade I-
listed Hawksmoor Church located in the
London Borough of Islington. The church,
which features an unusual obelisk spire,
opened in 1773 and was deconsecrated in
1959 due to subsidence. It lay derelict for
almost 40 years before being brought back to
life in 2003 as the new rehearsal space and
education centre for the LSO.
Upgrading of the fire system was
undertaken by the team at Sussex-based
Crays Fire, who selected the latest Advanced
MxPro 5 panel due to its versatility, reliability
and upgradeability.
Paul Woodhams of Crays Fire commented:
“We were responsible for the original
installation at LSO St Luke’s during its
renovation and, when it came to replacing the
panels, we were confident that the MxPro 5
panel would deliver the specific cause and
effect programming required for this system,
with the flexibility to add further key switches
and inputs to the control panel in the future.”
MxPro offers end users a choice of two
panel ranges, four detector protocols and an
open installer network that enjoys free
training and support. MxPro panels may be
used in single loop, single panel format or
multi-loop, high-speed, 200-panel networks.
68
www.risk-uk.com

Risk in Action
ievo provides biometric access
control to protect state-of-the-art
Security Monitoring Centre
West Midlands-based security expert Cougar
Monitoring has ensured the security of its
own state-of-the-art Monitoring Centre
thanks to the installation of biometric
fingerprint readers from ievo.
Cougar Monitoring’s alarm and CCTV
Operations Centre in Cradley Heath is fullystaffed
on a 24/7 basis by highly-trained and
experienced individuals who provide live
security surveillance and rapid deployment
of mobile response units and notification to
the Emergency Services to ensure the safety
of people and property nationwide.
Specified by Securenett, the security
system also required different levels of
access due to the confidential nature of
several clients’ businesses such that only
authorised personnel with appropriate
permissions could access the different areas
and equipment.
Cougar Monitoring stipulated an
alternative system to traditional card and fob
entry control due to concerns that secondary
credentials can be lost, stolen or shared and
needed a solution that would prove to end
user clients their systems and facilities
operate to the highest security standards.
The solution combines ievo fingerprint
readers with Paxton’s Net2 access control
system for full biometric access control.
CPNI-approved ievo ultimate readers are
employed at external access points, while
micro units provide internal access control
points throughout the building.
Designated operational areas of the
facility are given different access zones.
Employees working in different areas have
all been assigned the required access
permissions applicable to the different zones
controlled by ievo fingerprint reader
identification points.
Furthermore, ievo desktop registration
units are kept on site to allow for new
registrations to be made when required.
Chubb’s Advisor Management solution takes care of fire and
security software upgrade at Coleg Menai
Chubb Fire & Security is helping Welsh further education college Coleg Menai
to further protect students, staff and property by upgrading the client’s fire and
security management software.
Chubb’s Advisor Management software manages and controls 18 panels at
the college’s Bangor Campus and two main sites in Holyhead and Llangefni. It
provides one single interface for fire detection, intruder alarm, access control
and CCTV system management.
“Initially, we approached Chubb regarding panel upgrades,” said Andy
Tomlinson, estates services officer for Coleg Menai, “but on further discussion
with our Chubb account manager and a consultation period with our tech
teams, it was decided that the Advisor Management software would provide
significant efficiencies to the way we manage our fire and security systems.”
The software can be accessed remotely and by more than one operator at a
time, in turn providing facilities management teams with a reliable, efficient,
responsive and powerful system.
Alarm management is combined with live video to give immediate visibility to
any alarm activation. Intruder alarms include live and recorded video to track
the whereabouts of an intruder. As a fully-integrated system, if an alarm is
triggered, lights can be turned on, sounders activated and access granted or
restricted from any connected device.
“Any authorised member of our
team now has access to all systems
and site plans at the touch of a
button, rather than having to switch
between programmes,” explained
Tomlinson in conversation with Risk
UK. “The live video stream in the
corner of the screen is also extremely
useful for verification purposes.”
UK’s largest Public Space Surveillance scheme celebrates
fourth anniversary of successful operations
The Glasgow Operations Centre (GOC) represents the biggest integration of
systems within the Technology Strategy Board’s Future Cities project, involving
as it does the integration of Public Space Surveillance CCTV, urban traffic
management and the city’s civil contingencies.
The GOC was operationally live in 2014 in time to support the management of
the Commonwealth Games and provide comprehensive security surveillance for
the city. Nearly four years on, the Glasgow City Council-operated system is
paying back its Return on Investment, assisting the authorities and the police
service to effectively manage everyday situations across the city.
“The initial contact with Glasgow City Council came from a demonstration of
360 Vision Technology cameras at IFSEC International 2013,” said Adrian Kirk,
director of strategic accounts at 360 Vision Technology. “We were then invited
to discuss the camera project’s requirements and objectives.”
Following on from the Glasgow scheme being awarded central Government
funding, 360 Vision Technology supplied over 500 HD Predator all-in-one PTZ
cameras. The cameras were installed in
and around the city centre, with over 65
being deployed for traffic monitoring
and fitted to community safety vehicles.
Some cameras were supplied with a
built-in LED white light option to enable
Control Room operators to be proactive
when dealing with certain incidents.
69
www.risk-uk.com

Technology in Focus
BS 5839-1:2017 revision recommends protective covers for all
Manual Call Points
In its recent revision of BS 5839-
1:2017 Fire Detection and Fire Alarm
Systems for Buildings – Code of
Practice for the Design, Installation,
Commissioning and Maintenance of
Systems in Non-Domestic Premises, the British Standards Institution
recommends (in Section 20.2b of the update) that: “All manual Call Points
should be fitted with a protective cover, which is moved to gain access to the
frangible elements.”
The changes come after the Fire Industry Association’s Fire Detection and
Alarm Council presented its own recommendations for changes to BS 5839-
1:2017 to the BSI following findings showing that a shocking 44% of Fire and
Rescue Service call-outs turn out to be for false alarms.
All manual Call Points placed in vulnerable areas and prone to false
activations should now be protected, without the need for end users to consult
with their designated fire safety officer.
Safety Technology International (STI) supplies a range of protective covers,
from integral covers through to sounder models.
www.sti-emea.com
GJD launches Clarius PLUS IP LED
illuminator range
GJD has announced the launch of the
company’s all-new Clarius PLUS IP Infrared
and white light LED lighting range for
networked-based security applications.
The range provides dedicated lighting for
IP cameras via Power over Ethernet,
providing a smart and integrated lighting
solution. All models feature the latest dual
core surface mount LEDs with enhanced
optical output and an interchangeable lens
diffuser system to deliver “extremely clear”
night-time images with no hot spots.
Keith Fenwick, CCTV lighting director at
GJD, commented: “The Clarius PLUS IP range
provides all the advantages of the standard
Clarius, but with added secure IP technology
for smart integration.”
www.gjd.co.uk
Hanwha Techwin and TDSi
technology partnership enhances
value of access control and video
surveillance solutions
Video surveillance specialist Hanwha
Techwin and access control expert TDSi
have successfully integrated Wisenet SSM video management
software (VMS) with the EXgarde PRO Access Management PC
software application.
The integration has been achieved via a transaction server module which is
part of the Wisenet SSM VMS solution and links access control activity with
related video captured by Wisenet cameras. Any unauthorised individual
attempting entry into a sensitive area of a building will, for example,
immediately generate an alert and display images of the incident on a Control
Room video wall or spot monitor.
Other possible actions include the triggering of nearby PTZ dome cameras to
commence a pre-configured tour of the surrounding areas to enable operators
to have a complete understanding of what may be happening and the display
of the respective access control point on a map of the building.
EXgarde PRO is a fully-featured Access Management PC software application
which can be used to control one door at one site with just a small number of
users through to thousands of doors at multiple sites with thousands of users.
It’s designed to seamlessly integrate the many aspects of a security and
building management system using a single database and a single user
interface. These include fire, intrusion, building automation and management,
Active Directory and biometric technologies as well as video surveillance.
Wisenet SSM has been developed by Hanwha Techwin to ensure end users
achieve maximum benefit from the comprehensive range of Wisenet IP network
cameras, recording devices and servers, while also facilitating integration with
third party systems such as access control and intruder alarms. It also supports
the specialist analytics Apps which can be run on Wisenet cameras.
www.hanwha-security.eu
Genesys Enterprise ISMS
technology introduced by
Intergrated Security Manufacturing
Intergrated Security Manufacturing (ISM) has
introduced an Enterprise version of its proven
Genesys integrated security management
system (ISMS). Already deployed within the CNI
sector, the new ISMS offers users “unparalleled
scale, redundancy and ease of use”.
As an enhancement of the existing Genesys2,
the Enterprise version has been developed with
the largest organisations in mind. Genesys is
fully-scalable to manage and control multiple
sites from a single Control Room.
www.ism-uk.com
70
www.risk-uk.com

Technology in Focus
Compact four-channel DR-1204P
NVR developed by IDIS
IDIS has launched is latest NVR. Designated the
DR-1204P, the company states that the new
model is packed with an array of essential and
easy-to-use features.
The DR-1204P supports up to 5 MP HD
recording and one month’s footage retention
and uses the IDIS Intelligent Codec to deliver
“significant savings” on bandwidth and storage,
particularly when used with Motion Adaptive
Transmission, in those areas where there’s little
to no motion and out of hours.
In addition, IDIS DirectIP solutions reduce the
burden of implementation and training time,
while ensuring lower maintenance and energy
costs and an extended product lifecycle.
The new four-channel NVR also comes with
totally cost-free video management software,
IDIS Center and mobile Apps. This means
absolutely zero licensing costs without any
ongoing service or maintenance fees.
Dr Peter Kim, senior director at IDIS,
informed Risk UK: “The DirectIP DR-1204P Full-
HD NVR is the very embodiment of our
longstanding commitment to meet ‘any
surveillance need of any size’.”
www.idisglobal.com
Todd Research brings to
market TR15 + Smart Scan X-
ray scanner with “big
detection capabilities”
The latest generation TR15 + Smart
Scan cabinet scanner from Todd
Research signifies “a new benchmark”
for threat detection and image
management in compact cabinet
scanners. At the heart of the TR15-CT4
is a completely new software platform
for functionality management and an
intuitive user interface delivered via a
22” touch screen monitor.
A high quality digital camera and
enhanced X-ray generator deliver
superior image quality for greater
detection. The user-friendly touch
screen interface provides easy access to
all enhancement tools, thereby enabling
rapid image processing.
Thanks to a three-point density alert,
system operators can define the elements of
a suspect device, such as metal components
including detonators and batteries.
The Enhanced Powder Detection software
also allows greater recognition of powderbased
and bio threats.
Images are stored locally on an automatic
basis or on an external hard drive for easy
reference and verification. For the end user,
‘one-touch’ e-mail functionality enables the
streamlined escalation of potential suspect
images to security professionals.
www.toddresearch.co.uk
Extended Power over Ethernet
cameras cover new distances
thanks to Dahua Technology
Dahua Technology has launched a range of
extended Power over Ethernet (ePoE) cameras,
network switches and network recorders that
enable integrators to go beyond the usual
transmission distances.
Dahua ePoE IP products support up to 800
metres between camera and network switch or
NVR. This solution overcomes the limitations
of traditional Ethernet and PoE, which restrict
cable runs between network ports to 100
metres. This eliminates the need for Ethernet
extension units and intermediate repeater
network switching.
These new products are ideal for seamless
analogue-to-IP migration involving IP video,
audio, control and power transmission over
coax cable using an ePoE-BNC adaptor. The
extended PoE transmission
achieves distances of 800 metres
at 10 Mbps/13 W or 300 metres
at 100 Mbps/25.4 W.
Dahua has developed a wide
selection of cameras using the
new approach, covering
resolutions from 1080P to 4K and
in many formats, including box,
bullet, dome and eyeball models.
Integrators and their end user
customers also benefit from the
company’s varifocal and fixed
lens types, which meet most
project requirements.
The ePoE Series has been
developed from Dahua’s 3.0 portfolio and
inherits class-leading functionality, including
Smart Video Detection (tripwire, intrusion and
abandoned/missing detection).
www.dahuasecurity.com/uk
71
www.risk-uk.com

thepaper
Business News for Security Professionals
Pro-Activ Publications is embarking on a revolutionary
launch: a FORTNIGHTLY NEWSPAPER dedicated to the
latest financial and business information for
professionals operating in the security sector
The Paper will bring subscribers (including CEOs,
managing directors and finance directors within the
UK’s major security businesses) all the latest company
and sector financials, details of business re-brands,
market research and trends and M&A activity
FOR FURTHER INFORMATION
ON THE PAPER CONTACT:
Brian Sims BA (Hons) Hon FSyI
(Editor, The Paper and Risk UK)
Telephone: 020 8295 8304
e-mail: brian.sims@risk-uk.com
www.thepaper.uk.com

Appointments
Paul Barnard
Ward Security has
appointed Paul Barnard in
the role of security, risk and
mitigation director. In this
newly-created role, Barnard
will be actively involved in
security risk assessment
and management as well as
the design of effective client
contingency planning.
Barnard has spent the last 27 years working
for the City of London Police and was latterly
Detective Chief Superintendent for the Crime
Directorate where he served as head of serious
and organised crime investigations.
During his time with the City of London
Police, Barnard operated at the highest level,
establishing key relationships with senior policy
advisors, briefing ministers and working with
officials at the Home Office. He has also been at
the forefront of delivering new and proactive
solutions to crime and, for the last four years,
has been involved in the creation of national
security strategies designed to mitigate,
prepare for and protect against terrorism.
Barnard will now work alongside the
operations team, taking up his duties in January
2018. In his new position at Ward Security,
Barnard aims to ensure the implementation of
cost-effective and efficient measures configured
to protect the personnel, assets and reputation
of clients’ businesses, focus on planning,
designing and implementing overall security
risk management processes and also immerse
himself in the detail of client contingency
planning procedures.
David Ward, CEO at Ward Security, informed
Risk UK: “Paul’s knowledge of counter-terrorism
and security will ensure that we continue to
deliver the best solutions for our clients.”
David Smyth
ASSA ABLOY Access Control has strengthened
its team by appointing a new regional sales
manager and business development executive.
As regional sales manager, David Smyth will
be responsible for identifying and qualifying
new sales channels, developing and
integrating new OEM partners, providing
support to systems integrators and
strengthening all working relationships with
the company’s existing customers.
Smyth was appointed as a technical
engineer in October 2016 and responsible for
managing technical enquiries and resolving
issues for customers. He also led training
courses highlighting Best Practice and
Appointments
Risk UK keeps you up-to-date with all the latest people
moves in the security, fire, IT and Government sectors
John Houghton
Elmdene International – a supplier of electronic
products to the CCTV, access control and fire
sectors for over 50 years – is pleased to
announce an addition to the business that
completes the company’s UK sales team. John
Houghton has joined as regional sales manager
tasked with looking after Northern UK.
Houghton will be leading Elmdene’s growth
within the region by continuing the delivery of a
first class service for both new and existing
customers. Houghton comes to Elmdene with
over 20 years’ experience in the UK’s security
industry having worked in sales and business
development management positions focused
around the distribution and integration of
intruder and access control products.
Sharon Ramsay, general manager at Elmdene
International, said: “Customer service and
growing our business is the core focus of
everything that we do. John brings a wealth of
experience from the industry to support that
focus, further adding to the skills and
knowledge of our existing sales team. His
appointment means that we now have a
dedicated focus in the North of the UK. I know
John will be a great asset to Elmdene.”
Speaking about his new role, Houghton told
Risk UK: “I’m delighted to be joining Elmdene.
Having worked with Elmdene’s products for a
number of years, this is a great opportunity to
join the team at an exciting time. I’m looking
forward to working with the customer base.”
addressing common industry challenges for
the division’s extensive OEM network and
system integrator database.
“I’m thrilled to have been recognised for my
work,” said Smyth, “and I’m looking forward to
taking on new responsibilities as part of the
sales team as well as applying my expertise at
a higher level.”
In parallel, Claire Jones’ appointment as
business development executive for the
company will see her supporting and further
developing strategic working relationships
with the division’s current partners.
Prior to her promotion, Jones worked as a
marketing assistant for ASSA ABLOY, helping
to deliver the group’s marketing activities and
implement marketing strategy.
73
www.risk-uk.com

Appointments
Paul Atkinson
Evolution, the integrated security and fire solutions
business, has appointed Paul Atkinson as technical sales
engineer to support the company’s commercial team in
further growing the business within key sectors.
Atkinson harbours extensive experience of intruder, fire
and CCTV systems, most recently gained within the
pharmaceuticals industry. He originally trained as a
carpenter and joiner before studying for a City & Guilds
Electrical Engineering qualification that resulted in a 23-
year career in the electronic security industry.
“Systems integration can be a challenge,” explained Atkinson, “and
especially so when integrating separate technologies into the final proposal.
Once we’ve engineered a solution, we have to know that the theory works in
practice before presenting it to the end user customer.”
Reporting to business development manager Russell Loneragan, Atkinson
joins Evolution following the recent launch of its new Evolution Design Division
that supports third parties and consultants with their design projects.
“Every question is a challenge, but I’m confident we can answer each of them
as a team,” stated Atkinson. “Between us, we have specialist knowledge of i-
LIDS, CNI and ATEX for dealing with the most hazardous environments.”
Mark Douglas
Texecom is pleased to
announce the
appointment of Mark
Douglas as sales director
for the Haslingden-based
electronic security
solutions specialist.
Douglas joins Texecom
direct from Pareto Law,
where he was responsible for the orchestration
and delivery of a range of sales training and
development programmes.
Prior to his role at Pareto, Douglas held
senior sales director remits with HRS UK,
American Express and the UK Post Office.
Douglas holds a degree in Economics from
the University of Liverpool.
Commenting on Douglas’ appointment, Jim
Ludwig (Texecom’s managing director)
explained to Risk UK: “Mark’s experience of
developing sales team talent, proven success in
developing new sales markets and channels
and his fresh perspective will help Texecom
meet the business’ overriding goal of adding
value for our customers above that which is
expected of traditional intrusion systems.”
Texecom protects people and property
throughout the world. An award-winning, UKbased
manufacturer, Texecom’s product
portfolio includes a complete range of security
motion detectors, control equipment, perimeter
protection devices, fire detectors, signalling
devices and wireless peripherals.
Texecom incorporates Klaxon Signals, the
business that produces audio-visual warning
devices for the fire protection sector.
Alex Rumsey
Integrated security
manufacturer TDSi has
appointed Alex Rumsey
as director of UK sales.
Rumsey’s promotion sees
him take on the new role
having previously served
as channel partner
manager at the Poolebased
company.
Reflecting on the promotion, TDSi’s managing
director John Davies commented: “We’re very
excited to announce Alex’s appointment to this
critical role. It’s a promotion that’s very well
deserved. Alex has proven time and again that
he has the expertise, ability and dedication to
successfully promote TDSi’s products and
services to the UK market. He’s the perfect
person to steer our continued growth plans.”
Commenting on his promotion, Rumsey told
Risk UK: “I’m delighted to be taking on the
senior sales role for the UK. The domestic
market is a key region for us. There are huge
opportunities for TDSi to grow and expand here
in the UK and I’ll be looking to focus our team
fully on these, as well as supporting our
existing customers and partners.”
Etienne Ricoux
Fire protection systems
specialist Advanced has
appointed Etienne
Ricoux as the
company’s new head of
sales. Previously
Advanced’s regional
sales manager for
Europe, Ricoux will now
oversee sales across all of Advanced’s
territories outside of North America.
Commenting on the appointment,
Advanced’s managing director Ray Hope
explained: “I’m delighted to announce
Etienne’s appointment. We interviewed some
very strong candidates from both within the
business and externally, but Etienne’s
experience and success in export across
different fire sectors, as well as other high
value industries, was one of the deciding
factors involved.”
Ricoux himself stated: “I’m absolutely
delighted and very proud to become head of
sales for the business. Advanced is a great
company with a superb team that’s driving
growth across international markets. Our
strategy is well defined and I now very much
look forward to developing both existing and
new regional partnerships.”
74
www.risk-uk.com

“
You have to be here if you want
to be regarded as a key player
in the security market.
“
27,658
visitors from
116 countries
79%
of visitors come to
source new products
£20.7bn
total budget of
visitors to IFSEC 2017
Enquire about exhibiting at IFSEC 2018: ifsec.events/international
Proud to be supported by:

Best Value Security Products from Insight Security
www.insight-security.com Tel: +44 (0)1273 475500
...and
lots
more
Computer
Security
Anti-Climb Paints
& Barriers
Metal Detectors
(inc. Walkthru)
Security, Search
& Safety Mirrors
Security Screws &
Fastenings
Padlocks, Hasps
& Security Chains
Key Safes & Key
Control Products
Traffic Flow &
Management
see our
website
ACCESS CONTROL
KERI SYSTEMS UK LTD
Tel: + 44 (0) 1763 273 243
Fax: + 44 (0) 1763 274 106
Email: sales@kerisystems.co.uk
www.kerisystems.co.uk
ACCESS CONTROL
ACCESS CONTROL
ACT
ACT – Ireland, Unit C1, South City Business Park,
Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100
ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,
Warrington, WA3 7GB. Tel: +44 161 236 9488
sales@act.eu www.act.eu
ACCESS CONTROL – BARRIERS, GATES, CCTV
ABSOLUTE ACCESS
Aberford Road, Leeds, LS15 4EF
Tel: 01132 813511
E: richard.samwell@absoluteaccess.co.uk
www.absoluteaccess.co.uk
Access Control, Automatic Gates, Barriers, Blockers, CCTV
ACCESS CONTROL
COVA SECURITY GATES LTD
Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards
Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68
Tel: 01293 553888 Fax: 01293 611007
Email: sales@covasecuritygates.com
Web: www.covasecuritygates.com
ACCESS CONTROL & DOOR HARDWARE
ALPRO ARCHITECTURAL HARDWARE
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,
Waterproof Keypads, Door Closers, Deadlocks plus many more
T: 01202 676262 Fax: 01202 680101
E: info@alpro.co.uk
Web: www.alpro.co.uk
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES
HTC PARKING AND SECURITY LIMITED
St. James’ Bus. Centre, Wilderspool Causeway,
Warrington Cheshire WA4 6PS
Tel 01925 552740 M: 07969 650 394
info@htcparkingandsecurity.co.uk
www.htcparkingandsecurity.co.uk
ACCESS CONTROL
INTEGRATED DESIGN LIMITED
Integrated Design Limited, Feltham Point,
Air Park Way, Feltham, Middlesex. TW13 7EQ
Tel: +44 (0) 208 890 5550
sales@idl.co.uk
www.fastlane-turnstiles.com
ACCESS CONTROL
SECURE ACCESS TECHNOLOGY LIMITED
Authorised Dealer
Tel: 0845 1 300 855 Fax: 0845 1 300 866
Email: info@secure-access.co.uk
Website: www.secure-access.co.uk
ACCESS CONTROL MANUFACTURER
NORTECH CONTROL SYSTEMS LTD.
Nortech House, William Brown Close
Llantarnam Park, Cwmbran NP44 3AB
Tel: 01633 485533
Email: sales@nortechcontrol.com
www.nortechcontrol.com
Custom Designed Equipment
• Indicator Panels
• Complex Door Interlocking
• Sequence Control
• Door Status Systems
• Panic Alarms
• Bespoke Products
www.hoyles.com
sales@hoyles.com
Tel: +44 (0)1744 886600
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES
UKB INTERNATIONAL LTD
Planet Place, Newcastle upon Tyne
Tyne and Wear NE12 6RD
Tel: 0845 643 2122
Email: sales@ukbinternational.com
Web: www.ukbinternational.com
Hoyles are the UK’s leading supplier of
custom designed equipment for the
security and access control industry.
From simple indicator panels to
complex door interlock systems.
BUSINESS CONTINUITY
ACCESS CONTROL, INTRUSION DETECTION AND VIDEO MANAGEMENT
VANDERBILT INTERNATIONAL (UK) LTD
Suite 7, Castlegate Business Park
Caldicot, South Wales NP26 5AD UK
Main: +44 (0) 2036 300 670
email: info.uk@vanderbiltindustries.com
web: www.vanderbiltindustries.com
BUSINESS CONTINUITY MANAGEMENT
CONTINUITY FORUM
Creating Continuity ....... Building Resilience
A not-for-profit organisation providing help and support
Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845
Email: membership@continuityforum.org
Web: www.continuityforum.org
www.insight-security.com Tel: +44 (0)1273 475500

CCTV
CCTV
Rapid Deployment Digital IP High Resolution CCTV
40 hour battery, Solar, Wind Turbine and Thermal Imaging
Wired or wireless communication fixed IP
CE Certified
Modicam Europe, 5 Station Road, Shepreth,
Cambridgeshire SG8 6PZ
www.modicam.com sales@modicameurope.com
CCTV SPECIALISTS
PLETTAC SECURITY LTD
Unit 39 Sir Frank Whittle Business Centre,
Great Central Way, Rugby, Warwickshire CV21 3XH
Tel: 01788 567811 Fax: 01788 544 549
Email: jackie@plettac.co.uk
www.plettac.co.uk
CONTROL ROOM & MONITORING SERVICES
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS
ALTRON COMMUNICATIONS EQUIPMENT LTD
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ
Tel: +44 (0) 1269 831431
Email: cctvsales@altron.co.uk
Web: www.altron.co.uk
ADVANCED MONITORING SERVICES
EUROTECH MONITORING SERVICES LTD.
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring
• Vehicle Tracking • Message Handling
• Help Desk Facilities • Keyholding/Alarm Response
Tel: 0208 889 0475 Fax: 0208 889 6679
E-MAIL eurotech@eurotechmonitoring.net
Web: www.eurotechmonitoring.net
CCTV
G-TEC
Gtec House, 35-37 Whitton Dene
Hounslow, Middlesex TW3 2JN
Tel: 0208 898 9500
www.gtecsecurity.co.uk
sales@gtecsecurity.co.uk
DISTRIBUTORS
SPECIALISTS IN HD CCTV
MaxxOne
Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP
Tel +44 (0)161 430 3849
www.maxxone.com
sales@onlinesecurityproducts.co.uk
www.onlinesecurityproducts.co.uk
CCTV & IP SECURITY SOLUTIONS
PANASONIC SYSTEM COMMUNICATIONS COMPANY
EUROPE
Panasonic House, Willoughby Road
Bracknell, Berkshire RG12 8FP UK
Tel: 0207 0226530
Email: info@business.panasonic.co.uk
AWARD-WINNING, LEADING GLOBAL WHOLESALE
DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.
ADI GLOBAL DISTRIBUTION
Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company
also offers an internal technical support team, dedicated field support engineers along with a suite of
training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified
time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online
account, installers can order up to 7pm for next day delivery.
Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk
COMMUNICATIONS & TRANSMISSION EQUIPMENT
KBC NETWORKS LTD.
Barham Court, Teston, Maidstone, Kent ME18 5BZ
www.kbcnetworks.com
Phone: 01622 618787
Fax: 020 7100 8147
Email: emeasales@kbcnetworks.com
TO ADVERTISE HERE CONTACT:
Paul Amura
Tel: 020 8295 8307
Email: paul.amura@proactivpubs.co.uk
DIGITAL IP CCTV
SESYS LTD
High resolution ATEX certified cameras, rapid deployment
cameras and fixed IP CCTV surveillance solutions available with
wired or wireless communications.
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG
Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333
Email: info@sesys.co.uk www.sesys.co.uk
www.insight-security.com Tel: +44 (0)1273 475500

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS
CONTROL AND INTRUDER DETECTION SOLUTIONS
NORBAIN SD LTD
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP
Tel: 0118 912 5000 Fax: 0118 912 5001
www.norbain.com
Email: info@norbain.com
INTEGRATED SECURITY SOLUTIONS
INNER RANGE EUROPE LTD
Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,
Reading, Berkshire RG74GB, United Kingdom
Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001
Email: ireurope@innerrange.co.uk
www.innerrange.com
UK LEADERS IN BIG BRAND CCTV DISTRIBUTION
SATSECURE
Hikivision & MaxxOne (logos) Authorised Dealer
Unit A10 Pear Mill, Lower Bredbury,
Stockport. SK6 2BP
Tel +44 (0)161 430 3849
www.satsecure.uk
PERIMETER PROTECTION
IDENTIFICATION
ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS
GJD MANUFACTURING LTD
Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX
Tel: + 44 (0) 1706 363998
Fax: + 44 (0) 1706 363991
Email: info@gjd.co.uk
www.gjd.co.uk
COMPLETE SOLUTIONS FOR IDENTIFICATION
DATABAC GROUP LIMITED
1 The Ashway Centre, Elm Crescent,
Kingston upon Thames, Surrey KT2 6HH
Tel: +44 (0)20 8546 9826
Fax:+44 (0)20 8547 1026
enquiries@databac.com
INDUSTRY ORGANISATIONS
PERIMETER PROTECTION
GPS PERIMETER SYSTEMS LTD
14 Low Farm Place, Moulton Park
Northampton, NN3 6HY UK
Tel: +44(0)1604 648344 Fax: +44(0)1604 646097
E-mail: info@gpsperimeter.co.uk
Web site: www.gpsperimeter.co.uk
POWER
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY
BRITISH SECURITY INDUSTRY ASSOCIATION
Tel: 0845 389 3889
Email: info@bsia.co.uk
Website: www.bsia.co.uk
Twitter: @thebsia
POWER SUPPLIES – DC SWITCH MODE AND AC
DYCON LTD
Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER
Tel: 01443 471900 Fax: 01443 479 374
Email: sales@dyconpower.com
www.dyconpower.com
THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY
SSAIB
7-11 Earsdon Road, West Monkseaton
Whitley Bay, Tyne & Wear
NE25 9SX
Tel: 0191 2963242
Web: www.ssaib.org
UPS - UNINTERRUPTIBLE POWER SUPPLIES
ADEPT POWER SOLUTIONS LTD
Adept House, 65 South Way, Walworth Business Park
Andover, Hants SP10 5AF
Tel: 01264 351415 Fax: 01264 351217
Web: www.adeptpower.co.uk
E-mail: sales@adeptpower.co.uk
INTEGRATED SECURITY SOLUTIONS
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
HONEYWELL SECURITY AND FIRE
Tel: +44 (0) 844 8000 235
E-mail: securitysales@honeywell.com
UPS - UNINTERRUPTIBLE POWER SUPPLIES
UNINTERRUPTIBLE POWER SUPPLIES LTD
Woodgate, Bartley Wood Business Park
Hook, Hampshire RG27 9XA
Tel: 01256 386700 5152 e-mail:
sales@upspower.co.uk
www.upspower.co.uk
www.insight-security.com Tel: +44 (0)1273 475500

SECURITY
ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS
INSIGHT SECURITY
Units 1 & 2 Cliffe Industrial Estate
Lewes, East Sussex BN8 6JL
Tel: 01273 475500
Email:info@insight-security.com
www.insight-security.com
CASH & VALUABLES IN TRANSIT
CONTRACT SECURITY SERVICES LTD
Challenger House, 125 Gunnersbury Lane, London W3 8LH
Tel: 020 8752 0160 Fax: 020 8992 9536
E: info@contractsecurity.co.uk
E: sales@contractsecurity.co.uk
Web: www.contractsecurity.co.uk
EXPERTS IN X-RAY SCANNING SECURITY EQUIPMENT SINCE 1950
TODD RESEARCH
1 Stirling Way, Papworth Business Park
Papworth Everard, Cambridgeshire CB23 3GY
United Kingdom
Tel: 01480 832202
Email: xray@toddresearch.co.uk
FENCING SPECIALISTS
J B CORRIE & CO LTD
Frenchmans Road
Petersfield, Hampshire GU32 3AP
Tel: 01730 237100
Fax: 01730 264915
email: fencing@jbcorrie.co.uk
INTRUSION DETECTION AND PERIMETER PROTECTION
OPTEX (EUROPE) LTD
Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre
optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B
Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ
Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311
Email: sales@optex-europe.com
www.optex-europe.com
ONLINE SECURITY SUPERMARKET
EBUYELECTRICAL.COM
Lincoln House,
Malcolm Street
Derby DE23 8LT
Tel: 0871 208 1187
www.ebuyelectrical.com
LIFE SAFETY EQUIPMENT
C-TEC
Challenge Way, Martland Park,
Wigan WN5 OLD United Kingdom
Tel: +44 (0) 1942 322744
Fax: +44 (0) 1942 829867
Website: www.c-tec.com
PERIMETER SECURITY
TAKEX EUROPE LTD
Aviary Court, Wade Road, Basingstoke
Hampshire RG24 8PE
Tel: +44 (0) 1256 475555
Fax: +44 (0) 1256 466268
Email: sales@takex.com
Web: www.takex.com
SECURITY EQUIPMENT
PYRONIX LIMITED
Secure House, Braithwell Way, Hellaby,
Rotherham, South Yorkshire, S66 8QY.
Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042
www.facebook.com/Pyronix
www.linkedin.com/company/pyronix www.twitter.com/pyronix
SECURITY SYSTEMS
BOSCH SECURITY SYSTEMS LTD
PO Box 750, Uxbridge, Middlesex UB9 5ZJ
Tel: 0330 1239979
E-mail: uk.securitysystems@bosch.com
Web: uk.boschsecurity.com
INTRUDER AND FIRE PRODUCTS
CQR SECURITY
125 Pasture road, Moreton, Wirral UK CH46 4 TH
Tel: 0151 606 1000
Fax: 0151 606 1122
Email: andyw@cqr.co.uk
www.cqr.co.uk
SECURITY EQUIPMENT
CASTLE
Secure House, Braithwell Way, Hellaby,
Rotherham, South Yorkshire, S66 8QY
TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042
www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity
www.twitter.com/castlesecurity
QUALITY SECURITY AND SUPPORT SERVICES
CONSTANT SECURITY SERVICES
Cliff Street, Rotherham, South Yorkshire S64 9HU
Tel: 0845 330 4400
Email: contact@constant-services.com
www.constant-services.com
SECURITY PRODUCTS
EATON
Eaton is one of the world’s leading manufacturers of security equipment
its Scantronic and Menvier product lines are suitable for all types of
commercial and residential installations.
Tel: 01594 545 400 Email: securitysales@eaton.com
Web: www.uk.eaton.com Twitter: @securityTP
SECURE CONNECTIVITY PROVIDERS
CSL
T: +44 (0)1895 474 474
sales@csldual.com
@CSLDualCom
www.csldual.com
SECURITY SYSTEMS
VICON INDUSTRIES LTD.
Brunel Way, Fareham
Hampshire, PO15 5TX
United Kingdom
www.vicon.com
www.insight-security.com Tel: +44 (0)1273 475500

Manufacturing X-ray Machines
in the UK since 1950
Call or Email to claim your
FREE THREAT ASSESSMENT
and advice on your direct and associated risks by the UK’s
leading manufacturer of high end security x-ray machines
01480 832202
www.toddresearch.co.uk
xray@toddresearch.co.uk