RiskUKDecember2017
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
December 2017<br />
www.risk-uk.com<br />
Security and Fire Management<br />
Going Mobile<br />
Smart Phone Technology for Access Control<br />
Security’s Evolution: Developing Operational Procedures<br />
Demonstrating Resilience: Counter-Terrorism Techniques<br />
FIA Technical Briefing: The Fire Industry and Brexit<br />
Best Practice Casebook: Compliance versus Conformance
They see a well secured airport.<br />
You see smart data to<br />
optimize traveler flow.<br />
Bosch empowers you to build a safer and more secure<br />
world. And with built-in video analytics as of the IP 4000<br />
cameras, we allow you to use video data for more than<br />
security alone. Like identifying interruptions and<br />
patterns in airport traffic.<br />
Find out more at boschsecurity.com<br />
+1<br />
People counting<br />
Queuing alarm<br />
Enforcing safety<br />
regulations
December 2017<br />
Contents<br />
28 The Changing Face of Security Services<br />
Risk UK’s regular Security Guarding Supplement features<br />
contributions from Axis Security and CIS Security in addition to<br />
the Security Industry Authority’s view of compliance matters<br />
Building Business Resilience (pp26-27)<br />
5 Editorial Comment<br />
6 News Update<br />
BS 7799-3 revisions. Skills gap highlighted at UK Cyber Summit.<br />
FSA Awards for 2017. OSPAs outlines Thought Leadership event<br />
8 News Analysis: Annual Fraud Indicator 2017<br />
The Annual Fraud Indicator 2017 has been published by Crowe<br />
Clark Whitehill. Brian Sims reports on the staggering £190<br />
billion yearly cost of fraud episodes in the UK<br />
11 News Special: IFSEC International 2018<br />
UBM has announced the 2018 “transformation” of IFSEC into an<br />
“integrated security event”. Brian Sims has the detail<br />
13 Opinion: Mobile Tech and Access Control<br />
What does current thinking look like in terms of the potential for<br />
today’s smart phones to both involve and fully embrace the<br />
security arena? John Davies puts forward an assessment<br />
16 Opinion: Mind Your Own Business<br />
Alison Parkinson explains why the battle against the fraudsters<br />
needs to be intensified and observes how information sharing<br />
can help to prevent more individuals from becoming victims<br />
34 Meet The Security Company<br />
Risk UK’s focus on today’s practising security companies, run in<br />
association with the National Security Inspectorate, continues<br />
this month as we shine the spotlight on Cardinal Security<br />
37 The Security Institute’s View<br />
Simon Marsden addresses the challenges of cyber security<br />
education in schools and why they must be swiftly overcome<br />
40 In The Spotlight: ASIS International UK Chapter<br />
Online retailer Amazon is firmly committed to bringing diverse<br />
backgrounds and points of view to bear on behalf of its myriad<br />
customers. Jo Day highlights the various ways in which this<br />
philosophy benefits the company’s security operations<br />
42 FIA Technical Briefing<br />
With Brexit very much in mind, Ian Moore asserts why it’s vitally<br />
important to ensure that the fire industry’s voice is clearly heard<br />
in a number of areas directly affecting its cohort<br />
44 Security Services: Best Practice Casebook<br />
Compliance isn’t just a case of ensuring the ‘rules’ are followed.<br />
It must also be about establishing a culture of conformance that<br />
recognises and shares Best Practice. Darren Ward elaborates<br />
46 Cyber Security: Physical Security Controls<br />
48 Risk in Action<br />
19 BSIA Briefing<br />
James Kelly evaluates how lone worker safety solutions could<br />
help to reduce the risk of criminality such as stalking, which is<br />
on the rise in the latest Crime Survey for England and Wales<br />
22 An Evolving Security Landscape<br />
Jon Roadnight and Philip Strand outline precisely why security<br />
professionals mustn’t become too fixated on the march of<br />
technology at the expense of solid procedure and process<br />
24 Redefining Storage for a Smart Future<br />
In the second instalment of a two-part series exclusive to Risk<br />
UK, Andrew Palmer examines the important role of the right<br />
data storage solutions in supporting smart cities of tomorrow<br />
26 A Demonstration of Resilience<br />
In the wake of this year’s terrorism episodes, many business<br />
managers are now revisiting their security arrangements. Jason<br />
Wakefield offers salient advice for those enhancing resilience<br />
50 Technology in Focus<br />
53 Appointments<br />
56 The Risk UK Directory<br />
ISSN 1740-3480<br />
Risk UK is published monthly by Pro-Activ Publications<br />
Ltd and specifically aimed at security and risk<br />
management, loss prevention, business continuity and<br />
fire safety professionals operating within the UK’s largest<br />
commercial organisations<br />
© Pro-Activ Publications Ltd 2017<br />
All rights reserved. No part of this publication may be<br />
reproduced or transmitted in any form or by any means<br />
electronic or mechanical (including photocopying, recording<br />
or any information storage and retrieval system) without the<br />
prior written permission of the publisher<br />
The views expressed in Risk UK are not necessarily those of<br />
the publisher<br />
Risk UK is currently available for an annual subscription rate of<br />
£78.00 (UK only)<br />
www.risk-uk.com<br />
Risk UK<br />
PO Box 332<br />
Dartford DA1 9FF<br />
Editor Brian Sims BA (Hons) Hon FSyI<br />
Tel: 0208 295 8304 Mob: 07500 606013<br />
e-mail: brian.sims@risk-uk.com<br />
Design and Production Matt Jarvis<br />
Tel: 0208 295 8310 Fax: 0870 429 2015<br />
e-mail: matt.jarvis@proactivpubs.co.uk<br />
Advertisement Director Paul Amura<br />
Tel: 0208 295 8307 Fax: 01322 292295<br />
e-mail: paul.amura@proactivpubs.co.uk<br />
Administration Tracey Beale<br />
Tel: 0208 295 8306 Fax: 01322 292295<br />
e-mail: tracey.beale@proactivpubs.co.uk<br />
Managing Director Mark Quittenton<br />
Chairman Larry O’Leary<br />
Editorial: 0208 295 8304<br />
Advertising: 0208 295 8307<br />
3<br />
www.risk-uk.com
Connect your life to your<br />
home and your security<br />
Interact, control and integrate your Texecom security system like never before<br />
The Texecom Connect App allows you to control your security directly from your compatible<br />
<br />
system events and monitor cameras or activity from anywhere in the world.<br />
www.texe.com<br />
Sales: +44 (0)1706 220460<br />
Watch the Texecom<br />
Connect App video
Texecom Connect App<br />
New smartphone application for<br />
iOS operating systems<br />
Texecom Connect SmartCom<br />
Texecom Connect ethernet<br />
communicator<br />
Texecom Connect SmartPlug<br />
Ricochet ® enabled<br />
wireless plug<br />
Editorial Comment<br />
From The Outset<br />
Business Secretary Greg Clark has launched the<br />
Government’s ambitious Industrial Strategy, setting out a<br />
long-term vision for how Britain can build on its economic<br />
strengths, address productivity performance, embrace<br />
technological change and boost the earning power of people<br />
right across the UK.<br />
With the overriding aim of making the UK “the world’s most<br />
innovative nation” by 2030, the Government has committed to<br />
investing a further £725 million over the next three years in the<br />
Industrial Strategy Challenge Fund. This is a direct response to<br />
some of the greatest global challenges and opportunities faced<br />
by the UK and will include £170 million designed to “transform”<br />
the construction sector.<br />
The Government had already set aside £1 billion for the first<br />
wave of Industrial Strategy Challenge Fund projects, including an<br />
investment of £246 million in next generation battery technology<br />
and £86 million for robotics hubs across the UK.<br />
The White Paper launched amid much fanfare on Monday 27<br />
November also confirms that the Conservatives will be pressing<br />
ahead on a series of Sector Deals, with construction, life<br />
sciences, automotive and Artificial Intelligence (AI) the first to<br />
benefit from new strategic and long-term partnerships with<br />
Government backed by private sector co-investment.<br />
As part of its all-new Industrial Strategy, the Government has<br />
identified four Grand Challenges, one of which is to put the UK at<br />
the forefront of the AI and data revolution. In real terms, this<br />
represents an open invitation to business, academia and civil<br />
society alike to work and engage with the Government in order<br />
to innovate, develop new technologies and ensure that the UK<br />
seizes global opportunities that arise.<br />
Dr Adrian Davis, European managing director at (ISC)², has<br />
made comment on the Government’s new Industrial Strategy, in<br />
turn expressing concern over certain aspects contained within.<br />
“Even though cyber security is mentioned as one of the key<br />
priorities in AI, we’re concerned that the former doesn’t appear in<br />
other parts of this Industrial Strategy,” explained Davis.<br />
As far as Davis is concerned, without security being designedin<br />
from the start (as indeed it should be), AI, ‘Smart’ and Internet<br />
of Things systems will be vulnerable to bias, bad data and<br />
sabotage, with “the Industrial Strategy for a digital economy<br />
building the roof before we have laid the foundations.”<br />
Embellishing this theme still further, Davis observed: “Now<br />
that the Government wants to use AI for everything from<br />
healthcare through to recruitment, we urgently need a<br />
programme of validation such that any AI technology has been<br />
through a rigorous assessment process to eliminate substandard<br />
and insecure programming.”<br />
In times hence, cyber security most certainly demands to be<br />
an integral part of the opportunities offered to individuals and<br />
educators alike. The Government promises that the UK will “lead<br />
the world in the safe and ethical use of data and AI” but, for this<br />
vision to be realised, Davis is right to assert that we must make<br />
sure we’re not sacrificing security on the altar of innovation.<br />
Brian Sims BA (Hons) Hon FSyI<br />
Editor<br />
December 2012<br />
5<br />
www.risk-uk.com
British Standard BS 7799-3 focused on<br />
information security risk revised by BSI<br />
BSI, the business standards company, has<br />
revised its guidance standard for information<br />
security management systems, namely BS<br />
7799-3 Guidelines for Information Security Risk<br />
Management. BS 7799-3 specifically assists<br />
organisations regarding the risks and<br />
opportunities of aspects contained in the<br />
internationally-recognised ISO 27001<br />
Information Technology – Security Techniques –<br />
Information Security Management Systems –<br />
Requirements. Importantly, BS 7799-3 provides<br />
guidance on defining, applying, maintaining and<br />
evaluating risk management processes in the<br />
information security context.<br />
The British Standard is relevant for those<br />
organisations which have – or are intending to<br />
have – an information security management<br />
system conforming to ISO 27001.<br />
BS 7799-3 identifies two widely-recognised<br />
approaches to risk identification and risk<br />
analysis: the scenario-based approach, wherein<br />
risks are identified (and assessed) through a<br />
consideration of events and their<br />
consequence(s), and the ‘asset-threatvulnerability’<br />
approach. Here, risk identification<br />
takes into account the value of information<br />
assets and identifies applicable threats.<br />
The British Standard recommends that, for an<br />
organisation to increase the reliability of<br />
estimating the likelihood of a security event<br />
occurring, it should consider using team<br />
assessments rather than individual<br />
assessments, employing external sources (such<br />
as information security breaches reports),<br />
unambiguous targets (for instance ‘two per<br />
year’) rather than vague targets and timings<br />
and scales containing at least five categories to<br />
ascertain risk, from ‘Very low’ to ‘Very high’.<br />
BS 7799-3 accounts for risks as diverse as<br />
whether the influences of a foreign actor are a<br />
threat to the organisation, technology failure,<br />
influences of domestic crime (including fraud)<br />
and the probable skill of an attacker, as well as<br />
the resources available to them.<br />
The British Standard includes dedicated<br />
sections for information security risk treatment,<br />
with guidance on how a given organisation can<br />
monitor and measure its risk identification plan.<br />
Recognising that no two organisations have<br />
identical security concerns, BS 7799-3 is<br />
applicable for all businesses regardless of their<br />
type, size or nature.<br />
Notable changes between the revised BS<br />
7799-3 and its predecessor include conformity<br />
to the latest version of ISO 27001, the term ‘risk<br />
owner’ replacing ‘risk asset owner’ and the<br />
effectiveness of the risk treatment plan being<br />
regarded as more important than the controls.<br />
BS 7799-3 will be of interest to governance,<br />
risk and compliance personnel, security<br />
managers, operational managers, auditors and<br />
those implementing EU GDPR measures.<br />
“UK must plug cyber skills gap” delegates told at Cyber Security Summit<br />
The UK must foster a new generation of diverse talent to effectively tackle the cyber security skills<br />
challenge. That’s precisely what Mark Sayers, deputy director for cyber and Government security at<br />
the Cabinet Office, told delegates at the packed-to-capacity 2017 Cyber Security Summit & Expo<br />
and co-located EU General Data Protection Regulation (GDPR) Conference that ran on Thursday 16<br />
November in central London.<br />
Sayers – who oversees the delivery of the UK’s National Cyber Security Strategy – said: “We’re<br />
investing £1.9 billion to enhance the UK’s cyber capabilities, and a key part of this involves<br />
developing the UK’s skills base in order to meet the increasing demand for cyber professionals.”<br />
Sayers also informed delegates that working internationally to develop effective partnerships is<br />
absolutely critical when it comes to fighting cyber crime, in addition to the essential need for a<br />
shared approach across both the public and private sectors.<br />
This year witnessed a record attendance at the Cyber Security Summit & Expo and co-located<br />
GDPR Conference, the UK’s largest one-day event dedicated to vital cyber risk management advice<br />
for the business community. Delegate numbers grew three-fold year-on-year, representing the<br />
successful first stage of a strategic growth plan for the event over the coming years.<br />
Delegates at this year’s event included CISOs, CIOs, CTOs and COO-level executives from the<br />
public and private sectors.<br />
Senior business leaders from brands such as Admiral Group, Bupa UK and GlaxoSmithKline<br />
attended the event alongside Government policymakers, including those responsible for Critical<br />
National Infrastructure, Her Majesty’s Revenue & Customs and the Ministry of Defence.<br />
6<br />
www.risk-uk.com
News Update<br />
Industry champions Paul Tennent<br />
and Tony Maskens win coveted FSA<br />
Awards for 2017<br />
Two industry leaders – namely Paul Tennent<br />
and Tony Maskens – have been recognised by<br />
the Fire & Security Association (FSA) at the<br />
IFSEC Security and Fire Excellence Awards<br />
2017 for their outstanding contributions to<br />
their respective industry sectors.<br />
Paul Tennent (pictured) – co-founder of<br />
Tavcom Training and Group sales director at<br />
the Linx International Group – won the FSA’s<br />
2017 Peter Greenwood Security Award.<br />
Tennent is recognised for his commitment to<br />
raising standards (by working with the CCTV<br />
User Group and National Occupational<br />
Standards) and delivering high quality<br />
training. He’s an internationally-respected<br />
professional, with Tavcom Training boasting<br />
major clients in countries including Dubai.<br />
Recently, Tennent has been one of the<br />
principal architects behind the creation of the<br />
professional register for Certified Technical<br />
Security Professionals that launched back in<br />
early September.<br />
Commenting on the award, Tennent told<br />
Risk UK: “Well-trained and dedicated security<br />
professionals are the lifeblood of our industry.<br />
It’s with a sense of great responsibility that we<br />
provide access to the latest knowledge and<br />
skills needed for those working in the<br />
professional technical security sector. I’m<br />
immensely proud that Tavcom Training is<br />
recognised as the world’s leading provider of<br />
BTEC-accredited security systems training<br />
courses. I receive this award on behalf of my<br />
entire team.”<br />
The Peter Greenwood Security Award<br />
recognises individuals who have made an<br />
outstanding contribution to the security<br />
systems industry. It’s the longest-established<br />
individual award in the security profession and<br />
has been in existence since Peter Greenwood’s<br />
untimely death in January 1995.<br />
Greenwood was a former head of the ECA’s<br />
Security Group and involved with its Fire<br />
Group, and was also a founder member of the<br />
Security Industry Lead Body.<br />
Tony Maskens, who served as BAFE’s<br />
technical schemes manager until his<br />
retirement last year, has won the FSA’s Ian<br />
Marsh Fire Award for 2017. Maskens picked up<br />
the trophy for his efforts to raise industry<br />
standards, enhance quality control schemes<br />
and promote third party certification to<br />
companies and end users alike.<br />
The Ian Marsh Fire Award recognises<br />
individuals who demonstrate enthusiasm and<br />
selfless concern for the fire and emergency<br />
systems industry. The award was renamed in<br />
honour of Ian Marsh back in 2013.<br />
OSPAs organisers outline detail<br />
behind inaugural UK Thought<br />
Leadership Summit<br />
On Thursday 1 March 2018, professionals from<br />
the UK’s security business sector will be given<br />
the opportunity to listen to a line-up of highprofile<br />
speakers, with the Outstanding<br />
Security Performance Awards (OSPAs)<br />
providing a platform for debate around key<br />
issues facing the sector at its inaugural UK<br />
Thought Leadership Summit in central London.<br />
Confirmed speakers for this event include<br />
The Right Honourable Greg Clark MP<br />
(Secretary of State for Business, Energy and<br />
Industrial Strategy), Ian Dyson QPM<br />
(commissioner at the City of London Police)<br />
and Andrew Thomson (director of property<br />
services for The Shard).<br />
There will also be an in-depth discussion<br />
involving former offenders focused on how<br />
they tackle security and why they think it so<br />
often fails. The full programme for the day will<br />
be announced shortly.<br />
Professor Martin Gill CSyP FSyI, founder and<br />
director of the OSPAs and the leader of<br />
Perpetuity Research, commented: “The OSPAs<br />
are about recognising excellence and the truly<br />
outstanding performers who project the best<br />
image of security and all the good it can do.<br />
The aim of this UK Thought Leadership<br />
Summit is to contribute towards excellence by<br />
bringing different thought leaders together. In<br />
short, the people who excel and can offer their<br />
own insights for debate. We want to provide<br />
the platform for practising security<br />
professionals to listen to what the opinion<br />
formers think and contribute to the discussion<br />
about how we can improve what security does<br />
and how it’s perceived. The quality of what we<br />
have in the future in terms of security<br />
provision here in the UK will depend on the<br />
quality of debate we conduct now.”<br />
In addition, Professor Gill (pictured)<br />
informed Risk UK: “This event is open to all<br />
participants in the security sector and its<br />
stakeholders, and I strongly urge everyone to<br />
consider attending and be ready to pose<br />
questions to a panel of influential speakers.”<br />
The UK Thought Leadership Summit takes<br />
place at the Royal Lancaster Hotel in central<br />
London. Organised by the Outstanding<br />
Security Performance Awards, the Summit is<br />
being run with the support of the Security<br />
Commonwealth (which lists The Security<br />
Institute among its member cohort).<br />
7<br />
www.risk-uk.com
Annual Fraud Indicator 2017 highlights UK<br />
footing colossal £190 billion fraud bill<br />
Authority (NFA), which had established the<br />
concept and experimented with a variety of<br />
methodologies. The NFA published four<br />
detailed reports, the last of which was in 2013.<br />
The NFA was abolished in 2014 leaving a gap<br />
in the measurement of the cost of fraud to the<br />
UK: a gap that the partners in this project were<br />
very much keen to fill. The partners wanted to<br />
build upon the work of the NFA by offering the<br />
same detailed estimates of the cost of fraud to<br />
the UK, while also using a more developed and<br />
consistent methodology to allow dependable<br />
comparisons over time.<br />
The annual cost of<br />
fraud in the UK is £190<br />
billion, which is equal<br />
to around £10,000 per<br />
family. That’s one of<br />
the main findings of<br />
the Annual Fraud<br />
Indicator 2017<br />
published by Crowe<br />
Clark Whitehill and<br />
developed in<br />
conjunction with both<br />
Experian and the<br />
Centre for Counter<br />
Fraud Studies at the<br />
University of<br />
Portsmouth. Brian<br />
Sims reports on this<br />
year’s statistics<br />
The 28-page Annual Fraud Indicator (AFI)<br />
2017 highlights the colossal cost of fraud to<br />
the UK’s economy. Unless an organisation<br />
truly understands the nature and cost of fraud<br />
affecting it, how can it possibly apply the right<br />
and proportionally resourced solution? How can<br />
it begin to track progress in reducing the<br />
prevalence and cost of fraud? Lastly, how can it<br />
understand the value derived from its<br />
investment in countering fraud?<br />
The AFI has been developed to help create a<br />
benchmark by which, year-on-year, a sectorspecific<br />
analysis can be made.<br />
An in-depth analysis of fraud levels in the UK<br />
economy shows that annual fraud losses are<br />
presently indicated to cost £190 billion, private<br />
sector losses are estimated to be £140 billion,<br />
public sector losses are estimated to be £40.4<br />
billion, charities and charitable Trusts are<br />
believed to be losing £2.3 billion and frauds<br />
committed directly against individuals are<br />
estimated at around the £6.8 billion mark.<br />
These numbers are far from insignificant.<br />
With the latest National Audit Office and<br />
National Crime Agency statistics confirming<br />
that fraud has surged to the top of the list of<br />
commonly committed crimes, now is the time to<br />
identify and measure its cost such that<br />
businesses, Government bodies, charities and<br />
individuals alike can understand the value of<br />
their investment in countering fraud.<br />
In 2016, the UK Fraud Costs Measurement<br />
Committee published its first AFI. The 2016 AFI<br />
built on work undertaken by the National Fraud<br />
Team and methodology<br />
The research team for this year’s AFI was led by<br />
Professor Mark Button, director of the<br />
University of Portsmouth’s Centre for Counter<br />
Fraud Studies, and included David Shepherd<br />
and Dean Blackbourn. The methodology used<br />
has been developed in line with the<br />
groundbreaking work of the NFA.<br />
“The £190 billion cost of fraud represents<br />
more than the UK Government spends on<br />
health and defence combined or all welfare<br />
payments excluding pensions,” explained<br />
Professor Mark Button. “In the public sector<br />
alone, with fraud losses of £40 billion, this is<br />
equivalent to what we pay in national debt<br />
interest or spend on defence. This report shows<br />
that there are clear differences in the strengths<br />
and risks of fraud in the different sectors of the<br />
UK economy. The thin resources of the State<br />
dedicated to fighting fraud mean that, for most<br />
organisations and individuals, the best they can<br />
do is protect themselves. Investing in the<br />
appropriate strategies to increase their<br />
resilience to fraud is the most effective way in<br />
which to reduce the risk of fraud occurring.”<br />
Nick Mothershaw, director of fraud and<br />
identity solutions at Experian, stated in<br />
conversation with Risk UK: “This year’s report<br />
highlights how the continued growth of<br />
procurement fraud remains a great problem for<br />
many businesses. Most often, it’s the<br />
employees who are instrumental in such fraud.<br />
On that basis, vigilance and appropriately<br />
vetting staff should be a high priority for all<br />
businesses. Making sure you employ the right<br />
people and that your existing staff members,<br />
and particularly those in positions of<br />
responsibility, are not under duress will help<br />
you to avoid potentially costly losses.”<br />
8<br />
www.risk-uk.com
News Analysis: Annual Fraud Indicator 2017 and NHSCFA<br />
Mothershaw went on to explain: “Also<br />
interesting is that the report shows pension<br />
fraud is growing in the public sector. While<br />
there are no published figures for the private<br />
sector, it’s understood that fraudsters are<br />
targeting the Pensions Release (where pension<br />
holders, aged over 55, are allowed to withdraw<br />
up to 100% of their pension benefits as a cash<br />
lump sum, income or a combination of both).<br />
It’s worth noting that, while the volume of fraud<br />
is low, the value of fraud losses is high,<br />
suggesting fraudsters are focusing their<br />
attentions on the biggest value areas.”<br />
According to Mothershaw, consumers need to<br />
be very careful of investment opportunities that<br />
are potentially too good to be true. For their<br />
part, pension companies need to ensure their<br />
ID verification tools are both Best in Class and<br />
cost-effective to execute as the Pensions<br />
Release is predicted to continue to grow.<br />
“In the finance sector,” observed<br />
Mothershaw, “plastic card and online banking<br />
fraud continues to increase. A new regulation in<br />
2018, in the form of the Payment Services<br />
Directive 2, will enforce more robust ID and<br />
fraud controls on online payments to address<br />
this. Essentially, it will make it much harder for<br />
a fraudster to use a victim’s payment card<br />
online unless they also gain control of the<br />
individual’s online banking details. The<br />
regulation should result in a significant decline<br />
in plastic card fraud, yielding an increase in<br />
detected and prevented frauds as a result.”<br />
Launch of NHSCFA<br />
In parellel, the new NHS Counter Fraud<br />
Authority (NHSCFA) has been given the<br />
independence it needs to fight and deter fraud,<br />
bribery and corruption that attacks the NHS. It’s<br />
a Centre of Excellence employing specialists in<br />
intelligence, fraud prevention, computer<br />
forensics, fraud investigation, financial<br />
investigation, data analysis and<br />
communications, all of them working together<br />
to detect, reduce and deter economic crime<br />
specifically targeting the NHS.<br />
Having launched last month, the NHSCFA’s<br />
work begins with a focus on five areas. The<br />
organisation will be the single expert,<br />
intelligence-led organisation providing a<br />
centralised investigation capacity for complex<br />
economic crime matters in the NHS, support<br />
the Department of Health’s strategy for tackling<br />
fraudulent activity affecting the NHS, serve as<br />
the body leading and influencing the<br />
improvement of standards in counter fraud<br />
work across the NHS, take the lead in and<br />
encourage fraud reporting across the NHS and<br />
the wider health group and, last but not least,<br />
“The £190 billion cost of fraud represents more than the<br />
UK Government spends on health and defence combined<br />
or all welfare payments excluding pensions”<br />
continue to develop the expertise of staff<br />
working for the NHSCFA.<br />
Sue Frith, interim CEO of the NHSCFA, said:<br />
“As a new, independent, intelligence-led<br />
special health authority, we’re wholly dedicated<br />
to tackling fraud against the NHS in England.<br />
Our creation is good news for the taxpayer, for<br />
patients and for the honest majority working in<br />
and with the NHS. I’m proud to be leading the<br />
new NHS Counter Fraud Authority as we<br />
embark on this fight against the fraudsters who<br />
target the NHS. I’m working alongside our<br />
Board and all of our dedicated staff. We’re<br />
delighted to have full backing across the<br />
Government and the wider NHS and, indeed,<br />
among many other key stakeholders.”<br />
Simon Hughes, interim chairman of the<br />
NHSCFA, added: “Some of the challenges faced<br />
in this work include a limited awareness of<br />
fraud among NHS staff and the significant<br />
under-reporting of fraud. Many people find it<br />
unthinkable that anyone would seek to defraud<br />
money meant for healthcare. Our ability to<br />
counter fraud has a direct impact on healthcare.<br />
Every fraud takes a service away from someone<br />
who needs it. This reality must be faced. We<br />
can all play our part in turning the tide,<br />
ensuring that public money pays for services<br />
the public needs and doesn’t line the pockets<br />
of criminals. We all use the NHS and will all<br />
benefit from securing its resources.”<br />
Hughes went on to state: “Establishing the<br />
NHS Counter Fraud Authority strengthens our<br />
resolve in fighting fraud, bribery and<br />
corruption, protecting healthcare and<br />
supporting the many thousands of dedicated<br />
health service staff, suppliers and contractors.”<br />
The Government’s view<br />
Lord O’Shaughnessy, the health minister,<br />
observed: “Fraud in the healthcare system not<br />
only undermines public confidence in the NHS,<br />
but also diverts valuable resources away from<br />
caring for patients. It’s estimated that<br />
prescription fraud alone costs the NHS<br />
somewhere in the region of £217 million each<br />
year. We created the NHS Counter Fraud<br />
Authority so that, for the first time, there’s a<br />
dedicated NHS organisation designed to tackle<br />
health service fraud and corruption and bring<br />
fraudsters to justice.”<br />
Further information on the NHSCFA is<br />
available online at https://cfa.nhs.uk/<br />
Professor Mark Button BA<br />
(Hons) MA PhD FSyI:<br />
Director of the University of<br />
Portsmouth’s Centre for<br />
Counter Fraud Studies<br />
The NHS Counter Fraud<br />
Authority has been given the<br />
independence it needs to fight<br />
and deter episodes of fraud,<br />
bribery and corruption<br />
9<br />
www.risk-uk.com
Institute of Risk Management<br />
Are your staff risk ready?<br />
<br />
It is essential that your staff have a knowledge of the<br />
principles and practices of effective risk management.<br />
<br />
Enterprise Risk Management is designed to do just that.<br />
What’s in it for employers?<br />
> Managing risks effectively will<br />
lower your costs.<br />
> Turn threats to your business into<br />
opportunities.<br />
> Enhance business performance<br />
and improve risk taking<br />
approaches.<br />
> Develop a motivated, skilled and<br />
knowledgeable team.<br />
> Attract high-calibre professionals<br />
by investing in personal<br />
development.<br />
What’s in it for students?<br />
> Enhance your ability to design<br />
and implement effective risk<br />
management strategies.<br />
> Develop a critical understanding<br />
of the relationship between<br />
risk management, governance,<br />
internal control and compliance.<br />
> Gain an internationally<br />
<br />
months.<br />
> Join our global network of risk<br />
management practitioners.<br />
Distance<br />
Learning<br />
International<br />
Recognition<br />
Relevant for<br />
All Sectors<br />
Email: studentqueries@theirm.org<br />
Phone: +44 (0)20 7709 4125<br />
or visit www.theirm.org/risk-uk
News Special: IFSEC International 2018<br />
UBM announces 2018 “transformation” of<br />
IFSEC into “integrated security event”<br />
Security has arguably never been a more<br />
critical subject of discussion than it is<br />
today. 2017 has been a year wherein<br />
organisations and Governments have become<br />
increasingly aware of the fact that the<br />
substance of the threat which they’re working<br />
to prevent has changed irrevocably.<br />
Europe fell victim to a string of unpredictable<br />
attacks, Yahoo saw its share value fall by $350<br />
billion over 48 hours after the largest security<br />
breach in history was revealed, the NHS found<br />
its physical assets left vulnerable after a<br />
ransomware attack disrupted the ambulance<br />
service, the FBI and Apple “went to war” on<br />
encryption and Airbnb properties were left in<br />
chaos when a smartlock update went wrong.<br />
These occurrences (and other) represented a<br />
pivotal theme: the need for all those<br />
influencing security to adapt to reflect a more<br />
complex world and the ever-closer interweaving<br />
of physical and cyber security.<br />
The time is now for the security profession to<br />
unite its knowledge and technologies in order<br />
to protect people, property and profits.<br />
According to UBM, organiser of the annual<br />
IFSEC International exhibition, to do this we<br />
must transform our expertise. Indeed, UBM has<br />
commented: “We must be able to access the<br />
solutions we need. We must commit to making<br />
the world a safer place.”<br />
IFSEC has a vision, and that’s to transform<br />
alongside the security industry. IFSEC and<br />
FIREX International brand director Gerry<br />
Dunphy informed Risk UK: “As of 2018, it’s<br />
IFSEC International’s commitment to become<br />
this place for the profession to create a safer<br />
world. IFSEC International must actively foster<br />
the global security conversation, be the vessel<br />
that sets and carries the agenda and be the<br />
antenna for broadcasting the safety and<br />
security dialogue. 2018 will be the inauguration<br />
year of a transformation of IFSEC International’s<br />
40-year heritage as a physical security show<br />
into a high-level Security Summit and<br />
integrated security event.”<br />
Reflecting on the past<br />
When IFSEC was first conceived, the threats<br />
facing us all were merely physical. Society has<br />
adapted since then, and UBM feels that 2018 is<br />
the year in which IFSEC must do the same.<br />
The security profession simply must evolve to<br />
meet modern needs, and IFSEC International is<br />
In the wake of a period which has seen the threat landscape<br />
deliver huge blows to organisations including Yahoo and the<br />
NHS, UBM has unveiled plans to reflect that reality with<br />
IFSEC International adopting a new industry role designed to<br />
address critical challenges such as these. Brian Sims reports<br />
determining to become the arena for the big<br />
discussions, however difficult they may be.<br />
“The security profession must discover<br />
solutions that are a driving force for protecting<br />
businesses, people and data,” continued<br />
Dunphy. “IFSEC International will afford the<br />
security industry the necessary platform to<br />
display and discover products and services<br />
designed to help national, corporate and home<br />
security adapt to the changing tides of<br />
tomorrow’s challenges.”<br />
According to Dunphy, it’s the security<br />
profession itself that absolutely must drive the<br />
agenda going forward. “IFSEC International will<br />
exist for the world’s leading security experts as<br />
a platform for provocative debate on global<br />
security and propel intercommunication<br />
forward between installers, integrators, end<br />
users and vendors,” urged Dunphy.<br />
Existing as a conduit<br />
IFSEC International will exist to be the conduit<br />
between the security profession and the<br />
solutions needed to achieve global safety. In<br />
order to pilot this conversation in 2018, IFSEC<br />
International will:<br />
• Drive an emphasis on major Keynote<br />
addresses from strategic global security<br />
leaders in a dedicated Security Summit<br />
• Host a multitude of high-level panel debates<br />
involving Government and industry influencers,<br />
all of them congregated in the striking new<br />
Amphitheatre at London’s ExCeL<br />
• Provide the opportunity to hear from those<br />
leading the way in identifying, installing and<br />
maintaining “transformational” security<br />
practices between physical and IT, in turn<br />
introducing an Integrated Security Theatre<br />
• Establish the impartial voice of security<br />
equipment by holding technology up to scrutiny<br />
in real-life testing across attack scenarios,<br />
surveillance situations and more<br />
• Propel intercommunication forward between<br />
the installer, integrator, the end user and the<br />
vendor by way of hosted and collaborative<br />
round table discussions<br />
Gerry Dunphy: Brand Director<br />
for IFSEC International at UBM<br />
11<br />
www.risk-uk.com
One Source. One Loop.<br />
One Solution.<br />
Nittan evolution 1<br />
Touch Screen Single<br />
Loop Addressable<br />
Fire Alarm Panel<br />
• 254 devices on the loop,<br />
254 zones available<br />
• EN54 Part 2 and Part 4<br />
• Interactive 4.3” touch screen<br />
• Intuitive and easy to use<br />
menu structure<br />
• Fully programmable from<br />
touch screen or PC tools<br />
• Built in network capabilities,<br />
allowing 16 panel networking<br />
with no additional hardware<br />
The evolution 1 panel is a cost effective,<br />
one source solution, fully compatible<br />
with Nittans’s award winning evolution<br />
device range.<br />
Allowing up to 254 devices on the loop,<br />
with a touch screen and intuitive menu<br />
structure enabling everything from a<br />
simple stand-alone panel to multi-panel<br />
networked systems – the evolution 1 is the<br />
only one loop solution that you need.<br />
For further details, please contact:<br />
email: sales@nittan.co.uk | tel: +44 (0) 1483 769555 | www.nittan.co.uk
Opinion: Mobile Technology and Access Control<br />
The potential for the smart phone to evolve<br />
is seemingly limitless. We’re talking about<br />
a communications device that offers so<br />
much more than just a talking facility. Apple<br />
Pay, Android Pay and PayPal have rapidly<br />
enabled the smart phone to replace many of<br />
the functions of cash and cash cards, but<br />
there’s also the possibility of replacing keys<br />
and access cards as well. This is something<br />
which the security industry needs to embrace<br />
and promote more fully to its customer base.<br />
As an industry, we are more than aware of the<br />
potential for mobile device authentication.<br />
Flexibility is a key benefit – smart phones can<br />
easily receive authentication credentials<br />
remotely and access can be confirmed or<br />
denied instantly. At the same time, smart<br />
phones already contain many secure options to<br />
ensure they’re only used by the authorised user<br />
– fingerprint and face recognition plus pattern<br />
authentication and PINs being good examples.<br />
Unfortunately, some security operators,<br />
customers and members of the public in<br />
general seem to be less aware of these exciting<br />
benefits. There may even still be some<br />
reluctance in certain quarters when it comes to<br />
trusting a mobile device with physical security.<br />
While it’s perhaps not that unusual for people<br />
to mistrust ‘new’ technology, we security<br />
professionals must demonstrate the<br />
considerable benefits, security and convenience<br />
of using those options now available.<br />
No-one would deny that proving trust with<br />
new security systems is essential. A badly<br />
protected mobile device could present a huge<br />
risk to the security of any network. For their<br />
part, smart phones have had two key hurdles to<br />
overcome. First, that they’re secure enough to<br />
be trusted to work with a security network and,<br />
second, that they can reliably identify the<br />
phone and the authorised owner within a realworld<br />
environment.<br />
It’s common for smart devices to offer twofactor<br />
authentication, which binds the mobile<br />
device to the right person for security. This<br />
makes it fully possible to combine a PIN code<br />
with the authorised person’s face or fingerprint.<br />
In high security areas, we can also implement<br />
wall-mounted biometric readers (such as iris<br />
scan, facial recognition or fingerprints) to add a<br />
further level of security and ensure there’s no<br />
fraudulent use of the mobile device, while also<br />
maintaining convenience for end users.<br />
Perfect for interaction<br />
We all know just how many functions a smart<br />
phone has and location tracking through GPS is<br />
one of the most helpful. This is also perfect for<br />
interacting with security systems. If you think<br />
Going Mobile: Smart Phone<br />
Technology for Access Control<br />
If you think about one item that has revolutionised the way in<br />
which we’ve all interacted with the world over the last ten<br />
years, it has to be the smart phone. Given that it’s now a<br />
decade since the first Apple iPhone was launched, and with<br />
the smart phone becoming as essential a piece of personal<br />
kit as our keys or wallet, what’s the potential for these<br />
gadgets to both involve and fully embrace the security arena?<br />
John Davies peers into the crystal ball<br />
about any secure facility, there are often<br />
different levels of access – from entry to the<br />
canteen right through to secure doors around<br />
potentially dangerous areas such as a plant<br />
room (or even a nuclear reactor).<br />
Traditional security tokens or cards are<br />
rigidly programmed to allow access to certain<br />
areas only, but a smart phone could either<br />
grant or deny access depending upon the<br />
location of the request by the individual.<br />
With mobile devices so intrinsically linked to<br />
our lives and lifestyles, they’re generally<br />
guarded with the same care and concern as our<br />
money. Many people carry their mobile device<br />
wherever they go, so it’s fair to say they’re<br />
relatively unlikely to be lost or left behind. Less<br />
likely than a card on a lanyard, for example.<br />
Think about how often you use or touch your<br />
smart phone each day. I’ve read estimates<br />
which suggest around 2,600 times. You’re<br />
rapidly aware if it has been misplaced and very<br />
wary because of the cost and potential<br />
personal loss of both your data and ‘freedom’.<br />
John Davies:<br />
Managing Director of TDSi<br />
13<br />
www.risk-uk.com
Opinion: Mobile Technology and Access Control<br />
Undoubtedly, this fact alone renders these<br />
devices the perfect item to use for even the<br />
most secure of needs.<br />
Cost is an obvious benefit for operators that<br />
the security industry really needs to shout<br />
about. It’s possible to eliminate the direct cost<br />
of plastic badges, access cards, lanyards,<br />
printers and consumables often used to provide<br />
permanent and temporary security access.<br />
Smart phones are exceptionally common.<br />
Figures from 2015 suggest there were nearly 41<br />
million smart phone users in the UK. This<br />
number is predicted to reach nearly 54 million<br />
by 2022. With a population of over 65 million,<br />
that’s an enormous percentage of people with<br />
access to this technology. Using a resource that<br />
people already have, and which is highly<br />
secure, makes unquestionable financial as well<br />
as practical sense.<br />
The right technology<br />
Unfortunately, one of the stumbling blocks for<br />
the security industry in adapting to a<br />
predominantly smart phone authentication<br />
approach has been agreeing on common and<br />
shared open protocols.<br />
Near Field Communication (NFC) technology<br />
in mobile phones and smart devices hasn’t<br />
been the universal success it was designed to<br />
be. This is an area where mobile technology<br />
trends have dictated to the systems that use it.<br />
Apple’s decision to restrict the use of NFC to<br />
Apple Pay on its devices has had a profound<br />
effect on the implementation of NFC in other<br />
applications. Not everyone has an iPhone, but<br />
it’s such an important segment of the market<br />
that other manufacturers are wary of how<br />
customers will be able to use new technology.<br />
It’s not surprising that we’ve instead seen a<br />
much bigger focus on using Bluetooth Low<br />
Energy technology on mobile devices. With<br />
providers such as HID Global as well as Nedap<br />
in the Netherlands now concentrating on<br />
developing Bluetooth Low Energy readers and<br />
mobile credential applications, this seems like<br />
a highly credible alternative.<br />
As well as NFC and Bluetooth Low Energy<br />
options, there also seems to be a good deal of<br />
interest in using QR codes for simple, but<br />
nevertheless wholly reliable identity and access<br />
control authentication. These codes can easily<br />
be displayed on a screen or printed if<br />
necessary. That being so, they afford great<br />
“As well as NFC and Bluetooth Low Energy options, there<br />
also seems to be a good deal of interest in using QR codes<br />
for simple, but reliable identity and access authentication”<br />
flexibility over the type of technology that’s<br />
going to be used in the future.<br />
Changeover period<br />
I’ve no doubt that, ultimately, smart phone<br />
authentication will replace the cards and<br />
tokens we’re all so familiar with at present.<br />
However, reaction from the market at the<br />
moment tells us consumers want options rather<br />
than to just be railroaded down one path.<br />
If a business has invested in cards or tokens,<br />
then it will want to use that technology<br />
investment fully. The changes will come when<br />
readers are updated. This is when security<br />
specifiers and installers need to promote the<br />
advantages of dual technology readers which<br />
offer options to include smart phone<br />
authentication within the mix.<br />
There’s also still considerable diversity<br />
among smart devices, the operating systems<br />
they use and the security technology employed<br />
by each. Android, Apple iOS, Windows and<br />
BlackBerry devices all vary with regards to the<br />
biometric authentication available, so security<br />
administrators may need to be flexible on the<br />
types of authentication they accept.<br />
Card technology has also progressed at an<br />
astonishing speed, with MIFARE+ proving to be<br />
a highly cost-effective, practical and secure<br />
system that can easily be integrated. There are<br />
strong arguments for many businesses to<br />
continue using these systems if they’re wellsuited<br />
to specific operations.<br />
Hybrid approach<br />
As is often the case for integrated security<br />
systems, a hybrid approach may be the best<br />
answer for many security operators. This means<br />
those who choose to enjoy the benefits in<br />
terms of flexibility and convenience of smart<br />
phone authentication can do so, while those<br />
who are perhaps more hesitant can continue to<br />
employ more traditional methods.<br />
Large and well-established companies may<br />
find that the swap-over is a slower and more<br />
gradual process, while smaller start-up<br />
businesses may prefer to jump straight to a<br />
smart phone-based approach right away. If<br />
security systems are well integrated, but<br />
modular in their approach, then it becomes<br />
much simpler to evolve as time goes on.<br />
With their App-based systems architecture,<br />
smart phones are ideally placed to evolve with<br />
security systems in the future. We do need to<br />
bear in mind that this move will involve a<br />
culture change for many security customers. We<br />
need to be cognisant of any anxiety, but must<br />
also seek to be positive and promote the<br />
considerable benefits on offer.<br />
14<br />
www.risk-uk.com
SkyHawk AI<br />
The hawk is back and<br />
smarter than ever.<br />
Gain the commercial edge with SkyHawk AI,<br />
built for AI-enabled surveillance systems,<br />
and now protected by SkyHawk Health.<br />
WWW.SEAGATE.COM<br />
©2017 Seagate Technology LLC. All rights reserved.
Flattering to Deceive<br />
Although cyber crime<br />
and identity theft<br />
continue to grab the<br />
lion’s share of the<br />
security and mass<br />
media news headlines,<br />
it should be<br />
remembered that<br />
fraud exists in myriad<br />
different forms. Here,<br />
Alison Parkinson<br />
explains why the<br />
battle against the<br />
fraudsters needs to be<br />
intensified and how<br />
information sharing<br />
can help in preventing<br />
more individuals from<br />
becoming the<br />
unfortunate victims of<br />
the fraudsters<br />
Ever since human beings have owned<br />
property, fraud has existed. Across the<br />
years, many words to describe fraud have<br />
been created – swindle, cheat, extortion, con,<br />
double-cross, hoax, ploy, ruse and hoodwink<br />
are just a few of them. However, the word is<br />
perhaps best defined by Action Fraud, which<br />
claims it ‘is when trickery is used to gain a<br />
dishonest advantage, which is often financial,<br />
over another person’.<br />
With technology – and especially the Internet<br />
– having such a huge impact on all our lives, it<br />
should be no surprise that fraudsters have paid<br />
particular attention to it. Phishing is<br />
particularly popular. At one time or another,<br />
most of us will have received an e-mail claiming<br />
to be from someone posing as someone they’re<br />
not and soliciting us to send a specific amount<br />
of cash, which would supposedly allow the<br />
sender to access their savings account and<br />
reward the benefactor with more money than<br />
originally borrowed.<br />
However far-fetched this type of scam<br />
appears, people continue to fall for them and<br />
they’re becoming increasingly sophisticated. A<br />
woman named Kate Blakeley recently told the<br />
media how she lost £300,000 through such a<br />
scam. In the process of buying a house with her<br />
partner, fraudsters intercepted an e-mail from<br />
their solicitors and cajoled them to transfer the<br />
funds into a different bank account controlled<br />
by the criminals.<br />
That’s by no means an isolated case. Figures<br />
published by UK Finance show that, in the first<br />
six months of the year, more than 19,000<br />
people were the targets of scams known as<br />
Authorised Push Payment involving a total<br />
amount of over £100 million.<br />
While it’s easy to focus on this type of online<br />
deception, the fact is that there are well over<br />
100 identifiable types of fraud. Tax fraud,<br />
romance fraud, employment fraud, car<br />
insurance fraud, benefit fraud, health scams,<br />
holiday fraud, investment fraud, ‘boiler room’<br />
scams, Intellectual Property fraud, lottery fraud<br />
– the list goes on and on.<br />
To combat this growing problem, the Fraud<br />
Act 2006 came into force in January 2007 and<br />
replaced the eight deception offences<br />
contained within the Theft Act 1968 and 1978. It<br />
offers a statutory definition of this criminal<br />
offence, defining it in three classes: fraud by<br />
false representation, fraud by failing to disclose<br />
information and fraud by abuse of position. It<br />
states that a person found guilty of fraud is<br />
liable to a fine or imprisonment for up to 12<br />
months on summary conviction (six months in<br />
Northern Ireland), or a fine or imprisonment for<br />
up to ten years on conviction on indictment.<br />
Although the Fraud Act 2006 has provided a<br />
certain degree of clarity for most, some have<br />
criticised it for moving towards the concept of<br />
dishonesty, which is problematic in itself, as<br />
fraud has become a ‘conduct’ crime rather than<br />
a ‘results’ crime.<br />
Not what it seems<br />
Although, in theory, there are measures in place<br />
to protect the unfortunate victims of fraud,<br />
there are growing calls for more to be done in<br />
order to iron out the discrepancies in how these<br />
matters are dealt with.<br />
For instance, if credit or debit cards are used<br />
to perpetrate fraud, victims can usually get<br />
their money back. However, when it comes to<br />
bank transfers, the matter isn’t so clear-cut.<br />
Which? Magazine is lobbying for the big<br />
banks to do more in this area, particularly since<br />
consumers now make over 70 million bank<br />
transfers per month compared to just over 100<br />
million in a whole year a decade ago.<br />
Even though online fraud is now the most<br />
common crime in the country, the response to<br />
prosecuting cyber crime incidents can be<br />
described as disappointing at best. We simply<br />
16<br />
www.risk-uk.com
Opinion: Mind Your Own Business<br />
don’t have accurate figures at our fingertips to<br />
assess the true scale of the problem.<br />
There are two main sources used in the<br />
official statistics on fraud: police-recorded<br />
crime and the Crime Survey for England and<br />
Wales (CSEW). Figures on fraud have long been<br />
included in police-recorded crime data, but<br />
until fairly recently fraud wasn’t covered in the<br />
headline estimates from the CSEW.<br />
Most fraud offences don’t come to the<br />
attention of the police service and, as a result,<br />
police-recorded crime data affords a very<br />
sketchy picture of the true extent of fraud.<br />
Annual Fraud Indicator<br />
The National Audit Office (NAO) has tried to<br />
paint a more accurate picture and supports the<br />
findings of the Annual Fraud Indicator (AFI),<br />
which was overseen by the UK Fraud Costs<br />
Measurement Committee and based on<br />
research conducted by the University of<br />
Portsmouth’s Centre for Counter Fraud Studies.<br />
The AFI unearthed that the real annual cost of<br />
fraud in the UK could be as high as £193 billion,<br />
including £10 billion to individuals and £144<br />
billion to the private sector.<br />
The NAO’s own Online Fraud report claims<br />
that there were an estimated 1.9 million cyberrelated<br />
fraud incidents in England and Wales in<br />
the year to 30 September 2016, representing<br />
16% of all estimated crime incidents. In four out<br />
of every ten online fraud incidents, the victims<br />
involved lost at least £250.<br />
Despite this, the NAO has stated that,<br />
because it’s considered to be a low value, but<br />
high volume crime, fraud isn’t yet a priority for<br />
all local police forces and is consistently<br />
overlooked by Government, law enforcement<br />
and industry. It also added that the Home Office<br />
is the only organisation in a position to oversee<br />
the system and lead change.<br />
Taking the initiative<br />
With criminals using ever-more complex scams<br />
to trick customers into giving away their<br />
personal or security data, there have been a<br />
number of initiatives over the last few years<br />
designed to make consumers and business<br />
people alike more aware of the issue.<br />
The most recent of these is ‘Take Five to Stop<br />
Fraud’. Developed by the financial sector in<br />
partnership with the Home Office, this national<br />
campaign aims to impart straightforward and<br />
impartial advice to help everyone protect<br />
themselves from preventable fraud. It offers<br />
advice to assist customers in protecting<br />
themselves from fraud by recognising scams<br />
and confidently challenging any requests for<br />
their personal or financial information.<br />
While obviously well-intentioned, more direct<br />
measures could also be taken through the<br />
sharing of crime data between law enforcement<br />
agencies and the business community. Look at<br />
online fraud, for example. This type of crime is<br />
increasingly prevalent as unscrupulous<br />
individuals take advantage of the loopholes<br />
inherent within online purchasing. Retailers are<br />
increasingly reporting instances of customers<br />
claiming not to have received goods, while<br />
some individuals are falsely stating that<br />
packages have not been packed correctly and<br />
that ordered items are missing.<br />
Software is now available that offers insight<br />
into persistent offenders who commit fraud<br />
against multiple online businesses, helping<br />
companies to develop a more effective loss<br />
prevention strategy. Using a pattern matching<br />
sequence and known data on those committing<br />
fraud helps to build resilience against repeat<br />
offenders and can contribute towards any<br />
police investigations.<br />
The end result is a more robust online fraud<br />
prevention strategy, which clearly identifies<br />
current trends and ‘hotspots’, and also helps in<br />
reducing losses from this type of activity.<br />
Protect and survive<br />
The subject of fraud prevention is particularly<br />
relevant during the Christmas season, of<br />
course, as businesses and consumers<br />
traditionally become the targets of nefarious<br />
activity at this time of the year.<br />
Figures show that, last year, victims reported<br />
losing nearly £16 million to Christmas<br />
fraudsters, increasing from £10 million lost the<br />
year before. Action Fraud reports rose by 25%<br />
when comparing the Christmas period in 2016<br />
with the same timescale in 2015.<br />
An analysis of last year’s crimes also shows<br />
that 65% of those committed at Christmas were<br />
linked to online auction sites, with the average<br />
loss for these reports coming in at £727.<br />
That said, we shouldn’t merely focus on the<br />
Christmas period. Remaining vigilant against<br />
fraud is a year-round activity and we must all<br />
play our part in helping to defeat it.<br />
Although it’s fair to suggest that nothing can<br />
replace a healthy dose of common sense and<br />
diligence, hopefully 2018 will bring a greater<br />
level of activity at the highest echelons when it<br />
comes to tackling this issue with robustness.<br />
Alison Parkinson:<br />
Fraud Business Development<br />
Director at the National<br />
Business Crime Solution (NBCS)<br />
*Mind Your Own Business is the<br />
space where the NBCS examines<br />
current and often key-critical<br />
business crime issues directly<br />
affecting today’s companies. The<br />
thoughts and opinions expressed<br />
here are intended to generate<br />
debate and discussion among<br />
practitioners within the<br />
professional security and risk<br />
management sectors. If you would<br />
like to make comment on the<br />
views outlined, please send an<br />
e-mail to: brian.sims@risk-uk.com<br />
**The NBCS is a ‘Not-for-Profit’<br />
initiative that enables the effective<br />
sharing of appropriate data<br />
between the police service, crime<br />
reduction agencies and the<br />
business community to reduce<br />
crime and risks posed to all. By<br />
providing a central repository<br />
where business crime data is<br />
submitted, shared and analysed,<br />
the NBCS is able to gather the<br />
necessary intelligence and support<br />
to more effectively detect, prevent<br />
and, subsequently, respond to<br />
crimes affecting the UK’s business<br />
community. For further information<br />
access the website at:<br />
www.nationalbusinesscrime<br />
solution.com<br />
“Figures published by UK Finance show that, in the first six<br />
months of the year, more than 19,000 people were the<br />
targets of scams known as Authorised Push Payment<br />
involving a total amount of over £100 million”<br />
17<br />
www.risk-uk.com
The New Camera Line Mx6 Creates More Possibilities.<br />
More Images, in All Light Conditions, in Every Standard<br />
More Intelligence Is on the Way<br />
The new Mx6 6MP camera system from MOBOTIX offers increased performance.<br />
A frame rate that is up to twice as fast than that of other cameras allows it to capture<br />
quick movements even better and simultaneously deliver sharp images in MxPEG,<br />
MJPEG and, for the first time in H.264, the industry standard. The innovative Mx6<br />
camera line is faster, more flexible and higher-performing, opening up new application<br />
and integration opportunities for to you to meet all requirements.<br />
MOBOTIX AG • Langmeil, Germany • www.mobotix.com
BSIA Briefing<br />
The latest Crime Survey for England and<br />
Wales highlights that the volume of<br />
violence against the person offences being<br />
dealt with by the police has risen by 19%<br />
compared with the previous year, largely due to<br />
increases in the sub-categories of ‘stalking and<br />
harassment’ (36%), ‘violence without injury’<br />
(21%) and ‘violence with injury’ (10%).<br />
According to the ONS’ report, most of this<br />
volume increase was thought to result from<br />
improved recording practices. However, it’s<br />
likely that the rises in these more serious<br />
categories of crime reflect genuine escalations<br />
in criminality as they’re thought to be generally<br />
well-recorded by the police.<br />
Stalking is defined as the unwanted or<br />
obsessive attention by an individual or group<br />
towards another person. Stalking behaviours<br />
may differ, but are related to harassment and<br />
intimidation and may include someone<br />
following the targeted victim in person or<br />
otherwise monitoring them in some way.<br />
According to the Suzy Lamplugh Trust – the<br />
personal safety charity that runs the National<br />
Stalking Helpline – anyone can be a victim of<br />
stalking. In fact, a report produced by Dr<br />
Lorraine Sheridan and the Network for<br />
Surviving Stalking found that stalking victims’<br />
ages ranged from 10 to 73, with both males and<br />
females targeted and episodes spread right<br />
across the entire socio-economic spectrum.<br />
Around 45% of those individuals who contact<br />
the National Stalking Helpline are being stalked<br />
by a former partner, while a further third have<br />
had some sort of prior acquaintance with their<br />
stalker. This could include a friend, a colleague<br />
or a client, for example 1 .<br />
Revised guidelines<br />
For employers of the estimated eight million<br />
lone workers in the UK, the increase in stalking<br />
and harassment reported in the Crime Survey<br />
for England and Wales should be concerning,<br />
and particularly so for those that employ lone<br />
workers operating within the community.<br />
There’s a legal obligation for any employer to<br />
keep their lone workers safe. Revised<br />
sentencing guidelines issued in November 2015<br />
have made the penalties more severe for those<br />
failing to do so. The Health and Safety, Food<br />
and Corporate Manslaughter sentencing<br />
guidelines were issued by the Sentencing<br />
Council and will be considered by the courts.<br />
Since the revisions came into effect in<br />
February last year, organisations breaching<br />
their Duty of Care towards employees and nonemployees<br />
alike face significantly larger fines<br />
starting at several million pounds for a large<br />
organisation found to be highly culpable in a<br />
Duty of Care to Employees<br />
In mid-October, the Office for National Statistics (ONS) issued<br />
the findings of its Crime Survey for England and Wales for the<br />
year ending June 2017. While crime estimated by the study<br />
has fallen considerably from the peak levels recorded back in<br />
1995, the volume of violence against the person offences now<br />
being dealt with by the police service has increased. Here,<br />
James Kelly discusses how lone worker safety solutions could<br />
help to reduce the risk of crimes such as stalking<br />
Harm Category 1 incident. Additionally, stalking<br />
can have a hugely detrimental impact on its<br />
victims in terms of their physical and<br />
psychological well-being, causing them to feel<br />
unsafe wherever they go which, in turn, can<br />
impact their performance in the workplace.<br />
In employer guidance produced by the Suzy<br />
Lamplugh Trust, signs of an employee being<br />
stalked are explained as including ‘increased<br />
absences, arriving late for work or unexplained<br />
poor work performance’.<br />
Research also informs us that 50% of<br />
stalking victims have “curtailed or ceased work<br />
as a consequence of being stalked” 2 .<br />
Offering reassurances<br />
For employees regularly required to work alone<br />
or away from their usual place of work – such<br />
as in the local community – a lone worker<br />
safety solution can provide them with<br />
reassurance, as well as a means to summon aid<br />
should an emergency scenario arise.<br />
An effective lone worker solution will also<br />
collect information that can be used as<br />
evidence if an incident does occur.<br />
James Kelly: CEO of the British<br />
Security Industry Association<br />
19<br />
www.risk-uk.com
BSIA Briefing<br />
References<br />
1 https://www.suzylamplugh.<br />
org/Pages/FAQs/Category/<br />
anti-stalking<br />
2 https://www.suzylamplugh.<br />
org/Handlers/Download.ashx<br />
?IDMF=18a033d5-d0fb-4a05-<br />
aed5-7eb95a4e48fe<br />
There’s a variety of lone worker products<br />
available, including Apps on smart phones and<br />
dedicated GPS/GSM lone worker devices which<br />
connect lone workers quickly and discreetly<br />
with an emergency response. Devices are<br />
connected to an Alarm Receiving Centre (ARC)<br />
at which operators receive and manage alarm<br />
calls and can quickly request Emergency<br />
Services or other assistance if required.<br />
Users can also send a pre-activation message<br />
to the ARC, which will notify operators that the<br />
user is about to enter an area with a potential<br />
risk. If any problems occur, the user can then<br />
activate the device fully in order to summon<br />
help. Activation of the device automatically<br />
triggers a voice call to the ARC, allowing<br />
operators to monitor the audio channel in realtime,<br />
assess the situation and alert the police<br />
service if the user needs help or protection.<br />
The open microphone provides the police<br />
service with an effective ‘moving picture’ of the<br />
whole incident, in turn affording peace of mind<br />
for the end user that the situation is being<br />
closely monitored at all times.<br />
Perhaps the most important factor to<br />
consider when contracting a lone worker safety<br />
service is whether the chosen supplier is<br />
certified to BS 8484: Code of Practice for the<br />
Provision of Lone Worker Services. This is vital<br />
as it’s the basis upon which the police respond<br />
to lone worker systems and how they do so.<br />
A priority police response cannot be<br />
guaranteed by a supplier who isn’t audited to<br />
and compliant with BS 8484. While many<br />
suppliers readily claim that parts of their<br />
system are BS 8484-compliant, unless they can<br />
prove this by way of certification against<br />
Sections 4, 5 and 6 of BS 8484, they cannot<br />
guarantee a priority police response.<br />
Physical building security<br />
The other major factor – this time pertaining to<br />
Section 6 of BS 8484 – in ensuring an effective<br />
police response from a lone worker device<br />
activation is that the supplier uses an ARC<br />
which meets the British and/or European<br />
Standards around physical security of the<br />
building, staff security vetting and call handling<br />
response times.<br />
The ARC must operate on a 24/7 basis and be<br />
able to quickly reinstate services following a<br />
catastrophic event such as a fire or flood. The<br />
“Stalking behaviours may differ, but are related to<br />
harassment and intimidation and may include someone<br />
following the targeted victim in person or otherwise<br />
monitoring them in some way”<br />
current standards that an ARC must meet are<br />
certification to BS 8484 Part 6 and BS 5979<br />
Category II, although ARCs applying for new<br />
accreditations are expected to meet the<br />
requirements for BS 8591 which call upon the<br />
same requirements for BS EN 50518 (the latter<br />
is currently under review).<br />
The National Police Chiefs’ Council’s (NPCC)<br />
Security Systems Policy permits these<br />
accredited ARCs to be granted a Unique<br />
Reference Number (URN) by each UK police<br />
force. A trained and certified ARC operator will<br />
listen in to audio received from a lone worker<br />
device activation. If safe to do so they’ll speak<br />
to the user and then consider the reply,<br />
alongside other information, to determine<br />
whether requesting a Level 1 police response<br />
would be appropriate. The URN system enables<br />
an ARC to bypass the usual 999 route, thereby<br />
ensuring a quicker response from the police.<br />
Back in late 2015, the BSIA’s Lone Worker<br />
Section interviewed the NPCC’s security<br />
systems lead Ken Meanwell, who explained: “In<br />
the majority of cases, the use of a URN<br />
guarantees that the police will respond more<br />
quickly than when 999 is called. Obviously, this<br />
doesn’t mean that the URN call will remain a<br />
priority. Common sense applies and incidents<br />
involving firearms or large-scale public<br />
disorder, for example, may assume priority.”<br />
Providing employees who are required to<br />
work alone – and in particular those who may<br />
have disclosed concern about their personal<br />
safety – with the means to summon emergency<br />
help both quickly and effectively will greatly<br />
reassure them.<br />
For those employers considering sourcing<br />
lone worker solutions, the British Security<br />
Industry Association (BSIA) recommends that<br />
the choice of provider is based on their ability<br />
to demonstrate devices or smart phone<br />
applications certified to BS 8484, certification<br />
to BS 8484 Sections 4, 5 and 6 and that devices<br />
or smart phone applications are monitored by<br />
an ARC certificated to BS 8484 and BS 5979<br />
Category II or BS 8591/BS EN 50518.<br />
Solution providers should also be able to<br />
deliver a bespoke service that begins with a<br />
thorough risk assessment to identify the most<br />
appropriate device product for various roles<br />
within a client’s company.<br />
A good place for end users to start is by<br />
looking at companies within the BSIA’s Lone<br />
Worker Section. These are well-established<br />
suppliers and ARCs who have been audited for<br />
compliance with the relevant British Standards<br />
(and certified as such). For more information on<br />
lone worker services, or to source a reputable<br />
supplier, visit www.bsia.co.uk/lone-workers<br />
20<br />
www.risk-uk.com
Powerful web based<br />
controller, powered<br />
by smart devices.<br />
DESIGNED<br />
IN<br />
A U ST R A<br />
R<br />
LIA<br />
Inception is an integrated access control and security<br />
alarm system with a design edge that sets it apart<br />
from the pack. Featuring built in web based software,<br />
the Inception system is simple to access using a web<br />
browser on a Computer, Tablet or Smartphone.<br />
With a step by step commissioning guide and<br />
outstanding user interface, Inception is easy to<br />
install and very easy to operate.<br />
For more information simply scan the QR code<br />
or visit innerrange.com.<br />
Security<br />
Alarm<br />
Access<br />
Control<br />
Automation<br />
No Software<br />
Required<br />
Multiple<br />
Devices<br />
Easy Setup<br />
with Checklist<br />
Prompting<br />
Send IP Alarms via<br />
the Multipath-IP<br />
Network<br />
T: +44 845 470 5000<br />
E: ireurope@innerrange.co.uk<br />
W: innerrange.com
An Evolving Security Landscape:<br />
Developing Operational Procedures<br />
The physical security<br />
industry is evolving.<br />
Manufacturers are<br />
developing innovative<br />
new products and<br />
harnessing the latest<br />
trends in technology.<br />
Of late, some<br />
developments have<br />
included fantastic<br />
enhancements to<br />
existing technologies.<br />
However, both Jon<br />
Roadnight and Philip<br />
Strand observe why<br />
security professionals<br />
mustn’t become too<br />
fixated on the<br />
relentless march of<br />
technology at the<br />
possible expense of<br />
solid procedure and<br />
process within their<br />
present organisations<br />
Jon Roadnight:<br />
Director at CornerStone GRG<br />
22<br />
www.risk-uk.com<br />
Full-colour night vision CCTV cameras, fullyintegrated<br />
access control systems, GPSassisted<br />
threat tracking tools and new user<br />
interfaces are all examples of excellent<br />
technological advancements in recent years.<br />
The path on which forward-thinking<br />
companies developing such solutions find<br />
themselves is limited only by our imaginations.<br />
The advent of many of these products is driven<br />
by ever-evolving customer requirements that<br />
guarantee manufacturers’ investments into new<br />
products will be well-rewarded, but we mustn’t<br />
become too fixated on these fantastic<br />
developments in technology.<br />
Within the physical security industry,<br />
procedures and processes – encompassing<br />
design, tender, project, operations and risk<br />
management methods – are every bit as<br />
important when it comes to successful risk<br />
mitigation as the technologies that we can see,<br />
hear and touch.<br />
It would even be defensible to argue that, in<br />
many cases, processes are more important than<br />
products. After all, a talented security team<br />
with rigorously-tested processes and<br />
procedures in place to guide their activities can<br />
often work around equipment limitations.<br />
Inexperienced security teams with undeveloped<br />
processes and procedures rarely achieve better<br />
results even when they are handed state-ofthe-art<br />
equipment.<br />
Indeed, it’s here one might make a counterargument<br />
that, when technology replaces<br />
people, it eliminates the need for processes<br />
because there are no – or fewer – individuals in<br />
the situation about whom to be concerned.<br />
Experienced security professionals, however,<br />
immediately recognise that this isn’t true. The<br />
processes still exist. They’re simply designed<br />
into the programmes that automatically control<br />
the technology as opposed to being executed<br />
manually by human beings.<br />
We shouldn’t forget that humans designed<br />
the processes that were programmed into the<br />
technology in the first place and that,<br />
somewhere in the equation, humans still need<br />
to sit at the strategic level, ensuring that the<br />
technologies are aligned and operating well.<br />
In light of the importance of process as part<br />
of our security function, it’s uncanny that the<br />
private security industry is populated by a great<br />
many manufacturers investing considerable<br />
resources into researching and developing new<br />
products, but very few other types of<br />
companies investing in faster, more costeffective<br />
ways of incorporating this technology<br />
into real-world security environments.<br />
Process and procedure<br />
Risk mitigation means more than simply<br />
deploying the latest innovation. It’s the<br />
processes and procedures that define how a<br />
new product or system is intended to address a<br />
particular set of security risks. It’s in this area<br />
that more attention needs to be focused.<br />
Just how much of your security infrastructure<br />
is being used to good effect within the<br />
business? It’s all-too-common for a significant<br />
financial investment to be made in new<br />
measures, including technology, only for a tiny<br />
percentage of its capability to ever be used.<br />
In our role as independent security<br />
consultants, we often witness examples of<br />
environments where large amounts of money<br />
have been spent by the client, but the<br />
intelligence and functionality built into the<br />
products and systems that form a large part of<br />
that investment are never used.<br />
The need to embed new technology within<br />
the business operation is greater now than at<br />
any point in the past. Manufacturers continue<br />
to develop products and systems that have<br />
more and more complexity, although the user<br />
interface may appear to be more simplistic. To<br />
extract the real value from these investments,<br />
system users need to ensure that,<br />
operationally, their specific business<br />
requirements are understood and the<br />
intricacies of every aspect of any necessary<br />
security risk mitigation measure fully aligned.<br />
If the physical security industry were to<br />
broaden its focus beyond technology and<br />
products and into better ways of procuring,<br />
installing and using those products, then<br />
treasure troves of new knowledge could be<br />
unlocked. For starters, individuals both outside<br />
the industry as well as within would develop a<br />
better understanding of what it means to be<br />
‘secure’ and how best to achieve that goal.<br />
Additional steps needed<br />
The clients and interface partners of most<br />
security companies hail from a wide range of<br />
markets, industries and geographic locations,
Risk and Security Management: Developing Operational Procedures<br />
as indeed do their competitors. Market<br />
research is fundamental to every security<br />
company’s business strategy, but taking<br />
additional steps to understand why markets<br />
have evolved, how they will evolve in the future<br />
and the implications of these evolutions would<br />
be of value for the security industry as a whole.<br />
It may not be necessary to begin the process<br />
from scratch. Many existing processes could<br />
also be optimised. Security projects are<br />
executed within timeframes that are heavily<br />
influenced by clients’ operational needs, RIBA<br />
work stages, project management processes<br />
and other real-world factors.<br />
Understanding and streamlining risk<br />
management and security engineering as well<br />
as design processes could help the UK’s<br />
security industry to better position itself on a<br />
competitive footing within the global market.<br />
There have been many security studies<br />
undertaken that consider the overlap between<br />
people, products and processes, some of them<br />
as a consequence of major security incidents. In<br />
a report compiled after the 9/11 attacks in New<br />
York, one of the key findings was a need for<br />
better integrated security and communication<br />
systems. At the time, this led to a number of<br />
important initiatives, including a trend towards<br />
interoperability and system integration.<br />
Technically, the proliferation of Internet<br />
Protocol-connected security devices opened up<br />
a whole new world of possibilities. Combined<br />
with better applications to control and monitor<br />
systems, greater computer processing power to<br />
drive more complex products and faster and<br />
larger data networks, this means that we now<br />
have an array of highly sophisticated security<br />
tools at our disposal.<br />
Much of this sophistication, however, will be<br />
left underused and the real benefits of system<br />
or product deployment wasted if we don’t<br />
harness its power by applying better and more<br />
developed security procedures.<br />
Development burden<br />
The traditional burden of developing<br />
operational processes and procedures tends to<br />
fall on one of two key stakeholders.<br />
Sometimes, end clients have resources<br />
employed in-house who have the knowledge<br />
and capability. This tends to be the minority of<br />
clients, though, and even if they do have a<br />
security team available, they tend not to have<br />
the bandwidth to take on such labour-intensive<br />
activities among their standard duties.<br />
The other main producer of operational<br />
processes is the security guarding contractor.<br />
This probably seems a logical route, as it’s<br />
security officers who will have the<br />
responsibility of delivering the security<br />
procedures. These client procedures will form<br />
the basis of the assignment instructions that<br />
are clearly a security guarding company’s<br />
responsibility to produce. It’s also these basic<br />
interpretations of the security strategy,<br />
procedures and policies that will govern<br />
officers’ activities on each particular site.<br />
We would question, though, whether the<br />
guarding contractor is the right choice for<br />
developing some of the more technically-biased<br />
procedures. Developing response criteria based<br />
on an alarm input that could use a range of<br />
different technologies as part of the verification<br />
process can call upon a deep technical and<br />
operational understanding. Defining access<br />
rights and permissions that need to evolve in a<br />
dynamic threat environment will draw upon<br />
access control system deployment experience.<br />
It’s not a subject to be challenged lightly.<br />
As technology continues to develop and<br />
capability expands, the need for better and<br />
more granular security procedures and<br />
processes will inevitably continue to grow. The<br />
connection between personnel, products and<br />
process is probably more critical today than it<br />
has ever been. The suggestion we’re making is<br />
that the latter has lagged when it comes to the<br />
overall improvement we’ve witnessed in the<br />
security business arena in general.<br />
Dr Philip Strand PhD MBA:<br />
Senior Risk Consultant at<br />
CornerStone GRG<br />
“Understanding and streamlining risk management and<br />
security engineering as well as design processes could help<br />
the UK’s security industry to better position itself on a<br />
competitive footing within the global market”<br />
23<br />
www.risk-uk.com
Redefining Storage for a Smart Future<br />
As the dawn of smart<br />
cities promises to<br />
redefine the world<br />
around us, millions of<br />
sensors and systems<br />
will need to work<br />
seamlessly together.<br />
For every innovation<br />
facilitated by the<br />
Internet of Things,<br />
cameras and Artificial<br />
Intelligence, storage<br />
remains the critical<br />
foundation that both<br />
underpins and<br />
connects new<br />
technologies. In the<br />
second instalment of a<br />
two-part series<br />
exclusive to Risk UK,<br />
Andrew Palmer<br />
examines the<br />
important role of the<br />
right storage in<br />
supporting cities of<br />
the future<br />
24<br />
www.risk-uk.com<br />
According to market analyst Gartner, almost<br />
21 billion Internet of Things (IoT)-<br />
connected sensors will be in use by 2020.<br />
From homes to city streets, from your work<br />
lanyard to light sensors in street luminaires, the<br />
sensors involved will capture the huge<br />
quantities of data it takes to power a highlyautomated<br />
and highly-efficient world.<br />
However, while new advances in sensor<br />
technology will drive our transition towards<br />
smart cities (and, indeed, smarter workplaces),<br />
some familiar hardware could be the secret to<br />
unlocking everything analytics has to offer.<br />
In the words of Fujitsu’s CTO Dr Joseph Reger:<br />
“Cameras are becoming the universal sensor of<br />
IoT. If you’re smart enough, you can figure out<br />
what’s happening by watching and you don’t<br />
need other sensors.”<br />
As is always the case, these devices will all<br />
be underpinned by storage, most commonly in<br />
the form of hard drives. It’s tempting to think<br />
that the technology underlying our smart future<br />
isn’t so revolutionary after all. However familiar<br />
they may appear and however tried-and-tested<br />
these future use cases of hardware might seem<br />
on first glance, it’s certainly time for a different<br />
breed of storage to emerge.<br />
Beginning with security<br />
Before we can move towards automation,<br />
efficiency and enriching our lives with<br />
connected infrastructure, we need to start with<br />
the basics. Governments are investing heavily<br />
in so-called ‘safe city’ solutions. Just as in<br />
offices, warehouses and retail environments,<br />
safety and security are obvious priorities –<br />
these are the very foundations upon which we<br />
can build towards loftier goals.<br />
In 2013, the Singapore Economic<br />
Development Board and Ministry of Home<br />
Affairs embarked upon a project to improve<br />
public safety and security. Multi-million dollar<br />
investments included video analytics using<br />
rule-based algorithms and machine learning.<br />
The solution could detect normal scenarios<br />
and, in turn, abnormal incidents, from rubbish<br />
build-up to suspicious packages. The end<br />
results of all this work? Everything from an<br />
increase in key safety metrics to better tourism<br />
and enhanced citizen happiness.<br />
Unsurprisingly, it’s an impressive<br />
achievement that cities around the world are<br />
looking to replicate. Indeed, based on the latest<br />
estimates, the market for safe city solutions is<br />
expected to exceed $20 billion by 2021. All of<br />
this development is driven by cameras and<br />
storage being used in new, innovative ways.<br />
Of course, the big ambitions of city planners<br />
and Governments don’t feel immediately<br />
relevant when you’re trying to secure your plant<br />
equipment or keep trespassers out of your<br />
warehouse. That said, we’re all part of this<br />
transition towards safe and smart cities, and<br />
it’s fair to state that the strategies and<br />
technologies of world leaders can be used to<br />
transform surveillance on every level.<br />
With a specific focus on security, surveillance<br />
cameras have transitioned from being seen by<br />
some as a costly expense to become a real<br />
asset that provides tangible value. Machine<br />
learning and deep learning are allowing<br />
surveillance systems to build their own<br />
intelligence without programming, while<br />
growing more accurate and sophisticated with<br />
every new frame of footage that they see. It’s<br />
the marriage of more sophisticated cameras,<br />
advanced software, intelligently-designed<br />
algorithms and back end processing power. All<br />
of this flows through your chosen storage.<br />
According to IDC, the amount of the global<br />
datasphere subject to data analysis will grow<br />
by a factor of 50 to 5.2 ZB in 2025. It’s not just<br />
cities – corporations, small businesses and<br />
individuals are now all realising the huge<br />
opportunities of Artificial Intelligence (AI).<br />
Value of analytics and AI<br />
If there’s one thing we know about<br />
Governments, it’s that heavy investment in safe,<br />
smart cities wouldn’t be happening without the
Data Storage for Security Systems (Part Two)<br />
promise of big benefits and either financial<br />
returns or savings – or both. Whether you’re<br />
implementing thousands of sensors across an<br />
urban centre or trying to realise more value<br />
from your commercial CCTV deployment, video<br />
analytics delivers a real impact. Machine<br />
learning, natural language processing and AI –<br />
collectively known as cognitive systems – turn<br />
data analysis from historic to real-time. It’s less<br />
about gathering information on previous events<br />
(in archived recordings), and more about using<br />
intelligence for smarter decision-making.<br />
AI can empower faster decisions without<br />
compromising on quality, a proactive stance<br />
and opportunities for time-saving automation.<br />
That scenario will only be realised, though, if<br />
your storage can keep up.<br />
Since cognitive systems depend on large<br />
quantities of high-quality video to analyse and<br />
from which they can learn, it’s only natural that<br />
scalability and capacity will continue to be<br />
important traits of storage. The most critical<br />
change comes in terms of how we’re using data,<br />
not just the amount of it we need to store.<br />
Traditional recording streams are<br />
predominantly sequential. The workload your<br />
drive sees is primarily sequential writes as new<br />
footage is captured, with infrequent read<br />
activity as archived footage is reviewed.<br />
Analytics streams are fundamentally different.<br />
Data sets are more fragmented and a drive is<br />
subject to more random read and write<br />
operations. The right storage for AI, then, will<br />
support 50/50 read/write workloads and, in an<br />
ideal world, for multiple AI streams at once.<br />
Low-latency random read performance will<br />
become as crucial as the workload ratings and<br />
life expectancy many of us typically use to<br />
assess storage today. Beyond read/write<br />
performance, the right storage for cognitive<br />
systems will match the traits of the systems<br />
themselves, offering rich automation, ongoing<br />
monitoring and better intelligence.<br />
One key focus area is data integrity. After all,<br />
as we leverage AI to exponentially increase the<br />
value of our footage in an operational sense,<br />
we have more than ever to lose when frames<br />
are dropped or drives fail. Just as powerful<br />
algorithms could detect abnormal behaviour in<br />
your feeds, algorithms may be used to monitor<br />
and manage the health of your hard drive.<br />
Preventative measures built into storage<br />
firmware can detect issues like increasing<br />
temperatures or vibrations, then advise you on<br />
correcting these problems to extend the<br />
lifespan of your storage. In addition, smart<br />
storage can monitor key health parameters<br />
through the lifespan of your storage. If these<br />
parameters change and the drive is<br />
deteriorating, alerting could advise you to<br />
conduct a back-up procedure in order to avoid<br />
catastrophic data loss.<br />
The right storage for deep learning will<br />
understand how important it is to your<br />
operations and do more to improve your insight<br />
into performance as well as enhance your<br />
ability to keep that data safe.<br />
Role of human expertise<br />
Finally, while smart cities of the future will<br />
dramatically decrease the burden on human<br />
labour, it must be said that, sometimes, there’s<br />
simply no substitute for skilled professionals.<br />
In short, someone needs to know how to install<br />
those 20 billion-plus sensors.<br />
Similarly, storage shouldn’t stop with<br />
technology. It’s down to storage providers and<br />
integrators alike to help end users find the right<br />
drive for the job – one that meets every current<br />
requirement and offers room to grow, but also<br />
considers the reality that drives come with<br />
limited lifespans. It’s absolutely no good<br />
investing in hardware that will fail before you’ve<br />
been able to use it effectively.<br />
It’s also down to storage providers to go that<br />
bit further in protecting their customers’ data<br />
assets, whether through extended warranties<br />
or data recovery programmes that can retrieve<br />
footage from damaged hardware.<br />
Smart cities are no longer a vision of some<br />
distant future – they’re already here. AI and<br />
machine learning isn’t something that’s only<br />
fully realised in science fiction – it has been<br />
powering everything from online advertising to<br />
search results for years. Soon, you’ll even trust<br />
it to drive your car.<br />
Scalable, tough and secure<br />
Of course, how you take advantage of these<br />
opportunities will be unique to you. Some of us<br />
are overhauling what our surveillance cameras<br />
can do now, while others are embarking on a<br />
more gradual journey of exploration.<br />
Whether it’s now or in the future, in a single<br />
location or across an entire city, the core and<br />
essential requirement of any solution remains<br />
the storage set-up. A solution that’s scalable,<br />
tough and secure enough to protect the<br />
lifeblood of your business may not be<br />
something you’re actively seeking at present,<br />
but it’s just a matter of ‘When’, not ‘If’.<br />
Andrew Palmer:<br />
Group Sales Manager<br />
(Enterprise and Surveillance)<br />
at Seagate Technology<br />
“Machine learning and deep learning are allowing<br />
surveillance systems to build their own intelligence without<br />
programming, while growing more accurate and<br />
sophisticated with every new frame of footage that they see”<br />
25<br />
www.risk-uk.com
A Demonstration of Resilience<br />
Any business owner or<br />
manager that has seen<br />
the concrete barriers<br />
installed on London’s<br />
bridges to protect<br />
pedestrians or the<br />
increased security at<br />
concerts and sporting<br />
venues in the wake of<br />
this year’s terrorist<br />
attacks cannot have<br />
failed to consider their<br />
own company’s<br />
present security<br />
arrangements and<br />
assess whether or not<br />
an upgrade is<br />
required. Jason<br />
Wakefield outlines a<br />
‘detect and protect’-<br />
style strategy for<br />
today’s organisations<br />
26<br />
www.risk-uk.com<br />
Fortunately, the type of terrorist attacks<br />
we’ve witnessed in the UK this year are still<br />
pretty rare events, but as MI5’s director<br />
general Andrew Parker admitted in a recent and<br />
rather rare public speech, the UK terror threat<br />
level is higher now than at any time in the past<br />
30 years. With this in mind, most security<br />
experts agree that it’s not a case of ‘If’ an<br />
incident will occur, but ‘When’.<br />
The tragic episodes of recent times,<br />
alongside high-profile warnings, have led many<br />
businesses that once considered themselves<br />
low-level targets to reconsider their approach<br />
towards security. The key challenge facing<br />
those responsible for business resilience and<br />
security is: ‘Where to begin?’<br />
The wide-ranging nature of attacks makes<br />
the degree of threat difficult to assess and the<br />
potential method of attack even harder to<br />
identify. Businesses could face everything from<br />
verbal or written threats through to dangerous<br />
items sent through the post and on again to<br />
direct cyber, property or personnel attacks.<br />
Within a business world where security<br />
awareness must be heightened, what questions<br />
should every organisation ask itself when<br />
considering business resilience and how to<br />
mitigate acts of terrorism?<br />
In times of a heightened threat level, it’s easy<br />
to be carried away on a rising tide of negative<br />
publicity. The first thing to rationally consider is<br />
the degree of risk your business is facing from<br />
a terrorist attack. Your location alone can<br />
sometimes put the business at risk (for<br />
example, if you’re in a high-profile location or<br />
an iconic building). The nature of your business<br />
can sometimes make you more prone to attack<br />
if there are political, religious or environmental<br />
connotations. All of these aspects must be<br />
considered objectively in order to establish<br />
from where attacks might arise.<br />
Types of threat<br />
Once you’ve understood the level of threat, it’s<br />
important to identify the most likely types of<br />
terrorist attacks that could harm staff and/or<br />
customers and interrupt business. Remember,<br />
the most likely attacks are not necessarily the<br />
high-profile tragic attacks on people that are<br />
well-publicised. Sometimes, the most common<br />
attacks are in the form of infrastructure threats,<br />
such as DDoS attacks on your communications<br />
and Internet-connected systems.<br />
The National Cyber Security Centre has<br />
recorded more than 500 ‘Significant’ cyber<br />
attacks launched against computer systems in<br />
the UK over the past year. In total, the<br />
organisation has registered 1,131 IT threats<br />
since October 2016. Of those, 590 were classed<br />
as ‘Significant’ with 30 of them serious enough<br />
to trigger a cross-Government response. The<br />
NHS was targeted, so too businesses both<br />
large and small in scope.<br />
You must establish the critical areas of the<br />
business that most require protection. First,<br />
consider your people and then property and<br />
infrastructure. Are there front line staff or key<br />
personnel more likely to be under threat? Are<br />
there office, store or building locations that are<br />
natural targets for selection by the would-be<br />
terrorist? What are the key functions, such as<br />
mail room or communication systems, that are<br />
most vulnerable to attack?<br />
Once a thorough assessment has been made,<br />
a strategy for detection and protection can be<br />
established for each vulnerable area. Such<br />
areas are generally situated around people and<br />
packages entering your building/venue. The<br />
various security requirements might be wideranging.<br />
They can include ‘eyes and ears’ on the<br />
perimeter of your building(s) in the form of<br />
CCTV systems, access systems designed to<br />
control who goes where and when and security<br />
screening for some or all individuals entering<br />
and leaving the building(s).<br />
There may also be mail room screening for all<br />
incoming parcels and letters against the<br />
delivery of potential IEDs and harmful<br />
biological agents such as ricin or anthrax and,<br />
last but not least, IT security solutions<br />
designed to protect against cyber threats.<br />
Included here must be a password change<br />
routine and very tight control of access to<br />
sensitive company information.<br />
Requirement for flexibility<br />
Try and build flexibility into your security<br />
solutions. The threats to your business are<br />
unlikely to remain fixed, so it’s prudent to<br />
ensure that the security arrangements you put<br />
in place are as versatile as possible.<br />
For example, one fast-growing area in<br />
security screening is the implementation of<br />
what’s known as ferromagnetic search pole<br />
technology. These are unlike the fixed security<br />
walk-through arches witnessed at airports. In<br />
this instance, the poles are highly versatile and<br />
may be easily moved so that you can have a<br />
fully-operational security checkpoint up-andrunning<br />
in a matter of minutes.
Counter-Terrorism: The Path to Business Resilience<br />
The detectors may also be used externally<br />
and in all weathers so that you can establish a<br />
checkpoint outside your building/venue which<br />
offers the flexibility to quickly establish fast<br />
screening for weapons such as guns and knives<br />
in any remote location, thus enabling the<br />
security team to effectively screen people<br />
before they even enter the establishment.<br />
The use of fully-rechargeable batteries<br />
renders such a solution an obvious answer to a<br />
fast-developing problem.<br />
However detailed your security plans, there’s<br />
always the danger that a terrorist attack will be<br />
successful in some way and, therefore, serve to<br />
disrupt the business. As a result, businesses<br />
must have equally robust disaster recovery<br />
plans in place to ensure that operations are<br />
impacted for the minimum time possible. These<br />
plans could involve back-up/co-locations being<br />
established quickly if a building becomes<br />
unusable or for IT and communication<br />
infrastructures to be ‘mirrored’ such that a<br />
connection may be quickly re-established in the<br />
event of an unforeseen outage.<br />
Despite the rapid advances in detection<br />
technology, your staff are often the first line of<br />
defence and the best ‘eyes and ears’ for the<br />
security of your business. To do their job well<br />
they must be trained properly. Consider the<br />
appropriate level of training for your staff.<br />
Some may just require basic threat awareness<br />
instruction, while others will need detailed<br />
training on how to effectively use the security<br />
technology at their disposal.<br />
Make sure that the training members of staff<br />
receive is from a recognised and appropriately<br />
accredited security training provider and duly<br />
delivered by experts in their field. Also, ensure<br />
that the training is regularly updated as<br />
required such that it’s always up-to-date with<br />
new techniques and evolving threats.<br />
Finally, ensure that your members of staff are<br />
regularly drilled and tested in their techniques<br />
to ensure that Best Practice is being<br />
implemented at every level.<br />
We would highly recommend the use of the<br />
Citizen Aid App. This can be downloaded to<br />
your personal mobile and is available on both<br />
the Android and iOS platforms. It’s designed<br />
such that it will help in reducing the anxiety<br />
around difficult decision-making in unfamiliar<br />
and fast-moving situations. Simply follow the<br />
systematic logical steps so that you do the right<br />
things and in the right order.<br />
Additional support<br />
Always bear in mind that, wherever possible,<br />
security action taken against potential terrorist<br />
threats and for business resilience should<br />
enhance and not stand in the way of business.<br />
Staff and customers are reassured when they<br />
see security steps being taken and<br />
implemented considerately. Everyone in the<br />
business should be encouraged to participate.<br />
Finally, remember that this type of security<br />
assessment and implementation isn’t<br />
something that your business has to do alone.<br />
There are professional organisations that can<br />
assist with threat assessments, security<br />
implementation planning and training.<br />
Your local police service and Counter-<br />
Terrorism Security Advisor can offer up-to-theminute<br />
advice that will greatly assist in<br />
plugging your business into the wider support<br />
and counter-terrorism activities already<br />
underway in your local community.<br />
The Centre for the Protection of National<br />
Infrastructure’s website offers excellent advice<br />
on counter-terrorism for most business<br />
activities and business resilience. It also<br />
outlines guidance on how to construct and<br />
implement business continuity plans in line<br />
with Government and British Standards<br />
Institution guidelines.<br />
All of these resources can help when it comes<br />
to integrating your business-focused prevention<br />
activities with wider community action.<br />
Jason Wakefield: Sales<br />
Director at Todd Research<br />
“Try and build flexibility into your security solutions. The<br />
threats to your business are unlikely to remain fixed, so it’s<br />
prudent to ensure that the security arrangements you put in<br />
place are as versatile as possible”<br />
27<br />
www.risk-uk.com
The Changing Face of Security Services: Security Guarding<br />
The Future of Security Guarding in the UK<br />
The political debate<br />
focused on Brexit<br />
continues at pace, but<br />
with no clear solution<br />
as yet in sight which is<br />
going to be agreeable<br />
for both parties, the<br />
UK economy remains<br />
in a state of flux. In<br />
parallel, David<br />
Mundell focuses on<br />
challenges ahead that<br />
will determine the<br />
shape of the security<br />
guarding sector for<br />
decades to come<br />
David Mundell: Managing<br />
Director of Axis Security<br />
28<br />
www.risk-uk.com<br />
For a number of years now, the European<br />
Union (EU) has been the driver for much of<br />
the regulation within the security industry,<br />
including legislation that affects workers’ rights<br />
(such as the TUPE Regulations, the Working<br />
Time Directive and various rulings on Health<br />
and Safety, etc). For its part, the Conservative<br />
Party has previously indicated an eagerness to<br />
remove some of these protections.<br />
A significant risk that may come with Brexit is<br />
a return to the previously unregulated market,<br />
resulting in a fall in professional standards and<br />
the further demotivation and<br />
disenfranchisement of staff.<br />
Leaving the EU may also result in an anti-UK<br />
bias across Europe, thereby placing UK<br />
businesses at a disadvantage. That scenario<br />
would limit opportunities for future expansion.<br />
There are already concerns that we’ll see a<br />
relocation of European headquarters away from<br />
the UK – and notably London – to elsewhere in<br />
Europe. The financial services sector is likely to<br />
bear the brunt of these moves, with the loss of<br />
such businesses reducing some of the more<br />
attractive accounts for the security industry.<br />
Procurement challenges<br />
Public sector procurement has been regulated<br />
by EU-driven laws. Removing these laws could<br />
result in less transparency and decreased<br />
standardisation in procurement processes. The<br />
end result would probably make the market<br />
less competitive. Uncertainty about the Brexit<br />
‘model’ is also an obstacle, since uncertainty<br />
often breeds concern, fear and nervousness.<br />
While the guarding industry predominantly<br />
remains UK focused, it cannot afford to ignore<br />
the labour pool which has employed a large<br />
number of EU citizens over the last decade.<br />
During this period, we’ve also seen a<br />
dramatic erosion of margin, which has affected<br />
the ability of companies to differentiate<br />
themselves from their competitors through<br />
investment in better training, quality of<br />
operational management and, above all, the<br />
quality of candidates available. Throw TUPE<br />
into this mix, with its impact on all service<br />
industries, and the full extent of the challenge<br />
ahead becomes readily apparent.<br />
While nobody advocates a return to pre-TUPE<br />
days, it has impacted on the quality of<br />
candidates available. This has recently been<br />
highlighted by Security Industry Authority<br />
statistics indicating a 20% reduction in licence<br />
renewals. That will clearly have an impact on<br />
the quality of the available labour pool.<br />
The recent rise of nearly 4.6% in the London<br />
Living Wage (LLW) offers equally challenging<br />
circumstances and will test the resolve of<br />
companies who voluntarily signed up to pay the<br />
LLW year-on-year. To maintain margins, these<br />
businesses will have to look at increases of up<br />
to 7% to offset pensions, the Apprenticeship<br />
Levy, associated holiday costs and CSP.<br />
In an economy where the national cost of<br />
living rises at an average of 2.5% per annum,<br />
and salaries typically only rise at 1%, the<br />
security guarding industry has to evolve in<br />
order to deal with this challenge.<br />
It’s perhaps nothing new to suggest that we<br />
must increase the use of technology to deliver<br />
an improved service, but this has to be<br />
achieved at a cost that the market can bear.<br />
Equally, the customer has to accept that their<br />
associated costs will continue to rise unless<br />
they change the mindset of procurement which<br />
invariably sacrifices quality on the altar of cost<br />
and added value.<br />
While we, as an industry, will have to wait<br />
and see what the real outcomes are from Brexit,<br />
there are two definite steps that we can<br />
collectively take to ease some of the<br />
challenges. The first is to ensure that contract<br />
award periods are for a minimum of five years,<br />
with clearly laid out KPIs for training and<br />
development through an open book policy to<br />
ensure no hidden margins on charge rates,<br />
thereby affording stability for all parties.<br />
The second is to introduce more technology<br />
to contracts with the overriding aim of having<br />
highly-trained security officers who are capable<br />
of dealing with all manner of incidents rather<br />
than being ‘sentries at the gate’.
A New Model for Guarding<br />
Cardinal's new 5M model gives clients a unique view of<br />
their investment and the true cost or return.<br />
Measure Mobilise Monitor Manage Monetise Test<br />
Contact us today and request a free data-driven health check on your incumbent provider<br />
Kerinda.Trigg@thecardinalgroup.co.uk<br />
Group Sales and Marketing Director +44 (0) 1799 533 635 +44 (0) 781 801 3200
The Changing Face of Security Services: Security Officers<br />
The Value of Front Line Security Officers<br />
In a world wherein an<br />
incident can be<br />
transported from<br />
photo or video taken<br />
on a phone to a tweet,<br />
a news story or a viral<br />
meme all in a matter<br />
of minutes, it’s<br />
essential that front<br />
line security staff<br />
understand their role<br />
in supporting the PR<br />
efforts of the client<br />
and the company for<br />
whom they work.<br />
Amanda McCloskey<br />
elaborates on what is<br />
a key issue<br />
Amanda McCloskey:<br />
Sales and Marketing Director<br />
for CIS Security and CIS Front<br />
of House<br />
30<br />
www.risk-uk.com<br />
Front line officers need to understand the<br />
power of the Internet in amplifying and, at<br />
times, distorting a story into a sensational<br />
headline. Media training is a must as part of<br />
any front line security induction programme if<br />
the risks of negative PR are to be effectively<br />
mitigated. We regularly remind our new starters<br />
of the law protecting breastfeeding mothers, for<br />
example, because there are few things that will<br />
trend on Twitter faster than a disgruntled<br />
mother who has just been told she needs to<br />
visit a toilet cubicle in order to feed her baby.<br />
All officers need to know what to do in the<br />
event of an approach by a news reporter<br />
seeking insights to pad out their story. While<br />
it’s important to be discreet on matters that<br />
pertain to the premises one is helping to<br />
secure, a reporter asking a question is still a<br />
customer (and, arguably, an even more<br />
important one) whose experience has the<br />
potential to resonate as far as they want it to.<br />
Politeness is paramount in this situation.<br />
Although the officer will not be able to help in<br />
providing a story, they should be equipped to<br />
assist in some way, such as providing details of<br />
the website to visit or the PR representative to<br />
contact in order to leave a positive customer<br />
experience. Even the stealthiest of tabloid<br />
newspaper reporters are customers who<br />
deserve to feel safe and happy as a result of an<br />
encounter with front line security personnel.<br />
Positive press coverage can have a fantastic<br />
impact on an organisation’s public perception.<br />
One of my proudest moments as a director of<br />
our company was discovering that an end user<br />
had written to the ‘Good Deed Feed’ section of<br />
the Metro newspaper with an emotional<br />
account about how one of our officers came to<br />
her aid while she was leaving hospital after<br />
spending a long day in Accident & Emergency<br />
with her toddler.<br />
The officer in question had to be rewarded<br />
for this and, helped by the fact that he had<br />
been doing a fantastic job, we awarded him the<br />
‘Security Officer of the Year’ accolade at our<br />
annual company awards.<br />
Furthermore, we nominated him for the<br />
Outstanding Security Officer Award at this<br />
year’s OSPAs. He duly took home the trophy<br />
along with another one we won that night for<br />
our Outstanding Customer Service Initiative.<br />
PR on the front line<br />
Elevating the profile of those who help us in<br />
promoting a positive image for ourselves, our<br />
clients and the industry in general is crucial in<br />
encouraging a responsibility for PR on the front<br />
line. It must be said that ‘The Hero Factor’ is<br />
one of the most positive messages we can<br />
convey as a profession.<br />
Positive perception isn’t going to come from<br />
someone rugby tackling a petty thief to the<br />
ground. On the contrary, this kind of approach<br />
can find one in very deep and murky PR waters.<br />
Exceeding customer experience is also where<br />
many PR wins can be scored.<br />
We all need to be better at ‘singing our own<br />
praises’ in the security industry when it comes<br />
to the good work that’s conducted within. It’s a<br />
culture that should be embedded from the<br />
Boardroom table all the way to the front line. If<br />
we want to enjoy better PR as an industry, we<br />
should absolutely take the opportunity to<br />
develop our PR skills and shout about our<br />
myriad achievements from the rooftops.<br />
Empowering and facilitating positive story<br />
sharing by front line officers with their<br />
colleagues will make them feel proud and<br />
imbue their role with added purpose. That will<br />
exert a positive influence on productivity.<br />
If we don’t shout about our achievements,<br />
nobody else is going to do it for us.
We go above<br />
and beyond.<br />
Axis Security – exceeding expectations in customer service.<br />
• Our employees – are highly trained, valued and rewarded<br />
• Our proactive management approach – ensures service is continually improving<br />
• Our intelligent technology – ensures open lines of communication and transparency<br />
• Our prestigious industry recognition – includes 3 Security Guarding Company of the Year awards<br />
T. 020 7520 2100 | E. info@axis-security.co.uk | axis-security.co.uk
The Security Industry<br />
Authority’s vision is<br />
one of a private<br />
security industry so<br />
committed to<br />
improving standards<br />
and protecting the<br />
public that, over time,<br />
it will need minimal<br />
regulation. This vision<br />
is underpinned by the<br />
Regulator’s close<br />
working relationships<br />
with partner<br />
stakeholders, the<br />
industry and members<br />
of the public alike, as<br />
Mark Burtonwood<br />
explains in detail<br />
Using Your Intelligence<br />
Critical to successful collaboration is the<br />
sharing of information that allows the<br />
Regulator to build a rich picture, enabling<br />
us to concentrate our efforts for maximum<br />
impact, while at the same time regulate in a<br />
way that’s proportionate, risk-based and<br />
focused on the non-compliant.<br />
The information you give us has a real impact<br />
and helps us to ensure that we’re as effective<br />
as possible. We can gather information in a<br />
variety of ways. First, there’s information or<br />
intelligence we receive from the private security<br />
industry and the general public as well as the<br />
intelligence we gather when we conduct our<br />
compliance checks across the UK.<br />
In addition, there’s the intelligence received<br />
from law enforcement partners and<br />
organisations within our networks.<br />
The members of our intelligence team review<br />
and assess everything that’s sent to us. When<br />
something’s reported, we use it to build a<br />
bigger picture and develop this into<br />
intelligence. Information becomes intelligence<br />
when we can apply and use it to support our<br />
intervention activities. We refer intelligence to<br />
our compliance teams, including our<br />
partnerships and interventions teams, who<br />
then take the appropriate action.<br />
The quality of the information sent to us is<br />
crucial. Information that includes the names of<br />
people, places and behaviour of concern gives<br />
us the detail we need in order to act. Whether<br />
you’re contacting us via Crimestoppers or our<br />
website, this is precisely why we ask for as<br />
much detail as possible.<br />
While anyone sending us information can<br />
choose to be anonymous, if you’re willing to<br />
identify yourself, this will help us to verify the<br />
information and pinpoint willing witnesses. It<br />
also means that documentation relating to<br />
offending enables our ability to effectively<br />
resolve issues.<br />
The kind of detail we ask for is usually Who?<br />
(the names of any individuals suspected of<br />
illegal activity and the sectors in which they<br />
work), What? (ie a description of the incident<br />
that has led to an individual being reported),<br />
Where? (the name of the company for whom<br />
the individual works or where they work) and,<br />
of course, When? (times and dates associated<br />
with the report).<br />
We use this to direct our enforcement activity<br />
and support our licensing decisions or as<br />
evidence in a prosecution. We may also send<br />
such information to a partner agency.<br />
Gathering vital information<br />
We work collaboratively with several partners<br />
and other Government agencies and continually<br />
share information with them. These bodies<br />
include the police service, the Department of<br />
Work and Pensions, the Insolvency Service, Her<br />
Majesty’s Revenue and Customs and Home<br />
Office Immigration Enforcement.<br />
We’re also a part of various networks across<br />
the UK that work to reduce organised crime.<br />
These networks meet to share and gather<br />
information. It’s often through the networks<br />
that we find out about licence holders who<br />
pose a risk to the public or a business with<br />
alleged poor working practices that we need to<br />
investigate. We carefully evaluate the<br />
information we receive from our partners and<br />
then decide upon the appropriate action.<br />
The Security Industry Authority (SIA) is often<br />
asked why it doesn’t give updates to members<br />
of the public after they’ve sent information to<br />
us. In practice, the amount of information we<br />
can provide about cases in the investigation<br />
stage is usually very limited. The main reason<br />
for this is to ensure that ongoing investigations<br />
and law enforcement work are not<br />
compromised. We must also avoid prejudicing<br />
the right of defendants to a fair trial, or causing<br />
avoidable reputational damage or harm to<br />
individuals or businesses under investigation.<br />
There are exceptional circumstances when<br />
we may decide to go public on an investigation.<br />
For instance, the individual or company under<br />
investigation might make the information<br />
public. There may be operational reasons such<br />
as a call for witnesses, or we could consider<br />
that there’s a real threat to public safety. On<br />
32<br />
www.risk-uk.com
The Changing Face of Security Services: Compliance and Regulation<br />
rare occasions, we may well give witnesses<br />
updates on the progression of a case with<br />
which they’re directly involved.<br />
In addition, we receive such high volumes of<br />
information that it would be an inefficient use<br />
of resources to respond to every report of<br />
suspicious or concerning behaviour. For<br />
example, between May and October this year,<br />
we received 2,246 reports. From them, we<br />
created 306 intelligence cases. This resulted in<br />
126 compliance cases and 180 interventions by<br />
our partnerships and interventions teams.<br />
We value and assess everything that’s sent to<br />
us. Most of the information we receive is very<br />
useful, and the fact that we cannot give<br />
updates doesn’t mean that we’re not acting on<br />
the detail you send us.<br />
Enforcement approach<br />
We have a range of options for non-compliance.<br />
Our approach is intelligence-led and based on<br />
risk. This means that we use intelligence to<br />
prioritise our activities and resources to deal<br />
with the most severe cases of non-compliance.<br />
If the law is broken, we seek compliance.<br />
However, we have the will and the capability to<br />
prosecute offenders. Those who display a<br />
blatant contempt for regulation – and, in doing<br />
so, undermine the safeguards and assurances<br />
that regulation provides – will be prosecuted.<br />
Furthermore, our compliance and<br />
investigation activity isn’t limited to matters<br />
under the Private Security Industry Act 2001.<br />
We can also legally consider offending which<br />
affects the provision of security industry<br />
services. This can include offending relating to<br />
malpractice, fraud, identity irregularities,<br />
organised crime or theft.<br />
Information and intelligence plays a key role<br />
in encouraging compliance. It puts us in the<br />
right place and at the right time such that we<br />
can catch anyone who ignores the law and SIA<br />
licensing conditions.<br />
A good example of this is the prosecution of<br />
Stuart Reeves of Lock It Down Security Services<br />
Limited and Joseph Mitchell of Alpha Secure<br />
Group Ltd. They were found guilty of supplying<br />
an unlicensed security operative in February<br />
2017. During this investigation, we were sent<br />
information that suggested Alpha Secure Group<br />
Ltd was a phoenix entity arising from Lock It<br />
Down Security Services Limited. In other words,<br />
Lock It Down Security Services Limited had<br />
gone into liquidation, but had been<br />
reconstituted under the same management as<br />
Alpha Secure Group Ltd.<br />
Further information sent to us revealed that<br />
security operatives were being paid as though<br />
they were self-employed, or were not paid on<br />
“The quality of the information sent to us is crucial.<br />
Information that includes the names of people, places and<br />
behaviour of concern gives us the detail we need to act”<br />
several occasions. All of this information meant<br />
that we could question Reeves and Mitchell<br />
further and inspect their business premises.<br />
When more irregularities were found, we<br />
prosecuted them.<br />
Role of intelligence<br />
The intelligence we receive plays a vital role in<br />
successful prosecutions. We want the private<br />
security industry to know how important the<br />
information it sends to us really is. It’s for this<br />
very reason that, when we prosecute<br />
businesses or individuals, we publish<br />
information about this on the News and<br />
Updates Section of our website. We want the<br />
private security industry and its constituent<br />
members to know that we’re working diligently<br />
in order to regulate more effectively.<br />
We have frequently described on-the-ground,<br />
front line private security operatives as the<br />
“eyes and ears” of the industry. They’re often<br />
the best-placed people to share intelligence, as<br />
they can recognise behaviour that’s suspicious<br />
and/or illegal. We absolutely welcome<br />
information from all sources, and we would<br />
stress that we’re interested in more than<br />
obvious criminal behaviour. Information on<br />
other suspicious behaviour can also help us to<br />
build an effective intelligence case.<br />
The impact of intelligence cannot be<br />
underestimated. We conduct our own checks<br />
across the UK to assess compliance. We work<br />
with partners to share information and<br />
intelligence, and we act upon the information<br />
sent to us in order to drive our compliance and<br />
enforcement activity.<br />
We’ve endeavoured to make it as easy as<br />
possible for people to send us information.<br />
Anyone can report a crime or concern via our<br />
corporate website or by calling Crimestoppers<br />
on 0800 555 111. We want members of the<br />
private security industry and the general public<br />
to know that, if they see something suspicious,<br />
they should contact us and report it.<br />
The information you give to us is invaluable.<br />
Your involvement underpins and strengthens<br />
our regulatory enforcement activity, which in<br />
turn improves the standards and reputation of<br />
the private security industry.<br />
Chasing rogue operators out of the industry<br />
ultimately leads to better working conditions<br />
for individual operatives and increased levels of<br />
public safety. Keep talking to us.<br />
Mark Burtonwood:<br />
Deputy Director (Operations)<br />
at the Security Industry<br />
Authority<br />
*To find out more about the<br />
SIA’s enforcement approach<br />
visit the website<br />
https://www.sia.<br />
homeoffice.gov.uk/Pages/<br />
enforcement.aspx<br />
**For further information on<br />
the impact of enforcement,<br />
read these Case Studies<br />
https://www.sia.homeoffice.<br />
gov.uk/Pages/enforcementintelligence.aspx<br />
33<br />
www.risk-uk.com
Meet The<br />
Security Company<br />
and provide an innovative solution that exceeds<br />
their expectations. Through our live incident<br />
reporting-based approach, we’re completely<br />
transparent and always tell our customers what<br />
they need to know, not necessarily what they<br />
want to hear.<br />
Risk UK: How do you feel accreditations have<br />
assisted your company?<br />
Graham Allison: Accreditations enable us to<br />
demonstrate to our customers that we can<br />
provide an assured level of quality and that<br />
we’re capable of leading the way on innovation.<br />
Just as importantly, they also allow us to be<br />
included in high-profile tenders and permit us<br />
to promote our services to companies resident<br />
in a diverse range of vertical sectors.<br />
This is the sixth<br />
instalment in a<br />
monthly series of<br />
articles for the readers<br />
of Risk UK where we<br />
shine the spotlight on<br />
NSI-approved<br />
businesses for the<br />
benefit of risk and<br />
security managers<br />
who purchase security<br />
guarding as well as<br />
systems-focused<br />
solutions. Answering<br />
our questions on this<br />
occasion is Graham<br />
Allison, managing<br />
director of Cardinal<br />
Security<br />
About the National Security Inspectorate<br />
Risk UK: Can you briefly describe your<br />
business’ activities and what you consider to<br />
be your USP as an organisation?<br />
Graham Allison: Cardinal Security was formed<br />
in 2003 and is a privately-owned company that<br />
delivers dynamic and innovative security<br />
solutions throughout the UK, Europe and the<br />
USA. As a registered member business of the<br />
Security Industry Authority’s (SIA) Approved<br />
Contractor Scheme (ACS), we’re placed within<br />
the top 5% of all security providers in the UK<br />
and NSI Guarding Gold approved.<br />
Our ‘intelligent guarding’ approach is a key<br />
factor in our success. It combines technology<br />
(and the data this realises) and quality people<br />
who can deal with outputs from these systems.<br />
Knowledge about counter-terrorism, loss<br />
prevention, report writing, behavioural analysis<br />
and profiling, Health and Safety, data and<br />
intelligence gathering and First Aid in addition<br />
to excellent customer service skills are all now<br />
absolutely vital for the modern security officer.<br />
Risk UK: What do your clients value most<br />
about the services you deliver?<br />
Graham Allison: Clients value our honesty,<br />
quality and ability to understand their needs<br />
The National Security Inspectorate (NSI) is a wholly-independent, not-for-profit<br />
company limited by guarantee and operates as a UKAS-accredited certification<br />
body specialising in the security and fire safety sectors.<br />
For over 40 years, the NSI has served to protect businesses, homeowners<br />
and the general public alike, raising standards by providing robust and high<br />
quality audits of both security and fire safety service providers.<br />
Risk UK: Specifically, what value does ACS<br />
registration and NSI Guarding Gold approval<br />
bring to your business and its clients?<br />
Graham Allison: Both ACS registration and NSI<br />
Guarding Gold approval bring value to what we<br />
do, although the latter is, in my personal<br />
opinion, the more beneficial of the two.<br />
The NSI Guarding Gold scheme combines the<br />
ISO 9001 accreditation for the quality<br />
management element of our business. It<br />
assures our existing and prospective customers<br />
alike that we consistently meet the highest<br />
standards and reinforces the claims we make<br />
about our service and its delivery.<br />
At the same time, our efforts to score more<br />
ACS points help to drive up standards and<br />
afford purchasing end users a better idea of<br />
what we can offer as a company.<br />
Risk UK: In practice, what are the main<br />
differences between ACS registration and NSI<br />
Guarding Gold approval?<br />
Graham Allison: NSI Guarding Gold affords a<br />
higher level of quality assurance through its<br />
rigorous auditing process. As its name<br />
suggests, NSI Guarding Gold is still considered<br />
to be the ‘Gold Standard’ when it comes to<br />
accreditations in this business sector.<br />
Although the ACS is well-intentioned in terms<br />
of raising performance standards across the<br />
security business sector, there’s lots of room for<br />
improvement in terms of its scope and<br />
effectiveness, and particularly so with regards<br />
to training and knowledge development.<br />
In fact, one of the main advantages of the<br />
ACS is that it gives us the ability to deploy<br />
security staff while their licence applications<br />
34<br />
www.risk-uk.com
Meet The Security Company: Cardinal Security<br />
In association with the<br />
are being processed thanks to the issuing of<br />
licence dispensation notices.<br />
From my own perspective, the Regulator must<br />
do more to expand awareness of the ACS<br />
among customers if it wants to turn it into a<br />
real quality mark, and should perhaps also look<br />
to make the ACS mandatory rather than<br />
voluntary. This would enable end users to gain<br />
an insight into whether a security services<br />
provider merely meets the basic criteria for<br />
approval or actively exceeds them.<br />
Risk UK: How do you think technology has<br />
changed the industry over the last couple of<br />
years and what do you feel will be the<br />
direction of travel in the future?<br />
Graham Allison: Technology itself has<br />
developed massively. However, I think that<br />
many security service providers are failing to<br />
maximise its potential.<br />
The problem is that the approach to loss<br />
prevention and protecting organisations from<br />
those with malicious intent is fundamentally<br />
the same as it has always been. Traditional<br />
Shopping Centre security, for example,<br />
encourages a silo-based mentality, wherein as<br />
well as paying a service charge for the security<br />
guarding of public areas, retailers are also<br />
procuring their own in-store operatives.<br />
The ‘intelligent guarding’ approach<br />
mentioned earlier gives security officers a real<br />
opportunity to demonstrate Return on<br />
Investment against a defined set of Key<br />
Performance Indicators. In turn, this drives up<br />
their skills, value and pay.<br />
Risk UK: When it comes to negotiating<br />
contracts and responding to tender requests,<br />
what aspects are of most value to customers<br />
and how are these changing?<br />
Graham Allison: Most tenders are weighted<br />
50% cost, with only the other 50% being about<br />
the real value that a company could provide.<br />
The skills, experience and ability of service<br />
providers to offer high levels of contract<br />
fulfilment should be a prominent part of the<br />
buying criteria, with the price reflecting what’s<br />
on offer.<br />
The tender process needs to rebalance value<br />
and price – two words that are often used<br />
interchangeably, but in reality couldn’t be more<br />
different. This would allow the relationship<br />
between client and service provider to move<br />
from being simply a supplier arrangement to<br />
the more beneficial position of a strategic<br />
partnership, which can add significant benefits<br />
to a solution in the longer-term thanks to the<br />
implementation of a strategy that, for example,<br />
replaces security guarding with technology.<br />
Risk UK: How has Government legislation (eg<br />
the National Minimum Wage, the National<br />
Living Wage and holiday pay) affected your<br />
business? Do you believe such legislation is<br />
a good thing?<br />
Graham Allison: I fully support the National<br />
Minimum Wage. It’s the right direction of travel.<br />
However, the pay rates security officers are<br />
awarded are still less than satisfactory. There’s<br />
a wider problem than that, too.<br />
A culture of competitive undercutting, an<br />
obsession with market share and the inability<br />
to offer talented young people a career path<br />
has led to a situation wherein the majority of<br />
customers simply don’t place a high enough<br />
value on their security guarding operations.<br />
Instead of expecting ‘champagne for beer<br />
money’, clients should place a genuine value on<br />
their security operations, allowing service<br />
providers to invest more in training and skills.<br />
Cardinal Security is hoping to help buck the<br />
trend with the Cardinal Training Academy, which<br />
performs a vital role in attracting new entrants<br />
to the industry via an apprenticeship scheme,<br />
while also enabling security officers to enhance<br />
their existing set of skills.<br />
Risk UK: What are the most important<br />
attributes you look for in your security<br />
officers and staff members in general?<br />
Graham Allison: We seek individuals who can<br />
demonstrate professionalism, have experience,<br />
take pride in their appearance and<br />
presentation, possess good communication<br />
skills and who are committed to their roles.<br />
By focusing on the development of these<br />
skills, the overall worth of the security officer’s<br />
role can be elevated. Investing in employees<br />
ensures that they’re given the requisite<br />
knowledge to develop their careers.<br />
Risk UK: How can the SIA, the NSI and<br />
industry standards best serve the sector in<br />
addition to the needs of your company’s<br />
clients and the wider public interest? Will<br />
the introduction of business licensing be a<br />
positive step?<br />
Graham Allison: I think both the SIA and the<br />
NSI should continually be serving the industry<br />
to raise the level of professionalism across the<br />
board, and we’re certainly beginning to see the<br />
benefits of them doing so. However, in terms of<br />
the SIA, obtaining individual licences is still a<br />
lengthy procedure which is interrupting<br />
business flow. It really is time the issues<br />
around this process were resolved.<br />
Business licensing looks to be going one step<br />
further in terms of protecting both customers<br />
and employees. That can only be a good thing.<br />
Name<br />
Graham Allison<br />
Job title<br />
Managing Director<br />
Time in the security sector<br />
I’ve been working in the<br />
security industry for 21 years.<br />
Prior to my role at Cardinal<br />
Security, I served as Chief<br />
Operating Officer at Sentinel<br />
Group Security for almost<br />
four years. I’ve also held<br />
senior roles at other<br />
renowned security companies<br />
including Mitie, Securitas and<br />
Reliance<br />
Location of the business<br />
Cardinal Security’s head<br />
office is based in Great<br />
Chesterford, Essex. The<br />
business provides security<br />
services on a national level<br />
Areas of expertise<br />
The company provides both<br />
permanent and ad hoc<br />
security officers, store<br />
detectives and key holding<br />
services for its clients and<br />
boasts extensive experience<br />
in the retail, logistics and<br />
corporate arenas<br />
Accreditations<br />
NSI Guarding Gold, SIA ACS,<br />
BSIA Member, Highfield<br />
Awarding Body of<br />
Compliance, ISO 9001 (2008)<br />
Graham Allison: Managing<br />
Director at Cardinal Security<br />
35<br />
www.risk-uk.com
BENCHMARK<br />
Smart Solutions<br />
BENCHMARK<br />
Innovative and smart solutions can add value and benefits to<br />
modern systems for customers. With the technological landscape<br />
rapidly evolving, the Benchmark Smart Solutions project assesses<br />
the potential on offer from system integration, advanced<br />
connectivity and intelligent technology. Bringing together field trials<br />
and assessments, proof of concept and real-world experience of<br />
implementing smart solutions, it represents an essential resource<br />
for all involved in innovative system design.<br />
Launching in 2017, Benchmark Smart Solutions will be the industry’s only real-world resource for<br />
security professionals who are intent on offering added value through the delivery of smarter solutions.<br />
@Benchmark_Smart<br />
Partner Companies<br />
www.benchmarksmart.com
The Security Institute’s View<br />
Back in October 2015, many of us awoke to<br />
Dido Harding, CEO of TalkTalk, informing<br />
the world that the business had been the<br />
victim of a “sequential attack”. My first thought<br />
was: “We have a problem on our hands”. Our<br />
education system of the last 40 years has<br />
enabled a situation whereby the majority of the<br />
workforce – at all levels – are not cyber aware,<br />
while self-taught teenagers commit a large<br />
proportion of cyber crimes. The TalkTalk<br />
episode was, in fact, an SQL injection attack, a<br />
method known about for almost two decades.<br />
My interest in cyber security stems from an<br />
educational perspective by dint of working as a<br />
university lecturer in initial teacher training for<br />
computing, and previously as head of<br />
computing in a secondary school. My focus is<br />
very much on what we need to do in the UK to<br />
educate children, not only to be safe and<br />
informed cyber users, but also to be in a<br />
position to foster skills such that they can be<br />
useful – and not damaging – to today’s society.<br />
Michael Gove’s 2012 speech at the BETT<br />
education trade show heralded a major change<br />
to the new national curriculum, making it<br />
statutory to teach computing to students from<br />
age five upwards as of 2014 onwards.<br />
While the UK’s National Cyber Security<br />
Strategy documents indicated the need to<br />
include cyber security within computer science<br />
teaching, and promoted extracurricular<br />
initiatives such as the Cyber Security Challenge,<br />
there was no indication that the low number of<br />
students studying computing beyond the age of<br />
14 would be addressed.<br />
The extracurricular activities for “talented”<br />
14-to-18 year-olds appeared to be the preferred<br />
route to developing the nation’s desperatelyneeded<br />
cyber specialists, including the latest<br />
£20 million initiative which was again targeted<br />
at elite children. If cyber knowledge really is –<br />
as stated in the 2016 UK Cyber Security<br />
Strategy – “no longer an issue just for the IT<br />
Department, but for the whole workforce”, are<br />
these interventions enough, or will the skills<br />
gap continue to leave us vulnerable?<br />
Introduction of cyber<br />
The May 2015 update to the ‘2010-2015<br />
Government Policy: Cyber Security’ Policy Paper<br />
announced that cyber security had been<br />
introduced at every level of the education<br />
system from age 11 to post-graduate, claiming<br />
that: “This ensures everyone who leaves<br />
education has at least a basic understanding of<br />
cyber security before employment.” However, at<br />
best this can only be partially true.<br />
The new GCSE qualification in computer<br />
science provided by the OCR Examinations<br />
The Challenges of Cyber<br />
Education in Schools<br />
Developments in both the 2011 and 2016 UK National Cyber<br />
Security Strategies shifted the Government’s position from<br />
being advisor to industry, education and society to that of<br />
interventionist, reflecting the realisation that most end users<br />
are not sufficiently cyber aware to redress the issues involved<br />
without significant assistance. Simon Marsden addresses the<br />
challenges of cyber security education in schools and why<br />
they must be overcome sooner rather than later<br />
Board was promoted as having a “focus on<br />
cyber security… which students will study for<br />
the first time” and accredited for first teaching<br />
from 2016, thus indicating a mismatch between<br />
Government statements and school<br />
implementation. Additionally, only 28.5% of<br />
schools entered pupils for the GCSE in 2015, so<br />
are students of all subjects at university really<br />
privy to cyber education?<br />
Numbers vary depending on which<br />
Government spreadsheet you open, but the<br />
GCSE entries from 2016-2017 show 589,096<br />
pupils with 61,040 taking information<br />
communication technology (ICT) and 69,061<br />
studying computer science. If we generously<br />
afford the same weight to the ICT GCSE as the<br />
computer science GCSE, it still means that only<br />
25% of pupils left secondary school with some<br />
applicable knowledge. Removing ICT, we’re<br />
then down to 12% (ICT is no longer in the<br />
curriculum). Very few of these students will go<br />
on to A-Level (8,299) or future courses where<br />
they’ll be taught to be ‘cyber aware’.<br />
Simon Marsden BSc Cert Ed<br />
MSc FHEA MBCS:<br />
Senior Lecturer for Initial<br />
Teacher Training in Computer<br />
Science at the University of<br />
Portsmouth’s School of<br />
Education and Childhood<br />
Studies<br />
37<br />
www.risk-uk.com
The Security Institute’s View<br />
*Subsequent to this article<br />
being completed, it was<br />
announced in the<br />
Conservative Government’s<br />
Autumn Budget that the<br />
number of computer science<br />
teachers will triple to 12,000<br />
and that there will be a new<br />
National Centre for<br />
Computing. Although the fine<br />
details are yet to be clarified,<br />
this is to be welcomed as it<br />
appears that the muchneeded<br />
training for existing<br />
teachers to retrain as<br />
computer science teachers<br />
will now be available. The<br />
question as to how new<br />
trainee computer science<br />
teachers will be recruited still<br />
needs to be urgently<br />
addressed, with most teacher<br />
training providers currently<br />
struggling to recruit even a<br />
handful of trainees yearly<br />
The Security Institute’s View<br />
is compiled and edited by Dr<br />
Alison Wakefield FSyI<br />
(Chairman of The Security<br />
Institute) and Brian Sims BA<br />
(Hons) Hon FSyI (Editor of<br />
Risk UK)<br />
Positively, 11% of the children interviewed by<br />
The Royal Society for its ‘After The Reboot:<br />
Computing Education in UK Schools’ Report<br />
expressed interest in a career in computer<br />
science, but children are receiving a mixed<br />
experience, with some even having to teach<br />
themselves how to code.<br />
Despite the excellent work of Computing at<br />
School, a BCS initiative, many of the teachers<br />
are not qualified in the subject, only around<br />
50% have any knowledge of (or qualifications<br />
in) computing and many harbour a very limited<br />
understanding. This is in part due to a history<br />
of putting ‘the last man standing’ in the ICT<br />
classroom. In my last teaching post, my<br />
department comprised one business studies<br />
teacher, two PE teachers and myself.<br />
Statutory subject matter<br />
The question is often asked as to why so few<br />
children, and especially girls, want to take this<br />
subject. This is a statutory subject in England<br />
and should be taught to all children from age 5<br />
to age 16 (optional at GCSE level), but with a<br />
lack of qualified staff and other pressures<br />
placed on head teachers, this isn’t happening.<br />
Academies and free schools can opt out of<br />
the National Curriculum, while others avoid the<br />
problem by not teaching computer science to<br />
every year or in every week. Often, lessons are<br />
still based on digital literacy, as this may be all<br />
that the teacher has the knowledge to provide.<br />
While some children receive excellent<br />
provision, most miss out on the exciting wealth<br />
of experiences (ie graphics, robotics,<br />
programming, cyber, physical computing,<br />
games, etc) that could maintain their interest in<br />
computing and STEM-based subjects.<br />
John Hattie, author of ‘Visible Learning for<br />
Teachers’, ranks teacher credibility as the<br />
fourth most important area in a list of<br />
influences on learner achievement. Since the<br />
1980s, children’s cyber role models have been<br />
found in fictional representations such as The<br />
Matrix, so do teachers have credibility?<br />
My trainees do some of the Cyber Security<br />
Challenges and are expected to encourage their<br />
pupils to do likewise. One trainee was told:<br />
“You’re not doing that with these children in<br />
this school”, the teacher fearing the children<br />
would use the knowledge for deviant purposes,<br />
when the challenge was to gain a basic<br />
understanding of steganography.<br />
“Academies and free schools can opt out of the National<br />
Curriculum, while others avoid the problem by not teaching<br />
computer science to every year or in every week”<br />
Another trainee used a wireless router to<br />
show how easy it was to see connected devices<br />
as a first step in an attack. The pupils were<br />
interested and excited, but just as quickly lost<br />
interest – while their teacher lost credibility –<br />
when both trainees and teacher avoided<br />
questions about their own hacking abilities.<br />
Children are desperately inquisitive about<br />
hacking and I feel that we’re doing them a<br />
disservice if we don’t teach them about this<br />
matter. Curiosity is what we want to fuel, not<br />
stifle. If we do stifle this, we do so at our peril.<br />
If a child’s interested – as was the TalkTalk<br />
incident’s perpetrator – in SQL injection, a<br />
simple search yields over five million hits.<br />
Putting our heads in the sand while children<br />
have access to information and time on their<br />
hands without any guidance is counterproductive.<br />
It reminds me of Nancy Reagan’s<br />
simplistic and ineffective ‘Just Say No’ antidrugs<br />
campaign, in comparison with the more<br />
nuanced approach employed in the UK’s current<br />
‘Talk to Frank’ initiative, whereby accurate<br />
information is given alongside the risks.<br />
The reticence of schools towards teaching<br />
about hacking isn’t surprising when considered<br />
alongside their Duty of Care and safeguarding<br />
responsibilities. They’re risk averse. Imagine<br />
the headlines if a hacker said: “I learned how to<br />
do this at school”. However, not teaching<br />
hacking overlooks the value in it, the need for<br />
children to satisfy their curiosity and the<br />
opportunities to teach both the ethics and<br />
consequences of the deed itself. After all, how<br />
can you counter a cyber attack if you don’t<br />
know the first thing about how they work?<br />
Looking for white hats<br />
We’re desperate for future white hats, so let us<br />
not allow our children to stumble into<br />
becoming black hats. When we teach children<br />
about drugs we bring in professionals in order<br />
to give the children and the teachers the best<br />
information that we can. I suggest that we do<br />
the same when the talk turns to cyber.<br />
I also suggest that we need to show children<br />
how known exploits actually work, teaching<br />
them how to enact an SQL injection and other<br />
misdeeds and, at the same time, highlight how<br />
to prevent such occurrences from taking place.<br />
We need to create courses at universities –<br />
similar to the excellent elective CS50<br />
(Introduction to Computer Science) module at<br />
Harvard University – whereby students gain a<br />
core understanding about the subject as part of<br />
their degrees. Hopefully, we’ll then have a<br />
knowledgeable workforce capable of<br />
understanding (and perhaps even countering)<br />
the threats present now and into the future.<br />
38<br />
www.risk-uk.com
Diversity and Inclusion at Work:<br />
Amazon’s ‘Women in Security’ Initiative<br />
As a hugely successful<br />
online retailer, Amazon<br />
is firmly committed to<br />
bringing diverse<br />
backgrounds and<br />
points of view to bear<br />
on behalf of its myriad<br />
customers. There’s<br />
recognition that<br />
creating a diverse<br />
workforce to reflect<br />
the customer base<br />
fosters diversity of<br />
thought. Jo Day<br />
observes that this is<br />
true throughout the<br />
business, including<br />
Amazon’s security<br />
team, and duly<br />
reflected in the<br />
company’s ongoing<br />
leadership principles<br />
Jo Day CPP:<br />
Regional Loss Prevention<br />
Manager at Amazon UK<br />
Gender, race and cultural diversity create<br />
better organisations, while cultivating<br />
‘diversity of thought’ can boost the basis<br />
for action and creative problem solving. This<br />
idea is ably supported by a 2012 survey<br />
conducted by Deloitte involving 1,550<br />
employees in three major Australian businesses<br />
that clearly showed the impact of workforce<br />
diversity on organisational performance.<br />
Interestingly, the report noted: “When Deloitte<br />
modelled the relationship between diversity<br />
and inclusion and business performance, we<br />
identified an uplift of 80% when both<br />
conditions were high… When there’s high<br />
diversity and low inclusion, or low diversity and<br />
high inclusion, the business outcomes are<br />
never as impressive as the high diversity and<br />
high inclusion combination.”<br />
While it’s true that increased workforce<br />
diversity introduces enhanced degrees of<br />
complexity and strengthens the potential for<br />
misunderstanding and conflict, it also affords<br />
the opportunity to develop interpersonal skills,<br />
relationship building and cultural change.<br />
The substantive body of academic research<br />
on the performance of diverse teams<br />
documents that “homogenous teams get to<br />
work more easily and more quickly, but when<br />
diverse teams learn to work together, the<br />
outcomes are superior” (The Workforce<br />
Diversity Network).<br />
At Amazon UK, we want to bring varying<br />
backgrounds, ideas and points of view to<br />
decision-making within our security team and,<br />
indeed, the business as a whole. To support<br />
diversity in the security team, including<br />
attracting women such as myself into key roles,<br />
it’s important to harness the right culture.<br />
On that note, the business is tremendously<br />
supportive of flexible working and there’s a<br />
keen focus on both professional and personal<br />
development. Employees are all set to succeed<br />
as there’s a defined commitment to supporting<br />
and developing Amazon’s female workforce<br />
and, indeed, all parents.<br />
That support structure is provided through<br />
what’s known as a ‘self-serve’ culture. In<br />
essence, this enables individuals to seek out<br />
the personal development opportunities that<br />
best suit them, including top class internal<br />
training complete with instruction administered<br />
by an array of subject experts.<br />
Affinity groups<br />
There are a number of affinity groups within the<br />
business that women can join as well as<br />
development and mentoring programmes.<br />
These are voluntary, employee-led groups<br />
specifically designed to foster diversity and<br />
inclusion as well as strengthen networking and<br />
community participation.<br />
The groups are organised around a shared<br />
characteristic, such as race, gender or cultural<br />
identity. Each group leader co-ordinates<br />
programmes that promote cultural awareness,<br />
such as speaker events, community service<br />
days and heritage celebrations. The affinity<br />
groups are approved and sponsored by Amazon<br />
at its discretion and each group works with the<br />
diversity and recruitment teams to continually<br />
target the diverse talent that’s available in<br />
order to strengthen and enrich the business.<br />
Amazon Women in Security (AWIS) is one of<br />
the newest affinity groups. Formed in February,<br />
this group was created to promote diverse<br />
perspectives, backgrounds and experience<br />
within the Global Security Team at Amazon.<br />
There’s recognition that security is an industry<br />
wherein female talents and leaders are underrepresented.<br />
A similar scenario exists in the IT,<br />
engineering and finance domains.<br />
Initially, the main focus was on networking<br />
and Best Practice sharing, career development<br />
and training as well as mentoring. Our mission<br />
is to increase the span of the professional<br />
network for women in security roles at Amazon<br />
in order to provide developmental support and<br />
mentoring opportunities, while also leveraging<br />
the strengths and knowledge of each other to<br />
reach our goals and vision: “We will be<br />
advocates for ourselves and each other by<br />
developing our careers and representing our<br />
value to the broader organisation.”<br />
The tenets of AWIS are to provide a means to<br />
connect women in the security professions<br />
globally at Amazon, build a community that<br />
fosters knowledge-sharing, collaboration,<br />
mentorship and networking and support<br />
women within the security industry. It’s also<br />
about providing assistance as females pursue<br />
advancement in their careers and promoting<br />
visibility to the broader organisation of the<br />
successes and value of our female leaders in<br />
order to strengthen an inclusive and diverse<br />
environment within the workplace.<br />
40<br />
www.risk-uk.com
In the Spotlight: ASIS International UK Chapter<br />
By females, for females<br />
AWIS was formed by female members of<br />
Amazon’s global security organisation who<br />
recognised a lack of women in leadership roles<br />
and who are aware of the importance of female<br />
leadership presence in our team.<br />
Industry statistics show that most security<br />
regimes have an average of 10% of females in<br />
their teams. Amazon is already leading the way<br />
above that level.<br />
The AWIS members are passionate about<br />
supporting diversity in loss prevention and<br />
security roles as well as helping each other to<br />
succeed. AWIS is sponsored by Amazon’s<br />
worldwide vice-president for the Health &<br />
Safety, security, sustainability and compliance<br />
organisation within the customer fulfilment<br />
operation as well as the worldwide director for<br />
operations security.<br />
Amazon Women in Engineering is another<br />
affinity group focused on making Amazon the<br />
best place to work for ‘technical’ women. This<br />
particular group works to actively promote<br />
diversity at Amazon, and particularly so for<br />
engineering positions. It also provides a<br />
network for women within the engineering<br />
teams to share experiences, participate in<br />
relevant events and gain exposure to career and<br />
development opportunities.<br />
There’s also the Women in Finance Initiative,<br />
a global forum for women in finance and their<br />
advocates through which they can network and<br />
partner to promote a more welcoming and<br />
inclusive workplace culture. The group was<br />
launched in February 2015 with a goal of<br />
supporting the complex career and life needs of<br />
women at all levels and making Amazon the<br />
long-term career choice for women in finance.<br />
The Amazon Warriors<br />
A host of other affinity groups support the<br />
many and varied cultures, backgrounds and<br />
personalities present within the business. The<br />
Black Employees Network was established in<br />
August 2005 to support Amazon’s black<br />
employees. In parallel, the Asians at Amazon<br />
affinity group was set up in December 2010 as a<br />
support structure for our Asian employees and<br />
to promote diversity.<br />
For their part, Amazon Warriors are<br />
employees who have served in their respective<br />
countries’ military forces, those who are still<br />
serving and Amazon employees who support<br />
them. The group was established in September<br />
2011 to provide a support structure for veterans<br />
and military-friendly employees across the<br />
globe. It facilitates a network to share<br />
experiences, celebrate recognised holidays and<br />
ensure visibility and exposure to career and<br />
development opportunities through<br />
participation in relevant community and<br />
recruiting fairs and events.<br />
Also, the Amazon People With Disabilities<br />
affinity group was established in 2015 and is<br />
committed to building a community that backs<br />
employees with disabilities and their allies<br />
through raising awareness, supporting career<br />
development, participating in company<br />
outreach and improving access for both<br />
‘Amazonians’ and the business’ customers.<br />
How is Amazon activating diversity within the<br />
organisation and promoting organisational<br />
inclusion? The business lives by and promotes<br />
its leadership principles, and particularly so<br />
when it comes to hiring and developing the<br />
best talent. This means recruiting candidates<br />
with not only strong backgrounds, but also<br />
strong opinions. We set the stage during the<br />
interview process that diversity of thought is<br />
welcomed and expected.<br />
As both a security professional and a female,<br />
I feel empowered in my role thanks to<br />
interaction with direct colleagues, but also as a<br />
result of participation in the affinity groups and<br />
personal development opportunities. Amazon<br />
embraces diversity, not just by talking about it,<br />
but by placing it at the very heart of its culture.<br />
To quote Mike Hulser REI: “Diversity is what<br />
comes through your doors. Inclusion is what<br />
you do with it.”<br />
“While it’s absolutely true that greater workforce diversity<br />
introduces enhanced degrees of complexity, it also affords<br />
the opportunity to develop interpersonal skills,<br />
relationship building and cultural change”<br />
41<br />
www.risk-uk.com
BBC News recently<br />
reported that the UK’s<br />
Brexit ‘divorce bill’<br />
payment to the EU<br />
could be in the region<br />
of £44 billion, but the<br />
final settlement figure<br />
remains unclear. At<br />
present, there are little<br />
or no guarantees as to<br />
what the future holds<br />
post-Brexit, either for<br />
the fire industry itself<br />
or, indeed, the UK as a<br />
whole. Ian Moore<br />
asserts exactly why<br />
it’s important to<br />
ensure that the fire<br />
industry’s voice is<br />
clearly heard in a<br />
number of areas<br />
directly affecting its<br />
constituent members<br />
Ian Moore: CEO of the Fire<br />
Industry Association<br />
The Fire Industry and Brexit:<br />
What Does The Future Hold?<br />
When talk turns to Brexit, immigration (of<br />
both skilled and unskilled workers),<br />
working relationships with European<br />
Union (EU) members, exchange rates,<br />
standards/certification and tariffs on imports<br />
and exports into the EU are some of the key<br />
areas in which the fire industry has a keen<br />
interest and must make its feelings known.<br />
We should determine to be positive by<br />
looking at the new opportunities that will<br />
continue to arise. By way of an example, I’ve<br />
received a number of communications from<br />
overseas Trade Associations that believe we will<br />
now be looking for stronger relationships<br />
outside of the EU. These relationships could<br />
open the door to improved export prospects.<br />
Let’s begin this examination of a post-Brexit<br />
landscape by focusing on the immigration<br />
issue. The fire industry is directly linked to the<br />
construction sector, which is useful as there are<br />
so many statistics available from this muchdiscussed<br />
world (not least those harboured by<br />
the Confederation of British Industry). Without<br />
delving too deeply into the realms of politics,<br />
we’ve needed immigrant workers on many<br />
occasions over the years. The construction<br />
industry requires a large number of unskilled<br />
and semi-skilled staff as it’s so labour<br />
intensive, but with a restriction on the free flow<br />
of individuals from EU countries, manpower<br />
requirements would be difficult to achieve.<br />
We do have UK citizens that could take some<br />
of these roles, but are they as willing or, in<br />
some cases, skilled enough to do so? Either<br />
way, I fully expect the construction sector will<br />
have to pay more for its labour. As for the<br />
skilled labour market, putting up barriers to<br />
entry will surely deter much-needed talent.<br />
Undoubtedly, once again the construction<br />
industry will suffer.<br />
Reflecting our virtues<br />
The UK’s relationship with its EU partners has<br />
never been great. We’ve been perceived to<br />
stand slightly apart from the rest of the<br />
Member States – not using the official currency<br />
of the EuroZone is one example of this. How<br />
often do you hear people referring to “them” as<br />
Europe and, although we are Europeans from a<br />
geographical standpoint, the term is rarely<br />
used by UK citizens in a sense of ‘belonging’.<br />
In the aftermath of the EU Referendum, we<br />
have the opportunity to re-create our<br />
relationship with continental Europe in a<br />
positive way that reflects the five UK virtues of<br />
military, diplomacy, intelligence, trading and<br />
finance rather than focusing on a drive towards<br />
integration (for which we will never understand<br />
Europe’s apparent need).<br />
Look at Norway and Switzerland. Their<br />
relationship with EU Member States (in terms<br />
of trade and respect, etc) appears strong. Both<br />
sides are apparently happy with their state of<br />
affairs. We have a lot of work to do to form or<br />
reform that bond of mutual respect which will<br />
hopefully lead to strong trading relationships.<br />
One thing I would add here is that we<br />
shouldn’t become too pessimistic about trade<br />
with EU countries. Such trade is mutually<br />
beneficial and has been for hundreds of years.<br />
Can you imagine the Germans not selling us<br />
cars or the French not offering us their wine?<br />
Post-Brexit uncertainty<br />
Probably the most visible indication of post-<br />
Brexit uncertainty in the wake of June 2016’s<br />
Referendum was the dramatic exchange rate<br />
changes. The pound slumped to a 31-year low<br />
following the vote. The continued slide in<br />
sterling since then has hit us hard. In fact, only<br />
this week some airports offered less than €1 to<br />
the £1, in turn warning of the impending<br />
financial squeeze on UK travellers at EU<br />
destinations. Meals, coffees and teas and other<br />
items are now typically at least 22% more<br />
expensive than they were 12 months ago.<br />
However, there has been a benefit for the<br />
British economy, with recent official data<br />
highlighting that retail sales leapt by 1.4% in<br />
July following a drop in June, apparently<br />
assisted by an influx of big-spending overseas<br />
tourists from outside the EU domain.<br />
How does all of this affect the fire industry?<br />
Well, as individuals we would need to be paid<br />
more money to afford any overseas holidays.<br />
Companies buying systems, components or<br />
services from overseas are paying a higher<br />
price. In a Market Conditions Survey recently<br />
commissioned by the Fire Industry Association<br />
(FIA), there are clear signs of a decline in export<br />
growth in the region of 10%. That’s an indicator<br />
of the pressures placed on our exporters.<br />
On a more positive note, it has perhaps never<br />
been such a good time to be a UK<br />
manufacturer. Look at what we have available<br />
to us at the Manufacturing Technology Centre<br />
42<br />
www.risk-uk.com
FIA Technical Briefing: The Fire Industry and Brexit<br />
(MTC) and what’s on offer from United Kingdom<br />
Export Finance (UKEF).<br />
The MTC, which I recently introduced to FIA<br />
members by organising a tour of the facilities,<br />
was established in 2010 with the objective of<br />
bridging the gap between academia and<br />
industry. It represents one of the largest public<br />
sector investments in UK manufacturing to<br />
cover not only R&D, but also training, advanced<br />
manufacturing management and factory design.<br />
It has already assisted hundreds of companies<br />
across a range of industries and stands ready,<br />
willing and able to assist the fire industry.<br />
Also recently introduced to the FIA’s<br />
membership by our representative Dr Carl<br />
Hunter, the UKEF has a range of innovative and<br />
useful ways in which to financially support<br />
SMEs and was formed to ensure that no viable<br />
UK export fails for lack of finance or insurance.<br />
BS and EN Standards<br />
What’s happening when we leave the EU with<br />
reference to the BS and EN Standards? This is<br />
an area where we as lobbyists can have the<br />
greatest influence. As much as there has been a<br />
‘Don’t worry… It will be business as usual’-style<br />
message from the British Standards Institution<br />
(BSI), there remains concern around to what<br />
degree it will be ‘business as usual’.<br />
The BSI has been working with our<br />
stakeholders to communicate the key<br />
messages about the vital role of standards in<br />
supporting trade, growth and productivity. Is<br />
now not the time for the organisation to reassert<br />
itself on the global stage?<br />
The BSI states that it will maintain the UK’s<br />
membership of the three European<br />
standardisation organisations, namely CEN,<br />
CENELEC and the ETSI. For clarity, CEN and<br />
CENELEC are private organisations outside the<br />
EU and co-ordinate the work of 34 countries in<br />
the making and dissemination of European<br />
Standards (EN). Membership of CEN and<br />
CENELEC is linked to the adoption of European<br />
Standards and the withdrawal of conflicting<br />
national standards, facilitating market access<br />
across EU Member States.<br />
It’s the BSI’s ambition – and also its confident<br />
expectation on behalf of UK stakeholders – for<br />
the UK to continue to participate in the<br />
European Standards system as a full member of<br />
CEN and CENELEC post-Brexit given the private<br />
status of these bodies. Remaining as a full<br />
member would bring maximum benefit to the<br />
UK’s fire industry economy in its new status<br />
outside of the EU as reciprocity of market<br />
access will reduce complexity for SMEs and<br />
consumers, saving time, money and effort<br />
while also ensuring product quality and safety.<br />
On the world stage, membership of the two<br />
international standardisation organisations,<br />
ISO and IEC, will be unaffected by Brexit.<br />
Import and export tariffs<br />
The subject of tariffs on imports and exports<br />
into and out of the EU is a complex one that’s<br />
being negotiated by a powerful group within<br />
Government. I think, though, that we can rely<br />
on the continuation of trade at a high level –<br />
remembering, of course, that the EU is our<br />
biggest trading partner by some way – as it’s<br />
mutably beneficial for all parties.<br />
Offering a simplistic view on this, I would use<br />
the analogy of wine importing. If the EU raises<br />
the price of wine from all its Member States to<br />
a certain level due to high tariffs, we will then<br />
buy wine from Australia. Should the Australians<br />
want to raise prices to take advantage then we<br />
will instead buy from Argentina, etc. This is the<br />
way of the world as shown throughout history.<br />
We have the best products in the world with<br />
tried-and-tested technology to match our<br />
regulated regime. We remain a key member of<br />
the G5, permanent members of the UN Security<br />
Council and NATO-2 and serve as the head of 53<br />
nations contained within a Commonwealth<br />
housing the seven fastest-growing economies.<br />
“As much as there has been a ‘Don’t worry... It will be<br />
business as usual’-style message from the British<br />
Standards Institution, there remains concern around to<br />
what degree it will be ‘business as usual’”<br />
43<br />
www.risk-uk.com
Compliance versus Conformance in<br />
the Security Design Process<br />
Compliance is a<br />
fundamental process<br />
in any enterprise, yet<br />
all-too-often its true<br />
importance and the<br />
opportunities it offers<br />
are missed. As Darren<br />
Ward observes in<br />
detail, compliance<br />
should not simply be a<br />
case of ensuring that<br />
the ‘rules’ are<br />
followed. It must also<br />
be about establishing<br />
a culture of<br />
conformance that both<br />
recognises and shares<br />
Best Practice<br />
44<br />
www.risk-uk.com<br />
There’s a general misconception around<br />
what compliance really is and, often, what<br />
compliance may be used for within a given<br />
business. On many occasions, we will be privy<br />
to phrases such as: “Our intention is to ensure<br />
that we are compliant in order to drive and<br />
exceed the required standards”. To be frank,<br />
the individuals uttering such phrases are really<br />
talking about conformance.<br />
Conformance applies to strategies and plans<br />
adopted within the business in a bid for that<br />
organisation to be more productive or to<br />
improve on quality. Compliance, on the other<br />
hand, applies to laws and regulations that the<br />
organisation has no option but to follow or risk<br />
facing penalties. Laws and regulations may<br />
potentially be productive for society as a whole<br />
or a particular client, but don’t necessarily<br />
contribute towards an organisation’s end goals.<br />
There are several key benefits that a riskbased<br />
compliance framework will provide for<br />
any business. These are the avoidance of<br />
criminal charges, the building of a positive<br />
reputation, improved operations and<br />
productivity, enhanced consistency and the<br />
stimulation of staff engagement. Such a<br />
framework can also serve as a driver for change<br />
and innovation when required.<br />
Historically, there had been little or no selfregulation<br />
in the private security sector and<br />
standards varied widely. The Private Security<br />
Industry Act 2001 was passed into law to<br />
protect and reassure the public and businesses<br />
by preventing unsuitable individuals from<br />
occupying and working in positions of trust and<br />
raising standards generally within the industry.<br />
Specifically, the Private Security Industry Act<br />
2001 established ‘rules’ and required the<br />
implementation of compliance audits to ensure<br />
private security companies complied with both<br />
the Act and its related standards.<br />
The Approved Contractor Scheme (ACS) was<br />
formulated to encourage businesses to raise<br />
their standards in nine different areas, the most<br />
significant of which is people management. As<br />
a result, individuals working within the private<br />
security industry are given assurances towards<br />
their welfare and professional development by<br />
working for an ACS-registered company. Among<br />
others, the benefits include better training,<br />
improved working hours and a more<br />
streamlined management process.<br />
While the Private Security Industry Act 2001<br />
and the ACS have served to increase operating<br />
costs for security companies, end user<br />
customers of registered businesses are<br />
afforded a level of comfort that they’re<br />
employing a security service provider regularly<br />
audited to an agreed standard of operating<br />
capability and conformity.<br />
Increased regulation isn’t something every<br />
industry sector welcomes, but in our space it<br />
exists to improve operating standards and has<br />
most certainly been instrumental in enhancing<br />
reputations as well as creating a greater level of<br />
competence in the UK’s private security<br />
industry as a whole.<br />
Only expect what you inspect<br />
The basis of any protective security solution<br />
worth its salt revolves around four main effects:<br />
Detect, Deter, Deny, Respond. While transacting<br />
my own duties as a compliance and<br />
performance manager for our business, I<br />
always have these four words in mind.<br />
We’re looking to detect non-compliant staff<br />
as well as non-compliant working practices. We<br />
want to deter bad working practices and any<br />
ignorance of applicable regulations. There’s<br />
always a strong desire to deny penalties or<br />
fines to both our company and our clients and<br />
deny non-compliant staff access to our clients.<br />
Last, but not least, we want procedures in<br />
place to respond to a security event in tandem<br />
with competent and well-trained staff capable<br />
of providing the required level of response.
Security Services: Best Practice Casebook<br />
Non-compliance is simply not a risk you can<br />
take in the security industry and yet it does<br />
happen. If you choose not to go beyond the<br />
base level requirements of ‘the inspected’ you<br />
will only see what you ‘expect’ to see. You will<br />
not learn and develop beyond those very basic<br />
requirements necessary to ensure protective<br />
security systems remain fit for purpose.<br />
Not being compliant with screening<br />
procedures, for example, could mean a<br />
company aids the infiltration of staff who<br />
shouldn’t be deployed in the security industry.<br />
This could be anyone from a person with a<br />
criminal record to an individual with terrorist<br />
links. Take this to its conclusion and you can<br />
see why it’s so vitally important to get it right.<br />
The best compliance procedures and systems<br />
should be easy to understand and use, logical,<br />
valid and add value to the business rather than<br />
hindering its progress. A great compliance<br />
manager is someone who doesn’t view things<br />
in black and white, but will assess each<br />
situation in a measured way, using experience<br />
and knowledge of the boundaries to reach<br />
acceptable solutions for both the company’s<br />
clients and operating businesses.<br />
Implementing Best Practice<br />
Compliance frameworks often vary in design,<br />
but they all have the same purpose: to ensure<br />
that established ‘rules’ are followed in order to<br />
safeguard people and the business.<br />
Furthermore, a good compliance framework will<br />
provide a platform for engagement with staff<br />
and encouraging the right behaviours and<br />
agreeable ways of working.<br />
By developing conformance into our<br />
compliance framework, we’re able to engage<br />
and motivate staff, improve our working<br />
practices and overall performance and establish<br />
protective security systems relevant to both the<br />
defined need and assessed risk.<br />
In my role as a compliance manager, I work<br />
from a compliance framework that outlines our<br />
quality assurance process and provides the<br />
basis of what I need to examine. This process<br />
needs to remain robust in order to ensure<br />
continual improvement in what we do. Our<br />
documents and managed processes that<br />
formulate our compliance framework are<br />
designed to achieve such an outcome.<br />
Working through our quality assurance<br />
process, I’m able to more effectively review our<br />
sites’ key documents and systems and better<br />
observe operating practices. This process has<br />
several key components, beginning with how a<br />
given site is complying with the contractual<br />
agreements in place that defines what we have<br />
agreed to deliver as a service.<br />
Second, I’m able to identify and examine key<br />
documents such as security plans, procedures<br />
and those records required to meet the varied<br />
regulations and standards that govern the<br />
private security industry. At Wilson James, we<br />
maintain certification to a number of standards<br />
including ISO 9001, ISO 14001 and OHSAS<br />
18001. Within our ISO 9001 certification are<br />
included the Codes of Practice BS 7499, BS<br />
7858, BS 7958 and BS 7960. These relate to<br />
security guarding, the screening of security<br />
staff, CCTV management and door supervision.<br />
Finally, and importantly, we incorporate our<br />
own internal company standards that enable us<br />
to ‘deep dive’ into the protective security<br />
systems in use and determine their individual<br />
and collective effectiveness. Our quality<br />
assurance process incorporates all of these<br />
standards to ensure that the ‘rules’ and Best<br />
Practice are regularly examined.<br />
Plugging any gaps<br />
The contents of the British and ISO Standards<br />
listed above are wide-ranging. For us, rather<br />
than just being ‘compliant’ in terms of<br />
delivering a service, the whole business is<br />
examined at Board level to not only capture our<br />
compliance obligations, but also to fully<br />
understand the personal opinions of the people<br />
working for us and the quality of the varied<br />
systems in use. This ensures that any gaps are<br />
quickly identified and filled.<br />
Compliance reaches into the heart of our<br />
company finances, our attitude towards<br />
Corporate Social Responsibility, equality,<br />
diversity and inclusion and our approach to<br />
new legislation such as the Modern Slavery Act.<br />
Of great importance is the fact that our<br />
compliance framework allows us to recognise<br />
how we must continually change in order to<br />
professionalise our security service offerings<br />
and meet the challenges presented by what is a<br />
dynamic working environment. We have to<br />
address the risk profile so as to safeguard our<br />
customers’ interests.<br />
For us, the compliance framework is about far<br />
more than an audit. Rather, it provides the<br />
foundation upon which to govern the business<br />
and drive our direction to continuously improve<br />
upon what it is that we do and how we do it.<br />
The framework is a platform from which we can<br />
continually improve what we do as a business.<br />
Darren Ward:<br />
Business Performance<br />
Director at Wilson James<br />
“Compliance reaches into the heart of our company<br />
finances, our attitude towards Corporate Social<br />
Responsibility, equality, diversity and inclusion and our<br />
approach towards new legislation”<br />
45<br />
www.risk-uk.com
Under Physical Control: Preventing Cyber<br />
Attacks Enabled Through The Front Door<br />
While many<br />
companies are doing<br />
more to prevent cyber<br />
attacks compromising<br />
their businesses<br />
online, they often<br />
forget about (or<br />
otherwise pay less<br />
attention to) the risk<br />
of cyber criminals<br />
bypassing network<br />
perimeter security and<br />
walking in through the<br />
front door. Nathan<br />
King warns that some<br />
cyber criminals are<br />
still managing to gain<br />
entry on two feet and<br />
stresses the need for<br />
testing of physical<br />
security controls<br />
Even for those organisations blessed with<br />
reasonable levels of security awareness<br />
and maturity, it’s readily apparent that the<br />
attention afforded to cyber security has pushed<br />
the risks and controls of physical security to<br />
one side. It’s difficult to quantify how common<br />
such breaches are as they tend to be less welldetected,<br />
but it must be stressed that gaining<br />
unauthorised access to a building can be far<br />
easier than hacking into a network remotely.<br />
While the risks involved with physical<br />
security breaches are generally not worth the<br />
rewards for casual opportunists, for organised<br />
gangs or a motivated skilled attacker, a<br />
physical breach can provide a powerful ‘foot in<br />
the door’ and duly afford onward access to<br />
those all-important secure corporate systems.<br />
Gaining access to a building doesn’t<br />
necessitate an out-of-hours break-in, either. For<br />
every business, there are third parties who are<br />
expected to enter offices and buildings for<br />
various purposes such as landlord inspections,<br />
fire alarm maintenance, Health and Safety<br />
audits, the cleaning and upkeep of drinks<br />
dispensers, candidates coming in for interviews<br />
or suppliers arranging purchaser meetings.<br />
The ‘high-vis’ effect is a well-known tactic.<br />
Anyone in a high-vis jacket, and who looks like<br />
they know where they’re going, tends not to be<br />
challenged. Tailgating is another very common<br />
tactic. Even for businesses with card-based<br />
access control on all doors, it’s relatively easy<br />
to follow authorised personnel into restricted<br />
areas. Sometimes, those authorised personnel<br />
will even hold the door open for whomever’s<br />
behind them.<br />
The best way to put IT defences to the test is<br />
to simulate real-world malicious attacks with<br />
the latest and most sophisticated techniques<br />
used by cyber criminals. Penetration testing is<br />
designed to see just how easy it is to break into<br />
a network or computer system and steal<br />
valuable data. While most penetration tests<br />
don’t include an assessment of physical<br />
security controls and social engineering<br />
exercises, there’s a growing demand for<br />
independent physical assurance exercises and<br />
‘red team’ engagements, which allow any<br />
attack method to be used, including walking<br />
through the main entrance to plant malicious<br />
devices or retrieve sensitive information.<br />
How easy is it?<br />
When planning a physical security and social<br />
engineering exercise, we will often simply<br />
masquerade as an external individual in a<br />
position of trust or authority such as a fire<br />
extinguisher/Portable Appliance Testing<br />
engineer, or maybe an individual in a Health<br />
and Safety role. This is very difficult to guard<br />
against unless staff awareness training is<br />
robust as human nature dictates that we’ll be<br />
helpful to individuals requiring our assistance.<br />
Individuals will often claim that they have an<br />
urgent or safety-critical requirement to address<br />
as no-one wants to be the person who disrupts<br />
an important activity which could potentially<br />
endanger the lives of colleagues or<br />
subsequently result in a failed audit process.<br />
Implanting devices within the IT<br />
infrastructure usually takes a matter of seconds<br />
once someone’s through the door. We have<br />
several physical implants at our disposal, all of<br />
them designed to quickly facilitate<br />
unauthorised access to systems as part of<br />
penetration testing exercises. We’ve designed<br />
and built implants for specific scenarios.<br />
There are many low-cost devices available for<br />
sale on the Internet. These devices can be<br />
attached directly to networks or workstations<br />
and allow the user to bypass common security<br />
controls in order to facilitate remote<br />
unauthorised access to the corporate network.<br />
At this point, it’s largely game over. Further<br />
penetration testing and compromise of systems<br />
46<br />
www.risk-uk.com
Cyber Security: Testing Physical Security Controls<br />
and assets from the physical premises is<br />
seldom necessary at this juncture as the<br />
implants allow us to gain access to networks<br />
from outside of the physical perimeter. They’re<br />
designed to defeat or circumvent many<br />
common security controls, including network<br />
access control solutions, which often claim to<br />
prevent unauthorised devices from admission<br />
to the network.<br />
In those organisations with basic technical<br />
controls, we will simply attach a small-form<br />
wireless access point to re-establish access,<br />
often from the car park, as a proof-of-concept.<br />
Other devices are more complex in their<br />
automatic abilities to establish covert egress<br />
channels via Internet connections.<br />
For longer-term engagements, we can use<br />
implants embedded in common objects such as<br />
power supplies such that they’re less<br />
conspicuous. In most cases, having achieved<br />
our objectives, we’re able to leave the building<br />
without any concerns or alarms being raised by<br />
the host organisation under scrutiny.<br />
Preventing physical breaches<br />
Organisations often underestimate the ease<br />
with which someone who’s motivated can gain<br />
access to their premises. It’s clearly important<br />
to monitor internal networks as thoroughly as<br />
external networks for any anomalies, but user<br />
awareness is absolutely key for protection.<br />
Any organisation that wants to defend<br />
against physical attacks needs to encourage<br />
robust processes for allowing access to offices<br />
and ensure visitors are properly escorted.<br />
Employees need to be willing to challenge<br />
visitors if they’re suspicious and have<br />
escalation routes they can use if they’re<br />
concerned about any strangers in the office.<br />
When we point out that the person in the<br />
corner at the computer is really one of our<br />
colleagues who has ‘talked their way in’, there’s<br />
nearly always a sea of stunned faces and the<br />
message sinks in pretty quickly.<br />
Traditionally, penetration testing and ‘red<br />
teaming’ has been something associated with<br />
banks and financial services companies, large<br />
corporations and Government. The demand for<br />
such skilled and technical investigation and<br />
analysis is on the rise. Such a test comprises a<br />
comprehensive examination of infrastructure,<br />
systems, applications, services and, in some<br />
cases, physical security in order to determine if<br />
and how these could be abused by real-world<br />
attackers to gain unauthorised access to<br />
information assets or compromise integrity.<br />
Importantly, how can you have confidence<br />
and trust in the people you choose to transact<br />
this sensitive work? You need to be sure that<br />
“While most penetration tests don’t include an<br />
assessment of physical security controls and social<br />
engineering exercises, there’s now a growing demand for<br />
independent physical assurance exercises”<br />
you’re working with professionally qualified and<br />
skilled individuals from companies with the<br />
appropriate processes and methodologies in<br />
place to protect data and integrity.<br />
That’s where CREST comes in. CREST is a notfor-profit<br />
body established by the technical<br />
security industry with the support of the UK<br />
Government to provide internationallyrecognised<br />
accreditation for organisations and<br />
certification of individuals providing<br />
penetration testing, cyber incident response<br />
and threat intelligence services.<br />
All CREST member companies undergo<br />
stringent assessment every year and sign up to<br />
a strict and enforceable Code of Conduct, while<br />
CREST-qualified individuals must pass the most<br />
challenging and rigorous examinations in the<br />
industry worldwide to demonstrate their<br />
knowledge, skill and competence.<br />
More information on crest is available online<br />
at www.crest-approved.org<br />
Benefits of testing<br />
The benefits of penetration testing are<br />
numerous. It’s about being able to understand<br />
the current exposure and risk to protect assets<br />
and brand and also receiving both constructive<br />
and pragmatic remediation advice to reduce<br />
risk in the most cost-effective way possible.<br />
Such testing is also focused on identifying<br />
flawed information security processes and<br />
addressing them at the root cause, meeting<br />
internal and external compliance requirements<br />
and demonstrating due diligence when it comes<br />
to the protection of confidential information.<br />
Once a penetration test is complete, the host<br />
organisation will generally receive a report<br />
which details all vulnerabilities, weaknesses<br />
and exposures unearthed by the testing team.<br />
Armed with this information, the host<br />
organisation can start to tackle the risks as<br />
identified and produce a prioritised mitigation<br />
plan aligned with the company’s risk appetite.<br />
Where patterns of vulnerability have been<br />
identified, a root cause analysis can help to<br />
address the problem at source rather than<br />
treating individual symptoms.<br />
Understanding both cyber and physical<br />
threats is essential for every business. It’s fair<br />
to state that a more holistic approach towards<br />
cyber security and ensuring that all staff are<br />
trained and informed can reduce the risk.<br />
Nathan King: Director at Cyberis<br />
47<br />
www.risk-uk.com
Risk in Action<br />
Delta Security assists<br />
Woodbridge High<br />
School on ‘lockdown’<br />
Delta Security, the CCTV and<br />
access control specialist, has<br />
assisted Essex-based<br />
Woodbridge High School to<br />
further enhance the safety of<br />
its pupils and staff with the<br />
installation of new swing<br />
gates that automatically<br />
close and restrict access in<br />
the event of a ‘lockdown’ scenario.<br />
‘Lockdown’ is a procedure designed to quickly restrict access and egress to a<br />
given site or building (or part of it) through the use of physical measures in<br />
response to a threat, either external or internal in nature. The ‘lockdown’<br />
system is designed such that the gates, situated at the school’s entrance,<br />
integrate with the existing access control and fob system. This enables school<br />
staff and visitors to access the site, but the system can be overridden and shut<br />
down by authorised school personnel if site ‘lockdown’ is required.<br />
Redbridge Council has asked that all schools in the area put ‘lockdown’<br />
systems in place, and Woodbridge High School – a co-educational<br />
comprehensive school for circa 1,650 pupils aged from 11 to 18, as well as 170<br />
staff – is one of the first in the area to have mobilised its system.<br />
The gates are fitted with a CAME Stylo automation, which is ideal for<br />
pedestrian gates, and feature a highly-robust 24 V self-locking motor that’s<br />
readily able to cope with intensive use.<br />
Dave Mundy, operations director at Delta Security, told Risk UK: “‘Lockdown’<br />
procedures are becoming increasingly prevalent in schools. We’ve seen<br />
increased interest from central London schools, especially those located near<br />
transport hubs such as St Pancras and Liverpool Street, and more recently in<br />
schools further out from the city centre.”<br />
Frank Gordon, business manager at Woodbridge High School, added: “Each<br />
year, we build-in further layers of security. In today’s climate, it’s particularly<br />
important to ensure that our perimeter is always as secure as possible.”<br />
Axis Security moves to strengthen<br />
security contract relationship with<br />
Broadgate Estates<br />
Axis Security has won a further contract with<br />
Broadgate Estates to provide security services<br />
for a ‘trophy building’ – namely Ropemaker<br />
Place – that’s resident within the latter’s<br />
portfolio in the City of London. The security<br />
solutions provider has worked with Broadgate<br />
Estates for a number of years now, providing<br />
security services to Paternoster Square, the<br />
Corn Exchange and 30 North Colonnade.<br />
Ropemaker Place is a 20-storey commercial<br />
building with two trading floors at the lower<br />
level. It’s occupied by a variety of international<br />
finance and investment companies.<br />
Included in the new contract are security<br />
guarding services, as well as management of<br />
the Post Room, the Control Room and loading<br />
bay services. Services are delivered by 30<br />
personnel across 1,310 hours per week, with a<br />
tenant contract also located at Ropemaker<br />
Place and managed by Broadgate Estates.<br />
The 26 existing employees were transferred<br />
to Axis Security employment via TUPE, while a<br />
further four support personnel have been<br />
recruited to ensure seamless delivery of the<br />
large-scale security operation.<br />
The employee benefits package provided by<br />
Axis Security proved fundamental to the<br />
business winning the contract.<br />
Advanced’s testing system for<br />
emergency lighting chosen by<br />
National Mountain Sports Centre<br />
Lux Intelligent, the testing system for<br />
emergency lighting, has been specified to<br />
replace an obsolete system at Plas y Brenin,<br />
the National Mountain Sports Centre in the<br />
heart of Snowdonia.<br />
The National Mountain Sports Centre is the<br />
home of mountain sports, providing both<br />
residential and non-residential courses<br />
catering for all ages in a range of mountain<br />
and water sports.<br />
An addressable automatic test system, Lux<br />
Intelligent was chosen for the 216-year-old<br />
facility because of its ease of installation and<br />
the performance benefits it delivers. The<br />
system has allowed the existing wiring, exit<br />
signs and 300 luminaires to be kept, in turn<br />
saving considerable time and cost.<br />
Installer Brian Jones, electrical engineer at<br />
Delta Fire and Security, said: “The Centre’s<br />
existing emergency lighting product had<br />
become obsolete, making repairs and finding<br />
replacement parts difficult. Lux Intelligent was<br />
easy to install using the National Mountain<br />
Sports Centre’s LAN network.”<br />
Lux Intelligent ensures that all emergency<br />
lighting is functioning and compliant with BS<br />
5266-1. It’s a flexible system with panels<br />
supporting 1-4 loops, 249 devices per loop<br />
and up to 200 panels in a network.<br />
Lux Intelligent is compatible with most third<br />
party lights and luminaires, including LEDs,<br />
thus affording end users purchasing freedom.<br />
48<br />
www.risk-uk.com
Risk in Action<br />
Spire Manchester Hospital<br />
secured thanks to Abloy UK’s<br />
PROTEC2 CLIQ<br />
Abloy UK has supplied Spire Manchester<br />
Hospital with PROTEC2 CLIQ and Traka 21<br />
advanced key management systems<br />
designed to improve the security of<br />
medicines and increase nursing efficiency.<br />
Spire Manchester Hospital is part of Spire<br />
Healthcare, a leading independent hospital<br />
group offering both in-patient and outpatient<br />
procedures in a wide range of areas.<br />
The company recently invested £70 million<br />
to build this new flagship hospital in<br />
Didsbury, Manchester.<br />
For many healthcare institutions, nursing<br />
efficiency and medicine management can be<br />
a major cause of concern, with drugs<br />
needing to be secured effectively while also<br />
affording nurses quick and convenient<br />
access. Nursing efficiency is detrimentally<br />
affected by poor key management. Teams<br />
using older mechanical systems frequently<br />
have problems locating keys to gain access<br />
to controlled drugs, wasting nursing time<br />
and affecting patient care.<br />
Taking a progressive approach to this<br />
process, Spire Manchester Hospital specified<br />
a combination of PROTEC2 CLIQ keys and<br />
cylinders which were easily retrofitted to a<br />
range of Bristol Maid drug cabinets<br />
throughout the hospital for theatres, outpatients<br />
and several wards.<br />
Staff CLIQ keys are housed in Traka 21 key<br />
cabinets fitted across the wards.<br />
PROTEC2 CLIQ is an access control system<br />
based on mechanical high security disc<br />
cylinders combined with encrypted<br />
electronic locking and identification. Power<br />
to the lock is provided by the CLIQ key. No<br />
batteries or wires are required to either the<br />
lock or drug cabinet, making it an ideal<br />
retrofit solution – even for applications such<br />
as mobile drug trolleys.<br />
The system allows for remote key<br />
management, providing comprehensive audit<br />
trails on locks and padlocks for end users.<br />
Thames Water ensures<br />
generators are always ready<br />
courtesy of EyeLynx<br />
Thames Water manages more than<br />
4,500 sites – the majority of them<br />
unmanned – that require security to<br />
protect the water supply for over 14<br />
million people. The potential for<br />
theft, accidental pollution, the safety<br />
hazard of sewage and even mindless<br />
vandalism mean that site safety and security are paramount at all times.<br />
Now, on-site emergency back-up generators at the UK’s largest water and<br />
waste company are being protected thanks to state-of-the-art remote<br />
monitoring kits. Thames Water asked CCTV and video analytics specialist<br />
EyeLynx to devise a temporary ‘light-touch’ remote monitoring solution to<br />
protect its ‘Always Ready Hubs’ in portable cabins at strategic sites.<br />
Part of the Zaun perimeter protection group that has worked with Thames<br />
Water on its AMP6 framework for more than four years, EyeLynx has created a<br />
solution based on its SharpView video recording and management software.<br />
CCTV cameras are installed at a number of strategic locations across the<br />
Thames Water estate together with infrared sensors and audio alarms powered<br />
by solar batteries and networked with 4G connectivity.<br />
This set-up renders the installation almost maintenance-free, with the<br />
beaming of HD video and other sensor data for live monitoring and recording<br />
on a remote footing.<br />
SharpView systems can record and manage multi-megapixel and HD video<br />
evidence from an unlimited number of CCTV cameras. Alarms are recorded from<br />
other security devices, such as facial recognition, intruder and fire sensors.<br />
Back in 2013, Thames Water selected Zaun as one of four appointed<br />
contractors on its framework agreement for the supply and installation of both<br />
security fencing and gates and also as one of three for ongoing maintenance.<br />
Ideagen’s Pentana Performance software underpins<br />
Worcester City Council’s transformation programme<br />
Worcester City Council, which provides essential services for over 95,000<br />
residents, is adopting software from Ideagen as it looks to set up a reporting<br />
and performance monitoring system better aligned to a new structure.<br />
The City Council needs to ensure that the correct information and data is<br />
presented and managed by the appropriate committee following a recent move<br />
away from a cabinet-style leadership to a committee structure of governance.<br />
Ideagen’s Pentana Performance software ensures that operational monitoring<br />
and reporting will be replicated electronically, thereby providing the City<br />
Council with the single picture of performance that it wishes to view.<br />
David Sutton, deputy director for commissioning and transformation at<br />
Worcester City Council, said: “The Pentana Performance software will align<br />
structurally to the way in which we’re set up as an organisation. The software<br />
will integrate risks and performance, ensuring that they’re being managed and<br />
monitored in one system rather than across three or four.”<br />
As well as playing a key role in the City Council’s corporate internal<br />
transformation project, Pentana<br />
Performance will monitor departmental<br />
and service-related performance,<br />
actions, risks and feedback.<br />
Sutton added: “We’ll be using<br />
Pentana Performance to support<br />
management and oversight of the<br />
Council’s key corporate programmes.”<br />
49<br />
www.risk-uk.com
Technology in Focus<br />
Blancco Technology Group’s Erasure-as-a-Service offers<br />
solution for data concerns<br />
Blancco Technology Group has<br />
announced the launch of its Erasureas-a-Service<br />
(EaaS) offer, which is<br />
now available through the Blancco<br />
managed service provider (MSP)<br />
partner programme.<br />
The new offer and partner<br />
programme allows MSPs to integrate the Blancco Data Eraser software within IT<br />
service offerings, thereby assisting businesses to permanently erase data from<br />
all IT assets, mitigate security risks, reduce costs and comply with various data<br />
protection regulations.<br />
The MSP partner programme reflects a transition in the company’s business<br />
model, which has traditionally relied on direct sales. Through this programme,<br />
the business will look towards key strategic partners to integrate its data<br />
erasure software into their offerings, thereby strengthening its position in<br />
various markets and delivering significant benefits to the bottom line.<br />
Since launching the EaaS programme, the company has signed deals with no<br />
less than 14 global and regional partners, among them Fujitsu and TechChef.<br />
www.blancco.com<br />
Pelco integrates VideoXpert<br />
VMS with AMAG Technology<br />
Pelco has joined forces with AMAG<br />
Technology to create an integration that<br />
provides a scalable access control and<br />
surveillance system management<br />
solution, enabling end users across a<br />
wide spectrum of applications to make faster and more informed decisions.<br />
“The integration of Pelco’s VideoXpert VMS and AMAG Technology’s<br />
Symmetry access control system provides security professionals with an<br />
extremely powerful and versatile system management and control solution,”<br />
stated Jonathan Lewit, director of technology leadership at Pelco. “By engaging<br />
with industry leaders like AMAG Technology, Pelco continues to focus its<br />
attentions on providing end users with meaningful innovations that deliver the<br />
best combination of performance, functionality and cost-efficiency.”<br />
The integration of Pelco’s VideoXpert VMS and AMAG Technology’s Symmetry<br />
access control system affords a number of versatile ways in which to combine<br />
surveillance and access devices with software into a unified security<br />
management system. The integrated solution is standardised for any IP LAN,<br />
WAN or VPN network and purpose-designed for minimal bandwidth use.<br />
For smaller systems, a single PC can host both VideoXpert and Symmetry,<br />
acting as both the client and server for the end user.<br />
Other benefits of the VideoXpert VMS and Symmetry access control system<br />
integration include a user interface design with graphical map capability,<br />
comprehensive alarm handling features and the potential for unlimited client<br />
workstations, card readers and card holders. Additionally, video badging and<br />
visitor management software is included as part of the package.<br />
“As security professionals continue to look for ways in which to increase<br />
efficiencies and control costs, there’s a driving demand for system solutions<br />
that seamlessly integrate high performance surveillance and access control<br />
technologies,” observed Dave Ella, vice-president of products and partner<br />
programmes at AMAG Technology.<br />
www.pelco.com<br />
Scanna introduces Rapiscan<br />
620VE X-ray machine<br />
Scanna has launched its Rapiscan 620VE<br />
small frame high performance X-ray scanner<br />
for postal and building security clients who<br />
want to screen larger objects, but have<br />
reduced operating space.<br />
The Rapiscan 620VE machine offers a<br />
sizeable 62 x 42 cm tunnel for the screening<br />
of larger-sized boxes and visitor bags, but<br />
boasts a short frame size of only 168 cm<br />
(without UK safety tunnels) and a width of<br />
just 82 cm.<br />
The viewing screen is a generous 22”, with<br />
its height adjusted to be on an optimised<br />
ergonomic level for operators with a modernstyle<br />
monitor cart assisting end users<br />
requiring remote<br />
operations.<br />
The 620VE<br />
model<br />
incorporates<br />
Rapiscan<br />
enhanced<br />
software<br />
algorithms that<br />
provide “far<br />
superior”<br />
imaging to the original XR models.<br />
www.scanna-msc.com<br />
Hikvision and Paxton create<br />
“seamless” vehicle entry system<br />
Hikvision UK & Ireland has successfully<br />
integrated its ANPR solution with Paxton’s Net2<br />
access control system to provide a host of<br />
benefits for installers and integrators which can<br />
be passed on to their end user customers.<br />
Working in a stand-alone environment or as<br />
part of a wider Hikvision solution, this<br />
integration allows legacy and new Hikvision<br />
ANPR systems to be operated seamlessly from<br />
the Net2 system, helping to control a gate or a<br />
barrier by associating a car registration number<br />
with an access control credential (such as an<br />
entry card or key fob) over multiple formats by<br />
dint of using a Wiegand interface.<br />
www.hikvision.com<br />
50<br />
www.risk-uk.com
Technology in Focus<br />
Patent-protected<br />
access control<br />
platform from UNION<br />
UNION, a UK division of ASSA<br />
ABLOY, has launched the keyPRIME patented<br />
dimple cylinder platform with a reversible key<br />
design. Through the existing patent protection<br />
and with an expected lifetime extension until<br />
2036, keyPRIME offers the longest patent<br />
protection available on the market. The patent<br />
affords secure key control with key blanks only<br />
available from stated UNION keyPRIME dealers.<br />
UNION keyPRIME is a high quality, value for<br />
money platform designed to meet the security<br />
needs of end users operating in commercial,<br />
education and healthcare environments. It’s<br />
also ideal for small business and local<br />
Government use and can be keyed for either<br />
one or multiple doors, while cylinder upgrades<br />
or replacements are easy to install.<br />
The platform is certified to BS EN 1303:2015,<br />
offering anti-pick, anti-drill, anti-bump and antipull<br />
protection as standard. The flat reversible<br />
key exhibits a contemporary design constructed<br />
from strong, high quality nickel silver.<br />
All UNION keyPRIME cylinders feature a DIN<br />
18252 cam for Euro cylinders and are<br />
compatible with all DIN standard lock cases.<br />
The solution is available as a ‘master key’,<br />
‘keyed alike’ or ‘keyed to differ’ solution in<br />
euro, single, double or key-and-turn cylinders.<br />
www.uniononline.co.uk<br />
Multitone expands Appear range of<br />
powerful and secure Mobile<br />
Messaging Apps<br />
Multitone Electronics plc, a specialist in the<br />
design, manufacture and implementation of<br />
integrated communication systems, has<br />
unveiled two new versions of its secure<br />
corporate mobile communications App.<br />
The Multitone Appear Smart App operates in<br />
the healthcare and retail sectors, showing the<br />
status and availability of contacts and<br />
ensuring that voice, text, video and image<br />
messaging are routed and acknowledged.<br />
Multitone Appear+ provides new multimedia<br />
and rich content functionality, while Multitone<br />
Appear Lite simplifies the application for high<br />
speed and convenient messaging, with<br />
acknowledgement and proof of delivery. Both<br />
new versions are powered by Multitone’s i-<br />
Message unified messaging platform, in turn<br />
OPTEX brings independentlyprogrammable<br />
BX Shield<br />
outdoor PIR to market<br />
Sensor manufacturer OPTEX has recently<br />
launched its BX Shield Series sensors –<br />
encompassing a range of curtain motion<br />
sensors ideal for protecting windows and the<br />
immediate boundaries of a building or site –<br />
in the EMEA region.<br />
Complementing the best-selling VX Shield<br />
Series launched in the autumn, the new<br />
Shield concept combines great usability with<br />
versatile design. The BX Shield Series<br />
includes four PIRs, two on each side, while<br />
the detection range and sensitivity may be<br />
adjusted independently for each side of the<br />
sensor. The detection area can be easily set<br />
up to 12 m/40 ft (24 m/80 ft in total).<br />
The BX Shield Series boasts four models:<br />
two standard, hardwired PIRs (BXS-ST) in<br />
addition to two hardwired models with antimasking<br />
(BXS-AM).<br />
There are also two battery-powered<br />
models, namely the standard (BXS-R) and<br />
anti-masking (BXS-RAM) versions.<br />
All are equipped with digitally-enhanced<br />
signal recognition logic known as Super<br />
Multidimensional Analysis (SMDA). By<br />
analysing detection patterns and<br />
environmental information, SMDA can<br />
distinguish between the causes of nuisance<br />
false alarms and genuine intrusions.<br />
For environments where the temperature<br />
difference between the human body and the<br />
background is very small, the extreme high<br />
detection mode increases PIR sensitivity in<br />
order to prevent any missed alarms.<br />
www.optex-europe.com<br />
bringing different (ie phone, e-mail and<br />
paging) and disparate (eg BMS, security and<br />
fire alarms) communications together.<br />
Multitone’s Appear+ offers new options. For<br />
example, a copy of the patient consent form<br />
can be attached as a digital signature,<br />
providing approval for sensitive clinical images<br />
to be shared between authorised users within<br />
a secure corporate network.<br />
The App also features an in-built Session<br />
Initiation Protocol phone client. This is linked<br />
directly to Multitone i-Message and enables<br />
the user to securely call and talk to other App<br />
or phone users. Coupled with an in-built<br />
conference bridge, the App allows users to<br />
access group discussions. At the same time,<br />
Multitone Appear+ can be fully-integrated with<br />
other building or medical facility systems,<br />
such as fire alarms and nurse call solutions, to<br />
ensure relevant staff are immediately updated.<br />
www.multitone.com<br />
51<br />
www.risk-uk.com
thepaper<br />
Business News for Security Professionals<br />
Pro-Activ Publications is embarking on a revolutionary<br />
launch: a FORTNIGHTLY NEWSPAPER dedicated to the<br />
latest financial and business information for<br />
professionals operating in the security sector<br />
The Paper will bring subscribers (including CEOs,<br />
managing directors and finance directors within the<br />
UK’s major security businesses) all the latest company<br />
and sector financials, details of business re-brands,<br />
market research and trends and M&A activity<br />
FOR FURTHER INFORMATION<br />
ON THE PAPER CONTACT:<br />
Brian Sims BA (Hons) Hon FSyI<br />
(Editor, The Paper and Risk UK)<br />
Telephone: 020 8295 8304<br />
e-mail: brian.sims@risk-uk.com<br />
www.thepaper.uk.com
Appointments<br />
Dr Alison Wakefield<br />
FSyI<br />
The Security Institute has<br />
announced that academic<br />
criminologist Dr Alison<br />
Wakefield FSyI will become<br />
the organisation’s new<br />
chairman with effect from<br />
January 2018, taking over<br />
the reins from Garry<br />
Evanson CSyP FSyI.<br />
Wakefield is senior lecturer in security risk<br />
management at the University of Portsmouth,<br />
where she’s also course leader of the BSc<br />
degree course in Risk and Security Management<br />
and the Professional Doctorate focused on the<br />
discipline of Security Risk Management.<br />
Alison Wakefield’s track record of accolades is<br />
impressive to say the very least. Earlier this<br />
year, Wakefield – who holds a BA (Hull) and<br />
MPhil PhD (Cambridge) – was awarded the<br />
prestigious Imbert Prize by the Association of<br />
Security Consultants.<br />
In terms of her work to date both with and for<br />
The Security Institute, Wakefield has served as<br />
vice-chairman of the organisation since 2015<br />
and as a Board director from 2010. Previously,<br />
Wakefield was a director with the International<br />
Institute of Security from 2004 prior to its<br />
merger with The Security Institute in 2008.<br />
In 2010-2011, Wakefield chaired the Institute’s<br />
Working Party that devised the pathways to<br />
becoming a Chartered Security Professional,<br />
and now serves as academic advisor to the<br />
Chartered Security Professionals Registration<br />
Authority. Wakefield also chaired the Institute’s<br />
Academic Board at the point of the launch of<br />
the organisation’s qualifications in 2010 and the<br />
Knowledge Centre three years later.<br />
“I’m honoured to be appointed chairman of<br />
The Security Institute,” observed Wakefield.<br />
Jo Davis<br />
Mitie Group plc, the UK’s largest FM company,<br />
has appointed Jo Davis as Group Human<br />
Resources (HR) director. Based in London,<br />
Davis will join the Group in January next year<br />
from itsu, the healthy eating retail chain,<br />
where she served as Group HR director.<br />
At itsu, Davis led the HR division that was<br />
awarded ‘HR Team of the Year’ at this year’s<br />
CIPD People Management Awards. Davis also<br />
played a pivotal role in positioning the<br />
company as ‘one to watch’ in The Sunday<br />
Times’ coveted Best Companies survey.<br />
Prior to joining itsu, Davis held several<br />
senior HR roles at Sainsbury’s including HR<br />
director of Netto, its discount retailer, and<br />
Appointments<br />
Risk UK keeps you up-to-date with all the latest people<br />
moves in the security, fire, IT and Government sectors<br />
Barry Dawson<br />
Security solutions provider Wilson James has<br />
amalgamated its City of London and Southern<br />
business regions to create a £65 million<br />
operational ‘powerhouse’ that’s designed to<br />
spearhead a targeted expansion of the<br />
company’s specialist security services.<br />
This latest move signals the firm’s increasing<br />
focus on offering clients a high-level range of<br />
technology, cyber and intelligence-led security<br />
solutions to complement its industry-leading<br />
security guarding offer.<br />
The new Southern Region will be led by Barry<br />
Dawson, who joins the business with 30 years’<br />
high-level experience in the security industry<br />
encompassing Board-level roles at both VSG<br />
and Advance Security.<br />
Dawson is joined by risk management expert<br />
Gavin Wilson, technical specialist Don McCann<br />
and Marc Bannister, all of them working with<br />
Crawford Boyce to create and deliver ‘strategic<br />
journeys’ for each client in the region.<br />
“The strategic journey is a tailored approach<br />
that allows us to offer clients a range of services<br />
including not just excellent security guarding,<br />
but also Front of House, counter-terrorism,<br />
intelligence reporting, global travel risk and<br />
social media monitoring,” commented Dawson.<br />
Reporting directly to Dawson are Allison<br />
Fraser, Mark Jones and Shai Zach who become<br />
strategic account directors, all of them pivotal<br />
within the region in ensuring that Wilson James<br />
continues to deliver service excellence.<br />
head of people and operations for Asia, based<br />
in Shanghai. Before joining Sainsbury’s, Davis<br />
worked in the financial services sector at both<br />
Santander and Kleinwort Benson.<br />
Commenting on Davis’ appointment, Phil<br />
Bentley (CEO of Mitie Group) explained to Risk<br />
UK: “I’m delighted Jo will be joining Mitie in<br />
January. Jo has tremendous energy and drive,<br />
and will add a fresh voice and valuable<br />
transformational experience to the business.<br />
I’m determined that Mitie is recognised as a<br />
‘Great Place to Work’ and Jo’s appointment is a<br />
key step forward in achieving that ambition.”<br />
On her new role, Davis stated: “With over<br />
53,000 employees in locations throughout the<br />
UK, Mitie is a true people business. I’m very<br />
excited to be joining the company.”<br />
53<br />
www.risk-uk.com
Appointments<br />
Millie Banerjee CBE<br />
Home Secretary Amber Rudd has appointed Millie<br />
Banerjee CBE as chairman of the College of Policing.<br />
Banerjee will now oversee the professional body for<br />
everyone in policing and work with the organisation’s<br />
newly-confirmed CEO, Mike Cunningham QPM, to<br />
professionalise policing still further and make sure<br />
officers and staff alike have the skills and knowledge<br />
they need in order to keep the country safe.<br />
“I have spent many years in policing and it has been a<br />
privilege to witness the dedication and compassion of officers and staff to<br />
protect the public,” said Banerjee. “This is evident when I see that public<br />
approval for the police service has remained high despite officers and staff<br />
being faced with complex crime, a reduced workforce and greater demand.”<br />
Banerjee has enjoyed a long and varied career in the private and public<br />
sectors. She was chairman of the British Transport Police Authority for seven<br />
years and held several non-executive appointments, including as a nonexecutive<br />
director of the Cabinet Office, Channel 4, the Prisons Board, the<br />
Peabody Trust and Ofcom.<br />
Banerjee is currently chairman of NHS Blood and Transplant in addition to<br />
serving as a Board member of the East London NHS Foundation Trust.<br />
Karl Hydes<br />
Outsourced support<br />
services provider Anchor<br />
Group Services – a<br />
specialist in integrated<br />
security solutions and an<br />
Approved Contractor with<br />
the Security Industry<br />
Authority – has appointed<br />
Karl Hydes in the role of<br />
national operations director to further develop<br />
the company’s growing portfolio of both<br />
regional and national accounts.<br />
Hydes joins with a wealth of experience,<br />
having spent the last several years at Savills UK<br />
and Churchill Contract Services, where he was<br />
instrumental in developing the operational<br />
offerings for public and private sector clients<br />
right across the UK.<br />
Speaking about his new role, Hydes<br />
commented: “I’m excited to begin a new<br />
challenge within Anchor and look forward to<br />
working with the team on further developing<br />
our service offer. I’m very fortunate to be<br />
joining such a respected company that prides<br />
itself on top quality service.”<br />
Hydes began his new role in November,<br />
initially taking over responsibility for the North<br />
West region prior to assuming a full national<br />
role. To ensure a smooth transition, Hydes<br />
worked with general manager Alex Hiles<br />
throughout last month.<br />
Andrew Harper, CEO of Anchor Group<br />
Services, stated: “I’m delighted to welcome Karl<br />
to the Anchor family. As a senior figure in the<br />
industry, Karl brings a wealth of operational<br />
and strategic experience at a national level.”<br />
Ashley Lane<br />
Digital forensics triage<br />
specialist Evidence Talks<br />
has appointed Ashley<br />
Lane as the business’<br />
new CEO, while Elizabeth<br />
Sheldon now steps up to<br />
the role of company<br />
chairman.<br />
Joining from<br />
technology company MASS where he served as<br />
managing director, Lane’s enviable record<br />
combines achievements in converting<br />
technologies into successful business<br />
propositions with significant expertise in cyber<br />
security, information management and digital<br />
forensics services, along with software and<br />
electronics product development.<br />
Speaking about his appointment, Lane<br />
informed Risk UK: “We operate in a crucial<br />
market that requires a constant focus on the<br />
ability to accelerate advancements. Right now,<br />
we’re deeply engaged in executing our growth<br />
strategy to tackle the rising complexities and<br />
sophistication in digital crime. I’m really looking<br />
forward to working with clients on delivering<br />
their evidential requirements in both a fast and<br />
effective manner.”<br />
Keith Bardsley<br />
Hanwha Techwin has<br />
appointed Keith<br />
Bardsley as business<br />
development manager<br />
for the North of<br />
England. Bardsley will<br />
now work closely with<br />
installers and system<br />
integrators to identify<br />
new opportunities for Wisenet video<br />
surveillance solutions and provide pre- and<br />
post-sales support for ongoing projects.<br />
Prior to joining Hanwha Techwin, Bardsley<br />
was regional sales manager for NW Systems<br />
Group, a systems integrator specialising in IP<br />
network-based security solutions. He has<br />
also worked for both Intech Solutions and<br />
ADT Fire & Security.<br />
Bob Hwang, managing director of Hanwha<br />
Techwin Europe, told Risk UK: “We are<br />
delivering on our promise to provide the best<br />
possible support for our business partners<br />
and customers alike by continuing to<br />
increase our pre- and post-sales resources in<br />
line with increased demand. I’m pleased to<br />
welcome Keith to our UK sales team. He will<br />
be able to put his extensive knowledge of IP<br />
video surveillance technology to good use by<br />
supporting installers and integrators alike.”<br />
54<br />
www.risk-uk.com
“<br />
You have to be here if you want<br />
to be regarded as a key player<br />
in the security market.<br />
“<br />
27,658<br />
visitors from<br />
116 countries<br />
79%<br />
of visitors come to<br />
source new products<br />
£20.7bn<br />
total budget of<br />
visitors to IFSEC 2017<br />
Enquire about exhibiting at IFSEC 2018: ifsec.events/international<br />
Proud to be supported by:
Best Value Security Products from Insight Security<br />
www.insight-security.com Tel: +44 (0)1273 475500<br />
...and<br />
lots<br />
more<br />
Computer<br />
Security<br />
Anti-Climb Paints<br />
& Barriers<br />
Metal Detectors<br />
(inc. Walkthru)<br />
Security, Search<br />
& Safety Mirrors<br />
Security Screws &<br />
Fastenings<br />
Padlocks, Hasps<br />
& Security Chains<br />
Key Safes & Key<br />
Control Products<br />
Traffic Flow &<br />
Management<br />
see our<br />
website<br />
ACCESS CONTROL<br />
KERI SYSTEMS UK LTD<br />
Tel: + 44 (0) 1763 273 243<br />
Fax: + 44 (0) 1763 274 106<br />
Email: sales@kerisystems.co.uk<br />
www.kerisystems.co.uk<br />
ACCESS CONTROL<br />
ACCESS CONTROL<br />
ACT<br />
ACT – Ireland, Unit C1, South City Business Park,<br />
Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100<br />
ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,<br />
Warrington, WA3 7GB. Tel: +44 161 236 9488<br />
sales@act.eu www.act.eu<br />
ACCESS CONTROL – BARRIERS, GATES, CCTV<br />
ABSOLUTE ACCESS<br />
Aberford Road, Leeds, LS15 4EF<br />
Tel: 01132 813511<br />
E: richard.samwell@absoluteaccess.co.uk<br />
www.absoluteaccess.co.uk<br />
Access Control, Automatic Gates, Barriers, Blockers, CCTV<br />
ACCESS CONTROL<br />
COVA SECURITY GATES LTD<br />
Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards<br />
Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68<br />
Tel: 01293 553888 Fax: 01293 611007<br />
Email: sales@covasecuritygates.com<br />
Web: www.covasecuritygates.com<br />
ACCESS CONTROL & DOOR HARDWARE<br />
ALPRO ARCHITECTURAL HARDWARE<br />
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,<br />
Waterproof Keypads, Door Closers, Deadlocks plus many more<br />
T: 01202 676262 Fax: 01202 680101<br />
E: info@alpro.co.uk<br />
Web: www.alpro.co.uk<br />
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES<br />
HTC PARKING AND SECURITY LIMITED<br />
St. James’ Bus. Centre, Wilderspool Causeway,<br />
Warrington Cheshire WA4 6PS<br />
Tel 01925 552740 M: 07969 650 394<br />
info@htcparkingandsecurity.co.uk<br />
www.htcparkingandsecurity.co.uk<br />
ACCESS CONTROL<br />
INTEGRATED DESIGN LIMITED<br />
Integrated Design Limited, Feltham Point,<br />
Air Park Way, Feltham, Middlesex. TW13 7EQ<br />
Tel: +44 (0) 208 890 5550<br />
sales@idl.co.uk<br />
www.fastlane-turnstiles.com<br />
ACCESS CONTROL<br />
SECURE ACCESS TECHNOLOGY LIMITED<br />
Authorised Dealer<br />
Tel: 0845 1 300 855 Fax: 0845 1 300 866<br />
Email: info@secure-access.co.uk<br />
Website: www.secure-access.co.uk<br />
ACCESS CONTROL MANUFACTURER<br />
NORTECH CONTROL SYSTEMS LTD.<br />
Nortech House, William Brown Close<br />
Llantarnam Park, Cwmbran NP44 3AB<br />
Tel: 01633 485533<br />
Email: sales@nortechcontrol.com<br />
www.nortechcontrol.com<br />
Custom Designed Equipment<br />
• Indicator Panels<br />
• Complex Door Interlocking<br />
• Sequence Control<br />
• Door Status Systems<br />
• Panic Alarms<br />
<br />
• Bespoke Products<br />
www.hoyles.com<br />
sales@hoyles.com<br />
Tel: +44 (0)1744 886600<br />
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES<br />
UKB INTERNATIONAL LTD<br />
Planet Place, Newcastle upon Tyne<br />
Tyne and Wear NE12 6RD<br />
Tel: 0845 643 2122<br />
Email: sales@ukbinternational.com<br />
Web: www.ukbinternational.com<br />
Hoyles are the UK’s leading supplier of<br />
custom designed equipment for the<br />
security and access control industry.<br />
From simple indicator panels to<br />
complex door interlock systems.<br />
BUSINESS CONTINUITY<br />
ACCESS CONTROL, INTRUSION DETECTION AND VIDEO MANAGEMENT<br />
VANDERBILT INTERNATIONAL (UK) LTD<br />
Suite 7, Castlegate Business Park<br />
Caldicot, South Wales NP26 5AD UK<br />
Main: +44 (0) 2036 300 670<br />
email: info.uk@vanderbiltindustries.com<br />
web: www.vanderbiltindustries.com<br />
BUSINESS CONTINUITY MANAGEMENT<br />
CONTINUITY FORUM<br />
Creating Continuity ....... Building Resilience<br />
A not-for-profit organisation providing help and support<br />
Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845<br />
Email: membership@continuityforum.org<br />
Web: www.continuityforum.org<br />
www.insight-security.com Tel: +44 (0)1273 475500
CCTV<br />
CCTV<br />
Rapid Deployment Digital IP High Resolution CCTV<br />
40 hour battery, Solar, Wind Turbine and Thermal Imaging<br />
Wired or wireless communication fixed IP<br />
CE Certified<br />
Modicam Europe, 5 Station Road, Shepreth,<br />
Cambridgeshire SG8 6PZ<br />
www.modicam.com sales@modicameurope.com<br />
CCTV SPECIALISTS<br />
PLETTAC SECURITY LTD<br />
Unit 39 Sir Frank Whittle Business Centre,<br />
Great Central Way, Rugby, Warwickshire CV21 3XH<br />
Tel: 01788 567811 Fax: 01788 544 549<br />
Email: jackie@plettac.co.uk<br />
www.plettac.co.uk<br />
CONTROL ROOM & MONITORING SERVICES<br />
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS<br />
ALTRON COMMUNICATIONS EQUIPMENT LTD<br />
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ<br />
Tel: +44 (0) 1269 831431<br />
Email: cctvsales@altron.co.uk<br />
Web: www.altron.co.uk<br />
ADVANCED MONITORING SERVICES<br />
EUROTECH MONITORING SERVICES LTD.<br />
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring<br />
• Vehicle Tracking • Message Handling<br />
• Help Desk Facilities • Keyholding/Alarm Response<br />
Tel: 0208 889 0475 Fax: 0208 889 6679<br />
E-MAIL eurotech@eurotechmonitoring.net<br />
Web: www.eurotechmonitoring.net<br />
CCTV<br />
G-TEC<br />
Gtec House, 35-37 Whitton Dene<br />
Hounslow, Middlesex TW3 2JN<br />
Tel: 0208 898 9500<br />
www.gtecsecurity.co.uk<br />
sales@gtecsecurity.co.uk<br />
DISTRIBUTORS<br />
SPECIALISTS IN HD CCTV<br />
MaxxOne<br />
Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP<br />
Tel +44 (0)161 430 3849<br />
www.maxxone.com<br />
sales@onlinesecurityproducts.co.uk<br />
www.onlinesecurityproducts.co.uk<br />
CCTV & IP SECURITY SOLUTIONS<br />
PANASONIC SYSTEM COMMUNICATIONS COMPANY<br />
EUROPE<br />
Panasonic House, Willoughby Road<br />
Bracknell, Berkshire RG12 8FP UK<br />
Tel: 0207 0226530<br />
Email: info@business.panasonic.co.uk<br />
AWARD-WINNING, LEADING GLOBAL WHOLESALE<br />
DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.<br />
ADI GLOBAL DISTRIBUTION<br />
Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company<br />
also offers an internal technical support team, dedicated field support engineers along with a suite of<br />
training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified<br />
time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online<br />
account, installers can order up to 7pm for next day delivery.<br />
Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk<br />
COMMUNICATIONS & TRANSMISSION EQUIPMENT<br />
KBC NETWORKS LTD.<br />
Barham Court, Teston, Maidstone, Kent ME18 5BZ<br />
www.kbcnetworks.com<br />
Phone: 01622 618787<br />
Fax: 020 7100 8147<br />
Email: emeasales@kbcnetworks.com<br />
TO ADVERTISE HERE CONTACT:<br />
Paul Amura<br />
Tel: 020 8295 8307<br />
Email: paul.amura@proactivpubs.co.uk<br />
DIGITAL IP CCTV<br />
SESYS LTD<br />
High resolution ATEX certified cameras, rapid deployment<br />
cameras and fixed IP CCTV surveillance solutions available with<br />
wired or wireless communications.<br />
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG<br />
Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333<br />
Email: info@sesys.co.uk www.sesys.co.uk<br />
www.insight-security.com Tel: +44 (0)1273 475500
THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS<br />
CONTROL AND INTRUDER DETECTION SOLUTIONS<br />
NORBAIN SD LTD<br />
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP<br />
Tel: 0118 912 5000 Fax: 0118 912 5001<br />
www.norbain.com<br />
Email: info@norbain.com<br />
INTEGRATED SECURITY SOLUTIONS<br />
INNER RANGE EUROPE LTD<br />
Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,<br />
Reading, Berkshire RG74GB, United Kingdom<br />
Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001<br />
Email: ireurope@innerrange.co.uk<br />
www.innerrange.com<br />
UK LEADERS IN BIG BRAND CCTV DISTRIBUTION<br />
SATSECURE<br />
Hikivision & MaxxOne (logos) Authorised Dealer<br />
Unit A10 Pear Mill, Lower Bredbury,<br />
Stockport. SK6 2BP<br />
Tel +44 (0)161 430 3849<br />
www.satsecure.uk<br />
IDENTIFICATION<br />
PERIMETER PROTECTION<br />
ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS<br />
GJD MANUFACTURING LTD<br />
Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX<br />
Tel: + 44 (0) 1706 363998<br />
Fax: + 44 (0) 1706 363991<br />
Email: info@gjd.co.uk<br />
www.gjd.co.uk<br />
PERIMETER PROTECTION<br />
GPS PERIMETER SYSTEMS LTD<br />
14 Low Farm Place, Moulton Park<br />
Northampton, NN3 6HY UK<br />
Tel: +44(0)1604 648344 Fax: +44(0)1604 646097<br />
E-mail: info@gpsperimeter.co.uk<br />
Web site: www.gpsperimeter.co.uk<br />
COMPLETE SOLUTIONS FOR IDENTIFICATION<br />
DATABAC GROUP LIMITED<br />
1 The Ashway Centre, Elm Crescent,<br />
Kingston upon Thames, Surrey KT2 6HH<br />
Tel: +44 (0)20 8546 9826<br />
Fax:+44 (0)20 8547 1026<br />
enquiries@databac.com<br />
POWER<br />
INDUSTRY ORGANISATIONS<br />
POWER SUPPLIES – DC SWITCH MODE AND AC<br />
DYCON LTD<br />
Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER<br />
Tel: 01443 471900 Fax: 01443 479 374<br />
Email: sales@dyconpower.com<br />
www.dyconpower.com<br />
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY<br />
BRITISH SECURITY INDUSTRY ASSOCIATION<br />
Tel: 0845 389 3889<br />
Email: info@bsia.co.uk<br />
Website: www.bsia.co.uk<br />
Twitter: @thebsia<br />
INTEGRATED SECURITY SOLUTIONS<br />
UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />
ADEPT POWER SOLUTIONS LTD<br />
Adept House, 65 South Way, Walworth Business Park<br />
Andover, Hants SP10 5AF<br />
Tel: 01264 351415 Fax: 01264 351217<br />
Web: www.adeptpower.co.uk<br />
E-mail: sales@adeptpower.co.uk<br />
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS<br />
HONEYWELL SECURITY AND FIRE<br />
Tel: +44 (0) 844 8000 235<br />
E-mail: securitysales@honeywell.com<br />
UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />
UNINTERRUPTIBLE POWER SUPPLIES LTD<br />
Woodgate, Bartley Wood Business Park<br />
Hook, Hampshire RG27 9XA<br />
Tel: 01256 386700 5152 e-mail:<br />
sales@upspower.co.uk<br />
www.upspower.co.uk<br />
www.insight-security.com Tel: +44 (0)1273 475500
SECURITY<br />
ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS<br />
INSIGHT SECURITY<br />
Units 1 & 2 Cliffe Industrial Estate<br />
Lewes, East Sussex BN8 6JL<br />
Tel: 01273 475500<br />
Email:info@insight-security.com<br />
www.insight-security.com<br />
CASH & VALUABLES IN TRANSIT<br />
CONTRACT SECURITY SERVICES LTD<br />
Challenger House, 125 Gunnersbury Lane, London W3 8LH<br />
Tel: 020 8752 0160 Fax: 020 8992 9536<br />
E: info@contractsecurity.co.uk<br />
E: sales@contractsecurity.co.uk<br />
Web: www.contractsecurity.co.uk<br />
EXPERTS IN X-RAY SCANNING SECURITY EQUIPMENT SINCE 1950<br />
TODD RESEARCH<br />
1 Stirling Way, Papworth Business Park<br />
Papworth Everard, Cambridgeshire CB23 3GY<br />
United Kingdom<br />
Tel: 01480 832202<br />
Email: xray@toddresearch.co.uk<br />
FENCING SPECIALISTS<br />
J B CORRIE & CO LTD<br />
Frenchmans Road<br />
Petersfield, Hampshire GU32 3AP<br />
Tel: 01730 237100<br />
Fax: 01730 264915<br />
email: fencing@jbcorrie.co.uk<br />
INTRUSION DETECTION AND PERIMETER PROTECTION<br />
OPTEX (EUROPE) LTD<br />
Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre<br />
optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B<br />
Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ<br />
Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311<br />
Email: sales@optex-europe.com<br />
www.optex-europe.com<br />
ONLINE SECURITY SUPERMARKET<br />
EBUYELECTRICAL.COM<br />
Lincoln House,<br />
Malcolm Street<br />
Derby DE23 8LT<br />
Tel: 0871 208 1187<br />
www.ebuyelectrical.com<br />
LIFE SAFETY EQUIPMENT<br />
C-TEC<br />
Challenge Way, Martland Park,<br />
Wigan WN5 OLD United Kingdom<br />
Tel: +44 (0) 1942 322744<br />
Fax: +44 (0) 1942 829867<br />
Website: www.c-tec.com<br />
PERIMETER SECURITY<br />
TAKEX EUROPE LTD<br />
Aviary Court, Wade Road, Basingstoke<br />
Hampshire RG24 8PE<br />
Tel: +44 (0) 1256 475555<br />
Fax: +44 (0) 1256 466268<br />
Email: sales@takex.com<br />
Web: www.takex.com<br />
SECURITY EQUIPMENT<br />
PYRONIX LIMITED<br />
Secure House, Braithwell Way, Hellaby,<br />
Rotherham, South Yorkshire, S66 8QY.<br />
Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042<br />
www.facebook.com/Pyronix<br />
www.linkedin.com/company/pyronix www.twitter.com/pyronix<br />
SECURITY SYSTEMS<br />
BOSCH SECURITY SYSTEMS LTD<br />
PO Box 750, Uxbridge, Middlesex UB9 5ZJ<br />
Tel: 0330 1239979<br />
E-mail: uk.securitysystems@bosch.com<br />
Web: uk.boschsecurity.com<br />
INTRUDER AND FIRE PRODUCTS<br />
CQR SECURITY<br />
125 Pasture road, Moreton, Wirral UK CH46 4 TH<br />
Tel: 0151 606 1000<br />
Fax: 0151 606 1122<br />
Email: andyw@cqr.co.uk<br />
www.cqr.co.uk<br />
SECURITY EQUIPMENT<br />
CASTLE<br />
Secure House, Braithwell Way, Hellaby,<br />
Rotherham, South Yorkshire, S66 8QY<br />
TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042<br />
www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity<br />
www.twitter.com/castlesecurity<br />
QUALITY SECURITY AND SUPPORT SERVICES<br />
CONSTANT SECURITY SERVICES<br />
Cliff Street, Rotherham, South Yorkshire S64 9HU<br />
Tel: 0845 330 4400<br />
Email: contact@constant-services.com<br />
www.constant-services.com<br />
SECURITY PRODUCTS<br />
EATON<br />
Eaton is one of the world’s leading manufacturers of security equipment<br />
its Scantronic and Menvier product lines are suitable for all types of<br />
commercial and residential installations.<br />
Tel: 01594 545 400 Email: securitysales@eaton.com<br />
Web: www.uk.eaton.com Twitter: @securityTP<br />
SECURE CONNECTIVITY PROVIDERS<br />
CSL<br />
T: +44 (0)1895 474 474<br />
sales@csldual.com<br />
@CSLDualCom<br />
www.csldual.com<br />
SECURITY SYSTEMS<br />
VICON INDUSTRIES LTD.<br />
Brunel Way, Fareham<br />
Hampshire, PO15 5TX<br />
United Kingdom<br />
www.vicon.com<br />
www.insight-security.com Tel: +44 (0)1273 475500
HVM Bollards and Street Furniture<br />
Protecng Pedestrians, Crowded Locaons, Infrastructure<br />
and Perimeters from Hosle Vehicles<br />
bristorm.com<br />
BSI PAS 68<br />
BSI PAS 170<br />
IWA 14 ‐ 1<br />
ASTM F2656<br />
Protecng crowded locaons from vehicle‐borne aacks<br />
www.bristorm.com | info@bristorm.com | +44 (0)1902 499400