RiskUKDecember2017

December 2017
www.risk-uk.com
Security and Fire Management
Going Mobile
Smart Phone Technology for Access Control
Security’s Evolution: Developing Operational Procedures
Demonstrating Resilience: Counter-Terrorism Techniques
FIA Technical Briefing: The Fire Industry and Brexit
Best Practice Casebook: Compliance versus Conformance

They see a well secured airport.
You see smart data to
optimize traveler flow.
Bosch empowers you to build a safer and more secure
world. And with built-in video analytics as of the IP 4000
cameras, we allow you to use video data for more than
security alone. Like identifying interruptions and
patterns in airport traffic.
Find out more at boschsecurity.com
+1
People counting
Queuing alarm
Enforcing safety
regulations

December 2017
Contents
28 The Changing Face of Security Services
Risk UK’s regular Security Guarding Supplement features
contributions from Axis Security and CIS Security in addition to
the Security Industry Authority’s view of compliance matters
Building Business Resilience (pp26-27)
5 Editorial Comment
6 News Update
BS 7799-3 revisions. Skills gap highlighted at UK Cyber Summit.
FSA Awards for 2017. OSPAs outlines Thought Leadership event
8 News Analysis: Annual Fraud Indicator 2017
The Annual Fraud Indicator 2017 has been published by Crowe
Clark Whitehill. Brian Sims reports on the staggering £190
billion yearly cost of fraud episodes in the UK
11 News Special: IFSEC International 2018
UBM has announced the 2018 “transformation” of IFSEC into an
“integrated security event”. Brian Sims has the detail
13 Opinion: Mobile Tech and Access Control
What does current thinking look like in terms of the potential for
today’s smart phones to both involve and fully embrace the
security arena? John Davies puts forward an assessment
16 Opinion: Mind Your Own Business
Alison Parkinson explains why the battle against the fraudsters
needs to be intensified and observes how information sharing
can help to prevent more individuals from becoming victims
34 Meet The Security Company
Risk UK’s focus on today’s practising security companies, run in
association with the National Security Inspectorate, continues
this month as we shine the spotlight on Cardinal Security
37 The Security Institute’s View
Simon Marsden addresses the challenges of cyber security
education in schools and why they must be swiftly overcome
40 In The Spotlight: ASIS International UK Chapter
Online retailer Amazon is firmly committed to bringing diverse
backgrounds and points of view to bear on behalf of its myriad
customers. Jo Day highlights the various ways in which this
philosophy benefits the company’s security operations
42 FIA Technical Briefing
With Brexit very much in mind, Ian Moore asserts why it’s vitally
important to ensure that the fire industry’s voice is clearly heard
in a number of areas directly affecting its cohort
44 Security Services: Best Practice Casebook
Compliance isn’t just a case of ensuring the ‘rules’ are followed.
It must also be about establishing a culture of conformance that
recognises and shares Best Practice. Darren Ward elaborates
46 Cyber Security: Physical Security Controls
48 Risk in Action
19 BSIA Briefing
James Kelly evaluates how lone worker safety solutions could
help to reduce the risk of criminality such as stalking, which is
on the rise in the latest Crime Survey for England and Wales
22 An Evolving Security Landscape
Jon Roadnight and Philip Strand outline precisely why security
professionals mustn’t become too fixated on the march of
technology at the expense of solid procedure and process
24 Redefining Storage for a Smart Future
In the second instalment of a two-part series exclusive to Risk
UK, Andrew Palmer examines the important role of the right
data storage solutions in supporting smart cities of tomorrow
26 A Demonstration of Resilience
In the wake of this year’s terrorism episodes, many business
managers are now revisiting their security arrangements. Jason
Wakefield offers salient advice for those enhancing resilience
50 Technology in Focus
53 Appointments
56 The Risk UK Directory
ISSN 1740-3480
Risk UK is published monthly by Pro-Activ Publications
Ltd and specifically aimed at security and risk
management, loss prevention, business continuity and
fire safety professionals operating within the UK’s largest
commercial organisations
© Pro-Activ Publications Ltd 2017
All rights reserved. No part of this publication may be
reproduced or transmitted in any form or by any means
electronic or mechanical (including photocopying, recording
or any information storage and retrieval system) without the
prior written permission of the publisher
The views expressed in Risk UK are not necessarily those of
the publisher
Risk UK is currently available for an annual subscription rate of
£78.00 (UK only)
www.risk-uk.com
Risk UK
PO Box 332
Dartford DA1 9FF
Editor Brian Sims BA (Hons) Hon FSyI
Tel: 0208 295 8304 Mob: 07500 606013
e-mail: brian.sims@risk-uk.com
Design and Production Matt Jarvis
Tel: 0208 295 8310 Fax: 0870 429 2015
e-mail: matt.jarvis@proactivpubs.co.uk
Advertisement Director Paul Amura
Tel: 0208 295 8307 Fax: 01322 292295
e-mail: paul.amura@proactivpubs.co.uk
Administration Tracey Beale
Tel: 0208 295 8306 Fax: 01322 292295
e-mail: tracey.beale@proactivpubs.co.uk
Managing Director Mark Quittenton
Chairman Larry O’Leary
Editorial: 0208 295 8304
Advertising: 0208 295 8307
3
www.risk-uk.com

Connect your life to your
home and your security
Interact, control and integrate your Texecom security system like never before
The Texecom Connect App allows you to control your security directly from your compatible
system events and monitor cameras or activity from anywhere in the world.
www.texe.com
Sales: +44 (0)1706 220460
Watch the Texecom
Connect App video

Texecom Connect App
New smartphone application for
iOS operating systems
Texecom Connect SmartCom
Texecom Connect ethernet
communicator
Texecom Connect SmartPlug
Ricochet ® enabled
wireless plug
Editorial Comment
From The Outset
Business Secretary Greg Clark has launched the
Government’s ambitious Industrial Strategy, setting out a
long-term vision for how Britain can build on its economic
strengths, address productivity performance, embrace
technological change and boost the earning power of people
right across the UK.
With the overriding aim of making the UK “the world’s most
innovative nation” by 2030, the Government has committed to
investing a further £725 million over the next three years in the
Industrial Strategy Challenge Fund. This is a direct response to
some of the greatest global challenges and opportunities faced
by the UK and will include £170 million designed to “transform”
the construction sector.
The Government had already set aside £1 billion for the first
wave of Industrial Strategy Challenge Fund projects, including an
investment of £246 million in next generation battery technology
and £86 million for robotics hubs across the UK.
The White Paper launched amid much fanfare on Monday 27
November also confirms that the Conservatives will be pressing
ahead on a series of Sector Deals, with construction, life
sciences, automotive and Artificial Intelligence (AI) the first to
benefit from new strategic and long-term partnerships with
Government backed by private sector co-investment.
As part of its all-new Industrial Strategy, the Government has
identified four Grand Challenges, one of which is to put the UK at
the forefront of the AI and data revolution. In real terms, this
represents an open invitation to business, academia and civil
society alike to work and engage with the Government in order
to innovate, develop new technologies and ensure that the UK
seizes global opportunities that arise.
Dr Adrian Davis, European managing director at (ISC)², has
made comment on the Government’s new Industrial Strategy, in
turn expressing concern over certain aspects contained within.
“Even though cyber security is mentioned as one of the key
priorities in AI, we’re concerned that the former doesn’t appear in
other parts of this Industrial Strategy,” explained Davis.
As far as Davis is concerned, without security being designedin
from the start (as indeed it should be), AI, ‘Smart’ and Internet
of Things systems will be vulnerable to bias, bad data and
sabotage, with “the Industrial Strategy for a digital economy
building the roof before we have laid the foundations.”
Embellishing this theme still further, Davis observed: “Now
that the Government wants to use AI for everything from
healthcare through to recruitment, we urgently need a
programme of validation such that any AI technology has been
through a rigorous assessment process to eliminate substandard
and insecure programming.”
In times hence, cyber security most certainly demands to be
an integral part of the opportunities offered to individuals and
educators alike. The Government promises that the UK will “lead
the world in the safe and ethical use of data and AI” but, for this
vision to be realised, Davis is right to assert that we must make
sure we’re not sacrificing security on the altar of innovation.
Brian Sims BA (Hons) Hon FSyI
Editor
December 2012
5
www.risk-uk.com

British Standard BS 7799-3 focused on
information security risk revised by BSI
BSI, the business standards company, has
revised its guidance standard for information
security management systems, namely BS
7799-3 Guidelines for Information Security Risk
Management. BS 7799-3 specifically assists
organisations regarding the risks and
opportunities of aspects contained in the
internationally-recognised ISO 27001
Information Technology – Security Techniques –
Information Security Management Systems –
Requirements. Importantly, BS 7799-3 provides
guidance on defining, applying, maintaining and
evaluating risk management processes in the
information security context.
The British Standard is relevant for those
organisations which have – or are intending to
have – an information security management
system conforming to ISO 27001.
BS 7799-3 identifies two widely-recognised
approaches to risk identification and risk
analysis: the scenario-based approach, wherein
risks are identified (and assessed) through a
consideration of events and their
consequence(s), and the ‘asset-threatvulnerability’
approach. Here, risk identification
takes into account the value of information
assets and identifies applicable threats.
The British Standard recommends that, for an
organisation to increase the reliability of
estimating the likelihood of a security event
occurring, it should consider using team
assessments rather than individual
assessments, employing external sources (such
as information security breaches reports),
unambiguous targets (for instance ‘two per
year’) rather than vague targets and timings
and scales containing at least five categories to
ascertain risk, from ‘Very low’ to ‘Very high’.
BS 7799-3 accounts for risks as diverse as
whether the influences of a foreign actor are a
threat to the organisation, technology failure,
influences of domestic crime (including fraud)
and the probable skill of an attacker, as well as
the resources available to them.
The British Standard includes dedicated
sections for information security risk treatment,
with guidance on how a given organisation can
monitor and measure its risk identification plan.
Recognising that no two organisations have
identical security concerns, BS 7799-3 is
applicable for all businesses regardless of their
type, size or nature.
Notable changes between the revised BS
7799-3 and its predecessor include conformity
to the latest version of ISO 27001, the term ‘risk
owner’ replacing ‘risk asset owner’ and the
effectiveness of the risk treatment plan being
regarded as more important than the controls.
BS 7799-3 will be of interest to governance,
risk and compliance personnel, security
managers, operational managers, auditors and
those implementing EU GDPR measures.
“UK must plug cyber skills gap” delegates told at Cyber Security Summit
The UK must foster a new generation of diverse talent to effectively tackle the cyber security skills
challenge. That’s precisely what Mark Sayers, deputy director for cyber and Government security at
the Cabinet Office, told delegates at the packed-to-capacity 2017 Cyber Security Summit & Expo
and co-located EU General Data Protection Regulation (GDPR) Conference that ran on Thursday 16
November in central London.
Sayers – who oversees the delivery of the UK’s National Cyber Security Strategy – said: “We’re
investing £1.9 billion to enhance the UK’s cyber capabilities, and a key part of this involves
developing the UK’s skills base in order to meet the increasing demand for cyber professionals.”
Sayers also informed delegates that working internationally to develop effective partnerships is
absolutely critical when it comes to fighting cyber crime, in addition to the essential need for a
shared approach across both the public and private sectors.
This year witnessed a record attendance at the Cyber Security Summit & Expo and co-located
GDPR Conference, the UK’s largest one-day event dedicated to vital cyber risk management advice
for the business community. Delegate numbers grew three-fold year-on-year, representing the
successful first stage of a strategic growth plan for the event over the coming years.
Delegates at this year’s event included CISOs, CIOs, CTOs and COO-level executives from the
public and private sectors.
Senior business leaders from brands such as Admiral Group, Bupa UK and GlaxoSmithKline
attended the event alongside Government policymakers, including those responsible for Critical
National Infrastructure, Her Majesty’s Revenue & Customs and the Ministry of Defence.
6
www.risk-uk.com

News Update
Industry champions Paul Tennent
and Tony Maskens win coveted FSA
Awards for 2017
Two industry leaders – namely Paul Tennent
and Tony Maskens – have been recognised by
the Fire & Security Association (FSA) at the
IFSEC Security and Fire Excellence Awards
2017 for their outstanding contributions to
their respective industry sectors.
Paul Tennent (pictured) – co-founder of
Tavcom Training and Group sales director at
the Linx International Group – won the FSA’s
2017 Peter Greenwood Security Award.
Tennent is recognised for his commitment to
raising standards (by working with the CCTV
User Group and National Occupational
Standards) and delivering high quality
training. He’s an internationally-respected
professional, with Tavcom Training boasting
major clients in countries including Dubai.
Recently, Tennent has been one of the
principal architects behind the creation of the
professional register for Certified Technical
Security Professionals that launched back in
early September.
Commenting on the award, Tennent told
Risk UK: “Well-trained and dedicated security
professionals are the lifeblood of our industry.
It’s with a sense of great responsibility that we
provide access to the latest knowledge and
skills needed for those working in the
professional technical security sector. I’m
immensely proud that Tavcom Training is
recognised as the world’s leading provider of
BTEC-accredited security systems training
courses. I receive this award on behalf of my
entire team.”
The Peter Greenwood Security Award
recognises individuals who have made an
outstanding contribution to the security
systems industry. It’s the longest-established
individual award in the security profession and
has been in existence since Peter Greenwood’s
untimely death in January 1995.
Greenwood was a former head of the ECA’s
Security Group and involved with its Fire
Group, and was also a founder member of the
Security Industry Lead Body.
Tony Maskens, who served as BAFE’s
technical schemes manager until his
retirement last year, has won the FSA’s Ian
Marsh Fire Award for 2017. Maskens picked up
the trophy for his efforts to raise industry
standards, enhance quality control schemes
and promote third party certification to
companies and end users alike.
The Ian Marsh Fire Award recognises
individuals who demonstrate enthusiasm and
selfless concern for the fire and emergency
systems industry. The award was renamed in
honour of Ian Marsh back in 2013.
OSPAs organisers outline detail
behind inaugural UK Thought
Leadership Summit
On Thursday 1 March 2018, professionals from
the UK’s security business sector will be given
the opportunity to listen to a line-up of highprofile
speakers, with the Outstanding
Security Performance Awards (OSPAs)
providing a platform for debate around key
issues facing the sector at its inaugural UK
Thought Leadership Summit in central London.
Confirmed speakers for this event include
The Right Honourable Greg Clark MP
(Secretary of State for Business, Energy and
Industrial Strategy), Ian Dyson QPM
(commissioner at the City of London Police)
and Andrew Thomson (director of property
services for The Shard).
There will also be an in-depth discussion
involving former offenders focused on how
they tackle security and why they think it so
often fails. The full programme for the day will
be announced shortly.
Professor Martin Gill CSyP FSyI, founder and
director of the OSPAs and the leader of
Perpetuity Research, commented: “The OSPAs
are about recognising excellence and the truly
outstanding performers who project the best
image of security and all the good it can do.
The aim of this UK Thought Leadership
Summit is to contribute towards excellence by
bringing different thought leaders together. In
short, the people who excel and can offer their
own insights for debate. We want to provide
the platform for practising security
professionals to listen to what the opinion
formers think and contribute to the discussion
about how we can improve what security does
and how it’s perceived. The quality of what we
have in the future in terms of security
provision here in the UK will depend on the
quality of debate we conduct now.”
In addition, Professor Gill (pictured)
informed Risk UK: “This event is open to all
participants in the security sector and its
stakeholders, and I strongly urge everyone to
consider attending and be ready to pose
questions to a panel of influential speakers.”
The UK Thought Leadership Summit takes
place at the Royal Lancaster Hotel in central
London. Organised by the Outstanding
Security Performance Awards, the Summit is
being run with the support of the Security
Commonwealth (which lists The Security
Institute among its member cohort).
7
www.risk-uk.com

Annual Fraud Indicator 2017 highlights UK
footing colossal £190 billion fraud bill
Authority (NFA), which had established the
concept and experimented with a variety of
methodologies. The NFA published four
detailed reports, the last of which was in 2013.
The NFA was abolished in 2014 leaving a gap
in the measurement of the cost of fraud to the
UK: a gap that the partners in this project were
very much keen to fill. The partners wanted to
build upon the work of the NFA by offering the
same detailed estimates of the cost of fraud to
the UK, while also using a more developed and
consistent methodology to allow dependable
comparisons over time.
The annual cost of
fraud in the UK is £190
billion, which is equal
to around £10,000 per
family. That’s one of
the main findings of
the Annual Fraud
Indicator 2017
published by Crowe
Clark Whitehill and
developed in
conjunction with both
Experian and the
Centre for Counter
Fraud Studies at the
University of
Portsmouth. Brian
Sims reports on this
year’s statistics
The 28-page Annual Fraud Indicator (AFI)
2017 highlights the colossal cost of fraud to
the UK’s economy. Unless an organisation
truly understands the nature and cost of fraud
affecting it, how can it possibly apply the right
and proportionally resourced solution? How can
it begin to track progress in reducing the
prevalence and cost of fraud? Lastly, how can it
understand the value derived from its
investment in countering fraud?
The AFI has been developed to help create a
benchmark by which, year-on-year, a sectorspecific
analysis can be made.
An in-depth analysis of fraud levels in the UK
economy shows that annual fraud losses are
presently indicated to cost £190 billion, private
sector losses are estimated to be £140 billion,
public sector losses are estimated to be £40.4
billion, charities and charitable Trusts are
believed to be losing £2.3 billion and frauds
committed directly against individuals are
estimated at around the £6.8 billion mark.
These numbers are far from insignificant.
With the latest National Audit Office and
National Crime Agency statistics confirming
that fraud has surged to the top of the list of
commonly committed crimes, now is the time to
identify and measure its cost such that
businesses, Government bodies, charities and
individuals alike can understand the value of
their investment in countering fraud.
In 2016, the UK Fraud Costs Measurement
Committee published its first AFI. The 2016 AFI
built on work undertaken by the National Fraud
Team and methodology
The research team for this year’s AFI was led by
Professor Mark Button, director of the
University of Portsmouth’s Centre for Counter
Fraud Studies, and included David Shepherd
and Dean Blackbourn. The methodology used
has been developed in line with the
groundbreaking work of the NFA.
“The £190 billion cost of fraud represents
more than the UK Government spends on
health and defence combined or all welfare
payments excluding pensions,” explained
Professor Mark Button. “In the public sector
alone, with fraud losses of £40 billion, this is
equivalent to what we pay in national debt
interest or spend on defence. This report shows
that there are clear differences in the strengths
and risks of fraud in the different sectors of the
UK economy. The thin resources of the State
dedicated to fighting fraud mean that, for most
organisations and individuals, the best they can
do is protect themselves. Investing in the
appropriate strategies to increase their
resilience to fraud is the most effective way in
which to reduce the risk of fraud occurring.”
Nick Mothershaw, director of fraud and
identity solutions at Experian, stated in
conversation with Risk UK: “This year’s report
highlights how the continued growth of
procurement fraud remains a great problem for
many businesses. Most often, it’s the
employees who are instrumental in such fraud.
On that basis, vigilance and appropriately
vetting staff should be a high priority for all
businesses. Making sure you employ the right
people and that your existing staff members,
and particularly those in positions of
responsibility, are not under duress will help
you to avoid potentially costly losses.”
8
www.risk-uk.com

News Analysis: Annual Fraud Indicator 2017 and NHSCFA
Mothershaw went on to explain: “Also
interesting is that the report shows pension
fraud is growing in the public sector. While
there are no published figures for the private
sector, it’s understood that fraudsters are
targeting the Pensions Release (where pension
holders, aged over 55, are allowed to withdraw
up to 100% of their pension benefits as a cash
lump sum, income or a combination of both).
It’s worth noting that, while the volume of fraud
is low, the value of fraud losses is high,
suggesting fraudsters are focusing their
attentions on the biggest value areas.”
According to Mothershaw, consumers need to
be very careful of investment opportunities that
are potentially too good to be true. For their
part, pension companies need to ensure their
ID verification tools are both Best in Class and
cost-effective to execute as the Pensions
Release is predicted to continue to grow.
“In the finance sector,” observed
Mothershaw, “plastic card and online banking
fraud continues to increase. A new regulation in
2018, in the form of the Payment Services
Directive 2, will enforce more robust ID and
fraud controls on online payments to address
this. Essentially, it will make it much harder for
a fraudster to use a victim’s payment card
online unless they also gain control of the
individual’s online banking details. The
regulation should result in a significant decline
in plastic card fraud, yielding an increase in
detected and prevented frauds as a result.”
Launch of NHSCFA
In parellel, the new NHS Counter Fraud
Authority (NHSCFA) has been given the
independence it needs to fight and deter fraud,
bribery and corruption that attacks the NHS. It’s
a Centre of Excellence employing specialists in
intelligence, fraud prevention, computer
forensics, fraud investigation, financial
investigation, data analysis and
communications, all of them working together
to detect, reduce and deter economic crime
specifically targeting the NHS.
Having launched last month, the NHSCFA’s
work begins with a focus on five areas. The
organisation will be the single expert,
intelligence-led organisation providing a
centralised investigation capacity for complex
economic crime matters in the NHS, support
the Department of Health’s strategy for tackling
fraudulent activity affecting the NHS, serve as
the body leading and influencing the
improvement of standards in counter fraud
work across the NHS, take the lead in and
encourage fraud reporting across the NHS and
the wider health group and, last but not least,
“The £190 billion cost of fraud represents more than the
UK Government spends on health and defence combined
or all welfare payments excluding pensions”
continue to develop the expertise of staff
working for the NHSCFA.
Sue Frith, interim CEO of the NHSCFA, said:
“As a new, independent, intelligence-led
special health authority, we’re wholly dedicated
to tackling fraud against the NHS in England.
Our creation is good news for the taxpayer, for
patients and for the honest majority working in
and with the NHS. I’m proud to be leading the
new NHS Counter Fraud Authority as we
embark on this fight against the fraudsters who
target the NHS. I’m working alongside our
Board and all of our dedicated staff. We’re
delighted to have full backing across the
Government and the wider NHS and, indeed,
among many other key stakeholders.”
Simon Hughes, interim chairman of the
NHSCFA, added: “Some of the challenges faced
in this work include a limited awareness of
fraud among NHS staff and the significant
under-reporting of fraud. Many people find it
unthinkable that anyone would seek to defraud
money meant for healthcare. Our ability to
counter fraud has a direct impact on healthcare.
Every fraud takes a service away from someone
who needs it. This reality must be faced. We
can all play our part in turning the tide,
ensuring that public money pays for services
the public needs and doesn’t line the pockets
of criminals. We all use the NHS and will all
benefit from securing its resources.”
Hughes went on to state: “Establishing the
NHS Counter Fraud Authority strengthens our
resolve in fighting fraud, bribery and
corruption, protecting healthcare and
supporting the many thousands of dedicated
health service staff, suppliers and contractors.”
The Government’s view
Lord O’Shaughnessy, the health minister,
observed: “Fraud in the healthcare system not
only undermines public confidence in the NHS,
but also diverts valuable resources away from
caring for patients. It’s estimated that
prescription fraud alone costs the NHS
somewhere in the region of £217 million each
year. We created the NHS Counter Fraud
Authority so that, for the first time, there’s a
dedicated NHS organisation designed to tackle
health service fraud and corruption and bring
fraudsters to justice.”
Further information on the NHSCFA is
available online at https://cfa.nhs.uk/
Professor Mark Button BA
(Hons) MA PhD FSyI:
Director of the University of
Portsmouth’s Centre for
Counter Fraud Studies
The NHS Counter Fraud
Authority has been given the
independence it needs to fight
and deter episodes of fraud,
bribery and corruption
9
www.risk-uk.com

Institute of Risk Management
Are your staff risk ready?
It is essential that your staff have a knowledge of the
principles and practices of effective risk management.
Enterprise Risk Management is designed to do just that.
What’s in it for employers?
> Managing risks effectively will
lower your costs.
> Turn threats to your business into
opportunities.
> Enhance business performance
and improve risk taking
approaches.
> Develop a motivated, skilled and
knowledgeable team.
> Attract high-calibre professionals
by investing in personal
development.
What’s in it for students?
> Enhance your ability to design
and implement effective risk
management strategies.
> Develop a critical understanding
of the relationship between
risk management, governance,
internal control and compliance.
> Gain an internationally
months.
> Join our global network of risk
management practitioners.
Distance
Learning
International
Recognition
Relevant for
All Sectors
Email: studentqueries@theirm.org
Phone: +44 (0)20 7709 4125
or visit www.theirm.org/risk-uk

News Special: IFSEC International 2018
UBM announces 2018 “transformation” of
IFSEC into “integrated security event”
Security has arguably never been a more
critical subject of discussion than it is
today. 2017 has been a year wherein
organisations and Governments have become
increasingly aware of the fact that the
substance of the threat which they’re working
to prevent has changed irrevocably.
Europe fell victim to a string of unpredictable
attacks, Yahoo saw its share value fall by $350
billion over 48 hours after the largest security
breach in history was revealed, the NHS found
its physical assets left vulnerable after a
ransomware attack disrupted the ambulance
service, the FBI and Apple “went to war” on
encryption and Airbnb properties were left in
chaos when a smartlock update went wrong.
These occurrences (and other) represented a
pivotal theme: the need for all those
influencing security to adapt to reflect a more
complex world and the ever-closer interweaving
of physical and cyber security.
The time is now for the security profession to
unite its knowledge and technologies in order
to protect people, property and profits.
According to UBM, organiser of the annual
IFSEC International exhibition, to do this we
must transform our expertise. Indeed, UBM has
commented: “We must be able to access the
solutions we need. We must commit to making
the world a safer place.”
IFSEC has a vision, and that’s to transform
alongside the security industry. IFSEC and
FIREX International brand director Gerry
Dunphy informed Risk UK: “As of 2018, it’s
IFSEC International’s commitment to become
this place for the profession to create a safer
world. IFSEC International must actively foster
the global security conversation, be the vessel
that sets and carries the agenda and be the
antenna for broadcasting the safety and
security dialogue. 2018 will be the inauguration
year of a transformation of IFSEC International’s
40-year heritage as a physical security show
into a high-level Security Summit and
integrated security event.”
Reflecting on the past
When IFSEC was first conceived, the threats
facing us all were merely physical. Society has
adapted since then, and UBM feels that 2018 is
the year in which IFSEC must do the same.
The security profession simply must evolve to
meet modern needs, and IFSEC International is
In the wake of a period which has seen the threat landscape
deliver huge blows to organisations including Yahoo and the
NHS, UBM has unveiled plans to reflect that reality with
IFSEC International adopting a new industry role designed to
address critical challenges such as these. Brian Sims reports
determining to become the arena for the big
discussions, however difficult they may be.
“The security profession must discover
solutions that are a driving force for protecting
businesses, people and data,” continued
Dunphy. “IFSEC International will afford the
security industry the necessary platform to
display and discover products and services
designed to help national, corporate and home
security adapt to the changing tides of
tomorrow’s challenges.”
According to Dunphy, it’s the security
profession itself that absolutely must drive the
agenda going forward. “IFSEC International will
exist for the world’s leading security experts as
a platform for provocative debate on global
security and propel intercommunication
forward between installers, integrators, end
users and vendors,” urged Dunphy.
Existing as a conduit
IFSEC International will exist to be the conduit
between the security profession and the
solutions needed to achieve global safety. In
order to pilot this conversation in 2018, IFSEC
International will:
• Drive an emphasis on major Keynote
addresses from strategic global security
leaders in a dedicated Security Summit
• Host a multitude of high-level panel debates
involving Government and industry influencers,
all of them congregated in the striking new
Amphitheatre at London’s ExCeL
• Provide the opportunity to hear from those
leading the way in identifying, installing and
maintaining “transformational” security
practices between physical and IT, in turn
introducing an Integrated Security Theatre
• Establish the impartial voice of security
equipment by holding technology up to scrutiny
in real-life testing across attack scenarios,
surveillance situations and more
• Propel intercommunication forward between
the installer, integrator, the end user and the
vendor by way of hosted and collaborative
round table discussions
Gerry Dunphy: Brand Director
for IFSEC International at UBM
11
www.risk-uk.com

One Source. One Loop.
One Solution.
Nittan evolution 1
Touch Screen Single
Loop Addressable
Fire Alarm Panel
• 254 devices on the loop,
254 zones available
• EN54 Part 2 and Part 4
• Interactive 4.3” touch screen
• Intuitive and easy to use
menu structure
• Fully programmable from
touch screen or PC tools
• Built in network capabilities,
allowing 16 panel networking
with no additional hardware
The evolution 1 panel is a cost effective,
one source solution, fully compatible
with Nittans’s award winning evolution
device range.
Allowing up to 254 devices on the loop,
with a touch screen and intuitive menu
structure enabling everything from a
simple stand-alone panel to multi-panel
networked systems – the evolution 1 is the
only one loop solution that you need.
For further details, please contact:
email: sales@nittan.co.uk | tel: +44 (0) 1483 769555 | www.nittan.co.uk

Opinion: Mobile Technology and Access Control
The potential for the smart phone to evolve
is seemingly limitless. We’re talking about
a communications device that offers so
much more than just a talking facility. Apple
Pay, Android Pay and PayPal have rapidly
enabled the smart phone to replace many of
the functions of cash and cash cards, but
there’s also the possibility of replacing keys
and access cards as well. This is something
which the security industry needs to embrace
and promote more fully to its customer base.
As an industry, we are more than aware of the
potential for mobile device authentication.
Flexibility is a key benefit – smart phones can
easily receive authentication credentials
remotely and access can be confirmed or
denied instantly. At the same time, smart
phones already contain many secure options to
ensure they’re only used by the authorised user
– fingerprint and face recognition plus pattern
authentication and PINs being good examples.
Unfortunately, some security operators,
customers and members of the public in
general seem to be less aware of these exciting
benefits. There may even still be some
reluctance in certain quarters when it comes to
trusting a mobile device with physical security.
While it’s perhaps not that unusual for people
to mistrust ‘new’ technology, we security
professionals must demonstrate the
considerable benefits, security and convenience
of using those options now available.
No-one would deny that proving trust with
new security systems is essential. A badly
protected mobile device could present a huge
risk to the security of any network. For their
part, smart phones have had two key hurdles to
overcome. First, that they’re secure enough to
be trusted to work with a security network and,
second, that they can reliably identify the
phone and the authorised owner within a realworld
environment.
It’s common for smart devices to offer twofactor
authentication, which binds the mobile
device to the right person for security. This
makes it fully possible to combine a PIN code
with the authorised person’s face or fingerprint.
In high security areas, we can also implement
wall-mounted biometric readers (such as iris
scan, facial recognition or fingerprints) to add a
further level of security and ensure there’s no
fraudulent use of the mobile device, while also
maintaining convenience for end users.
Perfect for interaction
We all know just how many functions a smart
phone has and location tracking through GPS is
one of the most helpful. This is also perfect for
interacting with security systems. If you think
Going Mobile: Smart Phone
Technology for Access Control
If you think about one item that has revolutionised the way in
which we’ve all interacted with the world over the last ten
years, it has to be the smart phone. Given that it’s now a
decade since the first Apple iPhone was launched, and with
the smart phone becoming as essential a piece of personal
kit as our keys or wallet, what’s the potential for these
gadgets to both involve and fully embrace the security arena?
John Davies peers into the crystal ball
about any secure facility, there are often
different levels of access – from entry to the
canteen right through to secure doors around
potentially dangerous areas such as a plant
room (or even a nuclear reactor).
Traditional security tokens or cards are
rigidly programmed to allow access to certain
areas only, but a smart phone could either
grant or deny access depending upon the
location of the request by the individual.
With mobile devices so intrinsically linked to
our lives and lifestyles, they’re generally
guarded with the same care and concern as our
money. Many people carry their mobile device
wherever they go, so it’s fair to say they’re
relatively unlikely to be lost or left behind. Less
likely than a card on a lanyard, for example.
Think about how often you use or touch your
smart phone each day. I’ve read estimates
which suggest around 2,600 times. You’re
rapidly aware if it has been misplaced and very
wary because of the cost and potential
personal loss of both your data and ‘freedom’.
John Davies:
Managing Director of TDSi
13
www.risk-uk.com

Opinion: Mobile Technology and Access Control
Undoubtedly, this fact alone renders these
devices the perfect item to use for even the
most secure of needs.
Cost is an obvious benefit for operators that
the security industry really needs to shout
about. It’s possible to eliminate the direct cost
of plastic badges, access cards, lanyards,
printers and consumables often used to provide
permanent and temporary security access.
Smart phones are exceptionally common.
Figures from 2015 suggest there were nearly 41
million smart phone users in the UK. This
number is predicted to reach nearly 54 million
by 2022. With a population of over 65 million,
that’s an enormous percentage of people with
access to this technology. Using a resource that
people already have, and which is highly
secure, makes unquestionable financial as well
as practical sense.
The right technology
Unfortunately, one of the stumbling blocks for
the security industry in adapting to a
predominantly smart phone authentication
approach has been agreeing on common and
shared open protocols.
Near Field Communication (NFC) technology
in mobile phones and smart devices hasn’t
been the universal success it was designed to
be. This is an area where mobile technology
trends have dictated to the systems that use it.
Apple’s decision to restrict the use of NFC to
Apple Pay on its devices has had a profound
effect on the implementation of NFC in other
applications. Not everyone has an iPhone, but
it’s such an important segment of the market
that other manufacturers are wary of how
customers will be able to use new technology.
It’s not surprising that we’ve instead seen a
much bigger focus on using Bluetooth Low
Energy technology on mobile devices. With
providers such as HID Global as well as Nedap
in the Netherlands now concentrating on
developing Bluetooth Low Energy readers and
mobile credential applications, this seems like
a highly credible alternative.
As well as NFC and Bluetooth Low Energy
options, there also seems to be a good deal of
interest in using QR codes for simple, but
nevertheless wholly reliable identity and access
control authentication. These codes can easily
be displayed on a screen or printed if
necessary. That being so, they afford great
“As well as NFC and Bluetooth Low Energy options, there
also seems to be a good deal of interest in using QR codes
for simple, but reliable identity and access authentication”
flexibility over the type of technology that’s
going to be used in the future.
Changeover period
I’ve no doubt that, ultimately, smart phone
authentication will replace the cards and
tokens we’re all so familiar with at present.
However, reaction from the market at the
moment tells us consumers want options rather
than to just be railroaded down one path.
If a business has invested in cards or tokens,
then it will want to use that technology
investment fully. The changes will come when
readers are updated. This is when security
specifiers and installers need to promote the
advantages of dual technology readers which
offer options to include smart phone
authentication within the mix.
There’s also still considerable diversity
among smart devices, the operating systems
they use and the security technology employed
by each. Android, Apple iOS, Windows and
BlackBerry devices all vary with regards to the
biometric authentication available, so security
administrators may need to be flexible on the
types of authentication they accept.
Card technology has also progressed at an
astonishing speed, with MIFARE+ proving to be
a highly cost-effective, practical and secure
system that can easily be integrated. There are
strong arguments for many businesses to
continue using these systems if they’re wellsuited
to specific operations.
Hybrid approach
As is often the case for integrated security
systems, a hybrid approach may be the best
answer for many security operators. This means
those who choose to enjoy the benefits in
terms of flexibility and convenience of smart
phone authentication can do so, while those
who are perhaps more hesitant can continue to
employ more traditional methods.
Large and well-established companies may
find that the swap-over is a slower and more
gradual process, while smaller start-up
businesses may prefer to jump straight to a
smart phone-based approach right away. If
security systems are well integrated, but
modular in their approach, then it becomes
much simpler to evolve as time goes on.
With their App-based systems architecture,
smart phones are ideally placed to evolve with
security systems in the future. We do need to
bear in mind that this move will involve a
culture change for many security customers. We
need to be cognisant of any anxiety, but must
also seek to be positive and promote the
considerable benefits on offer.
14
www.risk-uk.com

SkyHawk AI
The hawk is back and
smarter than ever.
Gain the commercial edge with SkyHawk AI,
built for AI-enabled surveillance systems,
and now protected by SkyHawk Health.
WWW.SEAGATE.COM
©2017 Seagate Technology LLC. All rights reserved.

Flattering to Deceive
Although cyber crime
and identity theft
continue to grab the
lion’s share of the
security and mass
media news headlines,
it should be
remembered that
fraud exists in myriad
different forms. Here,
Alison Parkinson
explains why the
battle against the
fraudsters needs to be
intensified and how
information sharing
can help in preventing
more individuals from
becoming the
unfortunate victims of
the fraudsters
Ever since human beings have owned
property, fraud has existed. Across the
years, many words to describe fraud have
been created – swindle, cheat, extortion, con,
double-cross, hoax, ploy, ruse and hoodwink
are just a few of them. However, the word is
perhaps best defined by Action Fraud, which
claims it ‘is when trickery is used to gain a
dishonest advantage, which is often financial,
over another person’.
With technology – and especially the Internet
– having such a huge impact on all our lives, it
should be no surprise that fraudsters have paid
particular attention to it. Phishing is
particularly popular. At one time or another,
most of us will have received an e-mail claiming
to be from someone posing as someone they’re
not and soliciting us to send a specific amount
of cash, which would supposedly allow the
sender to access their savings account and
reward the benefactor with more money than
originally borrowed.
However far-fetched this type of scam
appears, people continue to fall for them and
they’re becoming increasingly sophisticated. A
woman named Kate Blakeley recently told the
media how she lost £300,000 through such a
scam. In the process of buying a house with her
partner, fraudsters intercepted an e-mail from
their solicitors and cajoled them to transfer the
funds into a different bank account controlled
by the criminals.
That’s by no means an isolated case. Figures
published by UK Finance show that, in the first
six months of the year, more than 19,000
people were the targets of scams known as
Authorised Push Payment involving a total
amount of over £100 million.
While it’s easy to focus on this type of online
deception, the fact is that there are well over
100 identifiable types of fraud. Tax fraud,
romance fraud, employment fraud, car
insurance fraud, benefit fraud, health scams,
holiday fraud, investment fraud, ‘boiler room’
scams, Intellectual Property fraud, lottery fraud
– the list goes on and on.
To combat this growing problem, the Fraud
Act 2006 came into force in January 2007 and
replaced the eight deception offences
contained within the Theft Act 1968 and 1978. It
offers a statutory definition of this criminal
offence, defining it in three classes: fraud by
false representation, fraud by failing to disclose
information and fraud by abuse of position. It
states that a person found guilty of fraud is
liable to a fine or imprisonment for up to 12
months on summary conviction (six months in
Northern Ireland), or a fine or imprisonment for
up to ten years on conviction on indictment.
Although the Fraud Act 2006 has provided a
certain degree of clarity for most, some have
criticised it for moving towards the concept of
dishonesty, which is problematic in itself, as
fraud has become a ‘conduct’ crime rather than
a ‘results’ crime.
Not what it seems
Although, in theory, there are measures in place
to protect the unfortunate victims of fraud,
there are growing calls for more to be done in
order to iron out the discrepancies in how these
matters are dealt with.
For instance, if credit or debit cards are used
to perpetrate fraud, victims can usually get
their money back. However, when it comes to
bank transfers, the matter isn’t so clear-cut.
Which? Magazine is lobbying for the big
banks to do more in this area, particularly since
consumers now make over 70 million bank
transfers per month compared to just over 100
million in a whole year a decade ago.
Even though online fraud is now the most
common crime in the country, the response to
prosecuting cyber crime incidents can be
described as disappointing at best. We simply
16
www.risk-uk.com

Opinion: Mind Your Own Business
don’t have accurate figures at our fingertips to
assess the true scale of the problem.
There are two main sources used in the
official statistics on fraud: police-recorded
crime and the Crime Survey for England and
Wales (CSEW). Figures on fraud have long been
included in police-recorded crime data, but
until fairly recently fraud wasn’t covered in the
headline estimates from the CSEW.
Most fraud offences don’t come to the
attention of the police service and, as a result,
police-recorded crime data affords a very
sketchy picture of the true extent of fraud.
Annual Fraud Indicator
The National Audit Office (NAO) has tried to
paint a more accurate picture and supports the
findings of the Annual Fraud Indicator (AFI),
which was overseen by the UK Fraud Costs
Measurement Committee and based on
research conducted by the University of
Portsmouth’s Centre for Counter Fraud Studies.
The AFI unearthed that the real annual cost of
fraud in the UK could be as high as £193 billion,
including £10 billion to individuals and £144
billion to the private sector.
The NAO’s own Online Fraud report claims
that there were an estimated 1.9 million cyberrelated
fraud incidents in England and Wales in
the year to 30 September 2016, representing
16% of all estimated crime incidents. In four out
of every ten online fraud incidents, the victims
involved lost at least £250.
Despite this, the NAO has stated that,
because it’s considered to be a low value, but
high volume crime, fraud isn’t yet a priority for
all local police forces and is consistently
overlooked by Government, law enforcement
and industry. It also added that the Home Office
is the only organisation in a position to oversee
the system and lead change.
Taking the initiative
With criminals using ever-more complex scams
to trick customers into giving away their
personal or security data, there have been a
number of initiatives over the last few years
designed to make consumers and business
people alike more aware of the issue.
The most recent of these is ‘Take Five to Stop
Fraud’. Developed by the financial sector in
partnership with the Home Office, this national
campaign aims to impart straightforward and
impartial advice to help everyone protect
themselves from preventable fraud. It offers
advice to assist customers in protecting
themselves from fraud by recognising scams
and confidently challenging any requests for
their personal or financial information.
While obviously well-intentioned, more direct
measures could also be taken through the
sharing of crime data between law enforcement
agencies and the business community. Look at
online fraud, for example. This type of crime is
increasingly prevalent as unscrupulous
individuals take advantage of the loopholes
inherent within online purchasing. Retailers are
increasingly reporting instances of customers
claiming not to have received goods, while
some individuals are falsely stating that
packages have not been packed correctly and
that ordered items are missing.
Software is now available that offers insight
into persistent offenders who commit fraud
against multiple online businesses, helping
companies to develop a more effective loss
prevention strategy. Using a pattern matching
sequence and known data on those committing
fraud helps to build resilience against repeat
offenders and can contribute towards any
police investigations.
The end result is a more robust online fraud
prevention strategy, which clearly identifies
current trends and ‘hotspots’, and also helps in
reducing losses from this type of activity.
Protect and survive
The subject of fraud prevention is particularly
relevant during the Christmas season, of
course, as businesses and consumers
traditionally become the targets of nefarious
activity at this time of the year.
Figures show that, last year, victims reported
losing nearly £16 million to Christmas
fraudsters, increasing from £10 million lost the
year before. Action Fraud reports rose by 25%
when comparing the Christmas period in 2016
with the same timescale in 2015.
An analysis of last year’s crimes also shows
that 65% of those committed at Christmas were
linked to online auction sites, with the average
loss for these reports coming in at £727.
That said, we shouldn’t merely focus on the
Christmas period. Remaining vigilant against
fraud is a year-round activity and we must all
play our part in helping to defeat it.
Although it’s fair to suggest that nothing can
replace a healthy dose of common sense and
diligence, hopefully 2018 will bring a greater
level of activity at the highest echelons when it
comes to tackling this issue with robustness.
Alison Parkinson:
Fraud Business Development
Director at the National
Business Crime Solution (NBCS)
*Mind Your Own Business is the
space where the NBCS examines
current and often key-critical
business crime issues directly
affecting today’s companies. The
thoughts and opinions expressed
here are intended to generate
debate and discussion among
practitioners within the
professional security and risk
management sectors. If you would
like to make comment on the
views outlined, please send an
e-mail to: brian.sims@risk-uk.com
**The NBCS is a ‘Not-for-Profit’
initiative that enables the effective
sharing of appropriate data
between the police service, crime
reduction agencies and the
business community to reduce
crime and risks posed to all. By
providing a central repository
where business crime data is
submitted, shared and analysed,
the NBCS is able to gather the
necessary intelligence and support
to more effectively detect, prevent
and, subsequently, respond to
crimes affecting the UK’s business
community. For further information
access the website at:
www.nationalbusinesscrime
solution.com
“Figures published by UK Finance show that, in the first six
months of the year, more than 19,000 people were the
targets of scams known as Authorised Push Payment
involving a total amount of over £100 million”
17
www.risk-uk.com

The New Camera Line Mx6 Creates More Possibilities.
More Images, in All Light Conditions, in Every Standard
More Intelligence Is on the Way
The new Mx6 6MP camera system from MOBOTIX offers increased performance.
A frame rate that is up to twice as fast than that of other cameras allows it to capture
quick movements even better and simultaneously deliver sharp images in MxPEG,
MJPEG and, for the first time in H.264, the industry standard. The innovative Mx6
camera line is faster, more flexible and higher-performing, opening up new application
and integration opportunities for to you to meet all requirements.
MOBOTIX AG • Langmeil, Germany • www.mobotix.com

BSIA Briefing
The latest Crime Survey for England and
Wales highlights that the volume of
violence against the person offences being
dealt with by the police has risen by 19%
compared with the previous year, largely due to
increases in the sub-categories of ‘stalking and
harassment’ (36%), ‘violence without injury’
(21%) and ‘violence with injury’ (10%).
According to the ONS’ report, most of this
volume increase was thought to result from
improved recording practices. However, it’s
likely that the rises in these more serious
categories of crime reflect genuine escalations
in criminality as they’re thought to be generally
well-recorded by the police.
Stalking is defined as the unwanted or
obsessive attention by an individual or group
towards another person. Stalking behaviours
may differ, but are related to harassment and
intimidation and may include someone
following the targeted victim in person or
otherwise monitoring them in some way.
According to the Suzy Lamplugh Trust – the
personal safety charity that runs the National
Stalking Helpline – anyone can be a victim of
stalking. In fact, a report produced by Dr
Lorraine Sheridan and the Network for
Surviving Stalking found that stalking victims’
ages ranged from 10 to 73, with both males and
females targeted and episodes spread right
across the entire socio-economic spectrum.
Around 45% of those individuals who contact
the National Stalking Helpline are being stalked
by a former partner, while a further third have
had some sort of prior acquaintance with their
stalker. This could include a friend, a colleague
or a client, for example 1 .
Revised guidelines
For employers of the estimated eight million
lone workers in the UK, the increase in stalking
and harassment reported in the Crime Survey
for England and Wales should be concerning,
and particularly so for those that employ lone
workers operating within the community.
There’s a legal obligation for any employer to
keep their lone workers safe. Revised
sentencing guidelines issued in November 2015
have made the penalties more severe for those
failing to do so. The Health and Safety, Food
and Corporate Manslaughter sentencing
guidelines were issued by the Sentencing
Council and will be considered by the courts.
Since the revisions came into effect in
February last year, organisations breaching
their Duty of Care towards employees and nonemployees
alike face significantly larger fines
starting at several million pounds for a large
organisation found to be highly culpable in a
Duty of Care to Employees
In mid-October, the Office for National Statistics (ONS) issued
the findings of its Crime Survey for England and Wales for the
year ending June 2017. While crime estimated by the study
has fallen considerably from the peak levels recorded back in
1995, the volume of violence against the person offences now
being dealt with by the police service has increased. Here,
James Kelly discusses how lone worker safety solutions could
help to reduce the risk of crimes such as stalking
Harm Category 1 incident. Additionally, stalking
can have a hugely detrimental impact on its
victims in terms of their physical and
psychological well-being, causing them to feel
unsafe wherever they go which, in turn, can
impact their performance in the workplace.
In employer guidance produced by the Suzy
Lamplugh Trust, signs of an employee being
stalked are explained as including ‘increased
absences, arriving late for work or unexplained
poor work performance’.
Research also informs us that 50% of
stalking victims have “curtailed or ceased work
as a consequence of being stalked” 2 .
Offering reassurances
For employees regularly required to work alone
or away from their usual place of work – such
as in the local community – a lone worker
safety solution can provide them with
reassurance, as well as a means to summon aid
should an emergency scenario arise.
An effective lone worker solution will also
collect information that can be used as
evidence if an incident does occur.
James Kelly: CEO of the British
Security Industry Association
19
www.risk-uk.com

BSIA Briefing
References
1 https://www.suzylamplugh.
org/Pages/FAQs/Category/
anti-stalking
2 https://www.suzylamplugh.
org/Handlers/Download.ashx
?IDMF=18a033d5-d0fb-4a05-
aed5-7eb95a4e48fe
There’s a variety of lone worker products
available, including Apps on smart phones and
dedicated GPS/GSM lone worker devices which
connect lone workers quickly and discreetly
with an emergency response. Devices are
connected to an Alarm Receiving Centre (ARC)
at which operators receive and manage alarm
calls and can quickly request Emergency
Services or other assistance if required.
Users can also send a pre-activation message
to the ARC, which will notify operators that the
user is about to enter an area with a potential
risk. If any problems occur, the user can then
activate the device fully in order to summon
help. Activation of the device automatically
triggers a voice call to the ARC, allowing
operators to monitor the audio channel in realtime,
assess the situation and alert the police
service if the user needs help or protection.
The open microphone provides the police
service with an effective ‘moving picture’ of the
whole incident, in turn affording peace of mind
for the end user that the situation is being
closely monitored at all times.
Perhaps the most important factor to
consider when contracting a lone worker safety
service is whether the chosen supplier is
certified to BS 8484: Code of Practice for the
Provision of Lone Worker Services. This is vital
as it’s the basis upon which the police respond
to lone worker systems and how they do so.
A priority police response cannot be
guaranteed by a supplier who isn’t audited to
and compliant with BS 8484. While many
suppliers readily claim that parts of their
system are BS 8484-compliant, unless they can
prove this by way of certification against
Sections 4, 5 and 6 of BS 8484, they cannot
guarantee a priority police response.
Physical building security
The other major factor – this time pertaining to
Section 6 of BS 8484 – in ensuring an effective
police response from a lone worker device
activation is that the supplier uses an ARC
which meets the British and/or European
Standards around physical security of the
building, staff security vetting and call handling
response times.
The ARC must operate on a 24/7 basis and be
able to quickly reinstate services following a
catastrophic event such as a fire or flood. The
“Stalking behaviours may differ, but are related to
harassment and intimidation and may include someone
following the targeted victim in person or otherwise
monitoring them in some way”
current standards that an ARC must meet are
certification to BS 8484 Part 6 and BS 5979
Category II, although ARCs applying for new
accreditations are expected to meet the
requirements for BS 8591 which call upon the
same requirements for BS EN 50518 (the latter
is currently under review).
The National Police Chiefs’ Council’s (NPCC)
Security Systems Policy permits these
accredited ARCs to be granted a Unique
Reference Number (URN) by each UK police
force. A trained and certified ARC operator will
listen in to audio received from a lone worker
device activation. If safe to do so they’ll speak
to the user and then consider the reply,
alongside other information, to determine
whether requesting a Level 1 police response
would be appropriate. The URN system enables
an ARC to bypass the usual 999 route, thereby
ensuring a quicker response from the police.
Back in late 2015, the BSIA’s Lone Worker
Section interviewed the NPCC’s security
systems lead Ken Meanwell, who explained: “In
the majority of cases, the use of a URN
guarantees that the police will respond more
quickly than when 999 is called. Obviously, this
doesn’t mean that the URN call will remain a
priority. Common sense applies and incidents
involving firearms or large-scale public
disorder, for example, may assume priority.”
Providing employees who are required to
work alone – and in particular those who may
have disclosed concern about their personal
safety – with the means to summon emergency
help both quickly and effectively will greatly
reassure them.
For those employers considering sourcing
lone worker solutions, the British Security
Industry Association (BSIA) recommends that
the choice of provider is based on their ability
to demonstrate devices or smart phone
applications certified to BS 8484, certification
to BS 8484 Sections 4, 5 and 6 and that devices
or smart phone applications are monitored by
an ARC certificated to BS 8484 and BS 5979
Category II or BS 8591/BS EN 50518.
Solution providers should also be able to
deliver a bespoke service that begins with a
thorough risk assessment to identify the most
appropriate device product for various roles
within a client’s company.
A good place for end users to start is by
looking at companies within the BSIA’s Lone
Worker Section. These are well-established
suppliers and ARCs who have been audited for
compliance with the relevant British Standards
(and certified as such). For more information on
lone worker services, or to source a reputable
supplier, visit www.bsia.co.uk/lone-workers
20
www.risk-uk.com

Powerful web based
controller, powered
by smart devices.
DESIGNED
IN
A U ST R A
R
LIA
Inception is an integrated access control and security
alarm system with a design edge that sets it apart
from the pack. Featuring built in web based software,
the Inception system is simple to access using a web
browser on a Computer, Tablet or Smartphone.
With a step by step commissioning guide and
outstanding user interface, Inception is easy to
install and very easy to operate.
For more information simply scan the QR code
or visit innerrange.com.
Security
Alarm
Access
Control
Automation
No Software
Required
Multiple
Devices
Easy Setup
with Checklist
Prompting
Send IP Alarms via
the Multipath-IP
Network
T: +44 845 470 5000
E: ireurope@innerrange.co.uk
W: innerrange.com

An Evolving Security Landscape:
Developing Operational Procedures
The physical security
industry is evolving.
Manufacturers are
developing innovative
new products and
harnessing the latest
trends in technology.
Of late, some
developments have
included fantastic
enhancements to
existing technologies.
However, both Jon
Roadnight and Philip
Strand observe why
security professionals
mustn’t become too
fixated on the
relentless march of
technology at the
possible expense of
solid procedure and
process within their
present organisations
Jon Roadnight:
Director at CornerStone GRG
22
www.risk-uk.com
Full-colour night vision CCTV cameras, fullyintegrated
access control systems, GPSassisted
threat tracking tools and new user
interfaces are all examples of excellent
technological advancements in recent years.
The path on which forward-thinking
companies developing such solutions find
themselves is limited only by our imaginations.
The advent of many of these products is driven
by ever-evolving customer requirements that
guarantee manufacturers’ investments into new
products will be well-rewarded, but we mustn’t
become too fixated on these fantastic
developments in technology.
Within the physical security industry,
procedures and processes – encompassing
design, tender, project, operations and risk
management methods – are every bit as
important when it comes to successful risk
mitigation as the technologies that we can see,
hear and touch.
It would even be defensible to argue that, in
many cases, processes are more important than
products. After all, a talented security team
with rigorously-tested processes and
procedures in place to guide their activities can
often work around equipment limitations.
Inexperienced security teams with undeveloped
processes and procedures rarely achieve better
results even when they are handed state-ofthe-art
equipment.
Indeed, it’s here one might make a counterargument
that, when technology replaces
people, it eliminates the need for processes
because there are no – or fewer – individuals in
the situation about whom to be concerned.
Experienced security professionals, however,
immediately recognise that this isn’t true. The
processes still exist. They’re simply designed
into the programmes that automatically control
the technology as opposed to being executed
manually by human beings.
We shouldn’t forget that humans designed
the processes that were programmed into the
technology in the first place and that,
somewhere in the equation, humans still need
to sit at the strategic level, ensuring that the
technologies are aligned and operating well.
In light of the importance of process as part
of our security function, it’s uncanny that the
private security industry is populated by a great
many manufacturers investing considerable
resources into researching and developing new
products, but very few other types of
companies investing in faster, more costeffective
ways of incorporating this technology
into real-world security environments.
Process and procedure
Risk mitigation means more than simply
deploying the latest innovation. It’s the
processes and procedures that define how a
new product or system is intended to address a
particular set of security risks. It’s in this area
that more attention needs to be focused.
Just how much of your security infrastructure
is being used to good effect within the
business? It’s all-too-common for a significant
financial investment to be made in new
measures, including technology, only for a tiny
percentage of its capability to ever be used.
In our role as independent security
consultants, we often witness examples of
environments where large amounts of money
have been spent by the client, but the
intelligence and functionality built into the
products and systems that form a large part of
that investment are never used.
The need to embed new technology within
the business operation is greater now than at
any point in the past. Manufacturers continue
to develop products and systems that have
more and more complexity, although the user
interface may appear to be more simplistic. To
extract the real value from these investments,
system users need to ensure that,
operationally, their specific business
requirements are understood and the
intricacies of every aspect of any necessary
security risk mitigation measure fully aligned.
If the physical security industry were to
broaden its focus beyond technology and
products and into better ways of procuring,
installing and using those products, then
treasure troves of new knowledge could be
unlocked. For starters, individuals both outside
the industry as well as within would develop a
better understanding of what it means to be
‘secure’ and how best to achieve that goal.
Additional steps needed
The clients and interface partners of most
security companies hail from a wide range of
markets, industries and geographic locations,

Risk and Security Management: Developing Operational Procedures
as indeed do their competitors. Market
research is fundamental to every security
company’s business strategy, but taking
additional steps to understand why markets
have evolved, how they will evolve in the future
and the implications of these evolutions would
be of value for the security industry as a whole.
It may not be necessary to begin the process
from scratch. Many existing processes could
also be optimised. Security projects are
executed within timeframes that are heavily
influenced by clients’ operational needs, RIBA
work stages, project management processes
and other real-world factors.
Understanding and streamlining risk
management and security engineering as well
as design processes could help the UK’s
security industry to better position itself on a
competitive footing within the global market.
There have been many security studies
undertaken that consider the overlap between
people, products and processes, some of them
as a consequence of major security incidents. In
a report compiled after the 9/11 attacks in New
York, one of the key findings was a need for
better integrated security and communication
systems. At the time, this led to a number of
important initiatives, including a trend towards
interoperability and system integration.
Technically, the proliferation of Internet
Protocol-connected security devices opened up
a whole new world of possibilities. Combined
with better applications to control and monitor
systems, greater computer processing power to
drive more complex products and faster and
larger data networks, this means that we now
have an array of highly sophisticated security
tools at our disposal.
Much of this sophistication, however, will be
left underused and the real benefits of system
or product deployment wasted if we don’t
harness its power by applying better and more
developed security procedures.
Development burden
The traditional burden of developing
operational processes and procedures tends to
fall on one of two key stakeholders.
Sometimes, end clients have resources
employed in-house who have the knowledge
and capability. This tends to be the minority of
clients, though, and even if they do have a
security team available, they tend not to have
the bandwidth to take on such labour-intensive
activities among their standard duties.
The other main producer of operational
processes is the security guarding contractor.
This probably seems a logical route, as it’s
security officers who will have the
responsibility of delivering the security
procedures. These client procedures will form
the basis of the assignment instructions that
are clearly a security guarding company’s
responsibility to produce. It’s also these basic
interpretations of the security strategy,
procedures and policies that will govern
officers’ activities on each particular site.
We would question, though, whether the
guarding contractor is the right choice for
developing some of the more technically-biased
procedures. Developing response criteria based
on an alarm input that could use a range of
different technologies as part of the verification
process can call upon a deep technical and
operational understanding. Defining access
rights and permissions that need to evolve in a
dynamic threat environment will draw upon
access control system deployment experience.
It’s not a subject to be challenged lightly.
As technology continues to develop and
capability expands, the need for better and
more granular security procedures and
processes will inevitably continue to grow. The
connection between personnel, products and
process is probably more critical today than it
has ever been. The suggestion we’re making is
that the latter has lagged when it comes to the
overall improvement we’ve witnessed in the
security business arena in general.
Dr Philip Strand PhD MBA:
Senior Risk Consultant at
CornerStone GRG
“Understanding and streamlining risk management and
security engineering as well as design processes could help
the UK’s security industry to better position itself on a
competitive footing within the global market”
23
www.risk-uk.com

Redefining Storage for a Smart Future
As the dawn of smart
cities promises to
redefine the world
around us, millions of
sensors and systems
will need to work
seamlessly together.
For every innovation
facilitated by the
Internet of Things,
cameras and Artificial
Intelligence, storage
remains the critical
foundation that both
underpins and
connects new
technologies. In the
second instalment of a
two-part series
exclusive to Risk UK,
Andrew Palmer
examines the
important role of the
right storage in
supporting cities of
the future
24
www.risk-uk.com
According to market analyst Gartner, almost
21 billion Internet of Things (IoT)-
connected sensors will be in use by 2020.
From homes to city streets, from your work
lanyard to light sensors in street luminaires, the
sensors involved will capture the huge
quantities of data it takes to power a highlyautomated
and highly-efficient world.
However, while new advances in sensor
technology will drive our transition towards
smart cities (and, indeed, smarter workplaces),
some familiar hardware could be the secret to
unlocking everything analytics has to offer.
In the words of Fujitsu’s CTO Dr Joseph Reger:
“Cameras are becoming the universal sensor of
IoT. If you’re smart enough, you can figure out
what’s happening by watching and you don’t
need other sensors.”
As is always the case, these devices will all
be underpinned by storage, most commonly in
the form of hard drives. It’s tempting to think
that the technology underlying our smart future
isn’t so revolutionary after all. However familiar
they may appear and however tried-and-tested
these future use cases of hardware might seem
on first glance, it’s certainly time for a different
breed of storage to emerge.
Beginning with security
Before we can move towards automation,
efficiency and enriching our lives with
connected infrastructure, we need to start with
the basics. Governments are investing heavily
in so-called ‘safe city’ solutions. Just as in
offices, warehouses and retail environments,
safety and security are obvious priorities –
these are the very foundations upon which we
can build towards loftier goals.
In 2013, the Singapore Economic
Development Board and Ministry of Home
Affairs embarked upon a project to improve
public safety and security. Multi-million dollar
investments included video analytics using
rule-based algorithms and machine learning.
The solution could detect normal scenarios
and, in turn, abnormal incidents, from rubbish
build-up to suspicious packages. The end
results of all this work? Everything from an
increase in key safety metrics to better tourism
and enhanced citizen happiness.
Unsurprisingly, it’s an impressive
achievement that cities around the world are
looking to replicate. Indeed, based on the latest
estimates, the market for safe city solutions is
expected to exceed $20 billion by 2021. All of
this development is driven by cameras and
storage being used in new, innovative ways.
Of course, the big ambitions of city planners
and Governments don’t feel immediately
relevant when you’re trying to secure your plant
equipment or keep trespassers out of your
warehouse. That said, we’re all part of this
transition towards safe and smart cities, and
it’s fair to state that the strategies and
technologies of world leaders can be used to
transform surveillance on every level.
With a specific focus on security, surveillance
cameras have transitioned from being seen by
some as a costly expense to become a real
asset that provides tangible value. Machine
learning and deep learning are allowing
surveillance systems to build their own
intelligence without programming, while
growing more accurate and sophisticated with
every new frame of footage that they see. It’s
the marriage of more sophisticated cameras,
advanced software, intelligently-designed
algorithms and back end processing power. All
of this flows through your chosen storage.
According to IDC, the amount of the global
datasphere subject to data analysis will grow
by a factor of 50 to 5.2 ZB in 2025. It’s not just
cities – corporations, small businesses and
individuals are now all realising the huge
opportunities of Artificial Intelligence (AI).
Value of analytics and AI
If there’s one thing we know about
Governments, it’s that heavy investment in safe,
smart cities wouldn’t be happening without the

Data Storage for Security Systems (Part Two)
promise of big benefits and either financial
returns or savings – or both. Whether you’re
implementing thousands of sensors across an
urban centre or trying to realise more value
from your commercial CCTV deployment, video
analytics delivers a real impact. Machine
learning, natural language processing and AI –
collectively known as cognitive systems – turn
data analysis from historic to real-time. It’s less
about gathering information on previous events
(in archived recordings), and more about using
intelligence for smarter decision-making.
AI can empower faster decisions without
compromising on quality, a proactive stance
and opportunities for time-saving automation.
That scenario will only be realised, though, if
your storage can keep up.
Since cognitive systems depend on large
quantities of high-quality video to analyse and
from which they can learn, it’s only natural that
scalability and capacity will continue to be
important traits of storage. The most critical
change comes in terms of how we’re using data,
not just the amount of it we need to store.
Traditional recording streams are
predominantly sequential. The workload your
drive sees is primarily sequential writes as new
footage is captured, with infrequent read
activity as archived footage is reviewed.
Analytics streams are fundamentally different.
Data sets are more fragmented and a drive is
subject to more random read and write
operations. The right storage for AI, then, will
support 50/50 read/write workloads and, in an
ideal world, for multiple AI streams at once.
Low-latency random read performance will
become as crucial as the workload ratings and
life expectancy many of us typically use to
assess storage today. Beyond read/write
performance, the right storage for cognitive
systems will match the traits of the systems
themselves, offering rich automation, ongoing
monitoring and better intelligence.
One key focus area is data integrity. After all,
as we leverage AI to exponentially increase the
value of our footage in an operational sense,
we have more than ever to lose when frames
are dropped or drives fail. Just as powerful
algorithms could detect abnormal behaviour in
your feeds, algorithms may be used to monitor
and manage the health of your hard drive.
Preventative measures built into storage
firmware can detect issues like increasing
temperatures or vibrations, then advise you on
correcting these problems to extend the
lifespan of your storage. In addition, smart
storage can monitor key health parameters
through the lifespan of your storage. If these
parameters change and the drive is
deteriorating, alerting could advise you to
conduct a back-up procedure in order to avoid
catastrophic data loss.
The right storage for deep learning will
understand how important it is to your
operations and do more to improve your insight
into performance as well as enhance your
ability to keep that data safe.
Role of human expertise
Finally, while smart cities of the future will
dramatically decrease the burden on human
labour, it must be said that, sometimes, there’s
simply no substitute for skilled professionals.
In short, someone needs to know how to install
those 20 billion-plus sensors.
Similarly, storage shouldn’t stop with
technology. It’s down to storage providers and
integrators alike to help end users find the right
drive for the job – one that meets every current
requirement and offers room to grow, but also
considers the reality that drives come with
limited lifespans. It’s absolutely no good
investing in hardware that will fail before you’ve
been able to use it effectively.
It’s also down to storage providers to go that
bit further in protecting their customers’ data
assets, whether through extended warranties
or data recovery programmes that can retrieve
footage from damaged hardware.
Smart cities are no longer a vision of some
distant future – they’re already here. AI and
machine learning isn’t something that’s only
fully realised in science fiction – it has been
powering everything from online advertising to
search results for years. Soon, you’ll even trust
it to drive your car.
Scalable, tough and secure
Of course, how you take advantage of these
opportunities will be unique to you. Some of us
are overhauling what our surveillance cameras
can do now, while others are embarking on a
more gradual journey of exploration.
Whether it’s now or in the future, in a single
location or across an entire city, the core and
essential requirement of any solution remains
the storage set-up. A solution that’s scalable,
tough and secure enough to protect the
lifeblood of your business may not be
something you’re actively seeking at present,
but it’s just a matter of ‘When’, not ‘If’.
Andrew Palmer:
Group Sales Manager
(Enterprise and Surveillance)
at Seagate Technology
“Machine learning and deep learning are allowing
surveillance systems to build their own intelligence without
programming, while growing more accurate and
sophisticated with every new frame of footage that they see”
25
www.risk-uk.com

A Demonstration of Resilience
Any business owner or
manager that has seen
the concrete barriers
installed on London’s
bridges to protect
pedestrians or the
increased security at
concerts and sporting
venues in the wake of
this year’s terrorist
attacks cannot have
failed to consider their
own company’s
present security
arrangements and
assess whether or not
an upgrade is
required. Jason
Wakefield outlines a
‘detect and protect’-
style strategy for
today’s organisations
26
www.risk-uk.com
Fortunately, the type of terrorist attacks
we’ve witnessed in the UK this year are still
pretty rare events, but as MI5’s director
general Andrew Parker admitted in a recent and
rather rare public speech, the UK terror threat
level is higher now than at any time in the past
30 years. With this in mind, most security
experts agree that it’s not a case of ‘If’ an
incident will occur, but ‘When’.
The tragic episodes of recent times,
alongside high-profile warnings, have led many
businesses that once considered themselves
low-level targets to reconsider their approach
towards security. The key challenge facing
those responsible for business resilience and
security is: ‘Where to begin?’
The wide-ranging nature of attacks makes
the degree of threat difficult to assess and the
potential method of attack even harder to
identify. Businesses could face everything from
verbal or written threats through to dangerous
items sent through the post and on again to
direct cyber, property or personnel attacks.
Within a business world where security
awareness must be heightened, what questions
should every organisation ask itself when
considering business resilience and how to
mitigate acts of terrorism?
In times of a heightened threat level, it’s easy
to be carried away on a rising tide of negative
publicity. The first thing to rationally consider is
the degree of risk your business is facing from
a terrorist attack. Your location alone can
sometimes put the business at risk (for
example, if you’re in a high-profile location or
an iconic building). The nature of your business
can sometimes make you more prone to attack
if there are political, religious or environmental
connotations. All of these aspects must be
considered objectively in order to establish
from where attacks might arise.
Types of threat
Once you’ve understood the level of threat, it’s
important to identify the most likely types of
terrorist attacks that could harm staff and/or
customers and interrupt business. Remember,
the most likely attacks are not necessarily the
high-profile tragic attacks on people that are
well-publicised. Sometimes, the most common
attacks are in the form of infrastructure threats,
such as DDoS attacks on your communications
and Internet-connected systems.
The National Cyber Security Centre has
recorded more than 500 ‘Significant’ cyber
attacks launched against computer systems in
the UK over the past year. In total, the
organisation has registered 1,131 IT threats
since October 2016. Of those, 590 were classed
as ‘Significant’ with 30 of them serious enough
to trigger a cross-Government response. The
NHS was targeted, so too businesses both
large and small in scope.
You must establish the critical areas of the
business that most require protection. First,
consider your people and then property and
infrastructure. Are there front line staff or key
personnel more likely to be under threat? Are
there office, store or building locations that are
natural targets for selection by the would-be
terrorist? What are the key functions, such as
mail room or communication systems, that are
most vulnerable to attack?
Once a thorough assessment has been made,
a strategy for detection and protection can be
established for each vulnerable area. Such
areas are generally situated around people and
packages entering your building/venue. The
various security requirements might be wideranging.
They can include ‘eyes and ears’ on the
perimeter of your building(s) in the form of
CCTV systems, access systems designed to
control who goes where and when and security
screening for some or all individuals entering
and leaving the building(s).
There may also be mail room screening for all
incoming parcels and letters against the
delivery of potential IEDs and harmful
biological agents such as ricin or anthrax and,
last but not least, IT security solutions
designed to protect against cyber threats.
Included here must be a password change
routine and very tight control of access to
sensitive company information.
Requirement for flexibility
Try and build flexibility into your security
solutions. The threats to your business are
unlikely to remain fixed, so it’s prudent to
ensure that the security arrangements you put
in place are as versatile as possible.
For example, one fast-growing area in
security screening is the implementation of
what’s known as ferromagnetic search pole
technology. These are unlike the fixed security
walk-through arches witnessed at airports. In
this instance, the poles are highly versatile and
may be easily moved so that you can have a
fully-operational security checkpoint up-andrunning
in a matter of minutes.

Counter-Terrorism: The Path to Business Resilience
The detectors may also be used externally
and in all weathers so that you can establish a
checkpoint outside your building/venue which
offers the flexibility to quickly establish fast
screening for weapons such as guns and knives
in any remote location, thus enabling the
security team to effectively screen people
before they even enter the establishment.
The use of fully-rechargeable batteries
renders such a solution an obvious answer to a
fast-developing problem.
However detailed your security plans, there’s
always the danger that a terrorist attack will be
successful in some way and, therefore, serve to
disrupt the business. As a result, businesses
must have equally robust disaster recovery
plans in place to ensure that operations are
impacted for the minimum time possible. These
plans could involve back-up/co-locations being
established quickly if a building becomes
unusable or for IT and communication
infrastructures to be ‘mirrored’ such that a
connection may be quickly re-established in the
event of an unforeseen outage.
Despite the rapid advances in detection
technology, your staff are often the first line of
defence and the best ‘eyes and ears’ for the
security of your business. To do their job well
they must be trained properly. Consider the
appropriate level of training for your staff.
Some may just require basic threat awareness
instruction, while others will need detailed
training on how to effectively use the security
technology at their disposal.
Make sure that the training members of staff
receive is from a recognised and appropriately
accredited security training provider and duly
delivered by experts in their field. Also, ensure
that the training is regularly updated as
required such that it’s always up-to-date with
new techniques and evolving threats.
Finally, ensure that your members of staff are
regularly drilled and tested in their techniques
to ensure that Best Practice is being
implemented at every level.
We would highly recommend the use of the
Citizen Aid App. This can be downloaded to
your personal mobile and is available on both
the Android and iOS platforms. It’s designed
such that it will help in reducing the anxiety
around difficult decision-making in unfamiliar
and fast-moving situations. Simply follow the
systematic logical steps so that you do the right
things and in the right order.
Additional support
Always bear in mind that, wherever possible,
security action taken against potential terrorist
threats and for business resilience should
enhance and not stand in the way of business.
Staff and customers are reassured when they
see security steps being taken and
implemented considerately. Everyone in the
business should be encouraged to participate.
Finally, remember that this type of security
assessment and implementation isn’t
something that your business has to do alone.
There are professional organisations that can
assist with threat assessments, security
implementation planning and training.
Your local police service and Counter-
Terrorism Security Advisor can offer up-to-theminute
advice that will greatly assist in
plugging your business into the wider support
and counter-terrorism activities already
underway in your local community.
The Centre for the Protection of National
Infrastructure’s website offers excellent advice
on counter-terrorism for most business
activities and business resilience. It also
outlines guidance on how to construct and
implement business continuity plans in line
with Government and British Standards
Institution guidelines.
All of these resources can help when it comes
to integrating your business-focused prevention
activities with wider community action.
Jason Wakefield: Sales
Director at Todd Research
“Try and build flexibility into your security solutions. The
threats to your business are unlikely to remain fixed, so it’s
prudent to ensure that the security arrangements you put in
place are as versatile as possible”
27
www.risk-uk.com

The Changing Face of Security Services: Security Guarding
The Future of Security Guarding in the UK
The political debate
focused on Brexit
continues at pace, but
with no clear solution
as yet in sight which is
going to be agreeable
for both parties, the
UK economy remains
in a state of flux. In
parallel, David
Mundell focuses on
challenges ahead that
will determine the
shape of the security
guarding sector for
decades to come
David Mundell: Managing
Director of Axis Security
28
www.risk-uk.com
For a number of years now, the European
Union (EU) has been the driver for much of
the regulation within the security industry,
including legislation that affects workers’ rights
(such as the TUPE Regulations, the Working
Time Directive and various rulings on Health
and Safety, etc). For its part, the Conservative
Party has previously indicated an eagerness to
remove some of these protections.
A significant risk that may come with Brexit is
a return to the previously unregulated market,
resulting in a fall in professional standards and
the further demotivation and
disenfranchisement of staff.
Leaving the EU may also result in an anti-UK
bias across Europe, thereby placing UK
businesses at a disadvantage. That scenario
would limit opportunities for future expansion.
There are already concerns that we’ll see a
relocation of European headquarters away from
the UK – and notably London – to elsewhere in
Europe. The financial services sector is likely to
bear the brunt of these moves, with the loss of
such businesses reducing some of the more
attractive accounts for the security industry.
Procurement challenges
Public sector procurement has been regulated
by EU-driven laws. Removing these laws could
result in less transparency and decreased
standardisation in procurement processes. The
end result would probably make the market
less competitive. Uncertainty about the Brexit
‘model’ is also an obstacle, since uncertainty
often breeds concern, fear and nervousness.
While the guarding industry predominantly
remains UK focused, it cannot afford to ignore
the labour pool which has employed a large
number of EU citizens over the last decade.
During this period, we’ve also seen a
dramatic erosion of margin, which has affected
the ability of companies to differentiate
themselves from their competitors through
investment in better training, quality of
operational management and, above all, the
quality of candidates available. Throw TUPE
into this mix, with its impact on all service
industries, and the full extent of the challenge
ahead becomes readily apparent.
While nobody advocates a return to pre-TUPE
days, it has impacted on the quality of
candidates available. This has recently been
highlighted by Security Industry Authority
statistics indicating a 20% reduction in licence
renewals. That will clearly have an impact on
the quality of the available labour pool.
The recent rise of nearly 4.6% in the London
Living Wage (LLW) offers equally challenging
circumstances and will test the resolve of
companies who voluntarily signed up to pay the
LLW year-on-year. To maintain margins, these
businesses will have to look at increases of up
to 7% to offset pensions, the Apprenticeship
Levy, associated holiday costs and CSP.
In an economy where the national cost of
living rises at an average of 2.5% per annum,
and salaries typically only rise at 1%, the
security guarding industry has to evolve in
order to deal with this challenge.
It’s perhaps nothing new to suggest that we
must increase the use of technology to deliver
an improved service, but this has to be
achieved at a cost that the market can bear.
Equally, the customer has to accept that their
associated costs will continue to rise unless
they change the mindset of procurement which
invariably sacrifices quality on the altar of cost
and added value.
While we, as an industry, will have to wait
and see what the real outcomes are from Brexit,
there are two definite steps that we can
collectively take to ease some of the
challenges. The first is to ensure that contract
award periods are for a minimum of five years,
with clearly laid out KPIs for training and
development through an open book policy to
ensure no hidden margins on charge rates,
thereby affording stability for all parties.
The second is to introduce more technology
to contracts with the overriding aim of having
highly-trained security officers who are capable
of dealing with all manner of incidents rather
than being ‘sentries at the gate’.

A New Model for Guarding
Cardinal's new 5M model gives clients a unique view of
their investment and the true cost or return.
Measure Mobilise Monitor Manage Monetise Test
Contact us today and request a free data-driven health check on your incumbent provider
Kerinda.Trigg@thecardinalgroup.co.uk
Group Sales and Marketing Director +44 (0) 1799 533 635 +44 (0) 781 801 3200

The Changing Face of Security Services: Security Officers
The Value of Front Line Security Officers
In a world wherein an
incident can be
transported from
photo or video taken
on a phone to a tweet,
a news story or a viral
meme all in a matter
of minutes, it’s
essential that front
line security staff
understand their role
in supporting the PR
efforts of the client
and the company for
whom they work.
Amanda McCloskey
elaborates on what is
a key issue
Amanda McCloskey:
Sales and Marketing Director
for CIS Security and CIS Front
of House
30
www.risk-uk.com
Front line officers need to understand the
power of the Internet in amplifying and, at
times, distorting a story into a sensational
headline. Media training is a must as part of
any front line security induction programme if
the risks of negative PR are to be effectively
mitigated. We regularly remind our new starters
of the law protecting breastfeeding mothers, for
example, because there are few things that will
trend on Twitter faster than a disgruntled
mother who has just been told she needs to
visit a toilet cubicle in order to feed her baby.
All officers need to know what to do in the
event of an approach by a news reporter
seeking insights to pad out their story. While
it’s important to be discreet on matters that
pertain to the premises one is helping to
secure, a reporter asking a question is still a
customer (and, arguably, an even more
important one) whose experience has the
potential to resonate as far as they want it to.
Politeness is paramount in this situation.
Although the officer will not be able to help in
providing a story, they should be equipped to
assist in some way, such as providing details of
the website to visit or the PR representative to
contact in order to leave a positive customer
experience. Even the stealthiest of tabloid
newspaper reporters are customers who
deserve to feel safe and happy as a result of an
encounter with front line security personnel.
Positive press coverage can have a fantastic
impact on an organisation’s public perception.
One of my proudest moments as a director of
our company was discovering that an end user
had written to the ‘Good Deed Feed’ section of
the Metro newspaper with an emotional
account about how one of our officers came to
her aid while she was leaving hospital after
spending a long day in Accident & Emergency
with her toddler.
The officer in question had to be rewarded
for this and, helped by the fact that he had
been doing a fantastic job, we awarded him the
‘Security Officer of the Year’ accolade at our
annual company awards.
Furthermore, we nominated him for the
Outstanding Security Officer Award at this
year’s OSPAs. He duly took home the trophy
along with another one we won that night for
our Outstanding Customer Service Initiative.
PR on the front line
Elevating the profile of those who help us in
promoting a positive image for ourselves, our
clients and the industry in general is crucial in
encouraging a responsibility for PR on the front
line. It must be said that ‘The Hero Factor’ is
one of the most positive messages we can
convey as a profession.
Positive perception isn’t going to come from
someone rugby tackling a petty thief to the
ground. On the contrary, this kind of approach
can find one in very deep and murky PR waters.
Exceeding customer experience is also where
many PR wins can be scored.
We all need to be better at ‘singing our own
praises’ in the security industry when it comes
to the good work that’s conducted within. It’s a
culture that should be embedded from the
Boardroom table all the way to the front line. If
we want to enjoy better PR as an industry, we
should absolutely take the opportunity to
develop our PR skills and shout about our
myriad achievements from the rooftops.
Empowering and facilitating positive story
sharing by front line officers with their
colleagues will make them feel proud and
imbue their role with added purpose. That will
exert a positive influence on productivity.
If we don’t shout about our achievements,
nobody else is going to do it for us.

We go above
and beyond.
Axis Security – exceeding expectations in customer service.
• Our employees – are highly trained, valued and rewarded
• Our proactive management approach – ensures service is continually improving
• Our intelligent technology – ensures open lines of communication and transparency
• Our prestigious industry recognition – includes 3 Security Guarding Company of the Year awards
T. 020 7520 2100 | E. info@axis-security.co.uk | axis-security.co.uk

The Security Industry
Authority’s vision is
one of a private
security industry so
committed to
improving standards
and protecting the
public that, over time,
it will need minimal
regulation. This vision
is underpinned by the
Regulator’s close
working relationships
with partner
stakeholders, the
industry and members
of the public alike, as
Mark Burtonwood
explains in detail
Using Your Intelligence
Critical to successful collaboration is the
sharing of information that allows the
Regulator to build a rich picture, enabling
us to concentrate our efforts for maximum
impact, while at the same time regulate in a
way that’s proportionate, risk-based and
focused on the non-compliant.
The information you give us has a real impact
and helps us to ensure that we’re as effective
as possible. We can gather information in a
variety of ways. First, there’s information or
intelligence we receive from the private security
industry and the general public as well as the
intelligence we gather when we conduct our
compliance checks across the UK.
In addition, there’s the intelligence received
from law enforcement partners and
organisations within our networks.
The members of our intelligence team review
and assess everything that’s sent to us. When
something’s reported, we use it to build a
bigger picture and develop this into
intelligence. Information becomes intelligence
when we can apply and use it to support our
intervention activities. We refer intelligence to
our compliance teams, including our
partnerships and interventions teams, who
then take the appropriate action.
The quality of the information sent to us is
crucial. Information that includes the names of
people, places and behaviour of concern gives
us the detail we need in order to act. Whether
you’re contacting us via Crimestoppers or our
website, this is precisely why we ask for as
much detail as possible.
While anyone sending us information can
choose to be anonymous, if you’re willing to
identify yourself, this will help us to verify the
information and pinpoint willing witnesses. It
also means that documentation relating to
offending enables our ability to effectively
resolve issues.
The kind of detail we ask for is usually Who?
(the names of any individuals suspected of
illegal activity and the sectors in which they
work), What? (ie a description of the incident
that has led to an individual being reported),
Where? (the name of the company for whom
the individual works or where they work) and,
of course, When? (times and dates associated
with the report).
We use this to direct our enforcement activity
and support our licensing decisions or as
evidence in a prosecution. We may also send
such information to a partner agency.
Gathering vital information
We work collaboratively with several partners
and other Government agencies and continually
share information with them. These bodies
include the police service, the Department of
Work and Pensions, the Insolvency Service, Her
Majesty’s Revenue and Customs and Home
Office Immigration Enforcement.
We’re also a part of various networks across
the UK that work to reduce organised crime.
These networks meet to share and gather
information. It’s often through the networks
that we find out about licence holders who
pose a risk to the public or a business with
alleged poor working practices that we need to
investigate. We carefully evaluate the
information we receive from our partners and
then decide upon the appropriate action.
The Security Industry Authority (SIA) is often
asked why it doesn’t give updates to members
of the public after they’ve sent information to
us. In practice, the amount of information we
can provide about cases in the investigation
stage is usually very limited. The main reason
for this is to ensure that ongoing investigations
and law enforcement work are not
compromised. We must also avoid prejudicing
the right of defendants to a fair trial, or causing
avoidable reputational damage or harm to
individuals or businesses under investigation.
There are exceptional circumstances when
we may decide to go public on an investigation.
For instance, the individual or company under
investigation might make the information
public. There may be operational reasons such
as a call for witnesses, or we could consider
that there’s a real threat to public safety. On
32
www.risk-uk.com

The Changing Face of Security Services: Compliance and Regulation
rare occasions, we may well give witnesses
updates on the progression of a case with
which they’re directly involved.
In addition, we receive such high volumes of
information that it would be an inefficient use
of resources to respond to every report of
suspicious or concerning behaviour. For
example, between May and October this year,
we received 2,246 reports. From them, we
created 306 intelligence cases. This resulted in
126 compliance cases and 180 interventions by
our partnerships and interventions teams.
We value and assess everything that’s sent to
us. Most of the information we receive is very
useful, and the fact that we cannot give
updates doesn’t mean that we’re not acting on
the detail you send us.
Enforcement approach
We have a range of options for non-compliance.
Our approach is intelligence-led and based on
risk. This means that we use intelligence to
prioritise our activities and resources to deal
with the most severe cases of non-compliance.
If the law is broken, we seek compliance.
However, we have the will and the capability to
prosecute offenders. Those who display a
blatant contempt for regulation – and, in doing
so, undermine the safeguards and assurances
that regulation provides – will be prosecuted.
Furthermore, our compliance and
investigation activity isn’t limited to matters
under the Private Security Industry Act 2001.
We can also legally consider offending which
affects the provision of security industry
services. This can include offending relating to
malpractice, fraud, identity irregularities,
organised crime or theft.
Information and intelligence plays a key role
in encouraging compliance. It puts us in the
right place and at the right time such that we
can catch anyone who ignores the law and SIA
licensing conditions.
A good example of this is the prosecution of
Stuart Reeves of Lock It Down Security Services
Limited and Joseph Mitchell of Alpha Secure
Group Ltd. They were found guilty of supplying
an unlicensed security operative in February
2017. During this investigation, we were sent
information that suggested Alpha Secure Group
Ltd was a phoenix entity arising from Lock It
Down Security Services Limited. In other words,
Lock It Down Security Services Limited had
gone into liquidation, but had been
reconstituted under the same management as
Alpha Secure Group Ltd.
Further information sent to us revealed that
security operatives were being paid as though
they were self-employed, or were not paid on
“The quality of the information sent to us is crucial.
Information that includes the names of people, places and
behaviour of concern gives us the detail we need to act”
several occasions. All of this information meant
that we could question Reeves and Mitchell
further and inspect their business premises.
When more irregularities were found, we
prosecuted them.
Role of intelligence
The intelligence we receive plays a vital role in
successful prosecutions. We want the private
security industry to know how important the
information it sends to us really is. It’s for this
very reason that, when we prosecute
businesses or individuals, we publish
information about this on the News and
Updates Section of our website. We want the
private security industry and its constituent
members to know that we’re working diligently
in order to regulate more effectively.
We have frequently described on-the-ground,
front line private security operatives as the
“eyes and ears” of the industry. They’re often
the best-placed people to share intelligence, as
they can recognise behaviour that’s suspicious
and/or illegal. We absolutely welcome
information from all sources, and we would
stress that we’re interested in more than
obvious criminal behaviour. Information on
other suspicious behaviour can also help us to
build an effective intelligence case.
The impact of intelligence cannot be
underestimated. We conduct our own checks
across the UK to assess compliance. We work
with partners to share information and
intelligence, and we act upon the information
sent to us in order to drive our compliance and
enforcement activity.
We’ve endeavoured to make it as easy as
possible for people to send us information.
Anyone can report a crime or concern via our
corporate website or by calling Crimestoppers
on 0800 555 111. We want members of the
private security industry and the general public
to know that, if they see something suspicious,
they should contact us and report it.
The information you give to us is invaluable.
Your involvement underpins and strengthens
our regulatory enforcement activity, which in
turn improves the standards and reputation of
the private security industry.
Chasing rogue operators out of the industry
ultimately leads to better working conditions
for individual operatives and increased levels of
public safety. Keep talking to us.
Mark Burtonwood:
Deputy Director (Operations)
at the Security Industry
Authority
*To find out more about the
SIA’s enforcement approach
visit the website
https://www.sia.
homeoffice.gov.uk/Pages/
enforcement.aspx
**For further information on
the impact of enforcement,
read these Case Studies
https://www.sia.homeoffice.
gov.uk/Pages/enforcementintelligence.aspx
33
www.risk-uk.com

Meet The
Security Company
and provide an innovative solution that exceeds
their expectations. Through our live incident
reporting-based approach, we’re completely
transparent and always tell our customers what
they need to know, not necessarily what they
want to hear.
Risk UK: How do you feel accreditations have
assisted your company?
Graham Allison: Accreditations enable us to
demonstrate to our customers that we can
provide an assured level of quality and that
we’re capable of leading the way on innovation.
Just as importantly, they also allow us to be
included in high-profile tenders and permit us
to promote our services to companies resident
in a diverse range of vertical sectors.
This is the sixth
instalment in a
monthly series of
articles for the readers
of Risk UK where we
shine the spotlight on
NSI-approved
businesses for the
benefit of risk and
security managers
who purchase security
guarding as well as
systems-focused
solutions. Answering
our questions on this
occasion is Graham
Allison, managing
director of Cardinal
Security
About the National Security Inspectorate
Risk UK: Can you briefly describe your
business’ activities and what you consider to
be your USP as an organisation?
Graham Allison: Cardinal Security was formed
in 2003 and is a privately-owned company that
delivers dynamic and innovative security
solutions throughout the UK, Europe and the
USA. As a registered member business of the
Security Industry Authority’s (SIA) Approved
Contractor Scheme (ACS), we’re placed within
the top 5% of all security providers in the UK
and NSI Guarding Gold approved.
Our ‘intelligent guarding’ approach is a key
factor in our success. It combines technology
(and the data this realises) and quality people
who can deal with outputs from these systems.
Knowledge about counter-terrorism, loss
prevention, report writing, behavioural analysis
and profiling, Health and Safety, data and
intelligence gathering and First Aid in addition
to excellent customer service skills are all now
absolutely vital for the modern security officer.
Risk UK: What do your clients value most
about the services you deliver?
Graham Allison: Clients value our honesty,
quality and ability to understand their needs
The National Security Inspectorate (NSI) is a wholly-independent, not-for-profit
company limited by guarantee and operates as a UKAS-accredited certification
body specialising in the security and fire safety sectors.
For over 40 years, the NSI has served to protect businesses, homeowners
and the general public alike, raising standards by providing robust and high
quality audits of both security and fire safety service providers.
Risk UK: Specifically, what value does ACS
registration and NSI Guarding Gold approval
bring to your business and its clients?
Graham Allison: Both ACS registration and NSI
Guarding Gold approval bring value to what we
do, although the latter is, in my personal
opinion, the more beneficial of the two.
The NSI Guarding Gold scheme combines the
ISO 9001 accreditation for the quality
management element of our business. It
assures our existing and prospective customers
alike that we consistently meet the highest
standards and reinforces the claims we make
about our service and its delivery.
At the same time, our efforts to score more
ACS points help to drive up standards and
afford purchasing end users a better idea of
what we can offer as a company.
Risk UK: In practice, what are the main
differences between ACS registration and NSI
Guarding Gold approval?
Graham Allison: NSI Guarding Gold affords a
higher level of quality assurance through its
rigorous auditing process. As its name
suggests, NSI Guarding Gold is still considered
to be the ‘Gold Standard’ when it comes to
accreditations in this business sector.
Although the ACS is well-intentioned in terms
of raising performance standards across the
security business sector, there’s lots of room for
improvement in terms of its scope and
effectiveness, and particularly so with regards
to training and knowledge development.
In fact, one of the main advantages of the
ACS is that it gives us the ability to deploy
security staff while their licence applications
34
www.risk-uk.com

Meet The Security Company: Cardinal Security
In association with the
are being processed thanks to the issuing of
licence dispensation notices.
From my own perspective, the Regulator must
do more to expand awareness of the ACS
among customers if it wants to turn it into a
real quality mark, and should perhaps also look
to make the ACS mandatory rather than
voluntary. This would enable end users to gain
an insight into whether a security services
provider merely meets the basic criteria for
approval or actively exceeds them.
Risk UK: How do you think technology has
changed the industry over the last couple of
years and what do you feel will be the
direction of travel in the future?
Graham Allison: Technology itself has
developed massively. However, I think that
many security service providers are failing to
maximise its potential.
The problem is that the approach to loss
prevention and protecting organisations from
those with malicious intent is fundamentally
the same as it has always been. Traditional
Shopping Centre security, for example,
encourages a silo-based mentality, wherein as
well as paying a service charge for the security
guarding of public areas, retailers are also
procuring their own in-store operatives.
The ‘intelligent guarding’ approach
mentioned earlier gives security officers a real
opportunity to demonstrate Return on
Investment against a defined set of Key
Performance Indicators. In turn, this drives up
their skills, value and pay.
Risk UK: When it comes to negotiating
contracts and responding to tender requests,
what aspects are of most value to customers
and how are these changing?
Graham Allison: Most tenders are weighted
50% cost, with only the other 50% being about
the real value that a company could provide.
The skills, experience and ability of service
providers to offer high levels of contract
fulfilment should be a prominent part of the
buying criteria, with the price reflecting what’s
on offer.
The tender process needs to rebalance value
and price – two words that are often used
interchangeably, but in reality couldn’t be more
different. This would allow the relationship
between client and service provider to move
from being simply a supplier arrangement to
the more beneficial position of a strategic
partnership, which can add significant benefits
to a solution in the longer-term thanks to the
implementation of a strategy that, for example,
replaces security guarding with technology.
Risk UK: How has Government legislation (eg
the National Minimum Wage, the National
Living Wage and holiday pay) affected your
business? Do you believe such legislation is
a good thing?
Graham Allison: I fully support the National
Minimum Wage. It’s the right direction of travel.
However, the pay rates security officers are
awarded are still less than satisfactory. There’s
a wider problem than that, too.
A culture of competitive undercutting, an
obsession with market share and the inability
to offer talented young people a career path
has led to a situation wherein the majority of
customers simply don’t place a high enough
value on their security guarding operations.
Instead of expecting ‘champagne for beer
money’, clients should place a genuine value on
their security operations, allowing service
providers to invest more in training and skills.
Cardinal Security is hoping to help buck the
trend with the Cardinal Training Academy, which
performs a vital role in attracting new entrants
to the industry via an apprenticeship scheme,
while also enabling security officers to enhance
their existing set of skills.
Risk UK: What are the most important
attributes you look for in your security
officers and staff members in general?
Graham Allison: We seek individuals who can
demonstrate professionalism, have experience,
take pride in their appearance and
presentation, possess good communication
skills and who are committed to their roles.
By focusing on the development of these
skills, the overall worth of the security officer’s
role can be elevated. Investing in employees
ensures that they’re given the requisite
knowledge to develop their careers.
Risk UK: How can the SIA, the NSI and
industry standards best serve the sector in
addition to the needs of your company’s
clients and the wider public interest? Will
the introduction of business licensing be a
positive step?
Graham Allison: I think both the SIA and the
NSI should continually be serving the industry
to raise the level of professionalism across the
board, and we’re certainly beginning to see the
benefits of them doing so. However, in terms of
the SIA, obtaining individual licences is still a
lengthy procedure which is interrupting
business flow. It really is time the issues
around this process were resolved.
Business licensing looks to be going one step
further in terms of protecting both customers
and employees. That can only be a good thing.
Name
Graham Allison
Job title
Managing Director
Time in the security sector
I’ve been working in the
security industry for 21 years.
Prior to my role at Cardinal
Security, I served as Chief
Operating Officer at Sentinel
Group Security for almost
four years. I’ve also held
senior roles at other
renowned security companies
including Mitie, Securitas and
Reliance
Location of the business
Cardinal Security’s head
office is based in Great
Chesterford, Essex. The
business provides security
services on a national level
Areas of expertise
The company provides both
permanent and ad hoc
security officers, store
detectives and key holding
services for its clients and
boasts extensive experience
in the retail, logistics and
corporate arenas
Accreditations
NSI Guarding Gold, SIA ACS,
BSIA Member, Highfield
Awarding Body of
Compliance, ISO 9001 (2008)
Graham Allison: Managing
Director at Cardinal Security
35
www.risk-uk.com

BENCHMARK
Smart Solutions
BENCHMARK
Innovative and smart solutions can add value and benefits to
modern systems for customers. With the technological landscape
rapidly evolving, the Benchmark Smart Solutions project assesses
the potential on offer from system integration, advanced
connectivity and intelligent technology. Bringing together field trials
and assessments, proof of concept and real-world experience of
implementing smart solutions, it represents an essential resource
for all involved in innovative system design.
Launching in 2017, Benchmark Smart Solutions will be the industry’s only real-world resource for
security professionals who are intent on offering added value through the delivery of smarter solutions.
@Benchmark_Smart
Partner Companies
www.benchmarksmart.com

The Security Institute’s View
Back in October 2015, many of us awoke to
Dido Harding, CEO of TalkTalk, informing
the world that the business had been the
victim of a “sequential attack”. My first thought
was: “We have a problem on our hands”. Our
education system of the last 40 years has
enabled a situation whereby the majority of the
workforce – at all levels – are not cyber aware,
while self-taught teenagers commit a large
proportion of cyber crimes. The TalkTalk
episode was, in fact, an SQL injection attack, a
method known about for almost two decades.
My interest in cyber security stems from an
educational perspective by dint of working as a
university lecturer in initial teacher training for
computing, and previously as head of
computing in a secondary school. My focus is
very much on what we need to do in the UK to
educate children, not only to be safe and
informed cyber users, but also to be in a
position to foster skills such that they can be
useful – and not damaging – to today’s society.
Michael Gove’s 2012 speech at the BETT
education trade show heralded a major change
to the new national curriculum, making it
statutory to teach computing to students from
age five upwards as of 2014 onwards.
While the UK’s National Cyber Security
Strategy documents indicated the need to
include cyber security within computer science
teaching, and promoted extracurricular
initiatives such as the Cyber Security Challenge,
there was no indication that the low number of
students studying computing beyond the age of
14 would be addressed.
The extracurricular activities for “talented”
14-to-18 year-olds appeared to be the preferred
route to developing the nation’s desperatelyneeded
cyber specialists, including the latest
£20 million initiative which was again targeted
at elite children. If cyber knowledge really is –
as stated in the 2016 UK Cyber Security
Strategy – “no longer an issue just for the IT
Department, but for the whole workforce”, are
these interventions enough, or will the skills
gap continue to leave us vulnerable?
Introduction of cyber
The May 2015 update to the ‘2010-2015
Government Policy: Cyber Security’ Policy Paper
announced that cyber security had been
introduced at every level of the education
system from age 11 to post-graduate, claiming
that: “This ensures everyone who leaves
education has at least a basic understanding of
cyber security before employment.” However, at
best this can only be partially true.
The new GCSE qualification in computer
science provided by the OCR Examinations
The Challenges of Cyber
Education in Schools
Developments in both the 2011 and 2016 UK National Cyber
Security Strategies shifted the Government’s position from
being advisor to industry, education and society to that of
interventionist, reflecting the realisation that most end users
are not sufficiently cyber aware to redress the issues involved
without significant assistance. Simon Marsden addresses the
challenges of cyber security education in schools and why
they must be overcome sooner rather than later
Board was promoted as having a “focus on
cyber security… which students will study for
the first time” and accredited for first teaching
from 2016, thus indicating a mismatch between
Government statements and school
implementation. Additionally, only 28.5% of
schools entered pupils for the GCSE in 2015, so
are students of all subjects at university really
privy to cyber education?
Numbers vary depending on which
Government spreadsheet you open, but the
GCSE entries from 2016-2017 show 589,096
pupils with 61,040 taking information
communication technology (ICT) and 69,061
studying computer science. If we generously
afford the same weight to the ICT GCSE as the
computer science GCSE, it still means that only
25% of pupils left secondary school with some
applicable knowledge. Removing ICT, we’re
then down to 12% (ICT is no longer in the
curriculum). Very few of these students will go
on to A-Level (8,299) or future courses where
they’ll be taught to be ‘cyber aware’.
Simon Marsden BSc Cert Ed
MSc FHEA MBCS:
Senior Lecturer for Initial
Teacher Training in Computer
Science at the University of
Portsmouth’s School of
Education and Childhood
Studies
37
www.risk-uk.com

The Security Institute’s View
*Subsequent to this article
being completed, it was
announced in the
Conservative Government’s
Autumn Budget that the
number of computer science
teachers will triple to 12,000
and that there will be a new
National Centre for
Computing. Although the fine
details are yet to be clarified,
this is to be welcomed as it
appears that the muchneeded
training for existing
teachers to retrain as
computer science teachers
will now be available. The
question as to how new
trainee computer science
teachers will be recruited still
needs to be urgently
addressed, with most teacher
training providers currently
struggling to recruit even a
handful of trainees yearly
The Security Institute’s View
is compiled and edited by Dr
Alison Wakefield FSyI
(Chairman of The Security
Institute) and Brian Sims BA
(Hons) Hon FSyI (Editor of
Risk UK)
Positively, 11% of the children interviewed by
The Royal Society for its ‘After The Reboot:
Computing Education in UK Schools’ Report
expressed interest in a career in computer
science, but children are receiving a mixed
experience, with some even having to teach
themselves how to code.
Despite the excellent work of Computing at
School, a BCS initiative, many of the teachers
are not qualified in the subject, only around
50% have any knowledge of (or qualifications
in) computing and many harbour a very limited
understanding. This is in part due to a history
of putting ‘the last man standing’ in the ICT
classroom. In my last teaching post, my
department comprised one business studies
teacher, two PE teachers and myself.
Statutory subject matter
The question is often asked as to why so few
children, and especially girls, want to take this
subject. This is a statutory subject in England
and should be taught to all children from age 5
to age 16 (optional at GCSE level), but with a
lack of qualified staff and other pressures
placed on head teachers, this isn’t happening.
Academies and free schools can opt out of
the National Curriculum, while others avoid the
problem by not teaching computer science to
every year or in every week. Often, lessons are
still based on digital literacy, as this may be all
that the teacher has the knowledge to provide.
While some children receive excellent
provision, most miss out on the exciting wealth
of experiences (ie graphics, robotics,
programming, cyber, physical computing,
games, etc) that could maintain their interest in
computing and STEM-based subjects.
John Hattie, author of ‘Visible Learning for
Teachers’, ranks teacher credibility as the
fourth most important area in a list of
influences on learner achievement. Since the
1980s, children’s cyber role models have been
found in fictional representations such as The
Matrix, so do teachers have credibility?
My trainees do some of the Cyber Security
Challenges and are expected to encourage their
pupils to do likewise. One trainee was told:
“You’re not doing that with these children in
this school”, the teacher fearing the children
would use the knowledge for deviant purposes,
when the challenge was to gain a basic
understanding of steganography.
“Academies and free schools can opt out of the National
Curriculum, while others avoid the problem by not teaching
computer science to every year or in every week”
Another trainee used a wireless router to
show how easy it was to see connected devices
as a first step in an attack. The pupils were
interested and excited, but just as quickly lost
interest – while their teacher lost credibility –
when both trainees and teacher avoided
questions about their own hacking abilities.
Children are desperately inquisitive about
hacking and I feel that we’re doing them a
disservice if we don’t teach them about this
matter. Curiosity is what we want to fuel, not
stifle. If we do stifle this, we do so at our peril.
If a child’s interested – as was the TalkTalk
incident’s perpetrator – in SQL injection, a
simple search yields over five million hits.
Putting our heads in the sand while children
have access to information and time on their
hands without any guidance is counterproductive.
It reminds me of Nancy Reagan’s
simplistic and ineffective ‘Just Say No’ antidrugs
campaign, in comparison with the more
nuanced approach employed in the UK’s current
‘Talk to Frank’ initiative, whereby accurate
information is given alongside the risks.
The reticence of schools towards teaching
about hacking isn’t surprising when considered
alongside their Duty of Care and safeguarding
responsibilities. They’re risk averse. Imagine
the headlines if a hacker said: “I learned how to
do this at school”. However, not teaching
hacking overlooks the value in it, the need for
children to satisfy their curiosity and the
opportunities to teach both the ethics and
consequences of the deed itself. After all, how
can you counter a cyber attack if you don’t
know the first thing about how they work?
Looking for white hats
We’re desperate for future white hats, so let us
not allow our children to stumble into
becoming black hats. When we teach children
about drugs we bring in professionals in order
to give the children and the teachers the best
information that we can. I suggest that we do
the same when the talk turns to cyber.
I also suggest that we need to show children
how known exploits actually work, teaching
them how to enact an SQL injection and other
misdeeds and, at the same time, highlight how
to prevent such occurrences from taking place.
We need to create courses at universities –
similar to the excellent elective CS50
(Introduction to Computer Science) module at
Harvard University – whereby students gain a
core understanding about the subject as part of
their degrees. Hopefully, we’ll then have a
knowledgeable workforce capable of
understanding (and perhaps even countering)
the threats present now and into the future.
38
www.risk-uk.com

Diversity and Inclusion at Work:
Amazon’s ‘Women in Security’ Initiative
As a hugely successful
online retailer, Amazon
is firmly committed to
bringing diverse
backgrounds and
points of view to bear
on behalf of its myriad
customers. There’s
recognition that
creating a diverse
workforce to reflect
the customer base
fosters diversity of
thought. Jo Day
observes that this is
true throughout the
business, including
Amazon’s security
team, and duly
reflected in the
company’s ongoing
leadership principles
Jo Day CPP:
Regional Loss Prevention
Manager at Amazon UK
Gender, race and cultural diversity create
better organisations, while cultivating
‘diversity of thought’ can boost the basis
for action and creative problem solving. This
idea is ably supported by a 2012 survey
conducted by Deloitte involving 1,550
employees in three major Australian businesses
that clearly showed the impact of workforce
diversity on organisational performance.
Interestingly, the report noted: “When Deloitte
modelled the relationship between diversity
and inclusion and business performance, we
identified an uplift of 80% when both
conditions were high… When there’s high
diversity and low inclusion, or low diversity and
high inclusion, the business outcomes are
never as impressive as the high diversity and
high inclusion combination.”
While it’s true that increased workforce
diversity introduces enhanced degrees of
complexity and strengthens the potential for
misunderstanding and conflict, it also affords
the opportunity to develop interpersonal skills,
relationship building and cultural change.
The substantive body of academic research
on the performance of diverse teams
documents that “homogenous teams get to
work more easily and more quickly, but when
diverse teams learn to work together, the
outcomes are superior” (The Workforce
Diversity Network).
At Amazon UK, we want to bring varying
backgrounds, ideas and points of view to
decision-making within our security team and,
indeed, the business as a whole. To support
diversity in the security team, including
attracting women such as myself into key roles,
it’s important to harness the right culture.
On that note, the business is tremendously
supportive of flexible working and there’s a
keen focus on both professional and personal
development. Employees are all set to succeed
as there’s a defined commitment to supporting
and developing Amazon’s female workforce
and, indeed, all parents.
That support structure is provided through
what’s known as a ‘self-serve’ culture. In
essence, this enables individuals to seek out
the personal development opportunities that
best suit them, including top class internal
training complete with instruction administered
by an array of subject experts.
Affinity groups
There are a number of affinity groups within the
business that women can join as well as
development and mentoring programmes.
These are voluntary, employee-led groups
specifically designed to foster diversity and
inclusion as well as strengthen networking and
community participation.
The groups are organised around a shared
characteristic, such as race, gender or cultural
identity. Each group leader co-ordinates
programmes that promote cultural awareness,
such as speaker events, community service
days and heritage celebrations. The affinity
groups are approved and sponsored by Amazon
at its discretion and each group works with the
diversity and recruitment teams to continually
target the diverse talent that’s available in
order to strengthen and enrich the business.
Amazon Women in Security (AWIS) is one of
the newest affinity groups. Formed in February,
this group was created to promote diverse
perspectives, backgrounds and experience
within the Global Security Team at Amazon.
There’s recognition that security is an industry
wherein female talents and leaders are underrepresented.
A similar scenario exists in the IT,
engineering and finance domains.
Initially, the main focus was on networking
and Best Practice sharing, career development
and training as well as mentoring. Our mission
is to increase the span of the professional
network for women in security roles at Amazon
in order to provide developmental support and
mentoring opportunities, while also leveraging
the strengths and knowledge of each other to
reach our goals and vision: “We will be
advocates for ourselves and each other by
developing our careers and representing our
value to the broader organisation.”
The tenets of AWIS are to provide a means to
connect women in the security professions
globally at Amazon, build a community that
fosters knowledge-sharing, collaboration,
mentorship and networking and support
women within the security industry. It’s also
about providing assistance as females pursue
advancement in their careers and promoting
visibility to the broader organisation of the
successes and value of our female leaders in
order to strengthen an inclusive and diverse
environment within the workplace.
40
www.risk-uk.com

In the Spotlight: ASIS International UK Chapter
By females, for females
AWIS was formed by female members of
Amazon’s global security organisation who
recognised a lack of women in leadership roles
and who are aware of the importance of female
leadership presence in our team.
Industry statistics show that most security
regimes have an average of 10% of females in
their teams. Amazon is already leading the way
above that level.
The AWIS members are passionate about
supporting diversity in loss prevention and
security roles as well as helping each other to
succeed. AWIS is sponsored by Amazon’s
worldwide vice-president for the Health &
Safety, security, sustainability and compliance
organisation within the customer fulfilment
operation as well as the worldwide director for
operations security.
Amazon Women in Engineering is another
affinity group focused on making Amazon the
best place to work for ‘technical’ women. This
particular group works to actively promote
diversity at Amazon, and particularly so for
engineering positions. It also provides a
network for women within the engineering
teams to share experiences, participate in
relevant events and gain exposure to career and
development opportunities.
There’s also the Women in Finance Initiative,
a global forum for women in finance and their
advocates through which they can network and
partner to promote a more welcoming and
inclusive workplace culture. The group was
launched in February 2015 with a goal of
supporting the complex career and life needs of
women at all levels and making Amazon the
long-term career choice for women in finance.
The Amazon Warriors
A host of other affinity groups support the
many and varied cultures, backgrounds and
personalities present within the business. The
Black Employees Network was established in
August 2005 to support Amazon’s black
employees. In parallel, the Asians at Amazon
affinity group was set up in December 2010 as a
support structure for our Asian employees and
to promote diversity.
For their part, Amazon Warriors are
employees who have served in their respective
countries’ military forces, those who are still
serving and Amazon employees who support
them. The group was established in September
2011 to provide a support structure for veterans
and military-friendly employees across the
globe. It facilitates a network to share
experiences, celebrate recognised holidays and
ensure visibility and exposure to career and
development opportunities through
participation in relevant community and
recruiting fairs and events.
Also, the Amazon People With Disabilities
affinity group was established in 2015 and is
committed to building a community that backs
employees with disabilities and their allies
through raising awareness, supporting career
development, participating in company
outreach and improving access for both
‘Amazonians’ and the business’ customers.
How is Amazon activating diversity within the
organisation and promoting organisational
inclusion? The business lives by and promotes
its leadership principles, and particularly so
when it comes to hiring and developing the
best talent. This means recruiting candidates
with not only strong backgrounds, but also
strong opinions. We set the stage during the
interview process that diversity of thought is
welcomed and expected.
As both a security professional and a female,
I feel empowered in my role thanks to
interaction with direct colleagues, but also as a
result of participation in the affinity groups and
personal development opportunities. Amazon
embraces diversity, not just by talking about it,
but by placing it at the very heart of its culture.
To quote Mike Hulser REI: “Diversity is what
comes through your doors. Inclusion is what
you do with it.”
“While it’s absolutely true that greater workforce diversity
introduces enhanced degrees of complexity, it also affords
the opportunity to develop interpersonal skills,
relationship building and cultural change”
41
www.risk-uk.com

BBC News recently
reported that the UK’s
Brexit ‘divorce bill’
payment to the EU
could be in the region
of £44 billion, but the
final settlement figure
remains unclear. At
present, there are little
or no guarantees as to
what the future holds
post-Brexit, either for
the fire industry itself
or, indeed, the UK as a
whole. Ian Moore
asserts exactly why
it’s important to
ensure that the fire
industry’s voice is
clearly heard in a
number of areas
directly affecting its
constituent members
Ian Moore: CEO of the Fire
Industry Association
The Fire Industry and Brexit:
What Does The Future Hold?
When talk turns to Brexit, immigration (of
both skilled and unskilled workers),
working relationships with European
Union (EU) members, exchange rates,
standards/certification and tariffs on imports
and exports into the EU are some of the key
areas in which the fire industry has a keen
interest and must make its feelings known.
We should determine to be positive by
looking at the new opportunities that will
continue to arise. By way of an example, I’ve
received a number of communications from
overseas Trade Associations that believe we will
now be looking for stronger relationships
outside of the EU. These relationships could
open the door to improved export prospects.
Let’s begin this examination of a post-Brexit
landscape by focusing on the immigration
issue. The fire industry is directly linked to the
construction sector, which is useful as there are
so many statistics available from this muchdiscussed
world (not least those harboured by
the Confederation of British Industry). Without
delving too deeply into the realms of politics,
we’ve needed immigrant workers on many
occasions over the years. The construction
industry requires a large number of unskilled
and semi-skilled staff as it’s so labour
intensive, but with a restriction on the free flow
of individuals from EU countries, manpower
requirements would be difficult to achieve.
We do have UK citizens that could take some
of these roles, but are they as willing or, in
some cases, skilled enough to do so? Either
way, I fully expect the construction sector will
have to pay more for its labour. As for the
skilled labour market, putting up barriers to
entry will surely deter much-needed talent.
Undoubtedly, once again the construction
industry will suffer.
Reflecting our virtues
The UK’s relationship with its EU partners has
never been great. We’ve been perceived to
stand slightly apart from the rest of the
Member States – not using the official currency
of the EuroZone is one example of this. How
often do you hear people referring to “them” as
Europe and, although we are Europeans from a
geographical standpoint, the term is rarely
used by UK citizens in a sense of ‘belonging’.
In the aftermath of the EU Referendum, we
have the opportunity to re-create our
relationship with continental Europe in a
positive way that reflects the five UK virtues of
military, diplomacy, intelligence, trading and
finance rather than focusing on a drive towards
integration (for which we will never understand
Europe’s apparent need).
Look at Norway and Switzerland. Their
relationship with EU Member States (in terms
of trade and respect, etc) appears strong. Both
sides are apparently happy with their state of
affairs. We have a lot of work to do to form or
reform that bond of mutual respect which will
hopefully lead to strong trading relationships.
One thing I would add here is that we
shouldn’t become too pessimistic about trade
with EU countries. Such trade is mutually
beneficial and has been for hundreds of years.
Can you imagine the Germans not selling us
cars or the French not offering us their wine?
Post-Brexit uncertainty
Probably the most visible indication of post-
Brexit uncertainty in the wake of June 2016’s
Referendum was the dramatic exchange rate
changes. The pound slumped to a 31-year low
following the vote. The continued slide in
sterling since then has hit us hard. In fact, only
this week some airports offered less than €1 to
the £1, in turn warning of the impending
financial squeeze on UK travellers at EU
destinations. Meals, coffees and teas and other
items are now typically at least 22% more
expensive than they were 12 months ago.
However, there has been a benefit for the
British economy, with recent official data
highlighting that retail sales leapt by 1.4% in
July following a drop in June, apparently
assisted by an influx of big-spending overseas
tourists from outside the EU domain.
How does all of this affect the fire industry?
Well, as individuals we would need to be paid
more money to afford any overseas holidays.
Companies buying systems, components or
services from overseas are paying a higher
price. In a Market Conditions Survey recently
commissioned by the Fire Industry Association
(FIA), there are clear signs of a decline in export
growth in the region of 10%. That’s an indicator
of the pressures placed on our exporters.
On a more positive note, it has perhaps never
been such a good time to be a UK
manufacturer. Look at what we have available
to us at the Manufacturing Technology Centre
42
www.risk-uk.com

FIA Technical Briefing: The Fire Industry and Brexit
(MTC) and what’s on offer from United Kingdom
Export Finance (UKEF).
The MTC, which I recently introduced to FIA
members by organising a tour of the facilities,
was established in 2010 with the objective of
bridging the gap between academia and
industry. It represents one of the largest public
sector investments in UK manufacturing to
cover not only R&D, but also training, advanced
manufacturing management and factory design.
It has already assisted hundreds of companies
across a range of industries and stands ready,
willing and able to assist the fire industry.
Also recently introduced to the FIA’s
membership by our representative Dr Carl
Hunter, the UKEF has a range of innovative and
useful ways in which to financially support
SMEs and was formed to ensure that no viable
UK export fails for lack of finance or insurance.
BS and EN Standards
What’s happening when we leave the EU with
reference to the BS and EN Standards? This is
an area where we as lobbyists can have the
greatest influence. As much as there has been a
‘Don’t worry… It will be business as usual’-style
message from the British Standards Institution
(BSI), there remains concern around to what
degree it will be ‘business as usual’.
The BSI has been working with our
stakeholders to communicate the key
messages about the vital role of standards in
supporting trade, growth and productivity. Is
now not the time for the organisation to reassert
itself on the global stage?
The BSI states that it will maintain the UK’s
membership of the three European
standardisation organisations, namely CEN,
CENELEC and the ETSI. For clarity, CEN and
CENELEC are private organisations outside the
EU and co-ordinate the work of 34 countries in
the making and dissemination of European
Standards (EN). Membership of CEN and
CENELEC is linked to the adoption of European
Standards and the withdrawal of conflicting
national standards, facilitating market access
across EU Member States.
It’s the BSI’s ambition – and also its confident
expectation on behalf of UK stakeholders – for
the UK to continue to participate in the
European Standards system as a full member of
CEN and CENELEC post-Brexit given the private
status of these bodies. Remaining as a full
member would bring maximum benefit to the
UK’s fire industry economy in its new status
outside of the EU as reciprocity of market
access will reduce complexity for SMEs and
consumers, saving time, money and effort
while also ensuring product quality and safety.
On the world stage, membership of the two
international standardisation organisations,
ISO and IEC, will be unaffected by Brexit.
Import and export tariffs
The subject of tariffs on imports and exports
into and out of the EU is a complex one that’s
being negotiated by a powerful group within
Government. I think, though, that we can rely
on the continuation of trade at a high level –
remembering, of course, that the EU is our
biggest trading partner by some way – as it’s
mutably beneficial for all parties.
Offering a simplistic view on this, I would use
the analogy of wine importing. If the EU raises
the price of wine from all its Member States to
a certain level due to high tariffs, we will then
buy wine from Australia. Should the Australians
want to raise prices to take advantage then we
will instead buy from Argentina, etc. This is the
way of the world as shown throughout history.
We have the best products in the world with
tried-and-tested technology to match our
regulated regime. We remain a key member of
the G5, permanent members of the UN Security
Council and NATO-2 and serve as the head of 53
nations contained within a Commonwealth
housing the seven fastest-growing economies.
“As much as there has been a ‘Don’t worry... It will be
business as usual’-style message from the British
Standards Institution, there remains concern around to
what degree it will be ‘business as usual’”
43
www.risk-uk.com

Compliance versus Conformance in
the Security Design Process
Compliance is a
fundamental process
in any enterprise, yet
all-too-often its true
importance and the
opportunities it offers
are missed. As Darren
Ward observes in
detail, compliance
should not simply be a
case of ensuring that
the ‘rules’ are
followed. It must also
be about establishing
a culture of
conformance that both
recognises and shares
Best Practice
44
www.risk-uk.com
There’s a general misconception around
what compliance really is and, often, what
compliance may be used for within a given
business. On many occasions, we will be privy
to phrases such as: “Our intention is to ensure
that we are compliant in order to drive and
exceed the required standards”. To be frank,
the individuals uttering such phrases are really
talking about conformance.
Conformance applies to strategies and plans
adopted within the business in a bid for that
organisation to be more productive or to
improve on quality. Compliance, on the other
hand, applies to laws and regulations that the
organisation has no option but to follow or risk
facing penalties. Laws and regulations may
potentially be productive for society as a whole
or a particular client, but don’t necessarily
contribute towards an organisation’s end goals.
There are several key benefits that a riskbased
compliance framework will provide for
any business. These are the avoidance of
criminal charges, the building of a positive
reputation, improved operations and
productivity, enhanced consistency and the
stimulation of staff engagement. Such a
framework can also serve as a driver for change
and innovation when required.
Historically, there had been little or no selfregulation
in the private security sector and
standards varied widely. The Private Security
Industry Act 2001 was passed into law to
protect and reassure the public and businesses
by preventing unsuitable individuals from
occupying and working in positions of trust and
raising standards generally within the industry.
Specifically, the Private Security Industry Act
2001 established ‘rules’ and required the
implementation of compliance audits to ensure
private security companies complied with both
the Act and its related standards.
The Approved Contractor Scheme (ACS) was
formulated to encourage businesses to raise
their standards in nine different areas, the most
significant of which is people management. As
a result, individuals working within the private
security industry are given assurances towards
their welfare and professional development by
working for an ACS-registered company. Among
others, the benefits include better training,
improved working hours and a more
streamlined management process.
While the Private Security Industry Act 2001
and the ACS have served to increase operating
costs for security companies, end user
customers of registered businesses are
afforded a level of comfort that they’re
employing a security service provider regularly
audited to an agreed standard of operating
capability and conformity.
Increased regulation isn’t something every
industry sector welcomes, but in our space it
exists to improve operating standards and has
most certainly been instrumental in enhancing
reputations as well as creating a greater level of
competence in the UK’s private security
industry as a whole.
Only expect what you inspect
The basis of any protective security solution
worth its salt revolves around four main effects:
Detect, Deter, Deny, Respond. While transacting
my own duties as a compliance and
performance manager for our business, I
always have these four words in mind.
We’re looking to detect non-compliant staff
as well as non-compliant working practices. We
want to deter bad working practices and any
ignorance of applicable regulations. There’s
always a strong desire to deny penalties or
fines to both our company and our clients and
deny non-compliant staff access to our clients.
Last, but not least, we want procedures in
place to respond to a security event in tandem
with competent and well-trained staff capable
of providing the required level of response.

Security Services: Best Practice Casebook
Non-compliance is simply not a risk you can
take in the security industry and yet it does
happen. If you choose not to go beyond the
base level requirements of ‘the inspected’ you
will only see what you ‘expect’ to see. You will
not learn and develop beyond those very basic
requirements necessary to ensure protective
security systems remain fit for purpose.
Not being compliant with screening
procedures, for example, could mean a
company aids the infiltration of staff who
shouldn’t be deployed in the security industry.
This could be anyone from a person with a
criminal record to an individual with terrorist
links. Take this to its conclusion and you can
see why it’s so vitally important to get it right.
The best compliance procedures and systems
should be easy to understand and use, logical,
valid and add value to the business rather than
hindering its progress. A great compliance
manager is someone who doesn’t view things
in black and white, but will assess each
situation in a measured way, using experience
and knowledge of the boundaries to reach
acceptable solutions for both the company’s
clients and operating businesses.
Implementing Best Practice
Compliance frameworks often vary in design,
but they all have the same purpose: to ensure
that established ‘rules’ are followed in order to
safeguard people and the business.
Furthermore, a good compliance framework will
provide a platform for engagement with staff
and encouraging the right behaviours and
agreeable ways of working.
By developing conformance into our
compliance framework, we’re able to engage
and motivate staff, improve our working
practices and overall performance and establish
protective security systems relevant to both the
defined need and assessed risk.
In my role as a compliance manager, I work
from a compliance framework that outlines our
quality assurance process and provides the
basis of what I need to examine. This process
needs to remain robust in order to ensure
continual improvement in what we do. Our
documents and managed processes that
formulate our compliance framework are
designed to achieve such an outcome.
Working through our quality assurance
process, I’m able to more effectively review our
sites’ key documents and systems and better
observe operating practices. This process has
several key components, beginning with how a
given site is complying with the contractual
agreements in place that defines what we have
agreed to deliver as a service.
Second, I’m able to identify and examine key
documents such as security plans, procedures
and those records required to meet the varied
regulations and standards that govern the
private security industry. At Wilson James, we
maintain certification to a number of standards
including ISO 9001, ISO 14001 and OHSAS
18001. Within our ISO 9001 certification are
included the Codes of Practice BS 7499, BS
7858, BS 7958 and BS 7960. These relate to
security guarding, the screening of security
staff, CCTV management and door supervision.
Finally, and importantly, we incorporate our
own internal company standards that enable us
to ‘deep dive’ into the protective security
systems in use and determine their individual
and collective effectiveness. Our quality
assurance process incorporates all of these
standards to ensure that the ‘rules’ and Best
Practice are regularly examined.
Plugging any gaps
The contents of the British and ISO Standards
listed above are wide-ranging. For us, rather
than just being ‘compliant’ in terms of
delivering a service, the whole business is
examined at Board level to not only capture our
compliance obligations, but also to fully
understand the personal opinions of the people
working for us and the quality of the varied
systems in use. This ensures that any gaps are
quickly identified and filled.
Compliance reaches into the heart of our
company finances, our attitude towards
Corporate Social Responsibility, equality,
diversity and inclusion and our approach to
new legislation such as the Modern Slavery Act.
Of great importance is the fact that our
compliance framework allows us to recognise
how we must continually change in order to
professionalise our security service offerings
and meet the challenges presented by what is a
dynamic working environment. We have to
address the risk profile so as to safeguard our
customers’ interests.
For us, the compliance framework is about far
more than an audit. Rather, it provides the
foundation upon which to govern the business
and drive our direction to continuously improve
upon what it is that we do and how we do it.
The framework is a platform from which we can
continually improve what we do as a business.
Darren Ward:
Business Performance
Director at Wilson James
“Compliance reaches into the heart of our company
finances, our attitude towards Corporate Social
Responsibility, equality, diversity and inclusion and our
approach towards new legislation”
45
www.risk-uk.com

Under Physical Control: Preventing Cyber
Attacks Enabled Through The Front Door
While many
companies are doing
more to prevent cyber
attacks compromising
their businesses
online, they often
forget about (or
otherwise pay less
attention to) the risk
of cyber criminals
bypassing network
perimeter security and
walking in through the
front door. Nathan
King warns that some
cyber criminals are
still managing to gain
entry on two feet and
stresses the need for
testing of physical
security controls
Even for those organisations blessed with
reasonable levels of security awareness
and maturity, it’s readily apparent that the
attention afforded to cyber security has pushed
the risks and controls of physical security to
one side. It’s difficult to quantify how common
such breaches are as they tend to be less welldetected,
but it must be stressed that gaining
unauthorised access to a building can be far
easier than hacking into a network remotely.
While the risks involved with physical
security breaches are generally not worth the
rewards for casual opportunists, for organised
gangs or a motivated skilled attacker, a
physical breach can provide a powerful ‘foot in
the door’ and duly afford onward access to
those all-important secure corporate systems.
Gaining access to a building doesn’t
necessitate an out-of-hours break-in, either. For
every business, there are third parties who are
expected to enter offices and buildings for
various purposes such as landlord inspections,
fire alarm maintenance, Health and Safety
audits, the cleaning and upkeep of drinks
dispensers, candidates coming in for interviews
or suppliers arranging purchaser meetings.
The ‘high-vis’ effect is a well-known tactic.
Anyone in a high-vis jacket, and who looks like
they know where they’re going, tends not to be
challenged. Tailgating is another very common
tactic. Even for businesses with card-based
access control on all doors, it’s relatively easy
to follow authorised personnel into restricted
areas. Sometimes, those authorised personnel
will even hold the door open for whomever’s
behind them.
The best way to put IT defences to the test is
to simulate real-world malicious attacks with
the latest and most sophisticated techniques
used by cyber criminals. Penetration testing is
designed to see just how easy it is to break into
a network or computer system and steal
valuable data. While most penetration tests
don’t include an assessment of physical
security controls and social engineering
exercises, there’s a growing demand for
independent physical assurance exercises and
‘red team’ engagements, which allow any
attack method to be used, including walking
through the main entrance to plant malicious
devices or retrieve sensitive information.
How easy is it?
When planning a physical security and social
engineering exercise, we will often simply
masquerade as an external individual in a
position of trust or authority such as a fire
extinguisher/Portable Appliance Testing
engineer, or maybe an individual in a Health
and Safety role. This is very difficult to guard
against unless staff awareness training is
robust as human nature dictates that we’ll be
helpful to individuals requiring our assistance.
Individuals will often claim that they have an
urgent or safety-critical requirement to address
as no-one wants to be the person who disrupts
an important activity which could potentially
endanger the lives of colleagues or
subsequently result in a failed audit process.
Implanting devices within the IT
infrastructure usually takes a matter of seconds
once someone’s through the door. We have
several physical implants at our disposal, all of
them designed to quickly facilitate
unauthorised access to systems as part of
penetration testing exercises. We’ve designed
and built implants for specific scenarios.
There are many low-cost devices available for
sale on the Internet. These devices can be
attached directly to networks or workstations
and allow the user to bypass common security
controls in order to facilitate remote
unauthorised access to the corporate network.
At this point, it’s largely game over. Further
penetration testing and compromise of systems
46
www.risk-uk.com

Cyber Security: Testing Physical Security Controls
and assets from the physical premises is
seldom necessary at this juncture as the
implants allow us to gain access to networks
from outside of the physical perimeter. They’re
designed to defeat or circumvent many
common security controls, including network
access control solutions, which often claim to
prevent unauthorised devices from admission
to the network.
In those organisations with basic technical
controls, we will simply attach a small-form
wireless access point to re-establish access,
often from the car park, as a proof-of-concept.
Other devices are more complex in their
automatic abilities to establish covert egress
channels via Internet connections.
For longer-term engagements, we can use
implants embedded in common objects such as
power supplies such that they’re less
conspicuous. In most cases, having achieved
our objectives, we’re able to leave the building
without any concerns or alarms being raised by
the host organisation under scrutiny.
Preventing physical breaches
Organisations often underestimate the ease
with which someone who’s motivated can gain
access to their premises. It’s clearly important
to monitor internal networks as thoroughly as
external networks for any anomalies, but user
awareness is absolutely key for protection.
Any organisation that wants to defend
against physical attacks needs to encourage
robust processes for allowing access to offices
and ensure visitors are properly escorted.
Employees need to be willing to challenge
visitors if they’re suspicious and have
escalation routes they can use if they’re
concerned about any strangers in the office.
When we point out that the person in the
corner at the computer is really one of our
colleagues who has ‘talked their way in’, there’s
nearly always a sea of stunned faces and the
message sinks in pretty quickly.
Traditionally, penetration testing and ‘red
teaming’ has been something associated with
banks and financial services companies, large
corporations and Government. The demand for
such skilled and technical investigation and
analysis is on the rise. Such a test comprises a
comprehensive examination of infrastructure,
systems, applications, services and, in some
cases, physical security in order to determine if
and how these could be abused by real-world
attackers to gain unauthorised access to
information assets or compromise integrity.
Importantly, how can you have confidence
and trust in the people you choose to transact
this sensitive work? You need to be sure that
“While most penetration tests don’t include an
assessment of physical security controls and social
engineering exercises, there’s now a growing demand for
independent physical assurance exercises”
you’re working with professionally qualified and
skilled individuals from companies with the
appropriate processes and methodologies in
place to protect data and integrity.
That’s where CREST comes in. CREST is a notfor-profit
body established by the technical
security industry with the support of the UK
Government to provide internationallyrecognised
accreditation for organisations and
certification of individuals providing
penetration testing, cyber incident response
and threat intelligence services.
All CREST member companies undergo
stringent assessment every year and sign up to
a strict and enforceable Code of Conduct, while
CREST-qualified individuals must pass the most
challenging and rigorous examinations in the
industry worldwide to demonstrate their
knowledge, skill and competence.
More information on crest is available online
at www.crest-approved.org
Benefits of testing
The benefits of penetration testing are
numerous. It’s about being able to understand
the current exposure and risk to protect assets
and brand and also receiving both constructive
and pragmatic remediation advice to reduce
risk in the most cost-effective way possible.
Such testing is also focused on identifying
flawed information security processes and
addressing them at the root cause, meeting
internal and external compliance requirements
and demonstrating due diligence when it comes
to the protection of confidential information.
Once a penetration test is complete, the host
organisation will generally receive a report
which details all vulnerabilities, weaknesses
and exposures unearthed by the testing team.
Armed with this information, the host
organisation can start to tackle the risks as
identified and produce a prioritised mitigation
plan aligned with the company’s risk appetite.
Where patterns of vulnerability have been
identified, a root cause analysis can help to
address the problem at source rather than
treating individual symptoms.
Understanding both cyber and physical
threats is essential for every business. It’s fair
to state that a more holistic approach towards
cyber security and ensuring that all staff are
trained and informed can reduce the risk.
Nathan King: Director at Cyberis
47
www.risk-uk.com

Risk in Action
Delta Security assists
Woodbridge High
School on ‘lockdown’
Delta Security, the CCTV and
access control specialist, has
assisted Essex-based
Woodbridge High School to
further enhance the safety of
its pupils and staff with the
installation of new swing
gates that automatically
close and restrict access in
the event of a ‘lockdown’ scenario.
‘Lockdown’ is a procedure designed to quickly restrict access and egress to a
given site or building (or part of it) through the use of physical measures in
response to a threat, either external or internal in nature. The ‘lockdown’
system is designed such that the gates, situated at the school’s entrance,
integrate with the existing access control and fob system. This enables school
staff and visitors to access the site, but the system can be overridden and shut
down by authorised school personnel if site ‘lockdown’ is required.
Redbridge Council has asked that all schools in the area put ‘lockdown’
systems in place, and Woodbridge High School – a co-educational
comprehensive school for circa 1,650 pupils aged from 11 to 18, as well as 170
staff – is one of the first in the area to have mobilised its system.
The gates are fitted with a CAME Stylo automation, which is ideal for
pedestrian gates, and feature a highly-robust 24 V self-locking motor that’s
readily able to cope with intensive use.
Dave Mundy, operations director at Delta Security, told Risk UK: “‘Lockdown’
procedures are becoming increasingly prevalent in schools. We’ve seen
increased interest from central London schools, especially those located near
transport hubs such as St Pancras and Liverpool Street, and more recently in
schools further out from the city centre.”
Frank Gordon, business manager at Woodbridge High School, added: “Each
year, we build-in further layers of security. In today’s climate, it’s particularly
important to ensure that our perimeter is always as secure as possible.”
Axis Security moves to strengthen
security contract relationship with
Broadgate Estates
Axis Security has won a further contract with
Broadgate Estates to provide security services
for a ‘trophy building’ – namely Ropemaker
Place – that’s resident within the latter’s
portfolio in the City of London. The security
solutions provider has worked with Broadgate
Estates for a number of years now, providing
security services to Paternoster Square, the
Corn Exchange and 30 North Colonnade.
Ropemaker Place is a 20-storey commercial
building with two trading floors at the lower
level. It’s occupied by a variety of international
finance and investment companies.
Included in the new contract are security
guarding services, as well as management of
the Post Room, the Control Room and loading
bay services. Services are delivered by 30
personnel across 1,310 hours per week, with a
tenant contract also located at Ropemaker
Place and managed by Broadgate Estates.
The 26 existing employees were transferred
to Axis Security employment via TUPE, while a
further four support personnel have been
recruited to ensure seamless delivery of the
large-scale security operation.
The employee benefits package provided by
Axis Security proved fundamental to the
business winning the contract.
Advanced’s testing system for
emergency lighting chosen by
National Mountain Sports Centre
Lux Intelligent, the testing system for
emergency lighting, has been specified to
replace an obsolete system at Plas y Brenin,
the National Mountain Sports Centre in the
heart of Snowdonia.
The National Mountain Sports Centre is the
home of mountain sports, providing both
residential and non-residential courses
catering for all ages in a range of mountain
and water sports.
An addressable automatic test system, Lux
Intelligent was chosen for the 216-year-old
facility because of its ease of installation and
the performance benefits it delivers. The
system has allowed the existing wiring, exit
signs and 300 luminaires to be kept, in turn
saving considerable time and cost.
Installer Brian Jones, electrical engineer at
Delta Fire and Security, said: “The Centre’s
existing emergency lighting product had
become obsolete, making repairs and finding
replacement parts difficult. Lux Intelligent was
easy to install using the National Mountain
Sports Centre’s LAN network.”
Lux Intelligent ensures that all emergency
lighting is functioning and compliant with BS
5266-1. It’s a flexible system with panels
supporting 1-4 loops, 249 devices per loop
and up to 200 panels in a network.
Lux Intelligent is compatible with most third
party lights and luminaires, including LEDs,
thus affording end users purchasing freedom.
48
www.risk-uk.com

Risk in Action
Spire Manchester Hospital
secured thanks to Abloy UK’s
PROTEC2 CLIQ
Abloy UK has supplied Spire Manchester
Hospital with PROTEC2 CLIQ and Traka 21
advanced key management systems
designed to improve the security of
medicines and increase nursing efficiency.
Spire Manchester Hospital is part of Spire
Healthcare, a leading independent hospital
group offering both in-patient and outpatient
procedures in a wide range of areas.
The company recently invested £70 million
to build this new flagship hospital in
Didsbury, Manchester.
For many healthcare institutions, nursing
efficiency and medicine management can be
a major cause of concern, with drugs
needing to be secured effectively while also
affording nurses quick and convenient
access. Nursing efficiency is detrimentally
affected by poor key management. Teams
using older mechanical systems frequently
have problems locating keys to gain access
to controlled drugs, wasting nursing time
and affecting patient care.
Taking a progressive approach to this
process, Spire Manchester Hospital specified
a combination of PROTEC2 CLIQ keys and
cylinders which were easily retrofitted to a
range of Bristol Maid drug cabinets
throughout the hospital for theatres, outpatients
and several wards.
Staff CLIQ keys are housed in Traka 21 key
cabinets fitted across the wards.
PROTEC2 CLIQ is an access control system
based on mechanical high security disc
cylinders combined with encrypted
electronic locking and identification. Power
to the lock is provided by the CLIQ key. No
batteries or wires are required to either the
lock or drug cabinet, making it an ideal
retrofit solution – even for applications such
as mobile drug trolleys.
The system allows for remote key
management, providing comprehensive audit
trails on locks and padlocks for end users.
Thames Water ensures
generators are always ready
courtesy of EyeLynx
Thames Water manages more than
4,500 sites – the majority of them
unmanned – that require security to
protect the water supply for over 14
million people. The potential for
theft, accidental pollution, the safety
hazard of sewage and even mindless
vandalism mean that site safety and security are paramount at all times.
Now, on-site emergency back-up generators at the UK’s largest water and
waste company are being protected thanks to state-of-the-art remote
monitoring kits. Thames Water asked CCTV and video analytics specialist
EyeLynx to devise a temporary ‘light-touch’ remote monitoring solution to
protect its ‘Always Ready Hubs’ in portable cabins at strategic sites.
Part of the Zaun perimeter protection group that has worked with Thames
Water on its AMP6 framework for more than four years, EyeLynx has created a
solution based on its SharpView video recording and management software.
CCTV cameras are installed at a number of strategic locations across the
Thames Water estate together with infrared sensors and audio alarms powered
by solar batteries and networked with 4G connectivity.
This set-up renders the installation almost maintenance-free, with the
beaming of HD video and other sensor data for live monitoring and recording
on a remote footing.
SharpView systems can record and manage multi-megapixel and HD video
evidence from an unlimited number of CCTV cameras. Alarms are recorded from
other security devices, such as facial recognition, intruder and fire sensors.
Back in 2013, Thames Water selected Zaun as one of four appointed
contractors on its framework agreement for the supply and installation of both
security fencing and gates and also as one of three for ongoing maintenance.
Ideagen’s Pentana Performance software underpins
Worcester City Council’s transformation programme
Worcester City Council, which provides essential services for over 95,000
residents, is adopting software from Ideagen as it looks to set up a reporting
and performance monitoring system better aligned to a new structure.
The City Council needs to ensure that the correct information and data is
presented and managed by the appropriate committee following a recent move
away from a cabinet-style leadership to a committee structure of governance.
Ideagen’s Pentana Performance software ensures that operational monitoring
and reporting will be replicated electronically, thereby providing the City
Council with the single picture of performance that it wishes to view.
David Sutton, deputy director for commissioning and transformation at
Worcester City Council, said: “The Pentana Performance software will align
structurally to the way in which we’re set up as an organisation. The software
will integrate risks and performance, ensuring that they’re being managed and
monitored in one system rather than across three or four.”
As well as playing a key role in the City Council’s corporate internal
transformation project, Pentana
Performance will monitor departmental
and service-related performance,
actions, risks and feedback.
Sutton added: “We’ll be using
Pentana Performance to support
management and oversight of the
Council’s key corporate programmes.”
49
www.risk-uk.com

Technology in Focus
Blancco Technology Group’s Erasure-as-a-Service offers
solution for data concerns
Blancco Technology Group has
announced the launch of its Erasureas-a-Service
(EaaS) offer, which is
now available through the Blancco
managed service provider (MSP)
partner programme.
The new offer and partner
programme allows MSPs to integrate the Blancco Data Eraser software within IT
service offerings, thereby assisting businesses to permanently erase data from
all IT assets, mitigate security risks, reduce costs and comply with various data
protection regulations.
The MSP partner programme reflects a transition in the company’s business
model, which has traditionally relied on direct sales. Through this programme,
the business will look towards key strategic partners to integrate its data
erasure software into their offerings, thereby strengthening its position in
various markets and delivering significant benefits to the bottom line.
Since launching the EaaS programme, the company has signed deals with no
less than 14 global and regional partners, among them Fujitsu and TechChef.
www.blancco.com
Pelco integrates VideoXpert
VMS with AMAG Technology
Pelco has joined forces with AMAG
Technology to create an integration that
provides a scalable access control and
surveillance system management
solution, enabling end users across a
wide spectrum of applications to make faster and more informed decisions.
“The integration of Pelco’s VideoXpert VMS and AMAG Technology’s
Symmetry access control system provides security professionals with an
extremely powerful and versatile system management and control solution,”
stated Jonathan Lewit, director of technology leadership at Pelco. “By engaging
with industry leaders like AMAG Technology, Pelco continues to focus its
attentions on providing end users with meaningful innovations that deliver the
best combination of performance, functionality and cost-efficiency.”
The integration of Pelco’s VideoXpert VMS and AMAG Technology’s Symmetry
access control system affords a number of versatile ways in which to combine
surveillance and access devices with software into a unified security
management system. The integrated solution is standardised for any IP LAN,
WAN or VPN network and purpose-designed for minimal bandwidth use.
For smaller systems, a single PC can host both VideoXpert and Symmetry,
acting as both the client and server for the end user.
Other benefits of the VideoXpert VMS and Symmetry access control system
integration include a user interface design with graphical map capability,
comprehensive alarm handling features and the potential for unlimited client
workstations, card readers and card holders. Additionally, video badging and
visitor management software is included as part of the package.
“As security professionals continue to look for ways in which to increase
efficiencies and control costs, there’s a driving demand for system solutions
that seamlessly integrate high performance surveillance and access control
technologies,” observed Dave Ella, vice-president of products and partner
programmes at AMAG Technology.
www.pelco.com
Scanna introduces Rapiscan
620VE X-ray machine
Scanna has launched its Rapiscan 620VE
small frame high performance X-ray scanner
for postal and building security clients who
want to screen larger objects, but have
reduced operating space.
The Rapiscan 620VE machine offers a
sizeable 62 x 42 cm tunnel for the screening
of larger-sized boxes and visitor bags, but
boasts a short frame size of only 168 cm
(without UK safety tunnels) and a width of
just 82 cm.
The viewing screen is a generous 22”, with
its height adjusted to be on an optimised
ergonomic level for operators with a modernstyle
monitor cart assisting end users
requiring remote
operations.
The 620VE
model
incorporates
Rapiscan
enhanced
software
algorithms that
provide “far
superior”
imaging to the original XR models.
www.scanna-msc.com
Hikvision and Paxton create
“seamless” vehicle entry system
Hikvision UK & Ireland has successfully
integrated its ANPR solution with Paxton’s Net2
access control system to provide a host of
benefits for installers and integrators which can
be passed on to their end user customers.
Working in a stand-alone environment or as
part of a wider Hikvision solution, this
integration allows legacy and new Hikvision
ANPR systems to be operated seamlessly from
the Net2 system, helping to control a gate or a
barrier by associating a car registration number
with an access control credential (such as an
entry card or key fob) over multiple formats by
dint of using a Wiegand interface.
www.hikvision.com
50
www.risk-uk.com

Technology in Focus
Patent-protected
access control
platform from UNION
UNION, a UK division of ASSA
ABLOY, has launched the keyPRIME patented
dimple cylinder platform with a reversible key
design. Through the existing patent protection
and with an expected lifetime extension until
2036, keyPRIME offers the longest patent
protection available on the market. The patent
affords secure key control with key blanks only
available from stated UNION keyPRIME dealers.
UNION keyPRIME is a high quality, value for
money platform designed to meet the security
needs of end users operating in commercial,
education and healthcare environments. It’s
also ideal for small business and local
Government use and can be keyed for either
one or multiple doors, while cylinder upgrades
or replacements are easy to install.
The platform is certified to BS EN 1303:2015,
offering anti-pick, anti-drill, anti-bump and antipull
protection as standard. The flat reversible
key exhibits a contemporary design constructed
from strong, high quality nickel silver.
All UNION keyPRIME cylinders feature a DIN
18252 cam for Euro cylinders and are
compatible with all DIN standard lock cases.
The solution is available as a ‘master key’,
‘keyed alike’ or ‘keyed to differ’ solution in
euro, single, double or key-and-turn cylinders.
www.uniononline.co.uk
Multitone expands Appear range of
powerful and secure Mobile
Messaging Apps
Multitone Electronics plc, a specialist in the
design, manufacture and implementation of
integrated communication systems, has
unveiled two new versions of its secure
corporate mobile communications App.
The Multitone Appear Smart App operates in
the healthcare and retail sectors, showing the
status and availability of contacts and
ensuring that voice, text, video and image
messaging are routed and acknowledged.
Multitone Appear+ provides new multimedia
and rich content functionality, while Multitone
Appear Lite simplifies the application for high
speed and convenient messaging, with
acknowledgement and proof of delivery. Both
new versions are powered by Multitone’s i-
Message unified messaging platform, in turn
OPTEX brings independentlyprogrammable
BX Shield
outdoor PIR to market
Sensor manufacturer OPTEX has recently
launched its BX Shield Series sensors –
encompassing a range of curtain motion
sensors ideal for protecting windows and the
immediate boundaries of a building or site –
in the EMEA region.
Complementing the best-selling VX Shield
Series launched in the autumn, the new
Shield concept combines great usability with
versatile design. The BX Shield Series
includes four PIRs, two on each side, while
the detection range and sensitivity may be
adjusted independently for each side of the
sensor. The detection area can be easily set
up to 12 m/40 ft (24 m/80 ft in total).
The BX Shield Series boasts four models:
two standard, hardwired PIRs (BXS-ST) in
addition to two hardwired models with antimasking
(BXS-AM).
There are also two battery-powered
models, namely the standard (BXS-R) and
anti-masking (BXS-RAM) versions.
All are equipped with digitally-enhanced
signal recognition logic known as Super
Multidimensional Analysis (SMDA). By
analysing detection patterns and
environmental information, SMDA can
distinguish between the causes of nuisance
false alarms and genuine intrusions.
For environments where the temperature
difference between the human body and the
background is very small, the extreme high
detection mode increases PIR sensitivity in
order to prevent any missed alarms.
www.optex-europe.com
bringing different (ie phone, e-mail and
paging) and disparate (eg BMS, security and
fire alarms) communications together.
Multitone’s Appear+ offers new options. For
example, a copy of the patient consent form
can be attached as a digital signature,
providing approval for sensitive clinical images
to be shared between authorised users within
a secure corporate network.
The App also features an in-built Session
Initiation Protocol phone client. This is linked
directly to Multitone i-Message and enables
the user to securely call and talk to other App
or phone users. Coupled with an in-built
conference bridge, the App allows users to
access group discussions. At the same time,
Multitone Appear+ can be fully-integrated with
other building or medical facility systems,
such as fire alarms and nurse call solutions, to
ensure relevant staff are immediately updated.
www.multitone.com
51
www.risk-uk.com

thepaper
Business News for Security Professionals
Pro-Activ Publications is embarking on a revolutionary
launch: a FORTNIGHTLY NEWSPAPER dedicated to the
latest financial and business information for
professionals operating in the security sector
The Paper will bring subscribers (including CEOs,
managing directors and finance directors within the
UK’s major security businesses) all the latest company
and sector financials, details of business re-brands,
market research and trends and M&A activity
FOR FURTHER INFORMATION
ON THE PAPER CONTACT:
Brian Sims BA (Hons) Hon FSyI
(Editor, The Paper and Risk UK)
Telephone: 020 8295 8304
e-mail: brian.sims@risk-uk.com
www.thepaper.uk.com

Appointments
Dr Alison Wakefield
FSyI
The Security Institute has
announced that academic
criminologist Dr Alison
Wakefield FSyI will become
the organisation’s new
chairman with effect from
January 2018, taking over
the reins from Garry
Evanson CSyP FSyI.
Wakefield is senior lecturer in security risk
management at the University of Portsmouth,
where she’s also course leader of the BSc
degree course in Risk and Security Management
and the Professional Doctorate focused on the
discipline of Security Risk Management.
Alison Wakefield’s track record of accolades is
impressive to say the very least. Earlier this
year, Wakefield – who holds a BA (Hull) and
MPhil PhD (Cambridge) – was awarded the
prestigious Imbert Prize by the Association of
Security Consultants.
In terms of her work to date both with and for
The Security Institute, Wakefield has served as
vice-chairman of the organisation since 2015
and as a Board director from 2010. Previously,
Wakefield was a director with the International
Institute of Security from 2004 prior to its
merger with The Security Institute in 2008.
In 2010-2011, Wakefield chaired the Institute’s
Working Party that devised the pathways to
becoming a Chartered Security Professional,
and now serves as academic advisor to the
Chartered Security Professionals Registration
Authority. Wakefield also chaired the Institute’s
Academic Board at the point of the launch of
the organisation’s qualifications in 2010 and the
Knowledge Centre three years later.
“I’m honoured to be appointed chairman of
The Security Institute,” observed Wakefield.
Jo Davis
Mitie Group plc, the UK’s largest FM company,
has appointed Jo Davis as Group Human
Resources (HR) director. Based in London,
Davis will join the Group in January next year
from itsu, the healthy eating retail chain,
where she served as Group HR director.
At itsu, Davis led the HR division that was
awarded ‘HR Team of the Year’ at this year’s
CIPD People Management Awards. Davis also
played a pivotal role in positioning the
company as ‘one to watch’ in The Sunday
Times’ coveted Best Companies survey.
Prior to joining itsu, Davis held several
senior HR roles at Sainsbury’s including HR
director of Netto, its discount retailer, and
Appointments
Risk UK keeps you up-to-date with all the latest people
moves in the security, fire, IT and Government sectors
Barry Dawson
Security solutions provider Wilson James has
amalgamated its City of London and Southern
business regions to create a £65 million
operational ‘powerhouse’ that’s designed to
spearhead a targeted expansion of the
company’s specialist security services.
This latest move signals the firm’s increasing
focus on offering clients a high-level range of
technology, cyber and intelligence-led security
solutions to complement its industry-leading
security guarding offer.
The new Southern Region will be led by Barry
Dawson, who joins the business with 30 years’
high-level experience in the security industry
encompassing Board-level roles at both VSG
and Advance Security.
Dawson is joined by risk management expert
Gavin Wilson, technical specialist Don McCann
and Marc Bannister, all of them working with
Crawford Boyce to create and deliver ‘strategic
journeys’ for each client in the region.
“The strategic journey is a tailored approach
that allows us to offer clients a range of services
including not just excellent security guarding,
but also Front of House, counter-terrorism,
intelligence reporting, global travel risk and
social media monitoring,” commented Dawson.
Reporting directly to Dawson are Allison
Fraser, Mark Jones and Shai Zach who become
strategic account directors, all of them pivotal
within the region in ensuring that Wilson James
continues to deliver service excellence.
head of people and operations for Asia, based
in Shanghai. Before joining Sainsbury’s, Davis
worked in the financial services sector at both
Santander and Kleinwort Benson.
Commenting on Davis’ appointment, Phil
Bentley (CEO of Mitie Group) explained to Risk
UK: “I’m delighted Jo will be joining Mitie in
January. Jo has tremendous energy and drive,
and will add a fresh voice and valuable
transformational experience to the business.
I’m determined that Mitie is recognised as a
‘Great Place to Work’ and Jo’s appointment is a
key step forward in achieving that ambition.”
On her new role, Davis stated: “With over
53,000 employees in locations throughout the
UK, Mitie is a true people business. I’m very
excited to be joining the company.”
53
www.risk-uk.com

Appointments
Millie Banerjee CBE
Home Secretary Amber Rudd has appointed Millie
Banerjee CBE as chairman of the College of Policing.
Banerjee will now oversee the professional body for
everyone in policing and work with the organisation’s
newly-confirmed CEO, Mike Cunningham QPM, to
professionalise policing still further and make sure
officers and staff alike have the skills and knowledge
they need in order to keep the country safe.
“I have spent many years in policing and it has been a
privilege to witness the dedication and compassion of officers and staff to
protect the public,” said Banerjee. “This is evident when I see that public
approval for the police service has remained high despite officers and staff
being faced with complex crime, a reduced workforce and greater demand.”
Banerjee has enjoyed a long and varied career in the private and public
sectors. She was chairman of the British Transport Police Authority for seven
years and held several non-executive appointments, including as a nonexecutive
director of the Cabinet Office, Channel 4, the Prisons Board, the
Peabody Trust and Ofcom.
Banerjee is currently chairman of NHS Blood and Transplant in addition to
serving as a Board member of the East London NHS Foundation Trust.
Karl Hydes
Outsourced support
services provider Anchor
Group Services – a
specialist in integrated
security solutions and an
Approved Contractor with
the Security Industry
Authority – has appointed
Karl Hydes in the role of
national operations director to further develop
the company’s growing portfolio of both
regional and national accounts.
Hydes joins with a wealth of experience,
having spent the last several years at Savills UK
and Churchill Contract Services, where he was
instrumental in developing the operational
offerings for public and private sector clients
right across the UK.
Speaking about his new role, Hydes
commented: “I’m excited to begin a new
challenge within Anchor and look forward to
working with the team on further developing
our service offer. I’m very fortunate to be
joining such a respected company that prides
itself on top quality service.”
Hydes began his new role in November,
initially taking over responsibility for the North
West region prior to assuming a full national
role. To ensure a smooth transition, Hydes
worked with general manager Alex Hiles
throughout last month.
Andrew Harper, CEO of Anchor Group
Services, stated: “I’m delighted to welcome Karl
to the Anchor family. As a senior figure in the
industry, Karl brings a wealth of operational
and strategic experience at a national level.”
Ashley Lane
Digital forensics triage
specialist Evidence Talks
has appointed Ashley
Lane as the business’
new CEO, while Elizabeth
Sheldon now steps up to
the role of company
chairman.
Joining from
technology company MASS where he served as
managing director, Lane’s enviable record
combines achievements in converting
technologies into successful business
propositions with significant expertise in cyber
security, information management and digital
forensics services, along with software and
electronics product development.
Speaking about his appointment, Lane
informed Risk UK: “We operate in a crucial
market that requires a constant focus on the
ability to accelerate advancements. Right now,
we’re deeply engaged in executing our growth
strategy to tackle the rising complexities and
sophistication in digital crime. I’m really looking
forward to working with clients on delivering
their evidential requirements in both a fast and
effective manner.”
Keith Bardsley
Hanwha Techwin has
appointed Keith
Bardsley as business
development manager
for the North of
England. Bardsley will
now work closely with
installers and system
integrators to identify
new opportunities for Wisenet video
surveillance solutions and provide pre- and
post-sales support for ongoing projects.
Prior to joining Hanwha Techwin, Bardsley
was regional sales manager for NW Systems
Group, a systems integrator specialising in IP
network-based security solutions. He has
also worked for both Intech Solutions and
ADT Fire & Security.
Bob Hwang, managing director of Hanwha
Techwin Europe, told Risk UK: “We are
delivering on our promise to provide the best
possible support for our business partners
and customers alike by continuing to
increase our pre- and post-sales resources in
line with increased demand. I’m pleased to
welcome Keith to our UK sales team. He will
be able to put his extensive knowledge of IP
video surveillance technology to good use by
supporting installers and integrators alike.”
54
www.risk-uk.com

“
You have to be here if you want
to be regarded as a key player
in the security market.
“
27,658
visitors from
116 countries
79%
of visitors come to
source new products
£20.7bn
total budget of
visitors to IFSEC 2017
Enquire about exhibiting at IFSEC 2018: ifsec.events/international
Proud to be supported by:

Best Value Security Products from Insight Security
www.insight-security.com Tel: +44 (0)1273 475500
...and
lots
more
Computer
Security
Anti-Climb Paints
& Barriers
Metal Detectors
(inc. Walkthru)
Security, Search
& Safety Mirrors
Security Screws &
Fastenings
Padlocks, Hasps
& Security Chains
Key Safes & Key
Control Products
Traffic Flow &
Management
see our
website
ACCESS CONTROL
KERI SYSTEMS UK LTD
Tel: + 44 (0) 1763 273 243
Fax: + 44 (0) 1763 274 106
Email: sales@kerisystems.co.uk
www.kerisystems.co.uk
ACCESS CONTROL
ACCESS CONTROL
ACT
ACT – Ireland, Unit C1, South City Business Park,
Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100
ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,
Warrington, WA3 7GB. Tel: +44 161 236 9488
sales@act.eu www.act.eu
ACCESS CONTROL – BARRIERS, GATES, CCTV
ABSOLUTE ACCESS
Aberford Road, Leeds, LS15 4EF
Tel: 01132 813511
E: richard.samwell@absoluteaccess.co.uk
www.absoluteaccess.co.uk
Access Control, Automatic Gates, Barriers, Blockers, CCTV
ACCESS CONTROL
COVA SECURITY GATES LTD
Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards
Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68
Tel: 01293 553888 Fax: 01293 611007
Email: sales@covasecuritygates.com
Web: www.covasecuritygates.com
ACCESS CONTROL & DOOR HARDWARE
ALPRO ARCHITECTURAL HARDWARE
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,
Waterproof Keypads, Door Closers, Deadlocks plus many more
T: 01202 676262 Fax: 01202 680101
E: info@alpro.co.uk
Web: www.alpro.co.uk
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES
HTC PARKING AND SECURITY LIMITED
St. James’ Bus. Centre, Wilderspool Causeway,
Warrington Cheshire WA4 6PS
Tel 01925 552740 M: 07969 650 394
info@htcparkingandsecurity.co.uk
www.htcparkingandsecurity.co.uk
ACCESS CONTROL
INTEGRATED DESIGN LIMITED
Integrated Design Limited, Feltham Point,
Air Park Way, Feltham, Middlesex. TW13 7EQ
Tel: +44 (0) 208 890 5550
sales@idl.co.uk
www.fastlane-turnstiles.com
ACCESS CONTROL
SECURE ACCESS TECHNOLOGY LIMITED
Authorised Dealer
Tel: 0845 1 300 855 Fax: 0845 1 300 866
Email: info@secure-access.co.uk
Website: www.secure-access.co.uk
ACCESS CONTROL MANUFACTURER
NORTECH CONTROL SYSTEMS LTD.
Nortech House, William Brown Close
Llantarnam Park, Cwmbran NP44 3AB
Tel: 01633 485533
Email: sales@nortechcontrol.com
www.nortechcontrol.com
Custom Designed Equipment
• Indicator Panels
• Complex Door Interlocking
• Sequence Control
• Door Status Systems
• Panic Alarms
• Bespoke Products
www.hoyles.com
sales@hoyles.com
Tel: +44 (0)1744 886600
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES
UKB INTERNATIONAL LTD
Planet Place, Newcastle upon Tyne
Tyne and Wear NE12 6RD
Tel: 0845 643 2122
Email: sales@ukbinternational.com
Web: www.ukbinternational.com
Hoyles are the UK’s leading supplier of
custom designed equipment for the
security and access control industry.
From simple indicator panels to
complex door interlock systems.
BUSINESS CONTINUITY
ACCESS CONTROL, INTRUSION DETECTION AND VIDEO MANAGEMENT
VANDERBILT INTERNATIONAL (UK) LTD
Suite 7, Castlegate Business Park
Caldicot, South Wales NP26 5AD UK
Main: +44 (0) 2036 300 670
email: info.uk@vanderbiltindustries.com
web: www.vanderbiltindustries.com
BUSINESS CONTINUITY MANAGEMENT
CONTINUITY FORUM
Creating Continuity ....... Building Resilience
A not-for-profit organisation providing help and support
Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845
Email: membership@continuityforum.org
Web: www.continuityforum.org
www.insight-security.com Tel: +44 (0)1273 475500

CCTV
CCTV
Rapid Deployment Digital IP High Resolution CCTV
40 hour battery, Solar, Wind Turbine and Thermal Imaging
Wired or wireless communication fixed IP
CE Certified
Modicam Europe, 5 Station Road, Shepreth,
Cambridgeshire SG8 6PZ
www.modicam.com sales@modicameurope.com
CCTV SPECIALISTS
PLETTAC SECURITY LTD
Unit 39 Sir Frank Whittle Business Centre,
Great Central Way, Rugby, Warwickshire CV21 3XH
Tel: 01788 567811 Fax: 01788 544 549
Email: jackie@plettac.co.uk
www.plettac.co.uk
CONTROL ROOM & MONITORING SERVICES
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS
ALTRON COMMUNICATIONS EQUIPMENT LTD
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ
Tel: +44 (0) 1269 831431
Email: cctvsales@altron.co.uk
Web: www.altron.co.uk
ADVANCED MONITORING SERVICES
EUROTECH MONITORING SERVICES LTD.
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring
• Vehicle Tracking • Message Handling
• Help Desk Facilities • Keyholding/Alarm Response
Tel: 0208 889 0475 Fax: 0208 889 6679
E-MAIL eurotech@eurotechmonitoring.net
Web: www.eurotechmonitoring.net
CCTV
G-TEC
Gtec House, 35-37 Whitton Dene
Hounslow, Middlesex TW3 2JN
Tel: 0208 898 9500
www.gtecsecurity.co.uk
sales@gtecsecurity.co.uk
DISTRIBUTORS
SPECIALISTS IN HD CCTV
MaxxOne
Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP
Tel +44 (0)161 430 3849
www.maxxone.com
sales@onlinesecurityproducts.co.uk
www.onlinesecurityproducts.co.uk
CCTV & IP SECURITY SOLUTIONS
PANASONIC SYSTEM COMMUNICATIONS COMPANY
EUROPE
Panasonic House, Willoughby Road
Bracknell, Berkshire RG12 8FP UK
Tel: 0207 0226530
Email: info@business.panasonic.co.uk
AWARD-WINNING, LEADING GLOBAL WHOLESALE
DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.
ADI GLOBAL DISTRIBUTION
Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company
also offers an internal technical support team, dedicated field support engineers along with a suite of
training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified
time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online
account, installers can order up to 7pm for next day delivery.
Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk
COMMUNICATIONS & TRANSMISSION EQUIPMENT
KBC NETWORKS LTD.
Barham Court, Teston, Maidstone, Kent ME18 5BZ
www.kbcnetworks.com
Phone: 01622 618787
Fax: 020 7100 8147
Email: emeasales@kbcnetworks.com
TO ADVERTISE HERE CONTACT:
Paul Amura
Tel: 020 8295 8307
Email: paul.amura@proactivpubs.co.uk
DIGITAL IP CCTV
SESYS LTD
High resolution ATEX certified cameras, rapid deployment
cameras and fixed IP CCTV surveillance solutions available with
wired or wireless communications.
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG
Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333
Email: info@sesys.co.uk www.sesys.co.uk
www.insight-security.com Tel: +44 (0)1273 475500

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS
CONTROL AND INTRUDER DETECTION SOLUTIONS
NORBAIN SD LTD
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP
Tel: 0118 912 5000 Fax: 0118 912 5001
www.norbain.com
Email: info@norbain.com
INTEGRATED SECURITY SOLUTIONS
INNER RANGE EUROPE LTD
Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,
Reading, Berkshire RG74GB, United Kingdom
Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001
Email: ireurope@innerrange.co.uk
www.innerrange.com
UK LEADERS IN BIG BRAND CCTV DISTRIBUTION
SATSECURE
Hikivision & MaxxOne (logos) Authorised Dealer
Unit A10 Pear Mill, Lower Bredbury,
Stockport. SK6 2BP
Tel +44 (0)161 430 3849
www.satsecure.uk
IDENTIFICATION
PERIMETER PROTECTION
ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS
GJD MANUFACTURING LTD
Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX
Tel: + 44 (0) 1706 363998
Fax: + 44 (0) 1706 363991
Email: info@gjd.co.uk
www.gjd.co.uk
PERIMETER PROTECTION
GPS PERIMETER SYSTEMS LTD
14 Low Farm Place, Moulton Park
Northampton, NN3 6HY UK
Tel: +44(0)1604 648344 Fax: +44(0)1604 646097
E-mail: info@gpsperimeter.co.uk
Web site: www.gpsperimeter.co.uk
COMPLETE SOLUTIONS FOR IDENTIFICATION
DATABAC GROUP LIMITED
1 The Ashway Centre, Elm Crescent,
Kingston upon Thames, Surrey KT2 6HH
Tel: +44 (0)20 8546 9826
Fax:+44 (0)20 8547 1026
enquiries@databac.com
POWER
INDUSTRY ORGANISATIONS
POWER SUPPLIES – DC SWITCH MODE AND AC
DYCON LTD
Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER
Tel: 01443 471900 Fax: 01443 479 374
Email: sales@dyconpower.com
www.dyconpower.com
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY
BRITISH SECURITY INDUSTRY ASSOCIATION
Tel: 0845 389 3889
Email: info@bsia.co.uk
Website: www.bsia.co.uk
Twitter: @thebsia
INTEGRATED SECURITY SOLUTIONS
UPS - UNINTERRUPTIBLE POWER SUPPLIES
ADEPT POWER SOLUTIONS LTD
Adept House, 65 South Way, Walworth Business Park
Andover, Hants SP10 5AF
Tel: 01264 351415 Fax: 01264 351217
Web: www.adeptpower.co.uk
E-mail: sales@adeptpower.co.uk
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
HONEYWELL SECURITY AND FIRE
Tel: +44 (0) 844 8000 235
E-mail: securitysales@honeywell.com
UPS - UNINTERRUPTIBLE POWER SUPPLIES
UNINTERRUPTIBLE POWER SUPPLIES LTD
Woodgate, Bartley Wood Business Park
Hook, Hampshire RG27 9XA
Tel: 01256 386700 5152 e-mail:
sales@upspower.co.uk
www.upspower.co.uk
www.insight-security.com Tel: +44 (0)1273 475500

SECURITY
ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS
INSIGHT SECURITY
Units 1 & 2 Cliffe Industrial Estate
Lewes, East Sussex BN8 6JL
Tel: 01273 475500
Email:info@insight-security.com
www.insight-security.com
CASH & VALUABLES IN TRANSIT
CONTRACT SECURITY SERVICES LTD
Challenger House, 125 Gunnersbury Lane, London W3 8LH
Tel: 020 8752 0160 Fax: 020 8992 9536
E: info@contractsecurity.co.uk
E: sales@contractsecurity.co.uk
Web: www.contractsecurity.co.uk
EXPERTS IN X-RAY SCANNING SECURITY EQUIPMENT SINCE 1950
TODD RESEARCH
1 Stirling Way, Papworth Business Park
Papworth Everard, Cambridgeshire CB23 3GY
United Kingdom
Tel: 01480 832202
Email: xray@toddresearch.co.uk
FENCING SPECIALISTS
J B CORRIE & CO LTD
Frenchmans Road
Petersfield, Hampshire GU32 3AP
Tel: 01730 237100
Fax: 01730 264915
email: fencing@jbcorrie.co.uk
INTRUSION DETECTION AND PERIMETER PROTECTION
OPTEX (EUROPE) LTD
Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre
optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B
Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ
Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311
Email: sales@optex-europe.com
www.optex-europe.com
ONLINE SECURITY SUPERMARKET
EBUYELECTRICAL.COM
Lincoln House,
Malcolm Street
Derby DE23 8LT
Tel: 0871 208 1187
www.ebuyelectrical.com
LIFE SAFETY EQUIPMENT
C-TEC
Challenge Way, Martland Park,
Wigan WN5 OLD United Kingdom
Tel: +44 (0) 1942 322744
Fax: +44 (0) 1942 829867
Website: www.c-tec.com
PERIMETER SECURITY
TAKEX EUROPE LTD
Aviary Court, Wade Road, Basingstoke
Hampshire RG24 8PE
Tel: +44 (0) 1256 475555
Fax: +44 (0) 1256 466268
Email: sales@takex.com
Web: www.takex.com
SECURITY EQUIPMENT
PYRONIX LIMITED
Secure House, Braithwell Way, Hellaby,
Rotherham, South Yorkshire, S66 8QY.
Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042
www.facebook.com/Pyronix
www.linkedin.com/company/pyronix www.twitter.com/pyronix
SECURITY SYSTEMS
BOSCH SECURITY SYSTEMS LTD
PO Box 750, Uxbridge, Middlesex UB9 5ZJ
Tel: 0330 1239979
E-mail: uk.securitysystems@bosch.com
Web: uk.boschsecurity.com
INTRUDER AND FIRE PRODUCTS
CQR SECURITY
125 Pasture road, Moreton, Wirral UK CH46 4 TH
Tel: 0151 606 1000
Fax: 0151 606 1122
Email: andyw@cqr.co.uk
www.cqr.co.uk
SECURITY EQUIPMENT
CASTLE
Secure House, Braithwell Way, Hellaby,
Rotherham, South Yorkshire, S66 8QY
TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042
www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity
www.twitter.com/castlesecurity
QUALITY SECURITY AND SUPPORT SERVICES
CONSTANT SECURITY SERVICES
Cliff Street, Rotherham, South Yorkshire S64 9HU
Tel: 0845 330 4400
Email: contact@constant-services.com
www.constant-services.com
SECURITY PRODUCTS
EATON
Eaton is one of the world’s leading manufacturers of security equipment
its Scantronic and Menvier product lines are suitable for all types of
commercial and residential installations.
Tel: 01594 545 400 Email: securitysales@eaton.com
Web: www.uk.eaton.com Twitter: @securityTP
SECURE CONNECTIVITY PROVIDERS
CSL
T: +44 (0)1895 474 474
sales@csldual.com
@CSLDualCom
www.csldual.com
SECURITY SYSTEMS
VICON INDUSTRIES LTD.
Brunel Way, Fareham
Hampshire, PO15 5TX
United Kingdom
www.vicon.com
www.insight-security.com Tel: +44 (0)1273 475500

HVM Bollards and Street Furniture
Protecng Pedestrians, Crowded Locaons, Infrastructure
and Perimeters from Hosle Vehicles
bristorm.com
BSI PAS 68
BSI PAS 170
IWA 14 ‐ 1
ASTM F2656
Protecng crowded locaons from vehicle‐borne aacks
www.bristorm.com | info@bristorm.com | +44 (0)1902 499400