Do you know the secret to free website traffic?

Use this trick to increase the number of new potential customers.

March 2018


Security and Fire Management

The Centre of Intelligence

Integrating Technology and Security Guarding

News Special: ASIS European Security Conference 2018

BSIA Briefing: Preparing for the EU’s GDPR

Perimeter Protection: Utilities Sector Solutions Examined

FIA Technical Briefing: Detecting Stratified Smoke

SkyHawk AI

The hawk is back and

smarter than ever.

Gain the commercial edge with SkyHawk AI,

built for AI-enabled surveillance systems,

and now protected by SkyHawk Health.


©2017 Seagate Technology LLC. All rights reserved.

March 2018


34 Meet The Security Company

In association with the NSI, Risk UK continues its ‘Meet The

Security Company’ series by asking Risk Management Security

Services’ managing director Graham Tilly some key questions

Preparing for the EU’s GDPR (pp17-18)

5 Editorial Comment

6 News Update

BS ISO 31000 revised. ICO data protection work funding model.

New counter-terrorism technology unveiled by Home Office

8 News Analysis: PwC’s Crime and Fraud Survey

PwC’s latest study highlights that half of those UK organisations

questioned have been the victim of fraud and/or economic crime

in the last two years. Brian Sims delves into the fine detail

11 News Special: ASIS Europe 2018

ASIS International’s annual European Security Conference and

Exhibition runs from 18-20 April at the Postillion Convention

Centre in Rotterdam. Brian Sims previews the content on offer

14 Opinion: Security Business Sector Insight

Simon Chapman examines the impact of the IoT and how it’s

actively enhancing remote monitoring via Intelligence Centres

17 BSIA Briefing

What exactly does it mean to be compliant with the European

Union’s General Data Protection Regulation, which comes into

force at the end of May? James Kelly outlines the main points

20 The Global Context: Risk in 2018

In the second instalment of an exclusive series, Nicola Crawford

provides an overview of the risk landscape emerging in 2018

38 The Security Institute’s View

Rachel Anne Carter focuses on the important role of the

insurance industry in the delivery of security solutions

40 In The Spotlight: ASIS International UK Chapter

Jerry Ross spoke at a recent ASIS Young Professionals Group

event and gave an account of how she embarked on a career in

the field of intelligence and, subsequently, security

42 FIA Technical Briefing

Fire detection in large open spaces has often proved to be

something of a challenge for project designers, as Robert Yates

and Peter Massingberd-Mundy discover

44 Security Services: Best Practice Casebook

With workplace stress on the increase and mental health issues

now firmly on the agenda, this really should be something that

businesses are tackling head on. Louise McCree investigates

46 Cyber Focus: IP Security and Surveillance

Iain Deuchars describes the features within active network

equipment that can prevent cyber attacks from being successful

48 Training and Career Development

Appropriate training in medical and vehicle rescue capabilities is

now of paramount importance, as Neil Pedersen observes

50 Risk in Action

51 Technology in Focus

53 Appointments

22 Acting on Auto

Paul Woodhouse addresses the security mechanisms that must

be put in place when it comes to autonomous vehicles

24 Making Water Security Work

Jason Hunter evaluates the security implications of proposed

changes in the 2019 Price Review formula for the water industry

27 From Forensics to Real-Time

Lucas Young discusses the business case for protecting the UK’s

transport infrastructures with IP camera and audio technology

28 The Changing Face of Security Services

Risk UK’s regular Security Guarding Supplement features

contributions from Axis Security, CIS Security and TrackTik

56 The Risk UK Directory

ISSN 1740-3480

Risk UK is published monthly by Pro-Activ Publications

Ltd and specifically aimed at security and risk

management, loss prevention, business continuity and

fire safety professionals operating within the UK’s largest

commercial organisations

© Pro-Activ Publications Ltd 2018

All rights reserved. No part of this publication may be

reproduced or transmitted in any form or by any means

electronic or mechanical (including photocopying, recording

or any information storage and retrieval system) without the

prior written permission of the publisher

The views expressed in Risk UK are not necessarily those of

the publisher

Risk UK is currently available for an annual subscription rate of

£78.00 (UK only)


Risk UK

PO Box 332

Dartford DA1 9FF

Editor Brian Sims BA (Hons) Hon FSyI

Tel: 0208 295 8304 Mob: 07500 606013

e-mail: brian.sims@risk-uk.com

Design and Production Matt Jarvis

Tel: 0208 295 8310 Fax: 0870 429 2015

e-mail: matt.jarvis@proactivpubs.co.uk

Advertisement Director Paul Amura

Tel: 0208 295 8307 Fax: 01322 292295

e-mail: paul.amura@proactivpubs.co.uk

Administration Tracey Beale

Tel: 0208 295 8306 Fax: 01322 292295

e-mail: tracey.beale@proactivpubs.co.uk

Managing Director Mark Quittenton

Chairman Larry O’Leary

Editorial: 0208 295 8304

Advertising: 0208 295 8307



Texecom Connect App

Android version now available

Interact, control and integrate your Texecom security system like never before

The Texecom Connect App allows you to control your security directly from your compatible

system events and monitor cameras or activity from anywhere in the world.


Sales: +44 (0)1706 220460

Watch the Texecom

Connect App video

Texecom Connect App

New smartphone application for

Android & iOS operating systems

Texecom Connect SmartCom

Texecom Connect WiFi & ethernet


Texecom Connect SmartPlug

Ricochet ® enabled

wireless plug

Editorial Comment

All Eyes on Cyber

The large-scale cyber attacks that occurred last year have

served to reaffirm the need for fashioning cyber-resilient

organisations. That’s according to the Business Continuity

Institute’s (BCI) Horizon Scan 2018, released in association with

the BSI. For the second year in succession, the threat posed by

data breaches has been ranked second.

The BCI’s Horizon Scan assesses the business preparedness of

657 organisations worldwide and shows that 53% of business

continuity and resilience professionals are ‘extremely concerned’

about the possibility of a cyber attack. Meanwhile, 42% are

worried about the possibility of a data breach, with 36%

concerned about unplanned IT or telecommunications outages.

Physical security challenges also remain a major concern for

organisations, with 18% of businesses questioned identifying

any interruption to utility supplies and adverse weather as being

severe threats. There’s an intrinsic connection between these

two concerns, as severe weather events – such as Hurricane Irma

and Hurricane Harvey – often damage infrastructure and utility

services. This unavoidable chain reaction reinforces the

importance of workplace recovery plans designed to help

organisations become better prepared for crises, in turn ensuring

the safety of their staff and the stability of operations.

The BCI’s report suggests that professionals are becoming

increasingly aware of the benefits that business continuity

brings to their organisations. The use of ISO 22301 for business

continuity is certainly burgeoning, as is the investment made

into detailed business continuity management programmes.

Moreover, the results of the study suggest that there’s a

positive correlation between the amount of time spent by

organisations in adopting and embedding business continuity

management arrangements and the likelihood of businesses to

keep investing in them. No less than 86% of organisations

who’ve had business continuity plans in place for five years or

more stated that they will either increase or maintain their

investment in this area. The BCI’s report proposes that this could

be due to the fact that professionals are beginning to see a

return on investment from their business continuity planning.

Howard Kerr, CEO at the BSI, informed Risk UK: “With the

stakes continuing to rise as the development of more

sophisticated smart technologies gathers pace, organisations

simply cannot afford to be complacent. They may well be

cognisant of the importance of business continuity, but it’s not

just this that will build their organisational resilience. A much

more holistic approach is required. One that’s focused on

understanding all strengths and vulnerabilities.”

Terrorism and/or gun violence appear to be a growing concern

for many business continuity professionals who should also

determine to remain vigilant about natural catastrophes and

pandemics that could occur in the short term and might well

exert a highly disruptive impact.

Positively, organisations do seem to be heading in the right

direction in terms of preparedness. Detailed business continuity

arrangements now exhibit consistent growth. A win-win scenario.

Brian Sims BA (Hons) Hon FSyI


December 2012



International standard for managing risk

in organisations revised by BSI

BSI, the business standards company, has

published the revised international standard for

risk management BS ISO 31000:2018 Risk

Management: Guidelines. The purpose of this

standard is to assist a given organisation to

integrate risk management into all of its

activities and functions.

Properly implemented, risk management

improves performance, encourages innovation

and supports the achievement of objectives.

With that in mind, BS ISO 31000 provides Best

Practice guidance on how an organisation can

create the framework for a risk management

strategy which aligns with its broader goals.

Risk can take many shapes and forms

including economic, political and

environmental. BS ISO 31000 is intentionally

broad in its scope in order to assist

organisations with managing risk of any kind,

and is consequently applicable to organisations

in all sectors.

A notable change in this revision is a review

of the principles of risk management. One of

these is continual improvement. This means it’s

not enough for an organisation to create a risk

management framework which is never

revisited or reviewed. To be effective, the risk

management framework needs to take into

account the context of the organisation and its

current risk management practices so that gaps

can be addressed. The different parts of the

framework and how they work together should

always be adapted for specific needs.

Human and cultural factors are also key. For

example, different opinions will affect risk

appetite in addition to the judgement and

perception of risk. A traditional hierarchical

organisation may have very different attitudes

towards risk when compared to a collaborative,

innovation-based company.

This latest revision of BS ISO 31000

highlights the importance of top management

not only implementing risk management, but

also promoting it. Ultimately, the effectiveness

of risk management depends on its integration

into an organisation at all levels.

Anne Hayes, head of the governance and

resilience sector at the BSI, informed Risk UK:

“Effective risk management is about all levels of

an organisation strategically planning for both

today and tomorrow. BS ISO 31000 provides

structured risk management guidance for

organisations such that they can prepare

effectively for the future. Ultimately, having a

plan in place is in the very best interests of

everyone’s safety, security and resilience.”

New Government model announced for funding data protection work of ICO

The Government has announced a new charging structure for data controllers to ensure the

continued funding of the Information Commissioner’s Office (ICO). The new structure was laid

before Parliament on Tuesday 20 February as a Statutory Instrument and will come into effect on 25

May 2018 in order to coincide directly with the advent of the European Union’s General Data

Protection Regulation (GDPR). Until then, organisations are legally required to pay the current

notification fee unless they’re exempt from having to do so.

To help data controllers understand why there’s a new funding model and what they’ll be

required to pay from 25 May 2018, the ICO has produced a Guide to the Data Protection Fee.

The ICO’s data protection work is currently funded through fees levied on organisations that

process personal data (as stated, unless they’re exempt). This is transacted under powers granted

in the Data Protection Act 1998. When the GDPR comes into effect in late May, it will remove the

requirement for data controllers to pay the ICO a fee.

The Government has proposed the new funding structure based on the relative risk to the data

that an organisation processes. The model is divided into three tiers (more of which anon) and

based on a number of factors including an organisation’s size, turnover and whether it’s a public

authority or charity. For very small organisations, the fee will not be any higher than the £35 they

currently pay (if they take advantage of a £5 reduction for paying by direct debit).

Larger organisations will be required to pay £2,900. The fee is higher here because these

organisations are likely to hold and process the largest volumes of data. As such, the risk is greater.

The new fees are as follows: Tier 1 – Micro organisations Maximum turnover of £632,000 or no

more than ten members of staff. Fee: £40 (or £35 if paid by direct debit) Tier 2 – SMEs Maximum

turnover of £36 million or no more than 250 members of staff. Fee: £60 Tier 3 – Large organisations

Those not meeting the criteria of Tiers 1 or 2. Fee: £2,900



News Update

New technology unveiled by Home

Office in bid to help combat

terrorist content online

The Home Office has announced the

development of new technology to

automatically detect terrorist content on any

online platforms. Tests have shown that this

new tool can automatically detect 94% of

Daesh propaganda with 99.995% accuracy. It

boasts “an extremely high degree of

accuracy”. For instance, if it analyses one

million randomly selected videos, only 50

would require additional human review. The

tool can be used by any platform and

integrated into the upload process such that

the majority of video propaganda is stopped

before it ever reaches the Internet.

Developed by the Home Office and ASI Data

Science, the technology uses advanced

machine learning to analyse the audio and

visuals of a video and determine whether it

could be Daesh propaganda. The Home Office

and ASI Data Science will be sharing the

methodology behind the new model with

smaller companies to help combat abuse of

their digital platforms by terrorists.

Many of the major tech companies have

developed technology specific to their own

platforms and publicly reported on the

difference this is making in their fight against

terrorist content. Smaller platforms, however,

are increasingly targeted by Daesh and its

supporters and often don’t have the same

level of resources to develop such technology.

The model, which has been tested using

over 1,000 Daesh videos, isn’t specific to one

platform. That being the case, it can be used

to support the detection of terrorist

propaganda across a range of video streaming

and download sites in real-time.

Welcoming the new technology, Home

Secretary Amber Rudd (pictured) said: “Over

the last year, we’ve been engaging with

Internet companies to make sure that their

platforms are not being abused by terrorists

and their supporters. I have been impressed

with their work so far following the launch of

the Global Internet Forum to Counter

Terrorism, although there’s still more to be

done. I do hope this new technology which the

Home Office has helped to develop can

support others to go further and faster.”

Separately, new Home Office analysis

demonstrates that Daesh supporters used

more than 400 unique online platforms to

push out their poisonous material in 2017,

highlighting the importance of technology that

can be applied across different platforms.

Previous research has found the majority of

links to Daesh propaganda are disseminated

within two hours of release.

London Mayor’s Budget confirms

additional £110 million for

Metropolitan Police Service in 2018

Sadiq Khan, the Mayor of London, has

committed to investing an additional £110

million into the Metropolitan Police Service

across the next 12 months. This substantial

investment means that City Hall is paying a

greater percentage of the overall policing

budget in the capital than ever before – up

from 18% in 2010 to 23%, in fact.

Since 2010-2011, the Metropolitan Police

Service’s general grant funding from the

Government has fallen by more than £700

million (or nearly 40% in real terms) on a likefor-like

basis. Indeed, the Metropolitan Police

Service has had to find roughly £600 million

worth of savings, with the Mayor of London

orchestrating a further £150 million of savings

since taking office.

This has led to the loss of a third of police

staff posts, which are down from 14,330 to

9,985, as well as two-thirds of Police

Community Support Officer posts. These are

down from 4,607 to 1,591. In addition, there

are now 114 fewer police station front counters

and 120 less police buildings.

Khan has repeatedly warned that, with

further savings still needed, the Metropolitan

Police Service is running out of options and

that police officer numbers in the capital could

fall significantly below 30,000 before 2021 – a

dangerous low which “presents a serious risk”

to the safety of Londoners.

Khan commented: “These are challenging

times, with Brexit posing a real threat to jobs

and prosperity and the Government’s

continued austerity programme damaging

public services in our city. However, I’m

convinced that this Budget will improve the

lives of all Londoners and increase the

opportunities available for our citizens to fulfil

their potential.”

The Mayor continued: “The Government has

repeatedly refused to act on the funding crisis

facing police services across Britain. This

leaves me with no choice but to take the

unusual step of increasing police funding from

London business rates as well as Council Tax.

However, tackling rising crime will also require

us to be tough on the causes of crime.”

In this Budget, Khan has created a new £45

million Young Londoners Fund to support

education, sport and cultural activities for

them over the next three years.



“Fraud increasing in cost and complexity for

UK organisations” reports PwC Survey

PwC’s latest study

highlights that half of

those UK


questioned have been

the victim of fraud

and/or economic crime

in the last two years.

More than half (51%)

of the most disruptive

crimes resulted in

losses of over £72,000

compared to 37% on

the global stage.

Nearly a quarter of UK

victims (24%, to be

precise) lost more

than £720,000. Brian

Sims reports



Plainly, not enough is being done by UK

organisations when it comes to actively

preventing fraud. Only half of respondents

to the latest PwC study reported having carried

out a fraud risk assessment in the last two

years. This is an important first step in the

process to allow for the right prevention

measures to be put in place.

The findings are taken from PwC’s ninth

biennial Global Economic Crime and Fraud

Survey, which is based on input from more than

7,000 business decision-makers across 123

countries, including 146 from the UK (32% of

them C-Suite representatives and 46% heads of

department/business units).

Fran Marwood, forensics partner at PwC,

explained to Risk UK: “The cost of fraud to UK

business continues to rise, due at least in part

to the increasing threat from cyber fraud. While

the direct losses are quantifiable, the wider

effects can be far more damaging. UK

organisations have told us that the cost and

disruption of sorting out the aftermath, as well

as the effects on employee morale, business

relations and brand are big hidden costs.”

Marwood added: “Times of uncertainty and

change often help fraudsters to exploit

weaknesses in an organisation’s systems. In

this current period of pretty rapid business

change, understanding the risks and possible

avenues for attack is now more crucial than

ever. Against this backdrop, only half of UK

businesses are currently analysing the risks

posed to them by fraud.”

Potential of technology

This year’s study shows a shift towards

technology-enabled crime, bribery and

corruption as well as procurement fraud. Cyber

crime was the most prevalent (overtaking asset

theft as the top fraud type for the first time

since the survey began back in 2002), and was

experienced by nearly half (49%) of economic

crime victims in the UK (global: 31%). 42% of

respondents expect this to continue to be the

most serious type of fraud in terms of business

impact over the coming two years.

Marwood continued: “Much of the cyber

crime in the UK comes from external overseas

threats. As the world’s fifth largest economy, it’s

no surprise that the resources of UK

organisations are seen as an attractive target

by global fraudsters. Over half of respondents

reported suffering phishing attacks, which are

transacted on a large scale to play the odds.

Ultimately, cyber defence relies on people

understanding the threat. On that basis,

training, awareness and escalation routes are

just as important as any defensive technology.”

Despite being faced with an ongoing flow of

fraudulent activity, the research suggests UK

organisations are relying heavily on people with

the skills to detect it, rather than employing

more advanced technologies. General antifraud

controls were reported to be the most

successful detection method (uncovering 19%

of frauds), followed by tip-offs/whistleblowing

(16%) and internal audit (15%).

While the majority of organisations are using

technology to monitor or detect fraud in some

way, it’s not always performing particularly

well. Suspicious activity monitoring spotted

10% of fraud, while data analytics detected only

1% (the latter down from 8% according to the

results of the same study two years ago).

Anti-fraud technology has much more to

offer, but UK organisations are behind the

global average in its uptake. Around one-in-five

firms have no plans to look at more advanced

techniques – such as predictive analytics (19%)

or machine learning (22%) – in order to combat

or monitor fraud in future.

Marwood outlined: “Technology is opening

up more avenues for fraudsters, but also

providing new and innovative ways of

protecting against it. As economic crime

continues to remain high, it underlines the

need for new approaches. UK organisations are

News Analysis: PwC Global Economic Crime and Fraud Survey

missing out on opportunities to detect

anomalies in their data that might indicate

fraud. It’s not about just plugging in a new

piece of technology and hoping that solves the

problem alone. Rather, it’s about harnessing

the combined power of skilled people and the

right technologies to stand the best chance of

tackling the problem.”

Additional study findings

More than half (55%) of UK frauds were

committed by external actors (eg hackers,

customers and intermediaries were most

common) versus a global average of 40%.

Of those frauds carried out by internal parties

(33%), half were committed by senior

management, which is up from 18% in 2016 and

double that of the global average (24%).

There’s a sharp increase in reported bribery

and corruption in the UK from 6% in 2016 to

23% in this year’s study. This is more likely to

be as a result of the positive stance the UK has

taken on anti-bribery measures (including the

Bribery Act introduced in 2010) leading to

increased transparency rather than an actual

rise in cases.

UK firms are spending more than ever on

compliance. Over half (54%) have witnessed an

increase in their compliance spend in the last

two years compared to 42% globally.

Marwood went on to explain: “The increase

in reported bribery is of particular interest,

coming at a time when UK business is ahead of

most global territories from a compliance

perspective, largely as a result of measures

required by the UK Bribery Act. The

effectiveness of these measures, the additional

ethical due diligence being conducted and the

huge compliance resources introduced over the

last few years are clearly succeeding in flushing

out historic cases.”

In conclusion, Marwood commented: “While

increased levels of reported crime cannot

always be directly equated to the actual crimes

increasing, the study shows a greater

awareness and understanding of the various

types, perpetrators, impacts and costs of fraud

among UK organisations. However, there’s still

more work to be done, and particularly so in

terms of understanding and acting on the

specific risks that today’s organisations face

due to fraud, cyber threats and bribery, as well

as investing in people and technology to

combat the ever-evolving threat.”

Systemic failures

Meanwhile, systemic senior management

failure to protect consumers and prevent money

laundering will result in the William Hill Group

“There’s a sharp increase in reported bribery and corruption

in the UK from 6% in 2016 to 23% in this year’s study. This

is likely due to the stance taken on anti-bribery measures”

(WHG) paying a penalty package of “at least

£6.2 million”. A Gambling Commission

investigation has revealed that, between

November 2014 and August 2016, the gambling

business breached anti-money laundering and

social responsibility regulations.

Senior management failed to mitigate risks

and have sufficient numbers of staff to ensure

that the company’s anti-money laundering and

social responsibility processes were effective.

This resulted in ten customers being allowed to

deposit large sums of money linked to criminal

offences which resulted in gains for the WHG of

around £1.2 million. WHG did not adequately

seek information about the source of the funds

or establish whether the people involved were

“problem gamblers”.

WHG will pay more than £5 million for

breaching regulations and divest itself of the

£1.2 million earned from transactions with the

ten customers. Where victims of the ten

customers are identified, they will be

reimbursed. If further incidents of failures

relating to this case emerge, WHG will divest

any money made from these transactions.

WHG will also appoint external auditors to

review the effectiveness and implementation of

its anti-money laundering and social

responsibility policies and procedures and

share learning with the wider industry.

Neil McArthur, executive director of the

Gambling Commission, said: “We will use the

full range of our enforcement powers to make

gambling fairer and safer. This was a systemic

failing at the William Hill Group which went on

for nearly two years. The penalty package,

which could exceed £6.2 million, reflects the

seriousness of the breaches.”

McArthur concluded: “Gambling businesses

have a responsibility to ensure that they keep

crime out of gambling and tackle problem

gambling. As part of that, they must be

constantly curious about where the money they

are taking is coming from.”

Nick Gaubitch, research manager (EMEA) at

Pindrop, commented: “The penalty imposed on

the William Hill Group shines a rather

interesting spotlight on fraud detection within

the industry. How efficiently companies

mitigate risk and fraudulent transactions, and

particularly so with machine learning and voice

authentication, should play a key part in

defending vulnerable channels.”



Powerful web based

controller, powered

by smart devices.






Inception is an integrated access control and security

alarm system with a design edge that sets it apart

from the pack. Featuring built in web based software,

the Inception system is simple to access using a web

browser on a Computer, Tablet or Smartphone.

With a step by step commissioning guide and

outstanding user interface, Inception is easy to

install and very easy to operate.

For more information simply scan the QR code

or visit innerrange.com.






No Software




Easy Setup

with Checklist


Send IP Alarms via

the Multipath-IP


T: +44 845 470 5000

E: ireurope@innerrange.co.uk

W: innerrange.com

News Special: ASIS European Security Conference 2018

ASIS Europe 2018: ‘From Risk to Resilience’

Practising security professionals find

themselves operating in an era where the

Internet of Things (IoT) is rendering once

established lines of responsibility obsolete,

while in parallel the risk of terrorism and

ongoing political turmoil remain only too real.

In addition, developments in Artificial

Intelligence (AI) and drone technology, for

example, continue apace. With this backdrop in

mind, next month’s ASIS European Security

Conference (otherwise known as ASIS Europe

2018) is designed to confront all of these and,

indeed, many more of today’s key topics.

As a global community of security

practitioners tasked with the protection of

assets – encompassing people, property and

information – ASIS is uniquely positioned to

address the ‘issues of the day’ when it comes

to enterprise-wide risks. As such, cyberphysical

threats in hyper-complex and

connected environments will be core themes for

the 2018 gathering (as indeed they were at the

2017 event in Italy).

The conference programme itself runs on

both Thursday 19 April (10.30 am-5.30 pm) and

Friday 20 April (from 9.30 am until 1.30 pm),

with registration commencing from 8.00 am on

both days. This is prefaced on the evening of

Wednesday 18 April in the form of a Welcome

Party from 6.00 pm until 8.00 pm.

ASIS Europe 2018 will offer multiple tracks of

valuable learning opportunities including

Keynotes, Masterclasses, executive sessions,

training and a Careers Centre running alongside

the exhibition. Exhibiting companies booked to

attend include AS Solution, beTravelwise,

Bosch Security Systems, the BSI Group,

Dataminr, Darktrace, the Deltagon Group,

Dormakaba, exploqii, F24, Falanx Assynt,

Fastcom Technology, Genetec, Groundwork, Hill

& Smith/Bristorm, the IE Business School,

Indigovision, Johnson Controls, Nedap, QCC

Global, Safehotels, Securitas Europe, Signpost

Six, Stratfor, The Hague Security Delta,

Trackforce, Trigion and Videotec.

For its part, Nedap will be sharing knowledge

about the key steps to consider when selecting

a global physical access control system. The

company has asked the Swiss Reinsurance

Company Ltd (Swiss Re), the world’s secondlargest

reinsurer, to give a presentation about

its challenges and learnings when introducing a

global physical access control system.

Christoph Teuber, Swiss Re’s head of group

security, will highlight the challenges and

ASIS Europe 2018 – ASIS International’s annual European

Security Conference and Exhibition – runs from 18-20 April at

the Postillion Convention Centre. Brian Sims previews the

educational content on offer for those risk and security

management professionals making the trip to Rotterdam

lessons learned during the implementation of

its global security project. In essence, the

presentation is designed to showcase the

different steps that need to be taken for a

physical access control system and its

implementation. What are the reasons to move

to a new system? What are the requirements of

the new system? How should professionals

manage a global system roll-out?

Security of information systems and premises

are of paramount importance to operations at

companies like Swiss Re. Thanks to its own

AEOS solution, Nedap has been able to deliver

a state-of-the-art physical access control

system capable of managing the ever-evolving

security challenges faced by organisations.

Impact of technology

The opening Plenary Session at conference is

not to be missed. In 2018, the focus is on ‘What

the Next Ten Years of the IoT and AI Will

Realise’, a pivotal subject to be covered in

some detail by Tom Raftery (global vicepresident,

futurist and IoT evangelist at SAP).

Raftery will set the scene for conference with

expert insight around the organisational

impacts of Big Data, automation and AI. What

will this mean for organisations and jobs in the

future? How quickly will changes take place?

What are the key benefits for businesses?

This session runs from 9.00 am-10.00 am on

Thursday 19 April and examines the



News Special: ASIS European Security Conference 2018

Eduard Emde CPP:

Chairman of ASIS Europe

2018 and Head of the

Security Section at the

European Space Agency

*Register for attendance at

ASIS Europe 2018 by visiting


perspectives of businesses, consumers,

shareholders and communities alike, setting

the parameters within which security

professionals and, in particular, security

leaders need to operate.

Following on from Raftery’s delivery,

Conference Track 1 features a presentation by

Scott Klososky, founding partner at Future Point

of View. From 10.40 am until 11.10 am, Klososky

(a renowned technology trend expert) will seek

to challenge established thinking by outlining

new security concerns created by the

technology innovations shaping the business

sector and our world in general.

The Security Leaders Panel Debate entitled

‘From Risk to Resilience’ takes place between

11.15 am and 12.15 pm. A panel of CSOs and

security leaders from key sectors will interpret

the Keynote address, focusing on the risk

outlook for security practitioners. Topics to be

explored include the questions to be

considered at the early stages of Big Data and

AI implementation and how we can assign and

maintain responsibility through the next phase

of technological evolution. The Panel Debate is

being chaired by Professor Martin Gill CSyP

FSyI, director of Perpetuity Research.

Transforming security

The afternoon conference sessions in Track 1 on

19 April begin with an examination of ‘The

Cyber Threat Outlook’ (1.30 pm-2.15 pm) and

‘Virtual Security Centre Operation

Transformation’. Presented by Michael Foynes

(senior director of global operations for global

security at Microsoft), the latter session runs

from 2.20 pm until 3.05 pm and explores the

transformation of Microsoft’s Global Security

Operations Centres to become a virtualised

Security Operations Centre.

This transformation has made good use of

both cloud and the mobility of devices. Foynes

will share details of Microsoft’s journey,

highlighting changes to its people, processes

and technologies. The discussion will touch on

how the company altered its operating model

to become a ‘Fusion Centre’ that co-locates

intelligence and operations.

The inaugural Masterclass of conference is

focused on ‘How Digital Asset Valuation

Impacts Risk Assessments’. Between 3.50 pm

and 5.25 pm, Carl Erickson CPP (CISO at Philips

Lighting in the Netherlands), Gal Messinger

(head of global security at the same company)

and Eduard Emde CPP (chairman of ASIS

Europe 2018 and head of the security section at

the European Space Agency) offer their views.

Organisations are rapidly generating and

developing abilities to handle, analyse and

make sense of vast amounts of data – levels of

data that would have been unimaginable even a

few years ago. Additionally, data that didn’t

exist before is now available, while data that

was trivial in days gone by can suddenly

become both valuable and sensitive. The

objective of this Masterclass is to address how

the increasing value of data and digital assets

impacts risk assessments and the asset

protection approaches in organisations which

have historically had more of an emphasis on

protecting human or physical assets.

‘Insurance: Part of the Risk Management

Strategy’ is the subject about which James

Morris (regional security manager for the EMEA

within Aon UK’s Corporate Protection Services

operation) will be speaking between 4.40 pm

and 5.00 pm. Insurance is a key element of any

holistic risk management strategy, but very few

people know its real value or true importance.

Morris will discuss the importance of

insurance while focusing on understanding the

subject from the point of view of security

professionals who want to talk risk

management strategies with business leaders.

Terrorism trends in Europe

Track 1 of Day 2 at conference kicks off with

Glenn Schoen’s session on ‘Jihadi Terrorism

Trends in Europe: A Look Ahead’. Between 9.10

am and 9.55 am, Schoen (CEO at

Boardroom@Crisis) will offer a dynamic

presentation centred on the evolving Jihadi

terrorist threat in Europe and stress the need

for improved resilience in the wake of recent

lessons learned.

This includes gaining insight on situations

some ASIS members are likely to have to deal

with in 2018, such as the World Cup in Russia

during June and July, the threat around various

upcoming political elections and far-right/farleft

extremist reactions to terrorist activity.

Also covered will be recent changes in

terrorist tactics and emerging Best Practice

when it comes to managing acute threats for

staff based in office environments.

‘ESRM: A Management Philosophy’ runs in

parallel within Track 2 at conference. Being

adaptive to new types of risk is at the core of

ESRM: the practice of managing a security

programme through the use of risk principles.

It’s a philosophy of management that can be

applied to any area of security and any task

that’s performed by security, such as physical,

cyber, information and investigations.

John Petruzzi CPP (vice-president of

integrated security solutions for G4S in the

Americas) will demonstrate the value of ESRM

in addressing today’s emerging risks.






Public Address and Voice Evacuation System

with Professional Sound Quality

Flexibility from the start

PAVIRO offers you smart features making system specification and installation faster, simpler

and more efficient than ever before. Design a complete system with just a few parameters. Avoid

unexpected costs thanks to the system’s extreme flexibility and low operational costs. What‘s

more? The new Dante network interface module ensures IP networking functionality allowing

larger areas with more audio channels with up to four decentralized controllers.

Find out more at boschsecurity.com

The Centre of Intelligence

The complexity of creating a reliable and

sustainable IoT infrastructure has led to a

situation where companies must find effective

ways to manage sensors, networks, data

storage and data analytics in order to leverage

this information and drive improvements.

The online world is

expanding rapidly,

while the Internet of

Things (IoT) is already

exerting a positive

influence upon how

people, property and

other assets can be

protected. Simon

Chapman examines in

detail the impact of

the IoT, the ways in

which it’s enhancing

the advantages of

remote monitoring via

Intelligence Centres

and what today’s

security professionals

can expect from it as

time moves forward

Kevin Ashton, the British technology

pioneer and co-founder of the Auto-ID

Centre at the Massachusetts Institute of

Technology, is generally considered to have

coined the term the Internet of Things (IoT)

during a presentation delivered at Procter &

Gamble back in 1999. After a relatively slow

start, the number and variety of enabled

devices is growing exponentially, and the IoT

has now turned itself from being just another

‘buzz phrase’ into a ubiquitous term for

describing our connected world.

The scope of the IoT is incredibly wide.

People and machines are now being connected

to networks and each other, facilitating the

ability to share vast amounts of valuable data,

which can make our lives and businesses more

efficient. IoT-based devices collect a great deal

of personal data. For example, smart meters

can tell when a person’s inside a building and

what devices are being used at any given time.

However, if we think what we produce today

represents Big Data then we need to think

again. IDC’s analysts predict that, by 2020, IoTbased

devices will collectively create, copy and

consume about 44 zettabytes of data. That’s 50

times more than in 2012. That’s a lot of

information which will have to be moved,

processed and stored in Data Centres across

the planet. Not only that, but as more

connected devices are introduced, it’s harder to

remain fully aware of everything these devices

are capturing. In turn, this makes the

effectiveness of an organisation’s monitoring

and management software absolutely vital.

Careful thought required

Data protection is a hot topic at the moment

and security, legal and regulatory compliance,

as well as data loss and leakage risks, are high

on the list of reasons why the use of the IoT

needs to be carefully thought through.

Enterprises are right to be concerned. On 25

May, the General Data Protection Regulation

(GDPR) becomes European law. The primary

objectives of the GDPR are to give citizens and

residents control of their personal data and

simplify the regulatory environment for

international business by unifying regulation

within the European Union (EU). It requires any

organisation that operates in the EU, or handles

the personal data of people residing within the

EU, to implement a strong data protection

policy encompassing access, secure storage

and destruction. It’s all about a company’s legal

ability to protect data held about staff,

customers and anyone else with whom it deals.

What’s worrying is that, according to a study

carried out by Symantec, 96% of companies

still don’t fully understand the GDPR, while 91%

of 900 businesses polled in the UK, France and

Germany harbour concerns about their ability

to become compliant by the time this new law

comes into effect.

Onwards and upwards

This is all very well, I hear you say, but what

does the IoT mean for electronic and physical

security? Well, developments in Internet

Protocol (IP)-based technology have meant that

a wide variety of building services can now be

controlled over a single network infrastructure.

It’s now possible for services including security,

access control, fire detection, voice, data,

wireless devices, audio visual, energy

management, lighting controls and heating,

ventilation and air conditioning systems to

operate over copper or fibre optic cabling.

The good news for the security industry is

that, for those able to provide remote

monitoring, network connectivity makes this

service far more ‘intelligent’. By using the

benefits of the IoT, building services,

infrastructure and even individual products can



Opinion: Security Business Sector Insight

be monitored and managed, in turn offering a

number of distinct advantages.

Increasingly referred to as Intelligence

Centres, one of the main reasons for using

these facilities is to reduce overheads.

Certainly, the potential cost savings an

Intelligence Centre offers are enormous.

A large business premises will often have one

dedicated person to provide access for

deliveries and allow on-site employee and

visitor parking, etc. While this is obviously

important from a security point of view, there

may well be long periods where that operative

is doing very little. An Intelligence Centre is

able to carry out such functions as part of a

broader range of activities.

Analysis capabilities

Where an Intelligence Centre really comes into

its own is due to its ability to drill down and

analyse individual products and systems and

ascertain whether they’re faulty or otherwise

not working to optimum capacity. A

supermarket, for example, is now able to fit a

sensor on a freezer unit that sends an alert to

an Intelligence Centre if the unit’s temperature

strays outside of certain parameters and

indicates a fault. Facilities personnel can then

be alerted instantly in order to remedy the

problem and ensure operational uptime.

Furthermore, organisations can benefit from

remote monitoring in the event that an in-house

security system becomes compromised. Linking

a surveillance system to an Intelligence Centre

provides a 24/7/365 service that also ensures

that the appropriate response is provided in the

event of a fire, a break-in or even a cyber

security breach episode.

Building management

With far more connected workplaces a certainty

within a matter of a few years, security

providers need to think wider still. Lowering

energy consumption is high on the list of

priorities for most organisations these days.

Although a given premises might indeed have a

building management system (BMS) in place,

any failure to regularly maintain that system

means that it will not operate at its optimum

level. This results in wasted energy, but can

also have a dramatic effect on a building’s

comfort conditions by making certain

areas/zones either too hot or too cold.

An Intelligence Centre can address this issue

by making sure that a BMS’ set-points are

correctly configured and properly maintained at

all times. Energy efficiency and security may

also be enhanced by remotely turning lights off

in unoccupied areas and even switching

computers and other networked devices off

when they’re left on.

While remote monitoring has traditionally

focused on the use of electronic technology, it’s

now possible to integrate security guarding into

the mix. Knowing when personnel report for

duty, when and where incidents occur, response

times and resolution details helps in building a

more advanced picture – or ‘resource-to-risk’

model – concerning where guarding can be

most effectively used, as well as identifying any

‘hotspots’ where incidents frequently occur.

Retailers are leading the way in this area. A

growing number are adopting software

analytics platforms in Intelligence Centres to

study customer behaviour, identify repeat

offenders and therefore reduce instances of

crime. In addition, security officers in a

Shopping Centre’s public areas can be notified

of where help is needed and provide an

immediate response. Health and Safety-related

issues such as slips, trips and falls within

various locations may be monitored and the

relevant action taken.

Diverse skill sets

Those working in Intelligence Centres have the

opportunity to develop more diverse skill sets –

ones that better represent the integration

between technology and security guarding. At

the end of the day, the IoT and the data

produced by it needs people who can analyse it

and make it meaningful. In addition, the use of

technology can enable security officers to

become more effective and allow them to

demonstrate the effectiveness of what they do

against defined Key Performance Indicators.

The IoT is transforming everyday physical

objects that surround us in ways that would

have previously seemed the preserve of science

fiction. Although we’re still some way off from

witnessing the full potential of the IoT in the

security industry, it’s clear that the data it

produces – when analysed by experts in

Intelligence Centres – has the potential to

optimise a security strategy, reduce crime and

provide a genuine return on investment.

At a time when it might appear that we need

more physical security, the IoT and Intelligence

Centres are highlighting that, in fact, less can

be more and that smarter thinking on this issue

should always be encouraged.

Simon Chapman:

CEO of Cardinal Security

*Security Business Sector Insight

is the space where members of

Cardinal Security’s management

team examine current and often

key-critical issues directly

affecting today’s companies and

their customers. The thoughts and

opinions expressed here are

intended to generate debate and

discussion among practitioners

within the professional security

and risk management sectors. If

you would like to make comment

on the views outlined on these

pages, please send an e-mail to:


**Cardinal Security was formed

back in 2003 and is a privatelyowned

company delivering

innovative security solutions

throughout the UK, Europe and the

US. The business is a leading

supplier of security officers, store

detectives and key holding to the

retail and logistics industry and

works with many well-known

brands including Arcadia, Asda,

Dixons Carphone, Footasylum,

House of Fraser, Morrisons and UK

Mail. Cardinal Security is a

Security Industry Authority

Approved Contractor and in the Top

5% of all security providers

“Where an Intelligence Centre really comes into its own is

due to its ability to drill down and analyse individual

products and systems and ascertain whether they’re faulty

or otherwise not working to optimum capacity”



Nedap’s Global Client Programme

Standardise your security worldwide

always up to date?

The Global Client Programme by Nedap Security Management supports you in implementing,

maintaining and updating AEOS – the leading access control system – across multiple

international sites.

We’ll be at ASIS Europe 2018 in Rotterdam from Wednesday 18 to Friday 20 April. Call by to

As an ASIS member, you’re welcome to join us at our ASIS welcome party on 18 April.


BSIA Briefing

As the deadline for compliance with the

European Union’s General Data Protection

Regulation (GDPR) looms large, companies

and organisations across the UK should have

been taking steps to ensure that they fall into

line with the new procedures. A crucial part of

this process focuses on procuring the right

services to ensure that all data storage regimes

adhere to the changes.

From May this year, organisations will not

only have to prove that they’ve taken an audit

of their data, but also that they’ve enacted the

right measures to destroy any data that’s no

longer relevant. Subsequent to 25 May, any

company proven not to be in full compliance

with the new rules enacted by Brussels is at

risk of compromise and potentially hefty fines.

What, then, are the tangible risks? Top of the

list will be a raft of financial penalties being

issued by the Information Commissioner’s

Office (ICO) or even the threat of prosecution.

At present, the ICO can issue businesses

displaying poor data management in breach of

the Data Protection Act with fines of up to

£500,000. The largest of these fines to date has

been £400,000 issued to two separate

companies, namely Keurboom Communications

Ltd and the TalkTalk Telecom Group plc. In

addition, there have been just shy of 20

prosecutions for criminal offences committed

under the Data Protection Act.

In the last 12 months alone, in fact, over £4.1

million worth of fines have been issued to

businesses for failure to comply with the Data

Protection Act. Under the GDPR, the fines levied

may be up to 4% of an organisation’s annual

global turnover or 20 million Euros, whichever

sum is the greater.

The other most common risk will be

reputational damage leading to the potential

for lost business. As customers are becoming

increasingly more aware of and concerned

about how businesses collect and use their

personal information, so those same

businesses run the risk of losing customer

confidence in the brand where the customer

feels that their privacy isn’t being protected or

respected. A loss in customer confidence

ultimately leads to financial losses.

Information destruction

One of the most vulnerable periods of the data

processing cycle is that point at which data is

no longer required and needs to be disposed

of. If data isn’t adequately disposed of at the

end of its lifecycle, it can fall into the wrong

hands and be unlawfully processed.

Under the Data Protection Act 1998, everyone

responsible for using data has to follow the

Data Destruction:

Avoiding Any Costly Mistakes

What exactly does it mean to be compliant with the European

Union’s General Data Protection Regulation, which comes

into force at the end of May this year, and how should

businesses go about becoming so? As James Kelly outlines in

detail for the readers of Risk UK, seeking professional help in

disposing of confidential and business-sensitive data is a

wise investment for any organisation

data protection principles. These include

ensuring that data is used fairly and lawfully for

limited and specifically stated purposes and

that it’s used in a way that’s adequate, relevant

and not excessive. Data must be kept for no

longer than is absolutely necessary, handled

according to people’s data protection rights,

kept safe and secure and not transferred

outside of the European Economic Area without

adequate protection measures being in place.

When it comes to information destruction,

the seventh principle of the Data Protection Act

stipulates that appropriate measures must be

taken against accidental loss, destruction or

damage to personal data and against unlawful

processing of that data. When the GDPR comes

into force, companies in both the private and

public sectors will need to prove that data is

securely erased in line with the new European

Union guidelines and show that they’re fully

accountable for monitoring, reviewing and

assessing all relevant processing procedures.

Secure data destruction is the process of

destroying confidential materials to the point at

James Kelly: CEO of the British

Security Industry Association



BSIA Briefing

which they cannot be reconstituted. These

materials can take many forms, including paper,

computer hard drives and branded products.

Crucially, all hold the potential to cause

problems for businesses, employees or

customers if they fall into the wrong hands.

How might companies mitigate potentially

expensive and reputational hazards when it

comes to disposing of data that’s no longer

needed? Shredding confidential material is a

costly and time-consuming process which, for

some firms at least, means that in-house data

shredding simply isn’t a viable option. This is

certainly true for those operations handling

vast amounts of data across a variety of sites.

In these situations, outsourcing to a regulated

information destruction organisation is the

most practical alternative.

Highest possible standards

Engaging a company specialising in this service

and harbouring a high-security shredding

facility affords organisations the reassurance

that data destruction is being correctly

conducted. Registered data shredders have to

comply with the highest industry standards

which are regularly updated.

On that note, service providers must

demonstrate that they’re certified to EN15713 –

the European Standard for data destruction.

EN15713 sets out the measures that

organisations should take in order to maintain

the security of confidential data and provides

recommendations relating to the management

and control of the collection, transportation and

destruction of confidential material to ensure

that such material is disposed of both safely

and securely.

Whether confidential materials are shredded

on-site or at a high-security shredding facility,

businesses outsourcing their shredding to a

professional service provider can be assured

that the data will be completely destroyed.

Additionally, the services provided by

professional information destruction companies

often extend far beyond the actual destruction

of confidential material to include secure

document storage, data security advice and

guidance, office clearance and recycling.

The GDPR represents a great opportunity for

information destruction companies. In the

current climate there has been an increased

“When the General Data Protection Regulation comes into

force, companies in both the private and public sectors will

need to prove that data is securely erased in line with the

new European Union guidelines”

demand for their specialist services from both

new and existing customers, all of them asking

about the GDPR and how information

destruction can assist. Even with all of this help

at hand, though, there’s still confusion around

what it means to be fully GDPR compliant (and

not just from the point of view of the customer,

but also in terms of how it affects the industry

as the holder of its own data).

Industry feedback from customers highlights

varying levels of concern, from companies

looking for accreditation through to others

happy with a downloaded template data policy

or standard Terms and Conditions and on again

to those simply choosing to ignore the looming

EU deadline.

From an industry standpoint there are three

elements that could affect information

destruction businesses: their own data

responsibilities, their shredding services

provided for the destruction of data as a data

processor and marketing to opted-in clients (be

they either existing or prospective).

These elements are all currently open to

interpretation both by experts and customers.

They’re most likely common across all

industries, so it’s arguable that even with all of

this information to hand, companies are still

not fully aware of their obligations, no matter

how robustly they’ve been laid out by the ISO.

Of course, some of these issues open up

opportunities for companies dealing with data

destruction to create new services, but they

also highlight that, even at this late juncture,

there’s still much work to be conducted in

communicating what companies need to do in

advance of what is a major data milestone.

Severe consequences

Every business will collect and generate

confidential information relating to its

operations, its employees or its customers.

When this information is no longer required,

there can be severe consequences for the data

subjects if the information isn’t correctly

disposed of and falls into the wrong hands.

Therefore, any business that collects, holds,

processes or disposes of a person’s personal

information has a responsibility to ensure that

it’s protected from loss or theft. In fact, since

the Data Protection Act was passed into law in

1998, there has been a legal obligation for

businesses to act responsibly in terms of how

they use personal information.

The data protection landscape is all set to

change in May when the GDPR comes into full

effect and exerts potentially significant impacts

on the ways in which UK businesses collect and

process the personal data of individuals.



Do you know the people in your building?

or security incident. However in the event of an emergency you may also need to be

able to evacuate mobility impaired visitors and staff safely.

Evac+Chair provide a universal solution for smooth stairway descent in an emergency

evacuation, suitable for dual and multiple level buildings of any height.

The Evac+Chair is the World’s No.1

Emergency Stairway Evacuation Chair

Call 0121 796 1372 now for a FREE evacuation

assessment or visit www.evacchair.co.uk

The Global Context: Cyber Risks,

Reputation and the Real World

Cyber security, the

EU’s upcoming GDPR,

reputational risk and

regulation and

compliance are among

the chief concerns for

businesses voiced by

some of the UK’s

leading risk experts as

they look ahead into

2018. In the second

instalment of an

exclusive series for

Risk UK, Nicola

Crawford outlines the

main points to be

considered by today’s



Nicola Crawford CFIRM:

Chair of the Institute of Risk


This year will be the one when the world

recognises that the majority of assets in

the modern economy are intangible and

the rapid movement to just-in-time and cloudbased

economies creates significant

vulnerabilities. More events will revolve around

the impacts of cyber attacks on the real world.

It will be less about data loss or ransomware

attacks and more about the ‘real economy’ (as

we saw in 2017 with Merck Pharmaceuticals

and Reckitt production operations, including

the extended supply chain being impacted).

In other words, the cyber world and the

extended supply chain will merge in terms of

risk exposures. This will create new challenges

for practising risk professionals.

Alexander Larsen CFIRM, president of

Baldwin Consulting and IRM trainer for Bitcoin

and CryptoCurrencies Bubble, stated: “2018

will be the year that Bitcoin goes mainstream.

Having had a meteoric rise in 2017 with an

increase of nearly 1,000% in price, Bitcoin has

been receiving significant coverage in the

media which has brought it to the attentions of

the general public. A number of factors are

coming together to indicate that 2018 will be

the year that big money comes rushing into the

cryptocurrency, including the intention of major

funds to start investing as well as new

platforms being introduced and making it

easier to trade for individuals.”

Larsen feels that Bitcoin is already volatile,

although a less volatile investment than most

cryptocurrencies which are known to swing by

as much as 30%-40% per day and on occasions

as much as 1,000% in a day. “This new money

flooding the market will no doubt drive the

price up to new heights,” said Larsen, “which

leads me to believe that a major crash and

correction will be on the horizon for 2018. Many

people will lose a lot of money, although it

remains to be seen if Bitcoin will survive or if

the bubble will finally have burst.”

Something that’s certainly likely is major

regulations being put in place to control the

trading of bitcoin, cryptocurrencies and the

issuance of new tokens.

Reputational risk

Reputations take years to build and can be

destroyed in seconds, as they say. The risk of

reputational damage to organisations,

Governments and individuals appears to be

higher than it has ever been. This is a trend

that’s likely to continue.

A reputation is put at risk when some

unethical or incompetent behaviour becomes

public knowledge. This can be through the

actions of an individual or something more

systemic at an organisational or Governmental

level. The media has been full of recent

examples involving organisations (FIFA, IAAF),

Governments (Brazil, Angola, and Zimbabwe),

companies (VW, Rolls-Royce), industries in

general (Hollywood) and individuals.

The damage caused can manifest itself in the

shape of lost revenues, increased costs and, in

the case of listed companies, reduced

shareholder value. Usually, heads roll as well.

Where a company’s reputation is its main

asset, damage can result in failure, as was the

case with Arthur Anderson.

Heart of the problem

So why is this trend likely to continue? “Well,”

said Ray Flynn CMIRM (independent risk

consultant and IRM director), “the heart of the

problem in each case – complacency and, in the

extreme, arrogance – is unlikely to change. The

mentality of ‘this will never happen to us’ and

‘we have systems in place to prevent this from

happening’ is hard to shake off. Very few have

the foresight to address this particular risk until

there’s an ‘issue’ that forces them to act. The

risk of exposure is also increasing. There’s an

element of iconoclasm and bloodletting

involved as the gap between the ‘haves’ and

‘have nots’ increases, which supports

whistleblowing and places direct pressure on

regulatory bodies to act.”

The frequency of prosecutions for bribery,

particularly in the UK and the US, but also

elsewhere, as well as the level of fines imposed

are increasing rapidly. This is another trend

that’s highly likely to continue.

“The bad news is that this comes with public

battle weariness and shock fatigue,” added

Flynn. “Those exposed are likely to suffer less

and less damage. The good news is that sound

risk management is the best way to protect a

reputation including, as advocated in the

guidance to the UK Bribery Act, having a fresh

pair of eyes to carry out an independent review

of systems already in place.”



Risk Predictions for 2018 and the Risk Agenda 2025 (Part Two)

Alyson Pepperill CFIRM (client projects

director for UK Retail at Arthur J Gallagher and

chair of the IRM’s Charity Special Interest

Group) explained: “Regulation and compliance

will continue to be a key theme. There will be

continued scrutiny of the charity sector by

regulators, whether it be the Charity

Commission, the Fundraising Regulator or the

Information Commissioner’s Office. In 2017,

selected charities were hauled over the coalsby

all three. We don’t see this pattern changing.”

The European Union’s General Data

Protection Regulation (GDPR) has been a key

focus of many charities’ efforts to be compliant

ahead of the looming May 2018 deadline. This

focus will continue up to and beyond the

deadline for most.

Linked to the GDPR, and in line with many

‘for profit’ organisations, the broader context of

cyber risks and their management remains a

struggle for charities. Charities are known as

innovators and will try new ways of generating

funds that can potentially increase their

exposure to cyber risks.

“A more particular sector risk is the need for

charities to measure through evidence-based

reporting what they do and how successful they

are at their delivery,” asserted Pepperill. “The

expectations around how this is reported to key

stakeholders have been increasing and, for

many charities, represents a significant risk. If

they fail to be accountable, the funding could

then dry up.”

Finally, we still see financial sustainability as

a real challenge for many charities reliant on

local Government and National Health Service

contracts, as well as funding from central

Government continuing to be cut back.

Volunteering has reduced over the past year

and this could place further strain on charities

to balance the books. They have to care,

respond to their mission with determination

and create impact, keep costs down and comply

with all manner of regulations.

“The request for support never goes away,”

concluded Pepperill, “but charities continue to

be squeezed and squeezed. This is likely to

result in some charities having to close or

perhaps an increase in mergers.”

Shift to renewable energy

A major shift from oil and gas towards

renewables is already happening on a global

scale. This isn’t only occurring in terms of

power generation, it must be said. It’s also

occurring in the sphere of transportation.

The EU has already targeted 2035 as being a

year in which all new cars sold will be electric.

Many individual countries like Scotland have

announced more aggressive targets, while

several Scandinavian countries are already well

on their way towards becoming an electric cardriving


This major shift places significant pressure

on oil and gas companies as well as car

manufacturers to reconsider their strategies

and business models. Companies in the sector

will need to evaluate their target markets and

offerings carefully, while also thinking seriously

about what they want their company to look

like in ten-to-20 years’ time.

Oil and gas companies will need to position

themselves for developing economies, while

also making a decision on how heavily they

wish to invest in renewable energies or if

there’s any appetite to look at mining materials

for batteries. For car manufacturers, there will

have to be a blueprint for future development

work on electric vehicles. Like the oil and gas

companies, they too will need to decide how

heavily they wish to be involved.

Decisions made during 2018 could well turn

out to be the difference between success

and/or failure in the future.

Longer Term: Risk Agenda 2025

The Institute of Risk Management

has also been involved in a major

project entitled the Risk Agenda

2025 led by IRM director Clive

Thompson CFIRM. Key

Boardroom concerns for the

longer term include reputation,

risk appetite, scenario planning

and emerging risks. In terms of

risk process priorities, concerns

are to be found in risk

connectivity, developing

benchmarks and designing

integrated risk assurance

models. For risk professionals,

the concerns centre on risk

ownership and accountability,

risk culture, risk education and

training. Read the Executive

Summary online at




“More events will revolve around the impacts of cyber

attacks on the real world. It will be less about data loss or

ransomware attacks and more about the ‘real economy’”



Acting on Auto: Autonomous Vehicles

and the Terrorism Threat

Developments in selfdriving


suggest that fullyautonomous


will be on our road

networks in the near

future, but just how far

are we from the point

of introduction?

Importantly, is the

advent of such

vehicles potentially

going to signal an

increase in the

terrorism threat?

Paul Woodhouse

evaluates the security

mechanisms that must

be put in place

Paul Woodhouse:

Marketing Manager of The

Vindis Group

An autonomous car (also known as a

driverless car, a self-driving car or a robotic

car) is, in essence, a vehicle that’s capable

of sensing its surrounding environment and

navigating without benefit of human input.

Such vehicles employ a variety of techniques to

detect their surroundings, such as radar, laser

light, GPS, odometry (ie the use of data from

motion sensors to estimate changes in position

over time) and ‘computer vision’.

In use, advanced control systems interpret

sensory information to identify appropriate

navigation paths, as well as obstacles and

relevant signage. Autonomous cars must

possess control systems capable of analysing

sensory data in order to distinguish between

different cars on the road.

The potential benefits of fully-autonomous

vehicles include reduced mobility and

infrastructure costs, increased safety, enhanced

mobility and a heightened degree of customer

satisfaction. The hope is that there’ll be a

significant reduction in traffic collisions and the

resulting injuries and related costs, including

less need for insurance.

Autonomous cars are also predicted to

increase traffic flow, provide enhanced mobility

for children, the elderly, the disabled and the

poor, relieve travellers from driving and

navigation chores, lower fuel consumption,

significantly reduce the need for parking space

and facilitate business models for

Transportation-as-a-Service, notably via the

sharing economy.

As Google tests its own self-drive vehicles,

clocking more than 200,000 miles in a fleet of

self-driving cars retrofitted with sensors, and

the authorities in Las Vegas begin trials of selfdriving

shuttle buses, it would appear that

we’re not too far away from witnessing fullyautonomous

vehicles on our roads.

What are the risks?

While there are a small number of issues that

have been outlined in the trials so far, there

could well be a more serious risk posed by

autonomous vehicles that needs to be

considered. In a recent article published by The

Guardian, lawmakers have warned that

autonomous vehicles must have secure and

safe technology in place to prevent their use as

an accessory in terrorist attacks.

In recent times, trucks and vans have been

the ‘weapon of choice’ in terror attacks across

the globe. Last year alone, there were seven

terrorist attack episodes that made use of

vehicles. All of them realised disastrous

consequences, costing the innocent lives of

multiple individuals here in the UK as well as in

Spain, Canada, Germany and Sweden.

Unfortunately, instead of engendering a

feeling of excitement around this new

technology, talk of the development of selfdriving

trucks and vans has left some practising

security and risk management professionals

extremely worried that terrorists will indeed

look to take advantage of fully-autonomous

vehicles in future attacks.

Self-driving technology

Modern-day cars are already showcasing some

of the capabilities of self-driving technology,

with many drivers progressively trusting their

vehicles to carry out tasks which, in days gone

by, would always need to be conducted on a

manual basis.

We already benefit from systems which keep

us in our lanes on dual carriageways and

motorways, technology that can help to parallel

park our vehicles for us and software that

automatically maintains a safe, steady speed

on the UK’s roads – with some cars even

advanced enough to also have automated

braking systems when tracking the vehicle in

front. Fair to say that self-driving technology is

revolutionising the driving experience.

Organisations trialling self-driving vehicles

have found that, for the safe driving of these

vehicles on our roads, they need to mirror

human driving behaviour while eliminating

human driving errors. What next, then?

For fully-autonomous vehicles, manufacturers

need to converge sensor-based technologies

and connected-vehicle communications so that

they can deliver safer self-driving techniques

than could be realised by each approach being

developed and then acting on its own.

The use of vans and trucks as part of terrorist

attacks has grown in frequency because of their

size and anonymity. They’ve been used to drive

into crowded pedestrian areas at high speeds

with devastating results. It has been predicted

that such vehicles will be among the first fullyautonomous

vehicles on our roads.



Autonomous Vehicles – The Security Threat Dimension

Consequently, officials know that they need to

play a crucial role in mitigating the use of

trucks as lethal rolling weapons.

If terrorists can use a self-driving vehicle as a

weapon in future terror attacks, then those

vehicles become a weapon that separates the

instigator from the event. Terrorists would no

longer have to sacrifice their lives for attack

episodes, and it would become harder to trace

the suspect(s) if they don’t need to be at the

scene of the attack when it happens.

Cyber dimension

Due to the nature of this threat, industry

professionals and lawmakers are keen to point

out that all self-driving vehicles must be fitted

with specialist cyber technology to prevent

terrorists from employing them in attacks.

Lawmakers are passing legislation to say that

all autonomous vehicles must be armed with

cyber security technology so that they cannot

be used as an accessory in a terror attack. This

technology aims to make it incredibly hard, if

not impossible, to hack vehicles for a hijack,

meaning that potential terrorists cannot use

autonomous technology as an accessory.

The intention is that self-driving vehicles will

not be able to be programmed by terrorists to

break standard safe driving laws, either,

meaning that the potential for high-speed

driving attacks could potentially be eliminated

if the cyber technology is indeed a success.

Van hire and rental companies should also be

aware of stricter rules and regulations that will

be implemented. Many trucks and vans used in

terror attacks around the world are rental

vehicles. In recent attacks, hire vehicles have

been used to cause mass disaster. It has been

suggested that companies should have access

to a wider database that reveals more sensitive

information in the future, such that companies

are aware of suspect individuals.

While databases currently check against

identities, credit ratings and insurance policies,

the threat of terrorism may lead to a more

detailed and sensitive database. The overriding

aim is to afford rental companies access to

police records and, in some cases, companies

will be able to see if the individual is being

watched on suspicion of having committed – or

being about to commit – terrorist crimes.

Stricter regulations should help companies to

identify individuals who could be potential

risks, in turn allowing them to alert the

authorities of any suspicious individuals.

The TRIP Suite

Furthermore, the UK’s first suite of Terrorism

Risk and Incident Prevention (TRIP) products

and training to support fleet operators has

been developed by Fleet Source, a leading

provider of training and auditing services for

the road transport industry. The overriding aim

is to reduce the risk of commercial vehicles

being used as weapons in terror attacks.

The products and services available serve to

educate fleet operators, managers and drivers

of the risks of terrorism, the nature of the

threat and safety precautions that can be

implemented to reduce the possibilities of their

vehicle being hijacked, stolen or otherwise

employed in a terrorist incident.

The Government also hopes to develop geofencing

systems to prevent unauthorised

vehicles from entering particular areas of a city.

These systems create a virtual barrier that’s

used to slow down vehicles and control their

speed as soon as they enter the sensitive area

by way of tracking satellites. In practice, the

satellite system would automatically connect

with the vehicle and take control of it such that

the vehicle only travels at a safe speed within

the defined area, thus acting as a ‘virtual

barrier’ or ‘virtual bollard’ to stop the vehicle.

The Government needs to act now before

self-driving vehicles are readily available.

Implementing rules and regulations from the

word ‘Go’ means that everyone’s aware of the

process from the start. Thankfully, with

strategies such as TRIP already actively

engineering safety precautions, we already find

ourselves a crucial step ahead in the game.













“Terrorists would no longer have to sacrifice their lives for

attack episodes, and it would become harder to trace the

suspect(s) if they don’t need to be at the scene of the attack”



Making Water Security Work

Proposed changes in

the 2019 Price Review

formula for the water

industry devised by

regulator Ofwat could

be pointing the way

towards the sector

having to elevate

perimeter protection

for key-critical sites

such that it becomes a

major issue of focus

for a given company’s

Board of Directors, as

Jason Hunter discovers



More commonly known as Ofwat, the

Water Services Regulation Authority is

the body responsible for economic

regulation of the privatised water and sewerage

industry in England and Wales. Ofwat is

primarily responsible for setting limits on the

prices charged for water and sewerage

services, taking into account proposed capital

investment schemes – such as building new

wastewater treatment works – and expected

operational efficiency gains.

Every five years, Ofwat sets limits on the

prices which water companies in England and

Wales can charge to their customers. The

process is known as a Price Review. There have

been five Price Reviews so far, taking place in

1994, 1999, 2004 and 2009 with the most

recent in 2014. The 2009 Price Review, for

instance, set the price limits for 2010-2015.

These limits are set on a so-called ‘K Factor’

which determines the average value of price

rises above the current rate of inflation for the

next five-year asset management plan period.

Recently, Ofwat published the final

methodology for its forthcoming 2019 Price

Review – PR19 – which sets out the

organisation’s expectations and requirements

for water companies currently in the throes of

preparing their 2020-2025 business plans. In

essence, Ofwat’s assessments challenge the

water companies to ‘step up’ on four key

themes: customer service, affordability,

innovation and long-term resilience.

Further, Ofwat expects those same water

companies to provide value for money bills and

‘challenge themselves to push the efficiency

frontier’ with a view towards providing scope

for price reductions.

On publication of its latest methodology,

Ofwat stated: “The only way in which water

companies will achieve all of this is to find new

and better ways of delivering their services. Our

2019 Price Review enables, incentivises and

encourages water companies to achieve exactly

that such that customers will receive more of

what really matters to them.”

Assessing vulnerability

Tellingly for those operating in the perimeter

protection and security field, vulnerability will

be an explicit part of the Price Review for the

very first time. Business plans will be assessed

on how well companies use good quality data,

how effectively they engage with other utilities

companies and organisations to support the

vulnerable and how targeted and efficient their

measures really are when it comes to

addressing vulnerabilities.

In my view, when looking back on days past,

all-too-often organisations have seen perimeter

protection purely as a measure for protecting

their facilities. In the case of water, other

utilities and Government or military

installations, we’ve referred to this as

protecting sites of Critical National

Infrastructure. The emphasis has always been

on premises, equipment, machinery, ordinance

and resources, and more recently on data and

software, but very rarely on people.

Historically, the overriding aim of perimeter

protection has been to secure premises in order

to prevent losses, while at the same time not

hindering day-to-day business. This has often

been achieved within budgets that, according

to the ‘bean counters’ and those who hold the

purse strings, should always be as low as is

reasonably possible.

The basic premise is that perimeter

protection doesn’t contribute to the business

and the bottom line, either by increasing

revenue or by reducing cost. Indeed, so the

argument goes, it simply adds to costs and,

therefore, cuts profit. Interestingly, the

methodology now adopted by Ofwat and which

underpins the 2019 Price Review will directly

challenge this approach and force water

companies to regard reducing their

vulnerability as a crucial investment.

Perimeter protection isn’t simply about

securing infrastructure or data. Enacted

properly, it should be about appropriate risk

management against both cyber and terrorist

attack as well as more traditional forms of

threat and, in turn, actually realise an

opportunity for the host business to improve

customer service, increase business efficiency

and reduce overall costs.

First and foremost, people should be at the

heart of the process in terms of safety and

security of premises and resources and also

when it comes to planning and decision-making

around appropriate protection measures. The

water sector encapsulates this philosophy, and

especially so in this age of increased fear

around deliberate and shockingly lifedisregarding

terrorist attacks wherein the

sanctity of the water supply is so critical.

For instance, the Thames Water desalination

plant at Beckton – which cost £250 million to

construct and started delivering clean drinking

Perimeter Protection: Solutions for the Utilities Sector

water back in March 2010 – can produce

anything from 140 to 150 million litres of water

per day, which is enough for one million people

in north east London. The impact of any

infection of a supply such as this could make

the final death toll in America on 9/11 appear

somewhat minuscule in number by comparison.

Integrated solutions

We’ve found that perimeter protection is best

planned as part of an integrated solution which

includes physical, electronic and human

measures, while also incorporating access

control and other elements of facilities

management in one holistic whole. Of course,

this will require the usual security risk

assessment to be conducted. Personally, I

favour what’s often referred to as the ‘ABC’

model here. This considers the ‘Area’,

‘Boundary’ and ‘Contents’.

We would recommend an increasing level of

security the closer an intruder is to the most

critical and sensitive assets. The perimeter

serves as the first ‘cordon of security’ in these

successive levels of protection, though some

now argue that, given the increasing power and

definition of radar and CCTV, you could even

establish security layers external to the

physical perimeter itself.

This principle was perfectly, but sadly

tragically illustrated only three months ago by

the story of former England one-day

international cricket captain Adam Hollioake,

who remained in the Alokozay International

Cricket Ground in Kabul, where he was working

as a coach at the time, while a bomb blast

killed at least three people.

Hollioake explained: “The protocol is that we

have three stages of security here. Attackers

have to breach the first stage, which was

probably 100 metres from the ground. Then

there’s the second stage, which is around 50

metres from the stadium, and the final stage is

about 15 to 20 metres away. In this particular

episode, the man involved was caught at the

first checkpoint and, on being apprehended,

detonated his device. Unfortunately, several of

our security team and some members of the

general public were killed.”

Layers of security

Our approach is to design from the perimeter

inwards towards the centre, taking each

successive boundary as an opportunity to

harden security, thwart intruders and enable

security personnel to respond to any attempted

security breach. Security and risk managers

should consider electronics for the outer layers

and at doorways to gather intelligence about

attackers and relay that intelligence direct to

security officers’ mobile phones.

Monitored pulse fencing can be of assistance

when it comes to hardening either more

vulnerable areas of the perimeter or assets that

require additional levels of security. This

consists of a grid of energised, high tensile

wires that can be constructed inside a new or

existing perimeter fence.

The monitored wires detect unauthorised

entry or exit into defined areas and trigger

instant alerts. Attempts to breach the perimeter

are deterred by an energised pulse sent around

the perimeter fencing line. Zoned fences allow

voltage levels to be adjusted to meet varying

needs: high for maximum deterrent and low for

periods of low risk.

A networked perimeter security solution

incorporates sensors that continuously

measure and report on wire tension and

monitor fence structure vibration or movement.

Sensors can be used with or without an

energised pulse to detect intrusion without the

intruder being aware.

Monitored pulse fencing systems intelligently

differentiate between serious breaches and

disturbances by wildlife, birds or harsh weather

conditions. False alarms are prevented, and

intruders are unable to use the cover of adverse

weather in a determined attempt to breach the

fence undetected.

Jason Hunter:

Business Development

Manager (Perimeters) for

Gallagher Security (Europe)

“Monitored pulse fencing can be of assistance when it

comes to either hardening more vulnerable areas of the

perimeter or assets that require additional levels of security”



Powerful web based

controller, powered

by smart devices.






Inception is an integrated access control and security

alarm system with a design edge that sets it apart

from the pack. Featuring built in web based software,

the Inception system is simple to access using a web

browser on a Computer, Tablet or Smartphone.

With a step by step commissioning guide and

outstanding user interface, Inception is easy to

install and very easy to operate.

For more information simply scan the QR code

or visit innerrange.com.






No Software




Easy Setup

with Checklist


Send IP Alarms via

the Multipath-IP


T: +44 845 470 5000

E: ireurope@innerrange.co.uk

W: innerrange.com

Transport Security: Video Surveillance in Real-Time

With a number of high-profile attacks on

mass transport systems across Europe,

and Scotland Yard recently warning that

the UK’s terrorism threat level will remain at

‘Severe’ for some time to come, it’s abundantly

clear that the industry simply cannot be

complacent when it comes to security

investment. While funding remains a challenge,

this must be weighed up against the

requirements for public transport authorities to

provide both an efficient and safe service.

As per the three core principles prescribed by

the UK Government’s Centre for the Protection

of National Infrastructure in protecting assets,

first of all a threat should be deterred, then

detected and then delayed. It’s unlikely that an

organised threat will be deterred by a security

system which is only capable of providing an

historical record of an attack episode. The

system must also be able to provide real-time

detection and allow countermeasures to be

initiated in a timely manner.

While the international transport market

continues to keep pace with the latest

developments in real-time network camera

technology, the UK has stagnated in its

adoption. Despite plans for pan-network IP

systems to be installed in many areas, and

certain transport providers leading the way,

significant parts of the UK’s transport

infrastructure are still to be upgraded from

analogue. This is partially due to the lack of a

modern communications infrastructure capable

of handling large amounts of data.

The UK: an early adopter

Despite the relatively limited use of IP video

technology across UK transport infrastructures,

the UK was actually an early adopter of modern

network cameras. Network Rail led the way

with a comprehensive upgrade of Reading

Station back in 2013, while London

Underground followed close behind with its

first fully-IP station at Canary Wharf in 2014.

However, there are still significant parts of

the rail network that are yet to be given the

same attention.

In a bid to understand the key challenges

involved with upgrading to a networked

solution, Axis Communications commissioned a

survey in collaboration with Union

Internationale des Transports Publics (the

global public transport organisation) that

deliberately targeted stakeholders in areas

such as rail, bus and ferry transport. With

virtually all respondents explaining that they

had some form of video surveillance installed,

85% also stated that they would consider IP

camera adoption at some point in the future.

From Forensics to Real-Time:

Developing Transport Security

Evolving technology has driven a shift across Europe from

legacy analogue CCTV to network video solutions providing

immediate and significant benefits when it comes to securing

critical transport systems. As the UK struggles to keep pace,

Lucas Young discusses the business case for protecting

transport infrastructures with IP camera and audio technology

When asked about obstacles to upgrading,

the most common response was the perceived

“lack of a clear business case”. This highlights

that technology vendors perhaps haven’t

played a big enough role in highlighting the

safety, security and business benefits of

upgrading to IP. Three quarters of those same

respondents had analogue cameras in place,

suggesting that more education is needed

around the benefits of IP video systems beyond

the forensic capabilities of CCTV.

Latest IP technology

While video surveillance technology is widely

used in the transport sector, the UK must

accelerate its adoption of the latest IP

technology if it’s to keep pace with the rest of

Europe. Educating key decision-makers on the

benefits of integrating systems to deliver realtime

video and alerts will be key, while also

demonstrating the operational and business

intelligence benefits to be realised.

Ultimately, transport operators stand to gain

in the form of a return on their investment from

an enhanced ability to integrate IP cameras

with business performance optimisation

technology. This assists organisations to derive

long-term value from their fiscal investment,

adapting and scaling it in line with not only

security, but also more traditional operational

business needs.

Real-time usage with analytics

Real-time usage with analytics is on the rise as

public transport system operators seek to

respond to security events as and when they

happen. Given that those operators are faced

with hundreds of live feeds, automated alerts

can assist in managing the large amounts of

data generated, subsequently assisting with

both monitoring and prioritisation.

Incidents being reported in real-time means

that there will be more opportunity for live

feeds to be shared with third parties.

Lucas Young:

Business Development

Manager for the

Transportation Sector at Axis




The Changing Face of Security Services: Customer Service

Security companies

providing contracted

services to customers

are having to raise the

bar externally in order

to satisfy ever-more

stringent demands

around service

delivery. They’re also

having to satisfy their

internal customers – ie

their employees – to

attract and retain good

quality people, as

David Mundell outlines

David Mundell: Managing

Director of Axis Security

Customer Service is King

There are many factors feeding the need for

development and change in the security

business sector at present. These range

from a more sophisticated and customer

service-led approach for the security provision

itself through to an upsurge in terrorist activity.

Change is also being driven by recruitment

difficulties brought on by low unemployment

and comparatively poor remuneration packages

in the sector when compared to some others

with ‘nine-to-five’ responsibilities.

Clearly, the more successful companies will

have to fully embrace these challenges. In a

service sector like ours, it pays to recognise

your employees as your strongest asset.

Employers need to have strategies to cover

every facet of an individual’s journey with the

company including their learning and

development, reward and remuneration and

health and well-being. Employees need to feel

engaged by dint of a positive culture that’s top

down in the business as well as bottom up.

It’s a strategy that will only succeed if there’s

universal ‘buy-in’ throughout the company. It

cannot be stagnant. Rather, it has to be everevolving

in nature. A work in progress capable

of reacting to changing factors.

Security is a demanding job, and it will

always be imperative that officers are provided

with the very best training and education,

making sure they’re equipped to carry out their

work and given the confidence to progress their

careers. If we’re to raise the bar, and create a

higher benchmark of excellence, employers

need to go beyond the basic, required courses

such as First Aid training and CCTV and look at

other skills like hostile reconnaissance and

terrorism awareness to widen the value that

security provision can offer.

Responding to need

Businesses must also respond to the needs of

customers and find innovative ways in which to

build upon the traditional security offer.

Security will always be the priority, but that

doesn’t need to be at the exclusion of good

customer service, for example.

Clients increasingly expect more dedication

to customer service from members of the senior

team through to those on the front line. I

suspect this is a trend that other solution

providers are also seeing, so it’s not something

that can be paid mere lip service. There needs

to be a sea change across the sector in terms of

how we tackle customer service.

Every business will take a different approach,

but our natural response has been to consult

the experts. It was for this reason that Axis

Security recently became a member of the

Institute of Customer Service. We’re now in a

position to use the Institute’s expertise and

advice as we look to continue enhancing our

service delivery and raising industry standards.

Through the Institute’s bi-annual Customer

Survey, companies can benchmark themselves

against other sectors and industries. The

Institute assists and supports businesses in

their efforts to become ‘the employer of choice’

within their chosen industry.

Unemployment is at an all-time low, while the

recruitment and development of high calibre

individuals is of paramount importance not only

to us, but also to an industry battling against

historically low pay rates and huge pressure

being placed on margins. Investing in people

will only become more important with time.

Obviously, that investment has to be paid for.

That being so, we – much like many others also

trying to raise the bar – very much hope that

the ‘race to the bottom’ in terms of pricing has

ended and that higher customer expectations

will be matched by enhanced pay rates and

sensible margins.

With a clear focus on customer service, we’ve

now added a new category to our Axis Security

Annual Awards. The inaugural Customer Service

Excellence Award was recently bestowed upon

James Kassim (pictured above with Jonathan

Levine, CEO of Axis Group Integrated Services),

who works on the Crown Estate St James’

Market contract, for providing a very high

standard of customer service and exhibiting a

great work ethic and level of commitment.





One platform providing actionable insights in real-time, from anywhere.

160 000 +


200 000 +
















“Digital transformation

for security services? Not

without TrackTik.”

Matthieu Leroy, CEO

“The very best


guard management


Bill Barthelemy, COO

“Enables data-driven drive

security decisions”

Luc Dupont, VP



The Changing Face of Security Services: The ‘Total FM’ Approach

Security’s Eggs and the ‘Total FM’ Basket

One of the biggest

changes confronting

the security industry is

an increasing

association with the

FM world. While much

of this association has

realised very positive

consequences, it can

also be said to present

several challenges.

Some trepidation is

required to avoid any

negative fall-out that

might result from

being caught up in the

‘Total FM’ tide, writes

Amanda McCloskey

Amanda McCloskey:

Sales and Marketing Director

for CIS Security and CIS Front

of House



As an industry, we’ve had to brace our profit

margins as a result of the bundled service

approach to which some customers are

attracted. On the flip side, the increased

competition can be seen to be a driver for ‘out

of the box’ thinking. It can also mean improved

collaboration between security and other soft

services, subsequently resulting in added value

for the end user customer.

However, the extent of our integration is

debatable. Security is a skilled and educated

profession in its own right. Evolving threats

such as terrorism and cyber crime mean that

security requires even more specialist skills,

‘ear to the ground’ expertise and continued

training and development than ever before.

The recent collapse of facilities management

(FM) giant Carillion reminded me of the ‘eggs in

one basket’ proverb. Questions are now being

asked about how this very public crash could

have been allowed to happen to such a large

organisation presumed to be operating

alongside some of the most rigorous worldclass

financial experts. Was it a case of too

many cooks and not enough real responsibility

and accountability, perhaps?

In terms of the security role within an

organisation, what happens if the security

function fails compared to, say, the cleaning or

the waste management operation? It’s

undeniable that any significant security failures

are potentially crippling for any organisation.

Fascinating complexity

FM is a sector which is developing quickly and

with fascinating complexity. Some customers

may benefit from total FM handling, but most

organisations who operate in the corporate,

cultural and education sectors take risks in

doing so because of the implications of a ‘Total

FM tsunami’. Just because functions are

grouped under the facility manager’s role in a

given building/company, it doesn’t necessarily

follow suit that they should be grouped and

managed by the same supplier.

Physical and Intellectual Property are some

of the weightiest portions of the assets of an

organisation at the professional end of the

market with which I work, not to mention the

Health and Safety of its users. How can anyone

with a true stake in their business really entrust

responsibility for this to a bundled FM service

provider who may contract out the work to a

potentially inexperienced, poorly vetted

company prepared to risk property losses or PR

catastrophes – perhaps even the ultimate

safety of users – for a profit?

Looking at the situation that has transpired

at Carillion of late, one wonders how many

individuals at the top were noticing problems

and asking questions, and whether something

could have been done earlier. A quick scan of

some ‘Employer Review’ websites reveals a

pattern of entries reporting a perceived lack of

managerial visibility and support.

Nurturing a culture

Any accomplished security company will know

that modern security isn’t just about managing

security officers. It’s also focused on cultivating

and nurturing a security culture which actively

extends the reach of security managers and

officers outwards and into the realms of the

host of our services: the end user.

In today’s climate, this means significant

effort in developing relationships and

communication channels between security

teams and their end users. It also means

regular engagement with targeted training for

end users, encouraging daily chats to build

trust and share knowledge about current

threats and conveying the reporting of general

observations into the norm.

Without wishing to undermine the value of

some FM functions, I do feel that a better

balance should be struck such that security

matters are not dwarfed by other more

‘showbiz’ FM-centric features such as interior

design or sustainability.

It’s our responsibility as leaders in the

security business sector to share stories about

what’s going on in our world and both

encourage and incentivise innovation among

our rising stars. Subsequently, this will enable

us to better reflect and relay how far we’ve

come, as well as generate excitement about the

promising path ahead of us.

We go above

and beyond.

Axis Security – exceeding expectations in customer service.

• Our employees – are highly trained, valued and rewarded

• Our proactive management approach – ensures service is continually improving

• Our intelligent technology – ensures open lines of communication and transparency

• Our prestigious industry recognition – includes 3 Security Guarding Company of the Year awards

T. 020 7520 2100 | E. info@axis-security.co.uk | axis-security.co.uk

The Changing Face of Security Services: Risk Management

For a long time,

security was often sold

thanks to an element

of fear (ie the idea that

if a company didn’t do

X, then bad things

could happen to that

organisation, so it had

better do X). Alas, this

is seemingly still the

case today, though

thankfully to a lesser

degree, suggests

Mark Folmer

Mark Folmer CPP MSyI:

Vice-President for the Security

Industry at TrackTik

Is Security Poised for Progress?

Today, the many true security professionals

who view security risks as a whole, either

through the perspective of Enterprise

Security Risk Management (ESRM) or other

standpoints, strive to define X, calculate

likelihood and define an appropriate response.

That’s how they choose to succeed.

Clearly, there’s a concerted move away from

‘guns, gates and guards’, fear mongering and

the ‘no news is good news’ mindset. I’m not

sure if it’s because of ESRM, convergence or

simply a function of time and technology, but

the industry is most certainly maturing. To that,

I would say: “It’s about time.”

Today, the security industry is being

challenged to do more with less. Not

necessarily an ideal scenario, but this situation

has forced us to improve upon how we plan

security and offer security services in order to

both respond to and fulfil these new plans.

What about the laggards, though? Those who

are not embracing technology in its multiple

forms to provide for better security? Well,

they’re still doing things the way in which

they’ve always done them and continuing to

hope for the best. Interestingly, this approach

applies to both corporate security buyers and

security service providers alike.

Focusing on ESRM

As today’s security threats become more

advanced and complex, organisations are

sometimes lacking in their segmented

approach towards the key discipline of risk

management. The solution lies in ESRM.

Essentially, this is an holistic strategy that

targets the wide variety of protection issues

faced by an organisation under one lens using

internationally-recognised principles.

With ESRM, a given organisation is able to

assess the range of its current security risks –

everything, in fact, from cyber security through

to petty crime and on again to terrorism – and

manage the situation across the board.

ESRM is a proactive way in which to protect

your organisation from all variables. Integrating

ESRM into corporate strategy is critical for risk

management success.

There are a few points to consider. Identify

the purpose behind your goals of asset

protection and risk mitigation. Allocate proper

resources that efficiently secure corporate

assets and identify risks. Enable the front line’s

contribution to the overall security programme

by harnessing the data that’s generated and be

equipped by turning the data that’s gathered

into intelligence for the organisation.

If you’re asking yourself how to adapt and

succeed in the current security industry, the

answer, I believe, rests with data – plain and

simple. I’m not sharing anything new here,

though. Corporate security people have been

using data for years in the risk assessment

process. Data is at the root of how you assess

the likelihood of an incident happening,

whether your preferred approach is a ‘worse

case’ or ‘most likely’ scenario.

Hub of information

If integrated into your security programme,

data, connectivity and mobility allow you to be

the first to know. You can be the hub of

information for your organisation. With tools

like these in hand, you have the opportunity to

step up and elevate your security programme

from a purely operational concern to one

contributing strategic value. By being the

person that feeds senior management with

value-building information, you may well earn

yourself a seat at the decision-making table.

The security industry is poised for change.

Are you the one who will connect the dots,

identify the trends and protect your

corporation’s assets? Will you be perceived as a

business enabler or as an old school thinker

steadfastly set in your ways?

I would like to leave you with a question. OK,

a few questions, then… Do you agree that the

security industry is poised for change? What

have you done to support this change? What

has worked in your business to drive change?

Please feel free to send me your answers via e-

mail (mark@tracktik.com)



Security and Fire Management


Read Risk UK Magazine on

your tablet or smartphone

using the FREE app

Meet The Security Company

This is the ninth

instalment in a

monthly series of

articles for the readers

of Risk UK where we

shine the spotlight on


businesses for the

benefit of risk and

security managers

who purchase security

guarding as well as


solutions. Answering

our key questions this

month is Graham Tilly,

managing director of

Risk Management

Security Services

Risk UK: Can you briefly describe your

business’ activities and what you consider to

be your USP as an organisation?

Graham Tilly: Risk Management Security

Services provides solutions across three main

security disciplines that include security

guarding, mobile security patrols and

keyholding/alarm response. Within each

discipline, we look to deliver many sub-services

such as reception staff, Post Room operatives,

locks/unlocks and complete combined

solutions that actively integrate elements of

each individual service.

The business occupies a position within the

industry between the very small ownermanaged

companies and the very large

national suppliers. This enables us to

demonstrate the standards and policies

required by large corporate organisations while

maintaining the type of personal service that

can be offered by the smaller companies.

Risk UK: What do your clients value most

about the services you deliver?

Graham Tilly: Through our experienced and

stable management team we maintain close

working relationships with each customer. This

About the National Security Inspectorate

The National Security Inspectorate (NSI) is a wholly-independent, not-for-profit

company limited by guarantee and operates as a UKAS-accredited certification

body specialising in the security and fire safety sectors.

For over 40 years, the NSI has served to protect businesses, homeowners

and the general public alike, raising standards by providing robust and high

quality audits of both security and fire safety service providers.

enables us to fully understand their

requirements and deliver a service that

absolutely matches what was discussed at the

point of sale.

Customers also take great comfort in the fact

that we operate our own 24-hour Control Centre

and that we’ve maintained a specialism within

the security sector without being tempted to

diversify into other soft services.

We adopt a completely honest approach

when holding discussions with our customers,

and in particular if there’s a problem to be

solved or a challenge to be faced. This allows

us to gain the trust of our customers and build

true business relationships whereby we can

work together to reach a satisfactory solution.

Risk UK: How do you feel accreditations have

assisted your company?

Graham Tilly: Accreditation within the industry

has really set up a base level of acceptable

working practices that provides potential and

existing customers with some comfort that the

service they receive or that they’re looking for

is consistent, suitable and appropriate. On a

procedural front, this allows customers to have

a base level which is a minimum standard that

can be easily compared between those

companies that have it and those that don’t.

The fact that we operate to security

standards BS 7499, BS 7984-1 and BS 7858,

and the fact that these are voluntary, is

basically saying to the market that we do things

properly. We don’t cut corners and always

demonstrate transparency in all that we do.

Everything is validated by a third party.

This is particularly relevant for larger end

user organisations where many of these

aspects have become very much a pass/fail

aspect. Without them, you fall at the first

hurdle. Accreditation as a base level also

enables us to change the discussion away from

basic functionality and allows us to focus more

on the relationship aspects and how we work.

We’re able to concentrate more on our USP.

For smaller organisations and those

customers who don’t know a lot about our



Meet The Security Company: Risk Management Security Services

In association with the

industry, accreditation also acts as a sort of

‘qualification’ that really provides a level of

comfort. Customers know that they’re

discussing their security requirements with a

reputable organisation.

Risk UK: Specifically, what value does ACS

registration and NSI Guarding Gold approval

bring to your business and its clients?

Graham Tilly: Approved Contractor Scheme

(ACS) registration offers a toe in the door,

enabling the security business to tender for

work. For those who don’t know the ins and

outs of the industry, it lends some weight to the

services that we’re providing.

The ACS is, of course, run by the Security

Industry Authority (SIA), a Government body.

This affords legitimacy to the services we offer

our customers. It also helps us to build a

working platform on which to do business and

ensure that we’re not only delivering a great

service, but also looking after our people.

NSI Guarding Gold is slightly different. This is

based more around ensuring and

demonstrating that we have systems,

processes, procedures and policies in place to

support what it is that we do. NSI Guarding

Gold brings together the product standards, the

quality standards and day-to-day business

operations. It assists in setting a foundation

throughout our business and affords a platform

on which to build an excellent service.

NSI Guarding Gold adds some weight to what

we do and the way that we do it. It

demonstrates our transparency due to its

voluntary nature and third party approval

process, and also assists in keeping everyone

focused on the tasks at hand.

Risk UK: In practice, what are the main

differences between ACS registration and NSI

Guarding Gold approval?

Graham Tilly: NSI Guarding Gold is focused

around service quality (ISO 9001), functionality

(security product standards) and service

whereas ACS registration with the Regulator is

more about being a reputable organisation, the

softer aspects (such as people management or

KPI monitoring) and compliance with licensing

and the SIA’s specific requirements.

NSI Guarding Gold is made up of compliance

with British and international standards/Codes

of Practice which affords security companies

wider scope to use them as a framework and

build their business model around them in

order to support day-to-day operations in a

systematic way and ensure that the very best

possible service is provided to customers on a

consistent basis.

The ACS is focused around service delivery

and demonstrating that we do what we say we

do as a company. NSI Guarding Gold really

helps us to run the business effectively,

whereas the ACS is more of an addition to

demonstrate our commitments to different

areas of the business and the softer aspects

involved with client and people management.

Risk UK: How do you feel technology has

changed the industry over the last couple of

years and what do you believe will be the

direction of travel in the future?

Graham Tilly: Many companies have looked at

the integration of technology to support

existing security measures and, in some cases,

have used technology to reduce the reliance on

security guarding. We’ve seen many companies

review traditional methods of securing sites,

such as guarding, and replace them with

technology-based solutions either as single

solutions or combined with other practices.

A large number of clients subscribe to our

combined security solution that provides

similar – and, in some cases, better – levels of

security, but offers year-on-year savings of

between 30% and 60%. Typically, this type of

solution uses a combination of security

guarding, mobile patrols and keyholding

supported by security systems with each

element being deployed on a measured basis to

avoid unnecessary services being delivered or

hours being covered.

Risk UK: When it comes to negotiating

contracts and responding to tender requests,

what aspects are of most value to customers

and how are these changing?

Graham Tilly: Our ability to maintain a stable

workforce of suitably trained and

knowledgeable staff is very important to our

customers, as is our ability to provide effective

levels of management support.

Over the last ten years, we’ve seen greater

demands placed upon security staff and duties

continuously increasing to provide enhanced

levels of service and greater value for money.

The days of a security officer simply providing

access control and searches have gone. We’re

experiencing security personnel forming an

integral part of the facilities operation at many

sites. This demonstrates a shift in expectation

and changes traditional guarding services.

As an industry, we need to work closely with

customers to ensure that they have a better

understanding of the challenges this can bring

if pay rates don’t increase to accommodate

these specific requirements. We’ve also seen an

increase in requests for recommendations to be

Graham Tilly:

Managing Director of Risk

Management Security




Meet The Security Company: Risk Management Security Services


Graham Tilly

Job title

Managing Director

Time in security business


I’ve worked in the security

business sector with Risk

Management Security

Services for 23 years. Prior to

becoming managing director,

I served in the roles of

business development

manager, business

development director and

operations director

Location of the business

High Wycombe,


Areas of expertise

Security guarding, mobile

security patrols and

keyholding/alarm response


NSI Guarding Gold, SIA ACS,

SafeContractor, ACS


provided as to how the service required can be

delivered by using alternative methods. This is

where a combined solutions package and the

integration of security systems can prove to be

an attractive solution.

Some years ago, we experienced a trend of

companies outlining contracts based on a

‘Total FM’ solution and placing all of their soft

services needs with a single supplier. We’re

now seeing such solutions being challenged

and replaced by companies that require

specialists in key areas of their business such

that they can gain benefits through

management expertise and knowledge.

Technology is also playing a key role in the

changing face of security at many levels, and is

very often a significant element of the tender

requirement. The use of technology links

directly to another key requirement of security

companies: the need to continuously reduce

our impact on the environment.

Risk UK: How has Government legislation

(eg the National Minimum Wage, the

National Living Wage and holiday pay)

affected your business? Do you believe such

legislation is a good thing?

Graham Tilly: To date, this has had very

minimal impact on our business as our rates,

across the majority of our locations, far exceed

both the National Minimum Wage and the

National Living Wage. As a company, we don’t

believe in quoting low and unsustainable

wages. While we do operate at a small

percentage of sites where the wage rates are

not in line with our model, we work with these

clients to increase them to suitable levels.

Legislation is important as it avoids

companies offering unsustainable rates of pay

to staff, which can only have a negative effect

on the quality of people in the industry.

However, we do still see companies using the

Minimum Wage as their model to price up new

business (excluding TUPE). While this may

offer a tempting solution to companies

sourcing security, as very often it’s one of the

largest spends a company will make, you have

to question how suitable security staff can be

recruited at such wage levels.

Some caution does need to be employed.

Many organisations are looking to reduce their

spend on security, not increase it. While wage

increases are great for the individuals

benefiting from them, someone has to pay for

this and that’s only ever going to be the people

buying the service. As wage rates increase,

some customers will have to look very carefully

at what they can justify paying for the services

received, no matter how good they are.

Risk UK: What are the most important

attributes you look for in your security

officers and staff members in general?

Graham Tilly: Experience within the sector is

critical. We’re seeing an influx of new security

officers who are entering the industry, having

received assistance to gain an SIA licence, but

who have little understanding of how the

industry works (ie shift work, 12-hour shifts,

lone working, etc). It’s therefore vital that we

recruit security staff who have experience in

this type of environment and, furthermore, can

offer reliability and loyalty.

One of the most important aspects is

attitude. People have to want to work in the

industry. They have to want to do a good job

and have to want to show up. You cannot teach

people attitude. If they’re the sort of character

that likes to cut corners or has a ‘take it or

leave it’ approach towards their work then that

isn’t going to cut it in a customer-facing sector.

Within the company, we also look for staff

members who fit the culture of our business in

terms of understanding our philosophies and

methods for delivering the service. We employ

staff who can demonstrate a positive approach

to service delivery at all times.

Risk UK: How can the SIA, the NSI and

industry standards best serve the sector in

addition to the needs of your company’s

clients and the wider public interest? Will

the introduction of business licensing be a

positive step?

Graham Tilly: The standards outlined by both

the NSI and the SIA need to be observed by all

companies operating in the sector and be

directly linked to business licensing that will

hopefully then create an elite list of companies

as originally expected when the ACS was born.

I attended a meeting of industry companies

prior to individual licensing and ACS

assessment. The (then) chairman of the SIA

advised that security companies would be able

to charge customers an additional 35% due to

officer licensing and registration with the ACS.

That was 13 years ago. I sincerely hope that, if

business licensing does come to fruition,

companies within the industry can work with

the SIA and the NSI to develop that elite list

and raise standards even further.

If business licensing enables customers to

genuinely identify suppliers in the upper

echelon of the industry, then it has to be a

positive step. If it simply becomes another

membership for the existing ACS companies –

and bear in mind it has been suggested ACS

companies will fast track to business licensing

– then I cannot see any benefits arising.



3 July 2018

Hilton London Canary Wharf


eet Meet with with the the most most trusted solution providers, learn from industry thought leaders and and connect with with

eers peers over over the the course of of the the Summit, which is entirely FREE to attend for for security professionals.

opics Topics covered covered include: include: Access Access Control •• Anti-Virus Browser •• Security Data Data • Theft/Loss • • Malware • Malware

Mobile • Mobile Security Security • Network • Network Security Security Management • Trojan Detection • • UK UK Cyber Cyber Strategy Strategy

For more information and to register, please contact Emily Gallagher

on: 01992 374085 or e.gallagher@forumevents.co.uk.





Examining The Role of Insurance in

Converged Security Solutions

“Risk comes from not

knowing what you are

doing. Price is what

you pay. Value is what

you get. Someone’s

sitting in the shade

today because

someone planted a

tree a long time ago”

Warren Buffett’s

words are apt in

describing today’s

security environment.

The more that we work

together in generating

holistic solutions, the

better the results in

the long term. Rachel

Anne Carter focuses

on the role of the

insurance industry in

the delivery of security




The security profession as we understand it

includes a variety of security generalists

and specialists: corporate and commercial

security practitioners, police and law

enforcement professionals, intelligence

operatives and military personnel. However,

when thinking more broadly of those who

provide solutions to security breaches, we also

have insurance providers, lawyers and others

whose work directly affects security outcomes

or regulates behaviour, and thus brings in

different bands of membership from corporates

or Government departments.

Holistic solutions are essential. When there’s

a lack of collaboration and an entrenchment of

the silos, there’s a duplication of resources and

an escalation in costs. Even worse, there’s the

danger that certain threats will fall into the

cracks between them.

Within the security profession, it’s now being

recognised that cyber security should not be

regarded as a silo. Rather, it’s everyone’s

business. Converged security solutions are

necessary. The exact same principle applies to

the integration of other specialisms.

The insurance industry is one of those

sectors resting on the outer edge of the

security industry, and not always certain of its

place within the security sector. Insurance is, of

course, a security measure. Greater knowledge,

learning and mutual benefits will emerge from

breaking down the existing silos, generating a

more communicative experience and achieving

holistic security strategies. As a direct result,

many insurance companies are now seeking to

engage with the security business sector on a

somewhat more effective footing.

Taking the example of cyber insurance, as we

innovate, adapt and develop product and

service offerings, we’re seeking to be part of a

holistic security experience. Although insurance

is critical to the economic security of a

company, entity or individual after a cyber

attack, we do of course recognise that

insurance alone isn’t enough.

In order to address cyber risks, we seek to

develop a joined-up approach where we can

look at the problem of cyber threats and its

transformation as a multifaceted issue and then

respond accordingly.

Understanding and insight

Insurers have the best possible understanding

and insight into economic protection against

business risks. There’s often a convergence of

physical and cyber risks. In some cases, the

physical risk may be about access to a building

or access to computer systems or servers, for

example. This requires specialists in both areas

to work together, and both types of specialist to

have a strong working knowledge of the other’s

domain. In the future, the distinction between

the two may well disappear entirely.

The insurance industry also relies upon

technical cyber professionals who have

specialist knowledge of IT and cyber

infrastructure, vulnerabilities and programming

capabilities and who can implement technical

solutions. The ability of insurance, physical

security and technical cyber experts to work

together to generate holistic solutions will be

preferable to a pure economic solution.

The economic aspect of the solution within a

broader security strategy will, however, aid the

recovery process and enable a company to have

the cashflow required to continue their

operations after an event has transpired.

Security breaches rarely affect only one part

of a business. Rather, they’re more likely to

impact several areas and may even affect the

overall functionality and operability of a

The Security Institute’s View

business (even if only temporarily). On that

basis, a solution accounting for the various

impacts is key. Generating the required

information about the potential impact(s) of

security breaches involves intelligence

gathering, understanding of technical

intricacies and behavioural and other

observations. This understanding and holistic

approach towards mitigating the threat and any

potential implications takes into account

minimisation, prevention and recovery from

security breaches.

Intelligence gathering as well as physical

surveillance can monitor individuals, groups,

potential state actors or others involved in

generating the greatest physical, cyber or other

security threats and the broad threat

groupings. Law enforcement has a role to play

in dealing with criminality, primarily after it

happens, and prosecuting where possible those

engaged in cyber crime. A joined-up approach

will also help facilitate the identification of

patterns used by adversaries to carry out

attacks and put in place solutions to combat

these as well as isolate any potential losses.

It’s fair to suggest that collaboration is the

strongest force we have available to us.

Collaboration is key

In addition to enhancing understanding,

collaboration facilitates cost and time

efficiencies as well as an enhanced likelihood

of preventing many more security breaches

(physical and/or virtual).

Using the same cyber example, a security

solution involves taking into account physical

risks and ways of minimising these risks, cyber

professionals being more prescriptive about

what clients and stakeholders must or should

do (and regularity) to ensure that systems are

as safe as possible and that insurance adapts

and optimises its offer while ensuring clarity in

existing offerings.

The bringing together and selling of such

products and services will benefit all and

provide far more robust solutions for clients.

This will take the stress, time and

inconvenience away from clients otherwise

having to source their own vendors to meet a

variety of different security objectives.

For the provision of security and the level of

insurance cover offered, it’s likely that a higher

degree of security will be afforded and that

insurance solutions may have higher limits or

more extensive coverage. Optimal solutions

protecting against all security eventualities will

be provided to companies who understand their

risks and vulnerabilities and abide by – or are

willing to nurture – a strong security culture.

Collaboration will inherently focus on

solutions, but it also has an educational

element attached to it. The different sectors

within the security community can educate

each other and also learn from each other.

Opening and widening the dialogue between

the different sectors is likely to create new

business opportunities for all those involved.

Whenever a breach of security occurs,

whether it manifests itself in a physical, cyber

or other medium, it’s in everyone’s best interest

that the breach is contained and minimised,

with a strategy for resilience and returning to a

state of ‘business as normal’ as soon as

practicable duly put into operation.

Breaking down traditional barriers

The breaking down of traditional barriers to

promote a joined-up approach sends a very

powerful signal to our adversaries. Together, we

are stronger. By sharing knowledge, we make it

harder for the adversary to exploit the gaps

where information doesn’t filter through from

one silo to the next. Instead, it provides a

stronger position to analyse past events, learn

from them and adapt accordingly.

Ultimately, if there’s a loss event, it’s best

that everyone’s on board from the security

sector, as the only winners from these events

are the cyber adversaries who’ve been able to

exploit our own entrenched silo system to their

own advantage. This is a plea to organisations

that they ought to take guidance from the

words of business magnate Warren Buffet and

start to plant the necessary seeds now.

All-encompassing profession

Security is an all-encompassing profession

focusing on the safety of people, business and

communities. Insurance is part of the solution,

providing an economic and financial buffer.

As the year is yet young, let this one stand to

be a turning point whereby there’s greater

collaboration, adaptation and modernisation of

the way in which various security risks are both

perceived and then actively remedied.

Let us become a united force for the future

and a growing seed of resentment for our

adversaries who are looking to carry out

security breaches. If we grow stronger together,

then the cyber attackers will realise they’re

faced with a harder task when it comes to

conducting their criminal escapades.

The Security Institute’s View

is compiled and edited by Dr

Alison Wakefield FSyI

(Chairman of The Security

Institute) and Brian Sims BA

(Hons) Hon FSyI (Editor of

Risk UK)

Dr Rachel Anne Carter MSyI:

Director of Research and

Policy at The Security Institute

and Cyber Innovation Lead at


“Holistic solutions are essential. When there’s a lack of

collaboration and entrenchment of the silos, there’s a

duplication of resources and an escalation in costs”



Developing a Career in Security and

Intelligence: The Pathway to Success

The Young

Professionals Group

was created by ASIS

UK to establish a


environment both for

members new to

security and future

leaders wishing to

engage with ASIS

programmes and

activities. Its core

mission is to develop

and educate young

careerists in the

security industry.

Recently, Jerry Ross

was asked to speak at

an ASIS Young

Professionals Group

event and give an

account of how she

embarked on a career

in the field of

intelligence and,

subsequently, security

Jerry Ross: Regional Intelligence

Analyst at Securitas UK



Though incredibly nerve-wracking, it was an

honour to be asked to share my

experiences on developing a career within

the security business sector with the invited

audience, the key points of which are now

being shared here among the readers of Risk

UK. After graduating from Oxford Brookes

University in 2011 with a BA (Honours) degree

in English Literature and Geography, like many

graduates fresh out of university I wasn’t

entirely clear on the way forward. I’ve always

had an interest in the Armed Forces and

counter-terrorism, in the main prompted by

media coverage of the Iraq and Afghanistan

wars, so I initially considered joining the Armed

Forces or the police service.

I’ve always harboured an inquisitive nature,

enjoying the analysis and research I completed

in my studies, whether that be researching

people, events or history. It was a combination

of these factors that led me to make up my

ideal job title – Intelligence Researcher. It just

so happened that this kind of role did actually

exist, and so the pursuit of a role began.

After extensive travelling and with some

direction as to what career path to pursue, I hit

the job market with a vengeance to track down

the perfect starting job. In February 2013, I

applied for – and duly secured – my first

position as intelligence researcher with Surrey

Police. Based in Staines, the role involved

monitoring and investigating crimes in the local

area, among them high-value burglaries,

kidnapping and drug offences.

Intelligence was gathered on a daily basis via

open and closed sources to compile profiles on

suspects and identify trends in criminal activity.

The intelligence was used to proactively

minimise and prevent repeat incidents. The

responsibility and experience I gained from

running my own operations on dangerous

individuals, combined with the support of

amazing colleagues, made this the perfect

hands-on role for me.

Eventually, it was time to join the on-call

team, in turn dealing with crisis situations

including kidnappings and extortion. I can still

remember being called to assist with an

incident on my first day with the unit and then

on my last day with the force.

In January 2014, I took the opportunity to

transfer from criminal intelligence to Surrey

Police’s Special Branch and begin combating

terrorism. In this role, I continued

investigations and assumed responsibility for

gathering more in-depth open source

intelligence. It was in this role that I began my

unexpected journey as an open source

intelligence specialist with the force, using

bespoke software and investigation tools.

I built up solid experience in open source

intelligence, and was starting to train fellow

colleagues in Best Practice methods and the

use of specialist software. Training and

upskilling are important aspects of any role in

intelligence, as it’s very much the case that you

have to stay ahead of the latest developments

in systems, monitoring and technology.

Come January 2016, and after two years in

counter-terrorism, I transferred to the Anti-

Corruption Unit within Surrey Police. This role

was part of a small and specialised team

focused on exposing corrupt individuals and

practices within the force. During this time, our

team received a Chief’s Commendation. That

was an important highlight for me.

After four-and-a-half exciting years with

Surrey Police, I decided the time was right to

make a change and focus on a new challenge. I

was particularly keen to step out of my comfort

zone and explore new opportunities. That being

so, I set out to extend my professional network.

One of the first events I attended was the

Security and Counter-Terrorism Expo that ran at

London’s Olympia in March 2016. It was here

that I was first introduced to the ASIS UK

Women in Security Group, a sub-group of the

organisation that supports and assists women

in the security sector and also encourages new

entrants into the profession.

Indeed, this was the first of many ASIS

networking events I would subsequently

attend. ASIS International is the largest

organisation for security professionals, with

more than 35,000 members worldwide,

including 800 here in the UK.

An intriguing career

While attending the Expo, I met ASIS UK

director Dawn Holmes CPP (at that time the

lead for the ASIS UK Women in Security Group)

who had just taken up the role of technical

security specialist at Bloomberg LP. Up until

this point, I hadn’t considered security as a

In the Spotlight: ASIS International UK Chapter

career choice, but meeting Dawn as well as

other professional women in the industry

heightened my awareness and interest.

In September 2016, I left Surrey Police to

take on the role of intelligence researcher for

the British Transport Police (BTP). As part of the

change, I relocated from Guildford to London

and, within a few short weeks, I was tasked

with developing the open source intelligence

policy, capability and training for the BTP.

Then, in March last year, I attended the ASIS

UK Spring Seminar where I met Iskander

Jefferies CPP from Securitas. At this point, I had

limited knowledge of Securitas or the private

security sector in general. However, Iskander

explained to me that there might be an -

ntelligence position in the pipeline.

Suddenly, the possibility of a new career and

further professional development was

presenting itself. Having never before placed

much faith in the power of networking, I

suddenly found new doors beginning to open.

Starting a career in security

Last July, the new role of regional intelligence

analyst at Securitas came to fruition and I left

BTP to begin my career in security. A few

thoughts were running through my mind at the

time, with some of them keenly focused on

making the transition from the public to the

private sector and what this would actually

entail. Nevertheless, I was looking forward to a

new challenge and broadening my horizons.

I’ve been with Securitas for seven months

now and I’ve fully immersed myself in the

security industry.

Law enforcement agencies have been

scrutinised and under pressure in recent years.

One positive takeaway from my experience with

Surrey Police is an understanding of the

importance of intelligence and how it can be

gleaned through open source investigation.

Although the security industry has made some

headway, many organisations could do a lot

more to investigate this pool of information.

This is now my ambition: to bring open

source investigation to the forefront of private

security as a crucial means of safeguarding our

clients and assets. As a business, Securitas

understands the power of intelligence and

enhanced vetting with a number of customers

expressing an interest in this service. The

ability to gather intelligence to counteract or

prevent incidents and offer predictive security

is critical, and particularly so in the aftermath

of so many premeditated and targeted attacks

across the UK in recent times.

Today’s companies have to face a number of

threats, and in particular the insider threat.

This is where enhanced vetting comes into its

own, and notably so for those roles with a

heightened requirement for discretion.

The development of the web and social

media channels has presented many positives,

but this has also opened the door to negative

activity. Social media platforms are a primary

source of communication for many, meaning

that there’s an enormous amount of information

and intelligence with which to work. People

report suspicious behaviour, post images and

videos of attacks and cover a whole host of

interesting topics. They even report 101

information to the police service through social

media channels.

The intelligence field is always evolving so

it’s crucial to stay ahead and keep up-to-date

on the latest developments with a heightened

emphasis on the technology side of matters.

Engaging with ASIS UK’s Women in Security

Group and the ASIS Young Professionals Group

has changed the direction of my career which

has been an exciting and rewarding journey.

That said, I believe there’s much more

adventure still to come. I’m looking forward to

learning much more about the security sector.

I often think back to advice given by one of

my former teachers when I was trying to decide

what to study at university. I was urged to

“stick to the core subjects” (which I did). I

enjoyed my degree, but I’m glad I embarked on

a completely different career path.

“Training and upskilling are important aspects of any role

in intelligence, as it’s very much the case that you have to

stay ahead of the latest developments in systems,

monitoring and technology”



Often, fire detection in

large open spaces has

proven to be


challenging. Although

BS 5839-1 provides

clear guidelines for

detection at the

ceiling, some

designers have been

embarrassed to

receive customer

complaints of

detection failing to

respond to a fire

outbreak despite the

systems installed

being compliant with

the Code of Practice.

Robert Yates and Peter



Robert Yates: Technical

Manager at the Fire Industry


Shedding Light on the

Detection of Stratified Smoke

The cause of poor fire detection system

performance can often be attributed to

stratification. This is where the fire has

insufficient energy for the resultant smoke

plume to rise to the ceiling because it has

cooled to the temperature of the surrounding

air and lost buoyancy, spreading out in a layer

below where the detection equipment is sited.

The challenge for system designers, then, is

to predict when and where stratification may

occur. In practice, it’s almost impossible to

reliably predict the height at which the smoke

layer will form because it depends upon the

size and energy of the fire and the temperature

gradient in the protected space.

That gradient can in itself be influenced by

many factors such as differing weather

conditions, the time of day, building occupation

and heating control, etc. As a consequence, it’s

often simply argued that, as the fire develops,

the heat output increases, hotter smoke will

break through any thermal barrier and ceilingmounted

detectors will eventually operate.

In those spaces where smoke stratification is

considered to be a risk, BS 5839-1 (and other

similar Codes of Practice) has, for many years,

recommended that a layer of several beam

detectors is installed, with the detectors

spaced sufficiently close to each other such

that the rising smoke plume is unlikely to pass

through the layer undetected. In reality, this

recommendation is rarely followed because the

number of beam detectors needed is

prohibitively expensive.

Instead, many fire protection system

designers instinctively apply the use of angled

beam detectors in the expectation that they will

be obscured by the smoke layer no matter the

height at which it happens to form.

Research project

This alternative approach using angled beams

was first included in BS 5839-1 in 2013, but no

specific guidance was provided as to where to

place the beam detectors because such an

approach had never been fully researched.

On that basis, the Fire Industry Association

(FIA) accepted a proposal from some of its

member companies to invest in a research

project purposefully designed to investigate the

effectiveness of angled beams and provide data

to support guidance as to where they should

best be positioned.

The research project was sponsored by the

FIA in conjunction with Laluvein Consulting Ltd,

Fire Fighting Enterprises Limited and Xtralis

(UK) Ltd (part of Honeywell), all of them

member organisations of the FIA.

Using software called Fire Dynamic Simulator

(FDS), the FIA (working in partnership with fire

science researchers from the BRE’s Centre for

Fire Safety Engineering at the University of

Edinburgh) modelled a series of fire scenarios

in a 25 metre-high space to simulate the effect

of key variables such as fire size and

temperature gradient on the characteristics of

the smoke layer.

The BRE’s Centre for Fire Safety Engineering

exists to equip tomorrow’s leaders in the field

with the skills they require, support today’s fire

safety teams with multidisciplinary research,

provide first-class education in fire safety

engineering and structural fire engineering,

deliver fire safety consultancy services to

industry and other consultancies and

disseminate information about advances and

research in fire safety engineering through

courses, symposia and publications.

For those readers of Risk UK unfamiliar with

FDS, it uses complex computerised

mathematical modelling systems to simulate

and predict the way in which smoke travels and

how it rises within a building. Moreover, it

includes models that can be used to predict the

activation of smoke detectors (including beam

detectors and aspirating smoke detectors).

These models were fundamentally improved as

part of the project to accurately model angled

beams (of which there were over 100 included

in the simulations).

Useful insights

As is the case with all such analysis, the

absolute accuracy of the results cannot be

relied upon until it has been verified. Despite

this caveat, the results provide useful insights

into the relative performance of detectors in

different positions, while the visualisation

afforded by SmokeView sheds some light on

how the smoke layer develops.

The first finding was that the tight spacing

(¼ height) recommended in BS 5839-1 (for

interstitial beams intended to detect the rising

column of smoke) shouldn’t be relaxed. For

example, if the interstitial beams are installed

at 12 metres they need to be spaced every 3



FIA Technical Briefing: Detecting Stratified Smoke

metres – requiring five times more devices than

with the 15-metre spacing recommended for the

ceiling-mounted beam detectors.

The second finding was that the predicted

response of angled beam detectors passing

through a stratified layer of smoke (resulting

from a small fire when there’s a temperature

gradient) is similar to the response of beam

detectors positioned on a ceiling (to the same

small fire when there’s no temperature gradient

to cause the smoke to stratify). This is an

important finding as it confirms that angled

devices are likely to be effective.

One observation, and which differs from

common/intuitive thinking, is that the

horizontal velocity in the smoke layer reduces

as the layer spreads. The research project

indicates that the smoke layer doesn’t continue

to stretch outwards across the room

indefinitely, but instead tends to deepen

around the centre and become more dense.

When considering a design with angled beams,

it’s therefore important that due attention is

afforded to the extent – and speed – of the

spread of the smoke layer.

Applying the research

The findings thus far are reflected in the current

advice contained within BS 5839-1 for installing

angled beam detectors, and particularly in the

note under Clause 22.5d.

One additional recommendation from the

research which hasn’t been reflected in BS

5839-1 as yet is that, when installing angled

beams, they’re best deployed in a criss-cross

arrangement. This is specifically intended to

ensure that the distance to a beam at any given

height isn’t in any way excessive.

From this relatively short overview of the

research underpinning the current

recommendations for angled beams, it’s clear

that further analysis and validation is needed.

In anticipation of this, the FIA has agreed to

sponsor a second phase of research into the

challenges of detecting stratified smoke.

The FIA’s Fire Detection and Alarm Council’s

primary purpose is to find solutions to such

technical issues on behalf of the fire industry.

Council is comprised of roughly 30 individuals

from FIA member companies, with selection

conducted through an election process. The

majority of those on Council have a senior

background, an extensive range of experience

and a deep knowledge and understanding of

both British and European Standards.

All of this means that technical guidance

documents can be created to the highest

industry standard based on the FIA’s research

and partnerships with leading universities, the

British Standards Institution and other

standards bodies.

The FIA acts as the springboard between

industry and research at top Higher Education

institutions, providing the industry with

solutions and guiding standards by way of

scientific evidence. The research helps in

leading the FIA’s training and qualifications in

fire detection and alarm systems.

Specialist qualifications

On that note, the FIA can now offer four new

specialist qualifications: one each for the

design, installation, maintenance and

commissioning of fire detection and alarm

systems. The qualifications have been carefully

developed over time by a range of experts in

the field to raise the level of professional

knowledge and understanding of those working

within the sector.

These qualifications have been produced in

consultation with industry leaders and

employers, matching the needs of the industry

with what learners really need to understand.

The FIA has worked with reference to the

National Occupational Standards, current UK

legislation and published standards, along with

Codes of Practice and industry Best Practice to

give learners the opportunity to expand their

knowledge and understanding in a format that’s

in-depth and delivered under expert guidance.

Further information

concerning optical beam

detection may be gathered by

visiting the Resources Section

of the FIA’s website

(www.fia.uk.com) where an

extensive technical library can

be accessed

Peter Massingberd-Mundy:

Technology and Expert Practices

Manager at Xtralis (a Member

Company of the FIA)

“The research project indicates that the smoke layer

doesn’t continue to stretch outwards across the room

indefinitely, but instead tends to deepen around the centre

and become more dense”



Mental Health: Are You Doing Enough

to Support Your People?

With workplace stress

on the increase and

mental health issues

now firmly on the

agenda, this really

should be something

that security

businesses are

tackling head on. Yet,

according to the

charity Mind, 30% of

employees questioned

in a recent survey

disagreed with the

statement: “I would

feel able to talk

openly with my line

manager if I was

feeling stressed”.

Louise McCree




Clearly, some managers don’t appreciate the

implications of failing to address mental

health issues within their organisation.

Those who are aware of the consequences

seem unclear about what the correct course of

action should be. This is upheld by further

statistics from Mind which state that,

disappointingly, “56% of employers said that

they would like to do more to improve staff

well-being, but don’t feel they have the right

training or guidance in order to do so.”

Unfortunately, the number of people

reporting mental health conditions seems to be

on the increase. It’s unlikely that this situation

will change. Part of the reason could be due to

longer working hours and employees very often

feeling obliged to take work home with them.

Combined with this is an inability on the part of

some people to ‘switch off’, and particularly so

if they’re contactable all of the time.

Exacerbating the situation is the rapid

advance of technology, with individuals

spending more time in front of screens. Most

readers of Risk UK will already be aware of the

harmful effects of blue light emitted from

electronic devices and how this can impact our

sleep. Also, the British Heart foundation

reported last year that more than 20 million

adults in the UK are failing to meet Government

guidelines for physical activity, leading to all

sorts of related health complications.

On Thursday 1 February, Mind ran its ‘Time to

Talk’ day, the idea being to promote a culture of

speaking openly about mental health issues. If

you missed this, then perhaps the charity’s

‘Time to Change’ pledge may be something to

look into? This could form part of the overall

well-being strategy within your organisation.

Complicated issue

Mental health is a complicated issue. It’s a

sensitive topic and often an emotive one for

many. Therefore, the approach taken towards it

needs to be considered and unhurried. Do

nothing about it at your peril, though. More

than one-in-five (21%, in fact) respondents to a

recent Mind-orchestrated survey stated that

they had called in sick to avoid work when

asked how workplace stress had affected them.

Other scenarios for not being equipped to deal

with mental health issues in the workplace are

PR disasters, potential tribunals and, most

serious and devastating of all, suicide attempts.

Rest assured that there are various ways in

which a security business can prepare itself to

tackle mental health issues and support its

people. The best place to start is with a plan.

Raise awareness. Ensure that employees feel

comfortable talking about mental health issues

and encourage discussions about stress and

anxiety. Also, remember that mental health

issues include eating disorders, panic attacks

and addiction. These should be incorporated

into any written policy. Mental Health

Awareness Week commences in May, so why

not plan ahead and schedule in some activities

or functions that raise awareness?

Consider creating a Well-Being Policy. Be

aware that simply drawing up a policy will not

solve all of the issues involved. It’s a helpful

exercise to begin compiling the things which

your business currently does in order to

support members of staff. It’s also a good way

to identify gaps. Furthermore, a policy is a

simple and effective way of communicating

what you do to clients and members of staff

alike. It also gives those employees who are

struggling something to which they can refer.

Train your managers. This is vital as

managers are likely to be the first people to

notice any change in an employee. Managers

should be taught to look for signs that an

employee is struggling (for example, lack of

concentration, an increase in absenteeism, a

short temper, being emotional at work or a

sudden change in performance level).

Security Services: Best Practice Casebook

Employee Assistance Programmes

Introduce an Employee Assistance Programme

(EAP). Implementing an EAP is usually a

relatively low cost exercise and a great way of

offering additional, external support. Very

often, an employee may not feel comfortable

discussing a personal matter with a colleague.

An EAP is a good alternative. Not only do they

provide counselling, but they also afford

practical advice (for example on matters such

as financial debt or divorce which can often

contribute towards a person’s depression).

If as a business you already have an EAP in

place, determine to make sure that your people

know it’s there and that they make good use of

it. Very often, schemes are paid for, but are

then poorly communicated.

Promote wellness initiatives. As an employer,

you have a Duty of Care, meaning that you

should take all reasonable steps to ensure the

well-being of your employees. Introducing a

wellness programme doesn’t have to be timeconsuming

or expensive. It may be something

as simple as providing a free fruit bowl on each

of your floors at headquarters.

If your organisation already has a ‘Cycle to

Work’ scheme then make sure it’s adequately

promoted. Consider corporate gym membership

or providing a ‘quiet room’ at work wherein

employees can retreat for ten minutes (the

room should be a device-free zone). A number

of companies have run campaigns designed to

encourage staff to take proper breaks at work,

while Stylist Magazine is relaunching its

‘Reclaim Your Lunchbreak’ campaign.

On that note, there’s significant evidence to

suggest that taking even a 30-minute break

away from their desk increases productivity and

boosts an employee’s focus. In addition, it

works wonders for creativity and, most

importantly, mood.

Create and foster a culture of openness,

acceptance and support. A business might do

this by appointing a wellness representative,

ensuring regular communications about health,

exercise, support and training or including such

detail in client presentations or newsletters.

Another great way of embedding the

importance of talking about mental health

issues is to align wellness with various existing

policies and processes. This could include the

annual appraisal or monthly reviews, such that

employees understand what’s expected of

them, what to look for in others and where to

seek help if they should require it.

Make the commitment

In addition to Mind’s ‘Time to Change’ pledge,

there are various other commitments your

“Managers should be taught to look for signs that an

employee is struggling (for example, lack of concentration,

an increase in absenteeism, a short temper, being emotional

at work or a sudden change in performance level)”

business can undertake to make the workplace

a happier and much healthier environment. One

of these is the Healthy Workplace Charter. In

essence, this is a set of standards that

organisations set out to meet in order to

receive an official accreditation.

Mental health is different for everyone and,

as such, you cannot – and, indeed, should not –

approach it as a ‘one-size-fits-all’ solution. The

one thing that many businesses really struggle

with is what to do on a practical level if an

employee has mental health concerns. There

are some key steps to note here.

Manage the employee in the same way as

you would any other medical issue. By this, I

mean ensure that the process you follow is

consistent and in line with the normal company

medical capability process. Meeting with the

employee is essential to understand what’s

going on. You may wish to allow them the right

to be accompanied by a friend or a member of

their family, even though this isn’t obligatory. It

may well make them feel more at ease.

Look at obtaining a medical report (you will

need the employee’s consent for doing so). This

will enable you to gain valuable insight and

advice from a professional. Consider referring

the employee to occupational health.

Sometimes, it can be the case that someone

completely independent and removed from the

process is better able to offer support.

Making reasonable adjustments

Be mindful that you may need to make

reasonable adjustments for the person

concerned. These could include shortened

hours, ‘buddying up’, counselling, adjusting

workload or encouraging the employee to use

some of their annual holiday entitlement for a

break away from the business.

Most importantly of all, though, you should

remember that, because all mental health

issues are different, you must never fall into the

trap of making assumptions about a given

individual’s condition.

In observing that rule, you will undoubtedly

bring about numerous positive changes to your

organisation. You should see productivity

increases, absenteeism reductions, Public

Relations improvements leading to a more

competitive edge and, most significantly of all,

a happier and more motivated workforce.

Louise McCree MCIPD:

Founder of effectivehr



Hardware Cyber Security:

From the Active to the Passive

Iain Deuchars focuses

on hardware cyber

security, examining

the possible

approaches that an

attacker might take

before proceeding to

describe the features

within active network

equipment that can

prevent such attacks

from being successful.


concentrating on IP

security and

surveillance networks,

what follows applies

to any Ethernet-based

network and, as such,

covers a much wider

scope of markets

The term ‘Cyber Security’ is a common one

in our world today, and can affect anything

and anyone from national Governments

and global corporate entities through to

individuals both young and old. Due to its

ubiquitous association, our comprehension of

cyber security is based around the global

Internet where software attacks, such as

malware and DDoS episodes, threaten our

working days and everyday lives. Websites can

become unreachable and corporate servers are

hacked, with expensive consequences for

owners and operators alike.

What we fail to relate cyber security to is the

threat posed to autonomous computer

networks. Here, a third party physically breaks

into a system via its infrastructure devices

resulting in the system being compromised or

failing completely with disastrous outcomes

from either scenario.

Due to their nature, security and surveillance

networks put network connections in both

secure and unsecured locations. Vulnerable

positioning provides ample opportunities for

the would-be attacker, so due care and

attention must be paid to equipment

protection. However, installers must also treat

secure sites in exactly the same way. The point

of attack could originate from a source fully

entitled to be within an area. On that basis, no

chances can be taken.

An Ethernet network comprises both active

and passive equipment. Active equipment is

defined as that which needs electrical power to

operate, while passive equipment is that which

doesn’t require electrical power. Active

equipment includes Ethernet switches (this

article is centred on Layer 2 Ethernet switches

based on MAC addresses and not Layer 3

devices that can switch on either IP or MAC

address) and media converters, and the passive

a combination of cables, connectors and

management such as cabinets, which might

also include additional active equipment

(environmental conditioning and monitoring

systems, for instance).

Ethernet switches act like cable

concentrators, bringing together signals from

different edge devices and then relaying those

signals to other devices based on address

information attached to the signal. They can

have combinations of electrical and optical

ports (connections) in varying port densities.

A media converter is a simple device that

converts electrical signals to optical and viceversa.

The security threat to the network at this

level results from a third party physically

connecting to the switch, or by removing an

edge device from the network and attaching

unauthorised equipment in its place.

The connection could be to an optical port,

but that would require the third party to have

the correct optical interface so, for

opportunistic reasons, it tends to be a

connection via an electrical interface.

Electrical Ethernet ports are based around an

industry standard, so connecting to these is

relatively simple. As every laptop today

harbours such a connection, the probable

weapon of attack is readily available.

Active Equipment Defence

Ethernet switches are available in managed or

unmanaged forms, where the managed

platform has many more features and allows

the end user to configure and remotely monitor

the device. The unmanaged unit has no such

facilities. It simply does the basic job based on

its shipped configuration. Media converters

tend to be in an unmanaged format only.

Where security is concerned, managed units

offer a number of facilities to prevent

unauthorised entry to the network. Unmanaged

units don’t, so managed Ethernet switches

should be used throughout your network.



Hardware Cyber Security: IP Security and Surveillance Networks

It tends to be the case that the simplest

features offer the best security, and with

Ethernet managed switches that persists. The

ability to disable a switch port that’s not being

used in the current network configuration

through the management interface might

seem an obvious security feature, but it’s one

that a lot of network operators fail to employ

and may not even know exists on their devices.

If the port isn’t being used then disable it

such that no unwarranted party can plug

directly into your network. If the port needs to

be used for legitimate traffic in the future then

simply open it via the management system.

While we’re talking about the simplest

features being the best, the default username

and password that every managed Ethernet

switch is shipped with to enable you to gain

access should be changed to a username and

password commensurate with your security

policy. There’s no point in applying all of this

security if it could be changed by our attacker

connecting to the comms port of the switch and

gaining access simply by reading the manual.

Note that the communications port on an

Ethernet switch is a serial data communications

port that allows local access to the

management configuration once a correct

username and password are entered.

Once a link has been established between

two active units in the network, a link

acknowledgement (normally an LED indication)

is generated and dropped immediately the link

is broken. This simple hardware-based trigger

can be used to shut down a port on the basis

that the loss of a link is a potential attack. The

feature can be further expanded to shut down

ports in the event that power is lost to the

active device just in case our attacker has the

smart idea of switching connections once the

switch is powered down.

If any units are deployed in unsecured

locations then the port receiving

communications from that site should be

activated with this feature to counter link

breaks in these areas.

Any IP-based edge device such as a CCTV

camera or speaker will have an Ethernet MAC

address. This can be used to logically connect

the associated Ethernet switch port to that

particular MAC address. If a MAC address that’s

not registered tries to connect, the switch will

simply prevent access. Bear in mind, though,

that the more knowledgeable attacker could

use spoofing to find and copy your MAC

address. This form of protection may buy you

valuable time, but not complete safety.

With the IP address of connected devices

known, the switch can set up a polling routine

“Where security is concerned, managed units offer a number

of facilities to prevent unauthorised entry to the network,

whereas unmanaged units don’t. Managed Ethernet

switches should be used throughout your network”

with the edge device and then run a preprogrammed

procedure if there’s no response

to the poll. Depending on the switch and the

manufacturer, there could be a number of

response procedures employed based on site

security protocols.

One could be to immediately shut the port

down and, at the same time, generate a Simple

Network Management Protocol (SNMP) trap.

This is like an alert flag that tells the

centralised management system something has

happened to the device running SNMP and to

start ringing the alarm bells if required. Another

response could be to simply send the trap and

keep the port open or, if the switch was

supplying power to the edge device, a power

cycle procedure could be run if the user thinks

that the device has either stalled or hung-up.

802.1x User Authentication is an IEEE-defined

standard that should be available on all fullymanaged

switches. It defines an authentication

procedure for devices that wish to join the

network. The standard defines three parties in

the procedure: a Supplicant that wants to join

the network, an Authenticator (which is the

Ethernet switch) and the Authentication Server.

In the system, the Ethernet switch acts to

protect the network until the server has verified

the credentials of the Supplicant and has either

allowed or denied it access to the network.

Passive Equipment Security

Security should be applied to the passive

components of the network as well as the

active ones. How many times have you walked

along the pavement and observed the door of a

utilities company’s street cabinet hanging off,

or the access flap open on a lamppost? The

reason is that, in most cases, the system owner

or operator has no idea that the door of their

cabinet is open and their system isn’t secure.

If any part of the network is housed within an

enclosure, some form of sensor must be on the

door to tell you if it’s open or closed. If the door

is open and you’re not aware of it, then you’re

providing an easy target for any attacker.

Bear in mind that it doesn’t just need to be

active equipment. If the enclosure simply

houses cable management then that could

present an attacker with the opportunity to

break in to the network. Ignore the basics of

network security at your peril.

Iain Deuchars:

Business Development

Manager at ComNet



As part of their overall

risk management

posture, organisations

worldwide can make a


contribution towards

reducing the impact of

road traffic collisions

by providing

appropriate training in

both medical and

vehicle rescue

capabilities for key

members of staff and

locations. Here, Neil

Pedersen examines

the main points of this

strand of corporate

risk mitigation

A ‘Cut’ Above The Rest?

Did you know that a figure of circa 1.2

million represents the yearly death toll on

road networks around the world? That

figure doesn’t even include the further 50

million or so individuals who are injured in

traffic collisions. What’s more, the former

statistic is one that’s expected to rise to 1.4

million deaths per annum by the year 2030.

In addition to the grief and suffering they

cause, road traffic accidents constitute an

important public health and development

problem given the significant health and

socioeconomic costs realised. Considerable

economic losses are not only incurred by the

victims and their families, of course, but also by

organisations and, indeed, nations as a whole.

Crashes on the roads actually cost most

countries between 1% and 3% of their gross

national product.

As well as ensuring that members of staff,

guests and clients are protected in the event of

an emergency scenario, the added skills that

can be delivered by specialist training in this

area could also contribute towards the local

emergency response arrangements in remote

locations and assist in building positive local

relationships in surrounding communities.

For many years, it was only possible to have

a sufficient rescue capability if you had a large

hydraulic generator, hydraulic hoses and large

heavy rescue tools to hand. This meant that it

wasn’t realistically possible to provide a

portable rescue provision in relation to traffic

accidents. However, advancements in hydraulic

tool design coupled with developments in

battery technology now mean that it’s possible

to produce tools capable of in excess of 50

tonnes of cutting and spreading forces that can

be combined into smaller and lighter tools

without the need for generators or hoses.

State-of-the-art capability

As a direct result, it’s now possible to have a

state-of-the-art rescue capability in your own

vehicle which will allow you to enact an

immediate rescue intervention on the scene of

any accident or incident.

There’s now a wide range of small, yet

powerful rescue tools which will permit rescue

operations and greatly increase survivability

rates by allowing the rapid extraction of injured

casualties whatever the location. These tools

and associated training will be particularly

useful to security and close protection teams,

corporate risk management, military units and

Special Forces, counter-terrorism teams,

emergency responders and those tasked with

transporting goods in remote locations.

However, it’s vitally important that these

tools are used in the correct manner and that

personnel are familiar with the wide multitude

of techniques employed during rescue

operations. Any failure here could result in

damage to those tools used or, even worse,

injury to the users themselves.

Many corporations around the world operate

in remote environments and in countries with

poor road infrastructures. Due to location, it’s

often necessary to travel long distances on

dangerous roads made so by the driving

standards of other road users, adverse weather

conditions and poorly maintained roadways.

As part of their corporate risk assessment

procedures, companies often overlook the fact

that one of the biggest risks posed to

personnel and any visiting guests is the journey

from point of arrival to the final destination or

those journeys undertaken while visiting

specific sites around a given country.

Basic rescue interventions

In the event of a vehicle incident, in many areas

of the world it’s highly unlikely that there will

be any type of rescue services in close

proximity and occupiers of vehicles could be

trapped and injured for extremely long periods

of time before any assistance arrives (if at all).

Therefore, it’s vitally important to have an onboard

capability to carry out basic rescue

interventions and provide life-saving



Training and Career Development

emergency medical equipment. Rescue options

can range from having a single battery-powered

hydraulic combination tool in the rear of your

vehicle to having a fully-equipped support

vehicle attached to your convoy.

More important, however, is the necessity

for having personnel who are both medically

and technically trained in the event of an

emergency and who are capable of rescuing

and maintaining life until specialist support

arrives at the scene.

For many years, colleagues of ours in the

close protection sector and the military have

told us that what’s really needed while

transporting their clients and personnel is the

ability to carry out an emergency rescue

immediately following a vehicle incident,

whether that incident is accidental or a

deliberate attack on their vehicles. Those

vehicles may even be armoured, in turn

presenting even further rescue difficulties.

While in the UK we’re fortunate enough to

have some of the best Emergency Services and

rescue specialists in the world, that isn’t always

the case overseas. If you’re lucky enough to

gain access to a local service, it’s likely not to

be carrying equipment capable of transacting a

rescue from a modern vehicle boasting modern

construction techniques.

All of these factors greatly reduce the

chances of survival following a vehicle incident,

and especially so when time is of the essence.

After all, you cannot effectively treat a casualty

unless you can extract them from the vehicle.

Combined approach

Security and close protection teams are also

responsible for ensuring the safety of their

clients and, as a result, should be prepared for

all eventualities. Clients of protection teams

will be reassured that those teams carry rescue

tools and are trained to use them during an

emergency scenario, which also provides a

further reason as to why their services should

be employed to protect their clients.

The way to view rescue provision is to

consider the assertion that it has an equal

weighting in relation to the problem. This

means that, ideally, the methodology is 50%

technical/physical rescue and 50% medical

rescue. These two ideally work in harmony

alongside each other to simply save life in the

context of a vehicle accident.

Of course, additional dynamics like the

severity of the incident, geographical location

and the time of day are all factors that can

affect the situation. It must be borne in mind,

though, that even with the odds stacked

against you, having a technical rescue

“As part of their corporate risk assessment procedures,

companies often overlook the fact that one of the biggest

risks posed to personnel and any visiting guests is the

journey from point of arrival to the final destination”

capability and a medical capability to hand is

never to be underestimated. There are many

examples of where this technical/medical

capability hasn’t existed and lives have been

lost. We cannot undo what is already done, but

we can adapt, prepare for and be ready to react

and respond better to similar incidents next

time around. Why wait for tragedy to strike if

you can play a part in reducing it?

Consider your team travelling in a vehicle in a

location that’s remote or has limited local

rescue capability compared to the UK. A vehicle

accident occurs. Consider then if, within that

team or a following vehicle, there’s the

capability to proactively react and carry out

effective rescue operations and medical

interventions. You can literally have UKstandard

Fire and Rescue Service capability in

the boot of a vehicle, but what’s really key here

is the ability to use it to its full potency.

Medical aspects are vital

The approach adopted may be titrated and

multifaceted to accommodate wide-ranging

needs. Certainly, the medical aspects are vital.

Consider travel in those areas or locations

where medical response is poor, non-existent,

ill-equipped or just too far away from where an

incident has occurred. The option of dialling the

Emergency Services and knowing that a

response will attend the scene simply isn’t

there in many places around the globe.

The solution is to be self-sufficient, skilled,

equipped and able to help yourselves and/or

your team/colleagues. The medical

methodology adopted should ideally be borne

out of military experience, humanitarian

experience, professional rescue experience and

exposure gained from operational functionality

over a prolonged period. It’s a methodology

that works, achieves results and can literally

mean the difference between life and death.

Approaches to trauma and injury should be

evidence-based, proven and honed from

experiences gained in extreme situations.

These approaches ought to be taught in an

assertive and disciplined sense to deal with

problems in order of severity, and are often

underpinned by lessons learned in those

extreme environments. If a given approach

works in such environments, often hours away

from definitive care, then it can work anywhere.

Weber Rescue Systems UK’s

E-Force battery-powered

hydraulic rescue tools

Neil Pedersen:

Founder and Business Director

of the International Road

Rescue and Trauma

Consultancy (IRRTC)



Risk in Action

Risk in Action

The Flood Company

installs heavy duty

flood mitigation

solution for retailing

giant Sainsbury’s

The Flood Company has

recently completed the

installation of a heavy duty

flood mitigation solution for

nationwide supermarket

giant Sainsbury’s at its store

in Carlisle.

The Flood Company was tasked with surveying the site, designing an

aesthetically pleasing solution and installing flood prevention measures after

the store was forced to close for several weeks as a direct result of flooding

following the advent of Storm Desmond in 2015.

The supermarket chain was left with a multi-million pound insurance claim

following the disaster, which also saw its insurers threaten to increase the

firm’s premium or even withdraw flood cover altogether should preventative

measures not be implemented to protect from future flooding episodes.

To provide a solution that matched the current appearance of Sainsbury’s

supermarkets, The Flood Company innovated a Buffalo panel system. This has

been retrofitted to the building and creates an exterior flood-proof seal.

The Flood Company has installed Buffalo glass, which is an aesthetically

pleasing barrier used in public areas, as well as a Buffalo HD barrier system

around doors and loading bays.

In addition to these three types of barriers, The Flood Company has also

installed secondary pumps and control systems to control the flow of water and

create a secondary line of defence for the store. The design underpins a system

which is 95% passive. This means that only doors and loading bays require

manual operation for the system to be implemented. The process may be

completed in under an hour by four members of staff.

The complete system minimises downtime for the store in the event of a

flooding episode and has satisfied the insurer to re-insure the site.

Warefence uses Hadley Group’s

UltraFENCE palisade-style security

solution to protect top car marques

Founded back in 1981 and based in Oxfordshire,

Warefence has established an enviable

reputation for the supply and installation of

security and access control fencing solutions

leading to a strong working relationship with

Hadley Group for the use of the manufacturer’s

UltraFENCE palisade system as well as other

products. This includes recent work at a

prestigious new car showroom in Newbury.

Warefence has chosen to once again make

use of the proven UltraFENCE security solution

in its contract at the Marshall Jaguar Land Rover

dealership on the Greenham Business Park in

Newbury having used it very successfully on

other similar projects in the past.

Hadley Group’s UltraFENCE exceeds the

requirements of BS 1722 Part 12: 2006 while

aiding the construction of boundaries which are

both attractive and fully-functional as an

effective deterrent to unauthorised entry. In this

instance, some 50 metres of the 2.4-metre high

UltraFENCE 200 option is employed to secure

rear access to the vehicle yard, with another

short stretch being erected at the front.

UltraFENCE is quick to install. The system

makes use of well-engineered and highly

durable components including UltraRail,

UltraPOST and UltraPALE.

Videx completes bespoke door

entry system installation at

Connaught House

Working in partnership with Enterprise

Security Technologies, Videx has successfully

installed a complex door entry management

system at Connaught House, which provides

private residential housing and commercial

office space right in the heart of London.

The key access control requirement was to

provide a secure and easy-to-use system with

24-hour video door entry for visitors, affording

a clear image of the person(s) arriving.

Talking about the installation, Ben Davies

(South East sales manager at Videx)

explained: “Most residents at Connaught

House are internationally-based, some of

them as far away as Saudi Arabia and India.

They use their apartment as a London base,

but mainly live elsewhere. Providing secure

and convenient access control on site was a

top priority for this project.”

Davies continued: “A key aspect of the

project was to install a system that’s

specifically designed to meet the client’s

needs. A bespoke panel was created such that

the old panel could be replaced using existing

cables without any unnecessary expense or

time spent on making alternations to the

surrounding brickwork or repairing damage

realised by a completely new installation.”

Enterprise Security Technologies

recommended and installed Videx’s flagship

VX2200 digital door entry system to ensure

the security of the building as a whole.



Technology in Focus

Technology in Focus

Checkpoint Systems’ NEO heralds dawn of “EAS revolution”

for retail sector specialists

Checkpoint Systems, the supplier of

source-to-shopper solutions for the

global retail industry, has

announced a “radical shake-up” of

its range of electronic article

surveillance (EAS) antennas with the

introduction of a “revolutionary”

new electronics platform. NEO will deliver enhanced detection and connectivity

for retailers, in turn enabling them to improve store operations.

The powerful new electronics are said to represent “a seismic shift” in the

way radio frequency (RF)-based EAS solutions perform in store and enable the

sensors to become a key part of the connected store environment.

Available immediately, NEO debuts in a range of new and more aesthetically

pleasing antenna designs, subsequently aiding those retailers who are looking

to create a more enticing shop entrance.

A ‘first’ for the retail industry, NEO-enabled antennas feature wireless

Bluetooth connectivity. This means that stores will no longer have to connect

antennas via underfloor cabling, which is both costly and time-consuming.


SoloProtect Go badged as

“smallest and lightest” lone

worker safety device

International lone worker safety

company SoloProtect is announcing

several new developments within its

product range for 2018, starting with the

addition of SoloProtect Go. This is a fobstyle

device supplied as part of the

company’s range of solutions and

accredited to BS 8484:2016.

SoloProtect is primarily known for delivering solutions around its identity

card device form-factor, Identicom and the SoloProtect ID, of which a combined

260,000 devices have been supplied to lone workers directly and through a

network of authorised partners. With SoloProtect Go, the company is

diversifying its offer to cater for a wider set of customer requirements and

afford SoloProtect solutions an even greater appeal.

SoloProtect Go is a compact and easy-to-use, dedicated lone worker device

affording discreet and simple operation. It’s also “the world’s lightest and

smallest” dedicated lone worker device available to organisations

implementing BS 8484-approved staff protection measures.

The solution is supplied with all of the usual functionality expected of

SoloProtect’s specialist lone worker devices including the ‘Device Check’,

‘Amber Alert’ and ‘Red Alert’ functions as standard. The device is also water

resistant to an IPX6 rating and configurable for those lone workers with a risk

of incapacitation.

SoloProtect Go is enabled with haptic (ie touch) feedback to discreetly make

a given device user aware that their situation is being monitored and reassure

them that appropriate action is being taken on their behalf.

SoloProtect Go is supported by the company’s in-house, EN 50518-accredited

Alarm Receiving Centre (ARC). This is a 24/7/365 resource and the only

dedicated lone worker ARC in the UK to meet this European-level standard.


AMG brings benefits of enterpriselevel

10 GB Ethernet networks to

businesses of all sizes

Pressures on business data networks are

intensifying at an unprecedented rate as

more and more devices rely on constant

connectivity and speed which is bandwidth

intensive. Standard 1 GB Ethernet networks

may no longer meet the needs of even

medium-sized businesses, but according to

networking and transmission specialist AMG

Systems there’s now an available solution.

AMG’s Commercial Layer 2+ 10 GB

managed Ethernet switch series brings the

business benefits of high performance and

low latency 10 GB Ethernet to businesses of

all sizes. These switches are purposedesigned

for both medium and large network

environments and specifically aim to

strengthen network connectivity.

The products in AMG’s managed Ethernet

switch range boast 8, 24 or 48 GB ports,

with or without Power over Ethernet support,

and 1/10 GB SFP+ uplink ports.


OPTEX integration to Genetec

Security Center “heralds new era”

for critical infrastructure security

Laser scanning technology from OPTEX can now

be integrated with Genetec’s Restricted Security

Area (RSA) surveillance module to deliver “a

new era” in security and detection for outdoor

and indoor environments at airports and other

critical infrastructure sites.

Via the RSA module, OPTEX’s REDSCAN laser

sensors can now send real-time events and

alarm data to Genetec’s unified security

platform, alerting Control Room operators to

any intrusion in the surveillance area.

Intrusions can be tracked on site maps.




You have to be here if you want

to be regarded as a key player

in the security market.


visitors from

116 countries


of visitors come to

source new products


total budget of

visitors to IFSEC 2017

Enquire about exhibiting at IFSEC 2018: ifsec.events/international

Proud to be supported by:


Andy Neal

Cardinus Risk Management

has acquired the talent and

expertise of Protaris

founder and expert Andy

Neal to head up the

company’s all-new Security

Division. This move actively

expands Cardinus’ solutions

to cover the risks presented

to its clients’ assets and workforces from the

increasing work-related threats posed by lone

wolf terrorism, safe travel (both national and

international) and lone working.

Neal’s existing on-site courses in travel

safety, conflict management, hostile

environments and responding to the threats of

lone wolf terrorism will be enhanced by adding

specialist e-Learning courses to Cardinus’ suite

of Health and Safety, environmental and

compliance courses. Neal is also an expert in

behavioural safety, profiling and strategic asset

protection having previously worked for major

international organisations.

Neal is also an expert in personal security

and, to date, has advised Governments, royal

families, major companies and high-profile

celebrities in a career spanning 22 years. His

military background coupled with a deep

understanding of the commercial world is

unique and provides the framework for a strong

and well-established set of services that will be

enhanced by Cardinus’ scope and global reach.

Speaking about this move, Neal informed

Risk UK: “I’m absolutely delighted to be joining

Cardinus Risk Management. The business has a

world class client list. At the present time, it’s

clear that security and personal safety is a key

risk for organisations and I very much look

forward to working with the team here to help

our clients manage this increasing risk.”

Alan Nathan

Axis Security has appointed Alan Nathan to

the newly-created national position of

business continuity and risk manager. Nathan

has more than ten years of commercial

security experience, primarily focusing on

national and international client account

management, and most recently completed a

contract in Kazakhstan designing and

managing security operations within the oil

and gas industry.

“Axis Security is dedicated to providing

clients with support and solutions for their

specific operational needs,” explained Nathan.

“I’ve already begun to engage with both

existing and potential clients in order to


Risk UK keeps you up-to-date with all the latest people

moves in the security, fire, IT and Government sectors

Derek McGee

Fusion Risk Management, the specialist

provider of business continuity risk

management software and services, has added

two senior sales executives to its UK team.

Derek McGee and Laura Sloan have joined the

business as the company moves to expand its

European operations in order to meet rapidly

growing demand for the firm’s solutions.

McGee brings 20 years of experience of

providing solutions in the technology and

software sector having served enterprise

organisations in the UK and around the globe.

As a senior sales and business development

executive, McGee excels at understanding

customers’ unique business requirements and

brings a clear focus on providing flexible

solutions to ensure success.

McGee informed Risk UK: “Fusion Risk

Management’s top position in the market for

enterprise business continuity risk management

software is affirmed by the company’s

outstanding roster of globally-recognised

clients, its leadership position in the Gartner

Magic Quadrant Report, ongoing industry

awards and also Fusion’s significant investment

in Europe to meet growing demand. This is an

exciting time to be joining the organisation.”

Sloan also joins Fusion with more than 20

years of experience gained in serving enterprise

customers across a wide range of industries,

and with a keen focus on client requirements for

next generation business continuity solutions.

develop our risk management and business

continuity credentials.”

Reporting to operations director John

Fitzpatrick, Nathan’s immediate task is to

review and develop Axis Security’s emergency

notification and incident management

capability for both the company’s staff safety

assurance and clients’ own emergency

notification and management procedures.

David Mundell, managing director of Axis

Security, explained to Risk UK: “Alan joins Axis

Security in this new and important role with a

wealth of experience in the industry, having

designed and managed numerous large-scale

security operations over the years. His

appointment will further enhance the

company’s support capability to its clients.”




Gary Frith

Security product and service provider Webeye has just

announced the appointment of Gary Frith as business

development director. Frith brings with him 30 years of

sales and business development experience and has a

wealth of knowledge within the security industry.

Before joining Webeye, Frith was the UK and Ireland

commercial agent for RSI Video Technologies, the French

manufacturer of battery-operated visual verification

security products, growing it from a start-up position to

become the major supplier of easily-deployable video alarms.

Frith’s early career was spent in Germany working for REHAU AG and Co and

Alexander Proudfoot plc, where his talents were quickly recognised. Frith

oversaw a 30% productivity improvement after implementing an action plan

involving new working methods and systems.

On returning to the UK, Frith worked in consultancy roles for several

companies including Ramtech Electronics, where he set up a CCTV business

within the organisation specialising in IP network video.

“Gary is joining Webeye at a very exciting time,” stated managing director

Clive Mason in conversation with Risk UK. “We feel Gary will be the ideal fit to

build on the already phenomenal global growth of Webeye.”

Stephen James

BAFE, the independent

register of quality fire

safety service providers,

has appointed Stephen

James as compliance

manager. This new role

has been introduced to

acknowledge the

substantial growth in

BAFE-registered company numbers in recent

years and also the responsibility the

organisation shares with its certification bodies

to ensure registered businesses remain

compliant with the BAFE schemes.

James brings a wealth of knowledge and

experience having been part of the fire industry

for over 35 years. He began his career covering

the refilling, refurbishing and testing of

portable fire extinguishers, while also working

on hose reels, dry risers and fire hydrants.

James developed into an extinguisher

engineer and, later, a service manager

responsible for quality procedures including

ISO 9001 and third party certification.

Stephen Adams, BAFE’s CEO, told Risk UK:

“With an ever-growing demand for competent

providers of fire protection works, it’s vital that

we continue to ensure the BAFE marque of

approval is used by competent and compliant

organisations. Stephen will be a great addition

to the organisation, duly assisting the BAFE

scheme management, our partner certification

bodies and registered companies in reviewing

and acting upon any instances of nonconformities,

while also helping to police the

BAFE brand at all times.”

Simon Shawley

Wavestore, the British

developer of open

platform and highly

secure Linux-based Video

Management Software

(VMS), has appointed

Simon Shawley as its

new sales director to

oversee the company’s

sales strategy and drive significant growth

across the EMEA region.

Shawley boasts over 25 years’ experience in

the electronic security market having previously

held senior sales and business development

positions for major companies including

Hanwha Techwin and DVTel.

“It’s great to join the Wavestore team at such

an exciting juncture,” enthused Shawley.

“Organisations are increasingly using VMS to

maximise their investment in electronic

security. Wavestore’s ability to bring together

third party devices and sub-systems such as

cameras, intruder detection, access control and

video analytics from the world’s leading brands

on a common, future-proof and easy-to-operate

platform delivers for clients in terms of both

technology and total cost of ownership.”

James Keith

Safety and security

solutions provider

Allegion has appointed

James Keith as end user

solution strategy

manager for its UK

business to strengthen

the company’s profile

among customers.

Keith joins Allegion following 13 years in

product, brand and category management

roles across the automative, Health and

Safety and home improvement industries.

His previous roles have seen him engage in

project-led work, managing full portfolios

and implementing key product roadmaps.

Keith’s role at Allegion will involve direct

engagement and involvement with end users

and the challenges they face, bringing

complete solution packages to full fruition.

Specifically, he’ll deliver differentiated

offerings to targeted vertical markets.

Marc Lengahan, commercial director of

Allegion UK and Ireland, said: “We’re thrilled

to welcome Keith as part of the end user

business development team. He will play an

integral role in making Allegion a trusted

advisor in the marketplace, in part by

providing industry thought leadership.”



Vista adds new features and

more functions to Viper

Vista launched the Viper Family in 2017 and is continually working on developing the range in

line with customer requirements and feedback to ensure that the perfect solution can be offered.

The overall purpose of the Viper Family is to provide a multi-format recording platform, allowing end users to

pull together Viper High Definition analogue DVRs and Viper IP NVRs into a single, seamless system. The Viper Virtual Matrix Controller provides

complete control of the system through the uniform and intuitive central management software. The flexible range gives users the opportunity to

upgrade their systems at their own pace, with Vista providing high quality service throughout.

The latest addition to the range is Viper-Remote, the app that allows operators to be in constant contact with their security system. The app

provides alarm notifications straight to the user’s device, the ability to view live and recorded images remotely, various display options and an

intuitive navigation system. The wide-ranging search options also ensure that time is saved when reviewing footage and important events can be

found with ease. The app also allows for the management of devices in the system providing the opportunity to add and remove devices whenever

necessary from any remote location.

Vista has also been working to enhance the functionality of the H5 range of NVRs. The latest development is the de-warping function that allows

360-degree cameras to be viewed in a more user-friendly, 180 degree view. This helps to improve user experience by making reviewing images as

simple as possible. In response to ‘Voice of Customer’ feedback and suggestions, Vista has also been working on making the range compatible

with Immix. This is another hugely beneficial function which is on its way.

Bob Forehand, Vista’s technical manager, comments: “The Viper Family is an incredibly flexible range that allows end users to ‘mix-and-match’

Viper units, combining both IP and analogue systems. The flexibility of the range means that the solution can be developed over time, saving on

upfront costs and accounting for the requirements of growing or developing systems.

The addition of Viper Remote, Viper

Central and the upcoming introduction

of Immix make the already

differentiated and

comprehensive offering

even more inviting.”

For more information visit www.vista-cctv.com, contact us via

e-mail at info@vista-cctv.com or telephone 0118-912 500

Best Value Security Products from Insight Security

www.insight-security.com Tel: +44 (0)1273 475500






Anti-Climb Paints

& Barriers

Metal Detectors

(inc. Walkthru)

Security, Search

& Safety Mirrors

Security Screws &


Padlocks, Hasps

& Security Chains

Key Safes & Key

Control Products

Traffic Flow &


see our




Tel: + 44 (0) 1763 273 243

Fax: + 44 (0) 1763 274 106

Email: sales@kerisystems.co.uk





ACT – Ireland, Unit C1, South City Business Park,

Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100

ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,

Warrington, WA3 7GB. Tel: +44 161 236 9488

sales@act.eu www.act.eu



Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards

Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68

Tel: 01293 553888 Fax: 01293 611007

Email: sales@covasecuritygates.com

Web: www.covasecuritygates.com



Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,

Waterproof Keypads, Door Closers, Deadlocks plus many more

T: 01202 676262 Fax: 01202 680101

E: info@alpro.co.uk

Web: www.alpro.co.uk



St. James’ Bus. Centre, Wilderspool Causeway,

Warrington Cheshire WA4 6PS

Tel 01925 552740 M: 07969 650 394





Integrated Design Limited, Feltham Point,

Air Park Way, Feltham, Middlesex. TW13 7EQ

Tel: +44 (0) 208 890 5550





Authorised Dealer

Tel: 0845 1 300 855 Fax: 0845 1 300 866

Email: info@secure-access.co.uk

Website: www.secure-access.co.uk



Nortech House, William Brown Close

Llantarnam Park, Cwmbran NP44 3AB

Tel: 01633 485533

Email: sales@nortechcontrol.com


Custom Designed Equipment

• Indicator Panels

• Complex Door Interlocking

• Sequence Control

• Door Status Systems

• Panic Alarms

• Bespoke Products



Tel: +44 (0)1744 886600



Planet Place, Newcastle upon Tyne

Tyne and Wear NE12 6RD

Tel: 0845 643 2122

Email: sales@ukbinternational.com

Web: www.ukbinternational.com

Hoyles are the UK’s leading supplier of

custom designed equipment for the

security and access control industry.

From simple indicator panels to

complex door interlock systems.



Paul Amura

Tel: 020 8295 8307

Email: paul.amura@proactivpubs.co.uk



Creating Continuity ....... Building Resilience

A not-for-profit organisation providing help and support

Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845

Email: membership@continuityforum.org

Web: www.continuityforum.org

www.insight-security.com Tel: +44 (0)1273 475500



Rapid Deployment Digital IP High Resolution CCTV

40 hour battery, Solar, Wind Turbine and Thermal Imaging

Wired or wireless communication fixed IP

CE Certified

Modicam Europe, 5 Station Road, Shepreth,

Cambridgeshire SG8 6PZ

www.modicam.com sales@modicameurope.com



Unit 39 Sir Frank Whittle Business Centre,

Great Central Way, Rugby, Warwickshire CV21 3XH

Tel: 01788 567811 Fax: 01788 544 549

Email: jackie@plettac.co.uk





Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ

Tel: +44 (0) 1269 831431

Email: cctvsales@altron.co.uk

Web: www.altron.co.uk



Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring

• Vehicle Tracking • Message Handling

• Help Desk Facilities • Keyholding/Alarm Response

Tel: 0208 889 0475 Fax: 0208 889 6679

E-MAIL eurotech@eurotechmonitoring.net

Web: www.eurotechmonitoring.net



Gtec House, 35-37 Whitton Dene

Hounslow, Middlesex TW3 2JN

Tel: 0208 898 9500






Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP

Tel +44 (0)161 430 3849







Panasonic House, Willoughby Road

Bracknell, Berkshire RG12 8FP UK

Tel: 0207 0226530

Email: info@business.panasonic.co.uk




Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company

also offers an internal technical support team, dedicated field support engineers along with a suite of

training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified

time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online

account, installers can order up to 7pm for next day delivery.

Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk



Barham Court, Teston, Maidstone, Kent ME18 5BZ


Phone: 01622 618787

Fax: 020 7100 8147

Email: emeasales@kbcnetworks.com


Paul Amura

Tel: 020 8295 8307

Email: paul.amura@proactivpubs.co.uk



High resolution ATEX certified cameras, rapid deployment

cameras and fixed IP CCTV surveillance solutions available with

wired or wireless communications.

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG

Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333

Email: info@sesys.co.uk www.sesys.co.uk

www.insight-security.com Tel: +44 (0)1273 475500




210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP

Tel: 0118 912 5000 Fax: 0118 912 5001


Email: info@norbain.com



Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,

Reading, Berkshire RG74GB, United Kingdom

Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001

Email: ireurope@innerrange.co.uk




Hikivision & MaxxOne (logos) Authorised Dealer

Unit A10 Pear Mill, Lower Bredbury,

Stockport. SK6 2BP

Tel +44 (0)161 430 3849






Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX

Tel: + 44 (0) 1706 363998

Fax: + 44 (0) 1706 363991

Email: info@gjd.co.uk




14 Low Farm Place, Moulton Park

Northampton, NN3 6HY UK

Tel: +44(0)1604 648344 Fax: +44(0)1604 646097

E-mail: info@gpsperimeter.co.uk

Web site: www.gpsperimeter.co.uk



1 The Ashway Centre, Elm Crescent,

Kingston upon Thames, Surrey KT2 6HH

Tel: +44 (0)20 8546 9826

Fax:+44 (0)20 8547 1026






Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER

Tel: 01443 471900 Fax: 01443 479 374

Email: sales@dyconpower.com




Tel: 0845 389 3889

Email: info@bsia.co.uk

Website: www.bsia.co.uk

Twitter: @thebsia




Adept House, 65 South Way, Walworth Business Park

Andover, Hants SP10 5AF

Tel: 01264 351415 Fax: 01264 351217

Web: www.adeptpower.co.uk

E-mail: sales@adeptpower.co.uk



Tel: +44 (0) 844 8000 235

E-mail: securitysales@honeywell.com



Woodgate, Bartley Wood Business Park

Hook, Hampshire RG27 9XA

Tel: 01256 386700 5152 e-mail:



www.insight-security.com Tel: +44 (0)1273 475500




Units 1 & 2 Cliffe Industrial Estate

Lewes, East Sussex BN8 6JL

Tel: 01273 475500





Challenger House, 125 Gunnersbury Lane, London W3 8LH

Tel: 020 8752 0160 Fax: 020 8992 9536

E: info@contractsecurity.co.uk

E: sales@contractsecurity.co.uk

Web: www.contractsecurity.co.uk



1 Stirling Way, Papworth Business Park

Papworth Everard, Cambridgeshire CB23 3GY

United Kingdom

Tel: 01480 832202

Email: xray@toddresearch.co.uk



Frenchmans Road

Petersfield, Hampshire GU32 3AP

Tel: 01730 237100

Fax: 01730 264915

email: fencing@jbcorrie.co.uk



Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre

optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B

Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ

Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311

Email: sales@optex-europe.com




Lincoln House,

Malcolm Street

Derby DE23 8LT

Tel: 0871 208 1187




Challenge Way, Martland Park,

Wigan WN5 OLD United Kingdom

Tel: +44 (0) 1942 322744

Fax: +44 (0) 1942 829867

Website: www.c-tec.com



Aviary Court, Wade Road, Basingstoke

Hampshire RG24 8PE

Tel: +44 (0) 1256 475555

Fax: +44 (0) 1256 466268

Email: sales@takex.com

Web: www.takex.com



Secure House, Braithwell Way, Hellaby,

Rotherham, South Yorkshire, S66 8QY.

Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042


www.linkedin.com/company/pyronix www.twitter.com/pyronix



PO Box 750, Uxbridge, Middlesex UB9 5ZJ

Tel: 0330 1239979

E-mail: uk.securitysystems@bosch.com

Web: uk.boschsecurity.com



125 Pasture road, Moreton, Wirral UK CH46 4 TH

Tel: 0151 606 1000

Fax: 0151 606 1122

Email: andyw@cqr.co.uk




Secure House, Braithwell Way, Hellaby,

Rotherham, South Yorkshire, S66 8QY

TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042

www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity




Cliff Street, Rotherham, South Yorkshire S64 9HU

Tel: 0845 330 4400

Email: contact@constant-services.com




Eaton is one of the world’s leading manufacturers of security equipment

its Scantronic and Menvier product lines are suitable for all types of

commercial and residential installations.

Tel: 01594 545 400 Email: securitysales@eaton.com

Web: www.uk.eaton.com Twitter: @securityTP



T: +44 (0)1895 474 474






Brunel Way, Fareham

Hampshire, PO15 5TX

United Kingdom


www.insight-security.com Tel: +44 (0)1273 475500


Independent left and right detection

with BX Shield PIRs

BX Shield

Outdoor curtain PIRs

up to 12m per side

wired/wireless & anti masking

The BX Shield sensors combine superior outdoor performance with

a versatile, modern design. The result is a range of easy-to-install curtain

sensors protecting the immediate boundary of your premises against intrusion.

With two pyro-elements on the left, and two on the right, the motion sensors

detect completely independently on each side and up to 12m to suit the needs

of your property. Not affected by small animals or by environmental changes,

it is a perfect trigger for outdoor CCTV cameras providing visual verification

for residential or commercial applications.

For more information visit www.optex-europe.com

or contact us at +44(0) 1628 631 000


Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!