RiskUKMarch2018
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
March 2018<br />
www.risk-uk.com<br />
Security and Fire Management<br />
The Centre of Intelligence<br />
Integrating Technology and Security Guarding<br />
News Special: ASIS European Security Conference 2018<br />
BSIA Briefing: Preparing for the EU’s GDPR<br />
Perimeter Protection: Utilities Sector Solutions Examined<br />
FIA Technical Briefing: Detecting Stratified Smoke
SkyHawk AI<br />
The hawk is back and<br />
smarter than ever.<br />
Gain the commercial edge with SkyHawk AI,<br />
built for AI-enabled surveillance systems,<br />
and now protected by SkyHawk Health.<br />
WWW.SEAGATE.COM<br />
©2017 Seagate Technology LLC. All rights reserved.
March 2018<br />
Contents<br />
34 Meet The Security Company<br />
In association with the NSI, Risk UK continues its ‘Meet The<br />
Security Company’ series by asking Risk Management Security<br />
Services’ managing director Graham Tilly some key questions<br />
Preparing for the EU’s GDPR (pp17-18)<br />
5 Editorial Comment<br />
6 News Update<br />
BS ISO 31000 revised. ICO data protection work funding model.<br />
New counter-terrorism technology unveiled by Home Office<br />
8 News Analysis: PwC’s Crime and Fraud Survey<br />
PwC’s latest study highlights that half of those UK organisations<br />
questioned have been the victim of fraud and/or economic crime<br />
in the last two years. Brian Sims delves into the fine detail<br />
11 News Special: ASIS Europe 2018<br />
ASIS International’s annual European Security Conference and<br />
Exhibition runs from 18-20 April at the Postillion Convention<br />
Centre in Rotterdam. Brian Sims previews the content on offer<br />
14 Opinion: Security Business Sector Insight<br />
Simon Chapman examines the impact of the IoT and how it’s<br />
actively enhancing remote monitoring via Intelligence Centres<br />
17 BSIA Briefing<br />
What exactly does it mean to be compliant with the European<br />
Union’s General Data Protection Regulation, which comes into<br />
force at the end of May? James Kelly outlines the main points<br />
20 The Global Context: Risk in 2018<br />
In the second instalment of an exclusive series, Nicola Crawford<br />
provides an overview of the risk landscape emerging in 2018<br />
38 The Security Institute’s View<br />
Rachel Anne Carter focuses on the important role of the<br />
insurance industry in the delivery of security solutions<br />
40 In The Spotlight: ASIS International UK Chapter<br />
Jerry Ross spoke at a recent ASIS Young Professionals Group<br />
event and gave an account of how she embarked on a career in<br />
the field of intelligence and, subsequently, security<br />
42 FIA Technical Briefing<br />
Fire detection in large open spaces has often proved to be<br />
something of a challenge for project designers, as Robert Yates<br />
and Peter Massingberd-Mundy discover<br />
44 Security Services: Best Practice Casebook<br />
With workplace stress on the increase and mental health issues<br />
now firmly on the agenda, this really should be something that<br />
businesses are tackling head on. Louise McCree investigates<br />
46 Cyber Focus: IP Security and Surveillance<br />
Iain Deuchars describes the features within active network<br />
equipment that can prevent cyber attacks from being successful<br />
48 Training and Career Development<br />
Appropriate training in medical and vehicle rescue capabilities is<br />
now of paramount importance, as Neil Pedersen observes<br />
50 Risk in Action<br />
51 Technology in Focus<br />
53 Appointments<br />
22 Acting on Auto<br />
Paul Woodhouse addresses the security mechanisms that must<br />
be put in place when it comes to autonomous vehicles<br />
24 Making Water Security Work<br />
Jason Hunter evaluates the security implications of proposed<br />
changes in the 2019 Price Review formula for the water industry<br />
27 From Forensics to Real-Time<br />
Lucas Young discusses the business case for protecting the UK’s<br />
transport infrastructures with IP camera and audio technology<br />
28 The Changing Face of Security Services<br />
Risk UK’s regular Security Guarding Supplement features<br />
contributions from Axis Security, CIS Security and TrackTik<br />
56 The Risk UK Directory<br />
ISSN 1740-3480<br />
Risk UK is published monthly by Pro-Activ Publications<br />
Ltd and specifically aimed at security and risk<br />
management, loss prevention, business continuity and<br />
fire safety professionals operating within the UK’s largest<br />
commercial organisations<br />
© Pro-Activ Publications Ltd 2018<br />
All rights reserved. No part of this publication may be<br />
reproduced or transmitted in any form or by any means<br />
electronic or mechanical (including photocopying, recording<br />
or any information storage and retrieval system) without the<br />
prior written permission of the publisher<br />
The views expressed in Risk UK are not necessarily those of<br />
the publisher<br />
Risk UK is currently available for an annual subscription rate of<br />
£78.00 (UK only)<br />
www.risk-uk.com<br />
Risk UK<br />
PO Box 332<br />
Dartford DA1 9FF<br />
Editor Brian Sims BA (Hons) Hon FSyI<br />
Tel: 0208 295 8304 Mob: 07500 606013<br />
e-mail: brian.sims@risk-uk.com<br />
Design and Production Matt Jarvis<br />
Tel: 0208 295 8310 Fax: 0870 429 2015<br />
e-mail: matt.jarvis@proactivpubs.co.uk<br />
Advertisement Director Paul Amura<br />
Tel: 0208 295 8307 Fax: 01322 292295<br />
e-mail: paul.amura@proactivpubs.co.uk<br />
Administration Tracey Beale<br />
Tel: 0208 295 8306 Fax: 01322 292295<br />
e-mail: tracey.beale@proactivpubs.co.uk<br />
Managing Director Mark Quittenton<br />
Chairman Larry O’Leary<br />
Editorial: 0208 295 8304<br />
Advertising: 0208 295 8307<br />
3<br />
www.risk-uk.com
Texecom Connect App<br />
Android version now available<br />
Interact, control and integrate your Texecom security system like never before<br />
The Texecom Connect App allows you to control your security directly from your compatible<br />
<br />
system events and monitor cameras or activity from anywhere in the world.<br />
www.texe.com<br />
Sales: +44 (0)1706 220460<br />
Watch the Texecom<br />
Connect App video
Texecom Connect App<br />
New smartphone application for<br />
Android & iOS operating systems<br />
Texecom Connect SmartCom<br />
Texecom Connect WiFi & ethernet<br />
communicator<br />
Texecom Connect SmartPlug<br />
Ricochet ® enabled<br />
wireless plug<br />
Editorial Comment<br />
All Eyes on Cyber<br />
The large-scale cyber attacks that occurred last year have<br />
served to reaffirm the need for fashioning cyber-resilient<br />
organisations. That’s according to the Business Continuity<br />
Institute’s (BCI) Horizon Scan 2018, released in association with<br />
the BSI. For the second year in succession, the threat posed by<br />
data breaches has been ranked second.<br />
The BCI’s Horizon Scan assesses the business preparedness of<br />
657 organisations worldwide and shows that 53% of business<br />
continuity and resilience professionals are ‘extremely concerned’<br />
about the possibility of a cyber attack. Meanwhile, 42% are<br />
worried about the possibility of a data breach, with 36%<br />
concerned about unplanned IT or telecommunications outages.<br />
Physical security challenges also remain a major concern for<br />
organisations, with 18% of businesses questioned identifying<br />
any interruption to utility supplies and adverse weather as being<br />
severe threats. There’s an intrinsic connection between these<br />
two concerns, as severe weather events – such as Hurricane Irma<br />
and Hurricane Harvey – often damage infrastructure and utility<br />
services. This unavoidable chain reaction reinforces the<br />
importance of workplace recovery plans designed to help<br />
organisations become better prepared for crises, in turn ensuring<br />
the safety of their staff and the stability of operations.<br />
The BCI’s report suggests that professionals are becoming<br />
increasingly aware of the benefits that business continuity<br />
brings to their organisations. The use of ISO 22301 for business<br />
continuity is certainly burgeoning, as is the investment made<br />
into detailed business continuity management programmes.<br />
Moreover, the results of the study suggest that there’s a<br />
positive correlation between the amount of time spent by<br />
organisations in adopting and embedding business continuity<br />
management arrangements and the likelihood of businesses to<br />
keep investing in them. No less than 86% of organisations<br />
who’ve had business continuity plans in place for five years or<br />
more stated that they will either increase or maintain their<br />
investment in this area. The BCI’s report proposes that this could<br />
be due to the fact that professionals are beginning to see a<br />
return on investment from their business continuity planning.<br />
Howard Kerr, CEO at the BSI, informed Risk UK: “With the<br />
stakes continuing to rise as the development of more<br />
sophisticated smart technologies gathers pace, organisations<br />
simply cannot afford to be complacent. They may well be<br />
cognisant of the importance of business continuity, but it’s not<br />
just this that will build their organisational resilience. A much<br />
more holistic approach is required. One that’s focused on<br />
understanding all strengths and vulnerabilities.”<br />
Terrorism and/or gun violence appear to be a growing concern<br />
for many business continuity professionals who should also<br />
determine to remain vigilant about natural catastrophes and<br />
pandemics that could occur in the short term and might well<br />
exert a highly disruptive impact.<br />
Positively, organisations do seem to be heading in the right<br />
direction in terms of preparedness. Detailed business continuity<br />
arrangements now exhibit consistent growth. A win-win scenario.<br />
Brian Sims BA (Hons) Hon FSyI<br />
Editor<br />
December 2012<br />
5<br />
www.risk-uk.com
International standard for managing risk<br />
in organisations revised by BSI<br />
BSI, the business standards company, has<br />
published the revised international standard for<br />
risk management BS ISO 31000:2018 Risk<br />
Management: Guidelines. The purpose of this<br />
standard is to assist a given organisation to<br />
integrate risk management into all of its<br />
activities and functions.<br />
Properly implemented, risk management<br />
improves performance, encourages innovation<br />
and supports the achievement of objectives.<br />
With that in mind, BS ISO 31000 provides Best<br />
Practice guidance on how an organisation can<br />
create the framework for a risk management<br />
strategy which aligns with its broader goals.<br />
Risk can take many shapes and forms<br />
including economic, political and<br />
environmental. BS ISO 31000 is intentionally<br />
broad in its scope in order to assist<br />
organisations with managing risk of any kind,<br />
and is consequently applicable to organisations<br />
in all sectors.<br />
A notable change in this revision is a review<br />
of the principles of risk management. One of<br />
these is continual improvement. This means it’s<br />
not enough for an organisation to create a risk<br />
management framework which is never<br />
revisited or reviewed. To be effective, the risk<br />
management framework needs to take into<br />
account the context of the organisation and its<br />
current risk management practices so that gaps<br />
can be addressed. The different parts of the<br />
framework and how they work together should<br />
always be adapted for specific needs.<br />
Human and cultural factors are also key. For<br />
example, different opinions will affect risk<br />
appetite in addition to the judgement and<br />
perception of risk. A traditional hierarchical<br />
organisation may have very different attitudes<br />
towards risk when compared to a collaborative,<br />
innovation-based company.<br />
This latest revision of BS ISO 31000<br />
highlights the importance of top management<br />
not only implementing risk management, but<br />
also promoting it. Ultimately, the effectiveness<br />
of risk management depends on its integration<br />
into an organisation at all levels.<br />
Anne Hayes, head of the governance and<br />
resilience sector at the BSI, informed Risk UK:<br />
“Effective risk management is about all levels of<br />
an organisation strategically planning for both<br />
today and tomorrow. BS ISO 31000 provides<br />
structured risk management guidance for<br />
organisations such that they can prepare<br />
effectively for the future. Ultimately, having a<br />
plan in place is in the very best interests of<br />
everyone’s safety, security and resilience.”<br />
New Government model announced for funding data protection work of ICO<br />
The Government has announced a new charging structure for data controllers to ensure the<br />
continued funding of the Information Commissioner’s Office (ICO). The new structure was laid<br />
before Parliament on Tuesday 20 February as a Statutory Instrument and will come into effect on 25<br />
May 2018 in order to coincide directly with the advent of the European Union’s General Data<br />
Protection Regulation (GDPR). Until then, organisations are legally required to pay the current<br />
notification fee unless they’re exempt from having to do so.<br />
To help data controllers understand why there’s a new funding model and what they’ll be<br />
required to pay from 25 May 2018, the ICO has produced a Guide to the Data Protection Fee.<br />
The ICO’s data protection work is currently funded through fees levied on organisations that<br />
process personal data (as stated, unless they’re exempt). This is transacted under powers granted<br />
in the Data Protection Act 1998. When the GDPR comes into effect in late May, it will remove the<br />
requirement for data controllers to pay the ICO a fee.<br />
The Government has proposed the new funding structure based on the relative risk to the data<br />
that an organisation processes. The model is divided into three tiers (more of which anon) and<br />
based on a number of factors including an organisation’s size, turnover and whether it’s a public<br />
authority or charity. For very small organisations, the fee will not be any higher than the £35 they<br />
currently pay (if they take advantage of a £5 reduction for paying by direct debit).<br />
Larger organisations will be required to pay £2,900. The fee is higher here because these<br />
organisations are likely to hold and process the largest volumes of data. As such, the risk is greater.<br />
The new fees are as follows: Tier 1 – Micro organisations Maximum turnover of £632,000 or no<br />
more than ten members of staff. Fee: £40 (or £35 if paid by direct debit) Tier 2 – SMEs Maximum<br />
turnover of £36 million or no more than 250 members of staff. Fee: £60 Tier 3 – Large organisations<br />
Those not meeting the criteria of Tiers 1 or 2. Fee: £2,900<br />
6<br />
www.risk-uk.com
News Update<br />
New technology unveiled by Home<br />
Office in bid to help combat<br />
terrorist content online<br />
The Home Office has announced the<br />
development of new technology to<br />
automatically detect terrorist content on any<br />
online platforms. Tests have shown that this<br />
new tool can automatically detect 94% of<br />
Daesh propaganda with 99.995% accuracy. It<br />
boasts “an extremely high degree of<br />
accuracy”. For instance, if it analyses one<br />
million randomly selected videos, only 50<br />
would require additional human review. The<br />
tool can be used by any platform and<br />
integrated into the upload process such that<br />
the majority of video propaganda is stopped<br />
before it ever reaches the Internet.<br />
Developed by the Home Office and ASI Data<br />
Science, the technology uses advanced<br />
machine learning to analyse the audio and<br />
visuals of a video and determine whether it<br />
could be Daesh propaganda. The Home Office<br />
and ASI Data Science will be sharing the<br />
methodology behind the new model with<br />
smaller companies to help combat abuse of<br />
their digital platforms by terrorists.<br />
Many of the major tech companies have<br />
developed technology specific to their own<br />
platforms and publicly reported on the<br />
difference this is making in their fight against<br />
terrorist content. Smaller platforms, however,<br />
are increasingly targeted by Daesh and its<br />
supporters and often don’t have the same<br />
level of resources to develop such technology.<br />
The model, which has been tested using<br />
over 1,000 Daesh videos, isn’t specific to one<br />
platform. That being the case, it can be used<br />
to support the detection of terrorist<br />
propaganda across a range of video streaming<br />
and download sites in real-time.<br />
Welcoming the new technology, Home<br />
Secretary Amber Rudd (pictured) said: “Over<br />
the last year, we’ve been engaging with<br />
Internet companies to make sure that their<br />
platforms are not being abused by terrorists<br />
and their supporters. I have been impressed<br />
with their work so far following the launch of<br />
the Global Internet Forum to Counter<br />
Terrorism, although there’s still more to be<br />
done. I do hope this new technology which the<br />
Home Office has helped to develop can<br />
support others to go further and faster.”<br />
Separately, new Home Office analysis<br />
demonstrates that Daesh supporters used<br />
more than 400 unique online platforms to<br />
push out their poisonous material in 2017,<br />
highlighting the importance of technology that<br />
can be applied across different platforms.<br />
Previous research has found the majority of<br />
links to Daesh propaganda are disseminated<br />
within two hours of release.<br />
London Mayor’s Budget confirms<br />
additional £110 million for<br />
Metropolitan Police Service in 2018<br />
Sadiq Khan, the Mayor of London, has<br />
committed to investing an additional £110<br />
million into the Metropolitan Police Service<br />
across the next 12 months. This substantial<br />
investment means that City Hall is paying a<br />
greater percentage of the overall policing<br />
budget in the capital than ever before – up<br />
from 18% in 2010 to 23%, in fact.<br />
Since 2010-2011, the Metropolitan Police<br />
Service’s general grant funding from the<br />
Government has fallen by more than £700<br />
million (or nearly 40% in real terms) on a likefor-like<br />
basis. Indeed, the Metropolitan Police<br />
Service has had to find roughly £600 million<br />
worth of savings, with the Mayor of London<br />
orchestrating a further £150 million of savings<br />
since taking office.<br />
This has led to the loss of a third of police<br />
staff posts, which are down from 14,330 to<br />
9,985, as well as two-thirds of Police<br />
Community Support Officer posts. These are<br />
down from 4,607 to 1,591. In addition, there<br />
are now 114 fewer police station front counters<br />
and 120 less police buildings.<br />
Khan has repeatedly warned that, with<br />
further savings still needed, the Metropolitan<br />
Police Service is running out of options and<br />
that police officer numbers in the capital could<br />
fall significantly below 30,000 before 2021 – a<br />
dangerous low which “presents a serious risk”<br />
to the safety of Londoners.<br />
Khan commented: “These are challenging<br />
times, with Brexit posing a real threat to jobs<br />
and prosperity and the Government’s<br />
continued austerity programme damaging<br />
public services in our city. However, I’m<br />
convinced that this Budget will improve the<br />
lives of all Londoners and increase the<br />
opportunities available for our citizens to fulfil<br />
their potential.”<br />
The Mayor continued: “The Government has<br />
repeatedly refused to act on the funding crisis<br />
facing police services across Britain. This<br />
leaves me with no choice but to take the<br />
unusual step of increasing police funding from<br />
London business rates as well as Council Tax.<br />
However, tackling rising crime will also require<br />
us to be tough on the causes of crime.”<br />
In this Budget, Khan has created a new £45<br />
million Young Londoners Fund to support<br />
education, sport and cultural activities for<br />
them over the next three years.<br />
7<br />
www.risk-uk.com
“Fraud increasing in cost and complexity for<br />
UK organisations” reports PwC Survey<br />
PwC’s latest study<br />
highlights that half of<br />
those UK<br />
organisations<br />
questioned have been<br />
the victim of fraud<br />
and/or economic crime<br />
in the last two years.<br />
More than half (51%)<br />
of the most disruptive<br />
crimes resulted in<br />
losses of over £72,000<br />
compared to 37% on<br />
the global stage.<br />
Nearly a quarter of UK<br />
victims (24%, to be<br />
precise) lost more<br />
than £720,000. Brian<br />
Sims reports<br />
8<br />
www.risk-uk.com<br />
Plainly, not enough is being done by UK<br />
organisations when it comes to actively<br />
preventing fraud. Only half of respondents<br />
to the latest PwC study reported having carried<br />
out a fraud risk assessment in the last two<br />
years. This is an important first step in the<br />
process to allow for the right prevention<br />
measures to be put in place.<br />
The findings are taken from PwC’s ninth<br />
biennial Global Economic Crime and Fraud<br />
Survey, which is based on input from more than<br />
7,000 business decision-makers across 123<br />
countries, including 146 from the UK (32% of<br />
them C-Suite representatives and 46% heads of<br />
department/business units).<br />
Fran Marwood, forensics partner at PwC,<br />
explained to Risk UK: “The cost of fraud to UK<br />
business continues to rise, due at least in part<br />
to the increasing threat from cyber fraud. While<br />
the direct losses are quantifiable, the wider<br />
effects can be far more damaging. UK<br />
organisations have told us that the cost and<br />
disruption of sorting out the aftermath, as well<br />
as the effects on employee morale, business<br />
relations and brand are big hidden costs.”<br />
Marwood added: “Times of uncertainty and<br />
change often help fraudsters to exploit<br />
weaknesses in an organisation’s systems. In<br />
this current period of pretty rapid business<br />
change, understanding the risks and possible<br />
avenues for attack is now more crucial than<br />
ever. Against this backdrop, only half of UK<br />
businesses are currently analysing the risks<br />
posed to them by fraud.”<br />
Potential of technology<br />
This year’s study shows a shift towards<br />
technology-enabled crime, bribery and<br />
corruption as well as procurement fraud. Cyber<br />
crime was the most prevalent (overtaking asset<br />
theft as the top fraud type for the first time<br />
since the survey began back in 2002), and was<br />
experienced by nearly half (49%) of economic<br />
crime victims in the UK (global: 31%). 42% of<br />
respondents expect this to continue to be the<br />
most serious type of fraud in terms of business<br />
impact over the coming two years.<br />
Marwood continued: “Much of the cyber<br />
crime in the UK comes from external overseas<br />
threats. As the world’s fifth largest economy, it’s<br />
no surprise that the resources of UK<br />
organisations are seen as an attractive target<br />
by global fraudsters. Over half of respondents<br />
reported suffering phishing attacks, which are<br />
transacted on a large scale to play the odds.<br />
Ultimately, cyber defence relies on people<br />
understanding the threat. On that basis,<br />
training, awareness and escalation routes are<br />
just as important as any defensive technology.”<br />
Despite being faced with an ongoing flow of<br />
fraudulent activity, the research suggests UK<br />
organisations are relying heavily on people with<br />
the skills to detect it, rather than employing<br />
more advanced technologies. General antifraud<br />
controls were reported to be the most<br />
successful detection method (uncovering 19%<br />
of frauds), followed by tip-offs/whistleblowing<br />
(16%) and internal audit (15%).<br />
While the majority of organisations are using<br />
technology to monitor or detect fraud in some<br />
way, it’s not always performing particularly<br />
well. Suspicious activity monitoring spotted<br />
10% of fraud, while data analytics detected only<br />
1% (the latter down from 8% according to the<br />
results of the same study two years ago).<br />
Anti-fraud technology has much more to<br />
offer, but UK organisations are behind the<br />
global average in its uptake. Around one-in-five<br />
firms have no plans to look at more advanced<br />
techniques – such as predictive analytics (19%)<br />
or machine learning (22%) – in order to combat<br />
or monitor fraud in future.<br />
Marwood outlined: “Technology is opening<br />
up more avenues for fraudsters, but also<br />
providing new and innovative ways of<br />
protecting against it. As economic crime<br />
continues to remain high, it underlines the<br />
need for new approaches. UK organisations are
News Analysis: PwC Global Economic Crime and Fraud Survey<br />
missing out on opportunities to detect<br />
anomalies in their data that might indicate<br />
fraud. It’s not about just plugging in a new<br />
piece of technology and hoping that solves the<br />
problem alone. Rather, it’s about harnessing<br />
the combined power of skilled people and the<br />
right technologies to stand the best chance of<br />
tackling the problem.”<br />
Additional study findings<br />
More than half (55%) of UK frauds were<br />
committed by external actors (eg hackers,<br />
customers and intermediaries were most<br />
common) versus a global average of 40%.<br />
Of those frauds carried out by internal parties<br />
(33%), half were committed by senior<br />
management, which is up from 18% in 2016 and<br />
double that of the global average (24%).<br />
There’s a sharp increase in reported bribery<br />
and corruption in the UK from 6% in 2016 to<br />
23% in this year’s study. This is more likely to<br />
be as a result of the positive stance the UK has<br />
taken on anti-bribery measures (including the<br />
Bribery Act introduced in 2010) leading to<br />
increased transparency rather than an actual<br />
rise in cases.<br />
UK firms are spending more than ever on<br />
compliance. Over half (54%) have witnessed an<br />
increase in their compliance spend in the last<br />
two years compared to 42% globally.<br />
Marwood went on to explain: “The increase<br />
in reported bribery is of particular interest,<br />
coming at a time when UK business is ahead of<br />
most global territories from a compliance<br />
perspective, largely as a result of measures<br />
required by the UK Bribery Act. The<br />
effectiveness of these measures, the additional<br />
ethical due diligence being conducted and the<br />
huge compliance resources introduced over the<br />
last few years are clearly succeeding in flushing<br />
out historic cases.”<br />
In conclusion, Marwood commented: “While<br />
increased levels of reported crime cannot<br />
always be directly equated to the actual crimes<br />
increasing, the study shows a greater<br />
awareness and understanding of the various<br />
types, perpetrators, impacts and costs of fraud<br />
among UK organisations. However, there’s still<br />
more work to be done, and particularly so in<br />
terms of understanding and acting on the<br />
specific risks that today’s organisations face<br />
due to fraud, cyber threats and bribery, as well<br />
as investing in people and technology to<br />
combat the ever-evolving threat.”<br />
Systemic failures<br />
Meanwhile, systemic senior management<br />
failure to protect consumers and prevent money<br />
laundering will result in the William Hill Group<br />
“There’s a sharp increase in reported bribery and corruption<br />
in the UK from 6% in 2016 to 23% in this year’s study. This<br />
is likely due to the stance taken on anti-bribery measures”<br />
(WHG) paying a penalty package of “at least<br />
£6.2 million”. A Gambling Commission<br />
investigation has revealed that, between<br />
November 2014 and August 2016, the gambling<br />
business breached anti-money laundering and<br />
social responsibility regulations.<br />
Senior management failed to mitigate risks<br />
and have sufficient numbers of staff to ensure<br />
that the company’s anti-money laundering and<br />
social responsibility processes were effective.<br />
This resulted in ten customers being allowed to<br />
deposit large sums of money linked to criminal<br />
offences which resulted in gains for the WHG of<br />
around £1.2 million. WHG did not adequately<br />
seek information about the source of the funds<br />
or establish whether the people involved were<br />
“problem gamblers”.<br />
WHG will pay more than £5 million for<br />
breaching regulations and divest itself of the<br />
£1.2 million earned from transactions with the<br />
ten customers. Where victims of the ten<br />
customers are identified, they will be<br />
reimbursed. If further incidents of failures<br />
relating to this case emerge, WHG will divest<br />
any money made from these transactions.<br />
WHG will also appoint external auditors to<br />
review the effectiveness and implementation of<br />
its anti-money laundering and social<br />
responsibility policies and procedures and<br />
share learning with the wider industry.<br />
Neil McArthur, executive director of the<br />
Gambling Commission, said: “We will use the<br />
full range of our enforcement powers to make<br />
gambling fairer and safer. This was a systemic<br />
failing at the William Hill Group which went on<br />
for nearly two years. The penalty package,<br />
which could exceed £6.2 million, reflects the<br />
seriousness of the breaches.”<br />
McArthur concluded: “Gambling businesses<br />
have a responsibility to ensure that they keep<br />
crime out of gambling and tackle problem<br />
gambling. As part of that, they must be<br />
constantly curious about where the money they<br />
are taking is coming from.”<br />
Nick Gaubitch, research manager (EMEA) at<br />
Pindrop, commented: “The penalty imposed on<br />
the William Hill Group shines a rather<br />
interesting spotlight on fraud detection within<br />
the industry. How efficiently companies<br />
mitigate risk and fraudulent transactions, and<br />
particularly so with machine learning and voice<br />
authentication, should play a key part in<br />
defending vulnerable channels.”<br />
9<br />
www.risk-uk.com
Powerful web based<br />
controller, powered<br />
by smart devices.<br />
DESIGNED<br />
IN<br />
A U ST R A<br />
R<br />
LIA<br />
Inception is an integrated access control and security<br />
alarm system with a design edge that sets it apart<br />
from the pack. Featuring built in web based software,<br />
the Inception system is simple to access using a web<br />
browser on a Computer, Tablet or Smartphone.<br />
With a step by step commissioning guide and<br />
outstanding user interface, Inception is easy to<br />
install and very easy to operate.<br />
For more information simply scan the QR code<br />
or visit innerrange.com.<br />
Security<br />
Alarm<br />
Access<br />
Control<br />
Automation<br />
No Software<br />
Required<br />
Multiple<br />
Devices<br />
Easy Setup<br />
with Checklist<br />
Prompting<br />
Send IP Alarms via<br />
the Multipath-IP<br />
Network<br />
T: +44 845 470 5000<br />
E: ireurope@innerrange.co.uk<br />
W: innerrange.com
News Special: ASIS European Security Conference 2018<br />
ASIS Europe 2018: ‘From Risk to Resilience’<br />
Practising security professionals find<br />
themselves operating in an era where the<br />
Internet of Things (IoT) is rendering once<br />
established lines of responsibility obsolete,<br />
while in parallel the risk of terrorism and<br />
ongoing political turmoil remain only too real.<br />
In addition, developments in Artificial<br />
Intelligence (AI) and drone technology, for<br />
example, continue apace. With this backdrop in<br />
mind, next month’s ASIS European Security<br />
Conference (otherwise known as ASIS Europe<br />
2018) is designed to confront all of these and,<br />
indeed, many more of today’s key topics.<br />
As a global community of security<br />
practitioners tasked with the protection of<br />
assets – encompassing people, property and<br />
information – ASIS is uniquely positioned to<br />
address the ‘issues of the day’ when it comes<br />
to enterprise-wide risks. As such, cyberphysical<br />
threats in hyper-complex and<br />
connected environments will be core themes for<br />
the 2018 gathering (as indeed they were at the<br />
2017 event in Italy).<br />
The conference programme itself runs on<br />
both Thursday 19 April (10.30 am-5.30 pm) and<br />
Friday 20 April (from 9.30 am until 1.30 pm),<br />
with registration commencing from 8.00 am on<br />
both days. This is prefaced on the evening of<br />
Wednesday 18 April in the form of a Welcome<br />
Party from 6.00 pm until 8.00 pm.<br />
ASIS Europe 2018 will offer multiple tracks of<br />
valuable learning opportunities including<br />
Keynotes, Masterclasses, executive sessions,<br />
training and a Careers Centre running alongside<br />
the exhibition. Exhibiting companies booked to<br />
attend include AS Solution, beTravelwise,<br />
Bosch Security Systems, the BSI Group,<br />
Dataminr, Darktrace, the Deltagon Group,<br />
Dormakaba, exploqii, F24, Falanx Assynt,<br />
Fastcom Technology, Genetec, Groundwork, Hill<br />
& Smith/Bristorm, the IE Business School,<br />
Indigovision, Johnson Controls, Nedap, QCC<br />
Global, Safehotels, Securitas Europe, Signpost<br />
Six, Stratfor, The Hague Security Delta,<br />
Trackforce, Trigion and Videotec.<br />
For its part, Nedap will be sharing knowledge<br />
about the key steps to consider when selecting<br />
a global physical access control system. The<br />
company has asked the Swiss Reinsurance<br />
Company Ltd (Swiss Re), the world’s secondlargest<br />
reinsurer, to give a presentation about<br />
its challenges and learnings when introducing a<br />
global physical access control system.<br />
Christoph Teuber, Swiss Re’s head of group<br />
security, will highlight the challenges and<br />
ASIS Europe 2018 – ASIS International’s annual European<br />
Security Conference and Exhibition – runs from 18-20 April at<br />
the Postillion Convention Centre. Brian Sims previews the<br />
educational content on offer for those risk and security<br />
management professionals making the trip to Rotterdam<br />
lessons learned during the implementation of<br />
its global security project. In essence, the<br />
presentation is designed to showcase the<br />
different steps that need to be taken for a<br />
physical access control system and its<br />
implementation. What are the reasons to move<br />
to a new system? What are the requirements of<br />
the new system? How should professionals<br />
manage a global system roll-out?<br />
Security of information systems and premises<br />
are of paramount importance to operations at<br />
companies like Swiss Re. Thanks to its own<br />
AEOS solution, Nedap has been able to deliver<br />
a state-of-the-art physical access control<br />
system capable of managing the ever-evolving<br />
security challenges faced by organisations.<br />
Impact of technology<br />
The opening Plenary Session at conference is<br />
not to be missed. In 2018, the focus is on ‘What<br />
the Next Ten Years of the IoT and AI Will<br />
Realise’, a pivotal subject to be covered in<br />
some detail by Tom Raftery (global vicepresident,<br />
futurist and IoT evangelist at SAP).<br />
Raftery will set the scene for conference with<br />
expert insight around the organisational<br />
impacts of Big Data, automation and AI. What<br />
will this mean for organisations and jobs in the<br />
future? How quickly will changes take place?<br />
What are the key benefits for businesses?<br />
This session runs from 9.00 am-10.00 am on<br />
Thursday 19 April and examines the<br />
11<br />
www.risk-uk.com
News Special: ASIS European Security Conference 2018<br />
Eduard Emde CPP:<br />
Chairman of ASIS Europe<br />
2018 and Head of the<br />
Security Section at the<br />
European Space Agency<br />
*Register for attendance at<br />
ASIS Europe 2018 by visiting<br />
www.asiseurope.org<br />
perspectives of businesses, consumers,<br />
shareholders and communities alike, setting<br />
the parameters within which security<br />
professionals and, in particular, security<br />
leaders need to operate.<br />
Following on from Raftery’s delivery,<br />
Conference Track 1 features a presentation by<br />
Scott Klososky, founding partner at Future Point<br />
of View. From 10.40 am until 11.10 am, Klososky<br />
(a renowned technology trend expert) will seek<br />
to challenge established thinking by outlining<br />
new security concerns created by the<br />
technology innovations shaping the business<br />
sector and our world in general.<br />
The Security Leaders Panel Debate entitled<br />
‘From Risk to Resilience’ takes place between<br />
11.15 am and 12.15 pm. A panel of CSOs and<br />
security leaders from key sectors will interpret<br />
the Keynote address, focusing on the risk<br />
outlook for security practitioners. Topics to be<br />
explored include the questions to be<br />
considered at the early stages of Big Data and<br />
AI implementation and how we can assign and<br />
maintain responsibility through the next phase<br />
of technological evolution. The Panel Debate is<br />
being chaired by Professor Martin Gill CSyP<br />
FSyI, director of Perpetuity Research.<br />
Transforming security<br />
The afternoon conference sessions in Track 1 on<br />
19 April begin with an examination of ‘The<br />
Cyber Threat Outlook’ (1.30 pm-2.15 pm) and<br />
‘Virtual Security Centre Operation<br />
Transformation’. Presented by Michael Foynes<br />
(senior director of global operations for global<br />
security at Microsoft), the latter session runs<br />
from 2.20 pm until 3.05 pm and explores the<br />
transformation of Microsoft’s Global Security<br />
Operations Centres to become a virtualised<br />
Security Operations Centre.<br />
This transformation has made good use of<br />
both cloud and the mobility of devices. Foynes<br />
will share details of Microsoft’s journey,<br />
highlighting changes to its people, processes<br />
and technologies. The discussion will touch on<br />
how the company altered its operating model<br />
to become a ‘Fusion Centre’ that co-locates<br />
intelligence and operations.<br />
The inaugural Masterclass of conference is<br />
focused on ‘How Digital Asset Valuation<br />
Impacts Risk Assessments’. Between 3.50 pm<br />
and 5.25 pm, Carl Erickson CPP (CISO at Philips<br />
Lighting in the Netherlands), Gal Messinger<br />
(head of global security at the same company)<br />
and Eduard Emde CPP (chairman of ASIS<br />
Europe 2018 and head of the security section at<br />
the European Space Agency) offer their views.<br />
Organisations are rapidly generating and<br />
developing abilities to handle, analyse and<br />
make sense of vast amounts of data – levels of<br />
data that would have been unimaginable even a<br />
few years ago. Additionally, data that didn’t<br />
exist before is now available, while data that<br />
was trivial in days gone by can suddenly<br />
become both valuable and sensitive. The<br />
objective of this Masterclass is to address how<br />
the increasing value of data and digital assets<br />
impacts risk assessments and the asset<br />
protection approaches in organisations which<br />
have historically had more of an emphasis on<br />
protecting human or physical assets.<br />
‘Insurance: Part of the Risk Management<br />
Strategy’ is the subject about which James<br />
Morris (regional security manager for the EMEA<br />
within Aon UK’s Corporate Protection Services<br />
operation) will be speaking between 4.40 pm<br />
and 5.00 pm. Insurance is a key element of any<br />
holistic risk management strategy, but very few<br />
people know its real value or true importance.<br />
Morris will discuss the importance of<br />
insurance while focusing on understanding the<br />
subject from the point of view of security<br />
professionals who want to talk risk<br />
management strategies with business leaders.<br />
Terrorism trends in Europe<br />
Track 1 of Day 2 at conference kicks off with<br />
Glenn Schoen’s session on ‘Jihadi Terrorism<br />
Trends in Europe: A Look Ahead’. Between 9.10<br />
am and 9.55 am, Schoen (CEO at<br />
Boardroom@Crisis) will offer a dynamic<br />
presentation centred on the evolving Jihadi<br />
terrorist threat in Europe and stress the need<br />
for improved resilience in the wake of recent<br />
lessons learned.<br />
This includes gaining insight on situations<br />
some ASIS members are likely to have to deal<br />
with in 2018, such as the World Cup in Russia<br />
during June and July, the threat around various<br />
upcoming political elections and far-right/farleft<br />
extremist reactions to terrorist activity.<br />
Also covered will be recent changes in<br />
terrorist tactics and emerging Best Practice<br />
when it comes to managing acute threats for<br />
staff based in office environments.<br />
‘ESRM: A Management Philosophy’ runs in<br />
parallel within Track 2 at conference. Being<br />
adaptive to new types of risk is at the core of<br />
ESRM: the practice of managing a security<br />
programme through the use of risk principles.<br />
It’s a philosophy of management that can be<br />
applied to any area of security and any task<br />
that’s performed by security, such as physical,<br />
cyber, information and investigations.<br />
John Petruzzi CPP (vice-president of<br />
integrated security solutions for G4S in the<br />
Americas) will demonstrate the value of ESRM<br />
in addressing today’s emerging risks.<br />
12<br />
www.risk-uk.com
TCP/IP<br />
network<br />
PAVIRO<br />
Public Address and Voice Evacuation System<br />
with Professional Sound Quality<br />
Flexibility from the start<br />
PAVIRO offers you smart features making system specification and installation faster, simpler<br />
and more efficient than ever before. Design a complete system with just a few parameters. Avoid<br />
unexpected costs thanks to the system’s extreme flexibility and low operational costs. What‘s<br />
more? The new Dante network interface module ensures IP networking functionality allowing<br />
larger areas with more audio channels with up to four decentralized controllers.<br />
Find out more at boschsecurity.com
The Centre of Intelligence<br />
The complexity of creating a reliable and<br />
sustainable IoT infrastructure has led to a<br />
situation where companies must find effective<br />
ways to manage sensors, networks, data<br />
storage and data analytics in order to leverage<br />
this information and drive improvements.<br />
The online world is<br />
expanding rapidly,<br />
while the Internet of<br />
Things (IoT) is already<br />
exerting a positive<br />
influence upon how<br />
people, property and<br />
other assets can be<br />
protected. Simon<br />
Chapman examines in<br />
detail the impact of<br />
the IoT, the ways in<br />
which it’s enhancing<br />
the advantages of<br />
remote monitoring via<br />
Intelligence Centres<br />
and what today’s<br />
security professionals<br />
can expect from it as<br />
time moves forward<br />
Kevin Ashton, the British technology<br />
pioneer and co-founder of the Auto-ID<br />
Centre at the Massachusetts Institute of<br />
Technology, is generally considered to have<br />
coined the term the Internet of Things (IoT)<br />
during a presentation delivered at Procter &<br />
Gamble back in 1999. After a relatively slow<br />
start, the number and variety of enabled<br />
devices is growing exponentially, and the IoT<br />
has now turned itself from being just another<br />
‘buzz phrase’ into a ubiquitous term for<br />
describing our connected world.<br />
The scope of the IoT is incredibly wide.<br />
People and machines are now being connected<br />
to networks and each other, facilitating the<br />
ability to share vast amounts of valuable data,<br />
which can make our lives and businesses more<br />
efficient. IoT-based devices collect a great deal<br />
of personal data. For example, smart meters<br />
can tell when a person’s inside a building and<br />
what devices are being used at any given time.<br />
However, if we think what we produce today<br />
represents Big Data then we need to think<br />
again. IDC’s analysts predict that, by 2020, IoTbased<br />
devices will collectively create, copy and<br />
consume about 44 zettabytes of data. That’s 50<br />
times more than in 2012. That’s a lot of<br />
information which will have to be moved,<br />
processed and stored in Data Centres across<br />
the planet. Not only that, but as more<br />
connected devices are introduced, it’s harder to<br />
remain fully aware of everything these devices<br />
are capturing. In turn, this makes the<br />
effectiveness of an organisation’s monitoring<br />
and management software absolutely vital.<br />
Careful thought required<br />
Data protection is a hot topic at the moment<br />
and security, legal and regulatory compliance,<br />
as well as data loss and leakage risks, are high<br />
on the list of reasons why the use of the IoT<br />
needs to be carefully thought through.<br />
Enterprises are right to be concerned. On 25<br />
May, the General Data Protection Regulation<br />
(GDPR) becomes European law. The primary<br />
objectives of the GDPR are to give citizens and<br />
residents control of their personal data and<br />
simplify the regulatory environment for<br />
international business by unifying regulation<br />
within the European Union (EU). It requires any<br />
organisation that operates in the EU, or handles<br />
the personal data of people residing within the<br />
EU, to implement a strong data protection<br />
policy encompassing access, secure storage<br />
and destruction. It’s all about a company’s legal<br />
ability to protect data held about staff,<br />
customers and anyone else with whom it deals.<br />
What’s worrying is that, according to a study<br />
carried out by Symantec, 96% of companies<br />
still don’t fully understand the GDPR, while 91%<br />
of 900 businesses polled in the UK, France and<br />
Germany harbour concerns about their ability<br />
to become compliant by the time this new law<br />
comes into effect.<br />
Onwards and upwards<br />
This is all very well, I hear you say, but what<br />
does the IoT mean for electronic and physical<br />
security? Well, developments in Internet<br />
Protocol (IP)-based technology have meant that<br />
a wide variety of building services can now be<br />
controlled over a single network infrastructure.<br />
It’s now possible for services including security,<br />
access control, fire detection, voice, data,<br />
wireless devices, audio visual, energy<br />
management, lighting controls and heating,<br />
ventilation and air conditioning systems to<br />
operate over copper or fibre optic cabling.<br />
The good news for the security industry is<br />
that, for those able to provide remote<br />
monitoring, network connectivity makes this<br />
service far more ‘intelligent’. By using the<br />
benefits of the IoT, building services,<br />
infrastructure and even individual products can<br />
14<br />
www.risk-uk.com
Opinion: Security Business Sector Insight<br />
be monitored and managed, in turn offering a<br />
number of distinct advantages.<br />
Increasingly referred to as Intelligence<br />
Centres, one of the main reasons for using<br />
these facilities is to reduce overheads.<br />
Certainly, the potential cost savings an<br />
Intelligence Centre offers are enormous.<br />
A large business premises will often have one<br />
dedicated person to provide access for<br />
deliveries and allow on-site employee and<br />
visitor parking, etc. While this is obviously<br />
important from a security point of view, there<br />
may well be long periods where that operative<br />
is doing very little. An Intelligence Centre is<br />
able to carry out such functions as part of a<br />
broader range of activities.<br />
Analysis capabilities<br />
Where an Intelligence Centre really comes into<br />
its own is due to its ability to drill down and<br />
analyse individual products and systems and<br />
ascertain whether they’re faulty or otherwise<br />
not working to optimum capacity. A<br />
supermarket, for example, is now able to fit a<br />
sensor on a freezer unit that sends an alert to<br />
an Intelligence Centre if the unit’s temperature<br />
strays outside of certain parameters and<br />
indicates a fault. Facilities personnel can then<br />
be alerted instantly in order to remedy the<br />
problem and ensure operational uptime.<br />
Furthermore, organisations can benefit from<br />
remote monitoring in the event that an in-house<br />
security system becomes compromised. Linking<br />
a surveillance system to an Intelligence Centre<br />
provides a 24/7/365 service that also ensures<br />
that the appropriate response is provided in the<br />
event of a fire, a break-in or even a cyber<br />
security breach episode.<br />
Building management<br />
With far more connected workplaces a certainty<br />
within a matter of a few years, security<br />
providers need to think wider still. Lowering<br />
energy consumption is high on the list of<br />
priorities for most organisations these days.<br />
Although a given premises might indeed have a<br />
building management system (BMS) in place,<br />
any failure to regularly maintain that system<br />
means that it will not operate at its optimum<br />
level. This results in wasted energy, but can<br />
also have a dramatic effect on a building’s<br />
comfort conditions by making certain<br />
areas/zones either too hot or too cold.<br />
An Intelligence Centre can address this issue<br />
by making sure that a BMS’ set-points are<br />
correctly configured and properly maintained at<br />
all times. Energy efficiency and security may<br />
also be enhanced by remotely turning lights off<br />
in unoccupied areas and even switching<br />
computers and other networked devices off<br />
when they’re left on.<br />
While remote monitoring has traditionally<br />
focused on the use of electronic technology, it’s<br />
now possible to integrate security guarding into<br />
the mix. Knowing when personnel report for<br />
duty, when and where incidents occur, response<br />
times and resolution details helps in building a<br />
more advanced picture – or ‘resource-to-risk’<br />
model – concerning where guarding can be<br />
most effectively used, as well as identifying any<br />
‘hotspots’ where incidents frequently occur.<br />
Retailers are leading the way in this area. A<br />
growing number are adopting software<br />
analytics platforms in Intelligence Centres to<br />
study customer behaviour, identify repeat<br />
offenders and therefore reduce instances of<br />
crime. In addition, security officers in a<br />
Shopping Centre’s public areas can be notified<br />
of where help is needed and provide an<br />
immediate response. Health and Safety-related<br />
issues such as slips, trips and falls within<br />
various locations may be monitored and the<br />
relevant action taken.<br />
Diverse skill sets<br />
Those working in Intelligence Centres have the<br />
opportunity to develop more diverse skill sets –<br />
ones that better represent the integration<br />
between technology and security guarding. At<br />
the end of the day, the IoT and the data<br />
produced by it needs people who can analyse it<br />
and make it meaningful. In addition, the use of<br />
technology can enable security officers to<br />
become more effective and allow them to<br />
demonstrate the effectiveness of what they do<br />
against defined Key Performance Indicators.<br />
The IoT is transforming everyday physical<br />
objects that surround us in ways that would<br />
have previously seemed the preserve of science<br />
fiction. Although we’re still some way off from<br />
witnessing the full potential of the IoT in the<br />
security industry, it’s clear that the data it<br />
produces – when analysed by experts in<br />
Intelligence Centres – has the potential to<br />
optimise a security strategy, reduce crime and<br />
provide a genuine return on investment.<br />
At a time when it might appear that we need<br />
more physical security, the IoT and Intelligence<br />
Centres are highlighting that, in fact, less can<br />
be more and that smarter thinking on this issue<br />
should always be encouraged.<br />
Simon Chapman:<br />
CEO of Cardinal Security<br />
*Security Business Sector Insight<br />
is the space where members of<br />
Cardinal Security’s management<br />
team examine current and often<br />
key-critical issues directly<br />
affecting today’s companies and<br />
their customers. The thoughts and<br />
opinions expressed here are<br />
intended to generate debate and<br />
discussion among practitioners<br />
within the professional security<br />
and risk management sectors. If<br />
you would like to make comment<br />
on the views outlined on these<br />
pages, please send an e-mail to:<br />
brian.sims@risk-uk.com<br />
**Cardinal Security was formed<br />
back in 2003 and is a privatelyowned<br />
company delivering<br />
innovative security solutions<br />
throughout the UK, Europe and the<br />
US. The business is a leading<br />
supplier of security officers, store<br />
detectives and key holding to the<br />
retail and logistics industry and<br />
works with many well-known<br />
brands including Arcadia, Asda,<br />
Dixons Carphone, Footasylum,<br />
House of Fraser, Morrisons and UK<br />
Mail. Cardinal Security is a<br />
Security Industry Authority<br />
Approved Contractor and in the Top<br />
5% of all security providers<br />
“Where an Intelligence Centre really comes into its own is<br />
due to its ability to drill down and analyse individual<br />
products and systems and ascertain whether they’re faulty<br />
or otherwise not working to optimum capacity”<br />
15<br />
www.risk-uk.com
Nedap’s Global Client Programme<br />
Standardise your security worldwide<br />
<br />
always up to date?<br />
The Global Client Programme by Nedap Security Management supports you in implementing,<br />
maintaining and updating AEOS – the leading access control system – across multiple<br />
international sites.<br />
We’ll be at ASIS Europe 2018 in Rotterdam from Wednesday 18 to Friday 20 April. Call by to<br />
<br />
As an ASIS member, you’re welcome to join us at our ASIS welcome party on 18 April.<br />
www.nedapsecurity.com/how-we-help/global-client
BSIA Briefing<br />
As the deadline for compliance with the<br />
European Union’s General Data Protection<br />
Regulation (GDPR) looms large, companies<br />
and organisations across the UK should have<br />
been taking steps to ensure that they fall into<br />
line with the new procedures. A crucial part of<br />
this process focuses on procuring the right<br />
services to ensure that all data storage regimes<br />
adhere to the changes.<br />
From May this year, organisations will not<br />
only have to prove that they’ve taken an audit<br />
of their data, but also that they’ve enacted the<br />
right measures to destroy any data that’s no<br />
longer relevant. Subsequent to 25 May, any<br />
company proven not to be in full compliance<br />
with the new rules enacted by Brussels is at<br />
risk of compromise and potentially hefty fines.<br />
What, then, are the tangible risks? Top of the<br />
list will be a raft of financial penalties being<br />
issued by the Information Commissioner’s<br />
Office (ICO) or even the threat of prosecution.<br />
At present, the ICO can issue businesses<br />
displaying poor data management in breach of<br />
the Data Protection Act with fines of up to<br />
£500,000. The largest of these fines to date has<br />
been £400,000 issued to two separate<br />
companies, namely Keurboom Communications<br />
Ltd and the TalkTalk Telecom Group plc. In<br />
addition, there have been just shy of 20<br />
prosecutions for criminal offences committed<br />
under the Data Protection Act.<br />
In the last 12 months alone, in fact, over £4.1<br />
million worth of fines have been issued to<br />
businesses for failure to comply with the Data<br />
Protection Act. Under the GDPR, the fines levied<br />
may be up to 4% of an organisation’s annual<br />
global turnover or 20 million Euros, whichever<br />
sum is the greater.<br />
The other most common risk will be<br />
reputational damage leading to the potential<br />
for lost business. As customers are becoming<br />
increasingly more aware of and concerned<br />
about how businesses collect and use their<br />
personal information, so those same<br />
businesses run the risk of losing customer<br />
confidence in the brand where the customer<br />
feels that their privacy isn’t being protected or<br />
respected. A loss in customer confidence<br />
ultimately leads to financial losses.<br />
Information destruction<br />
One of the most vulnerable periods of the data<br />
processing cycle is that point at which data is<br />
no longer required and needs to be disposed<br />
of. If data isn’t adequately disposed of at the<br />
end of its lifecycle, it can fall into the wrong<br />
hands and be unlawfully processed.<br />
Under the Data Protection Act 1998, everyone<br />
responsible for using data has to follow the<br />
Data Destruction:<br />
Avoiding Any Costly Mistakes<br />
What exactly does it mean to be compliant with the European<br />
Union’s General Data Protection Regulation, which comes<br />
into force at the end of May this year, and how should<br />
businesses go about becoming so? As James Kelly outlines in<br />
detail for the readers of Risk UK, seeking professional help in<br />
disposing of confidential and business-sensitive data is a<br />
wise investment for any organisation<br />
data protection principles. These include<br />
ensuring that data is used fairly and lawfully for<br />
limited and specifically stated purposes and<br />
that it’s used in a way that’s adequate, relevant<br />
and not excessive. Data must be kept for no<br />
longer than is absolutely necessary, handled<br />
according to people’s data protection rights,<br />
kept safe and secure and not transferred<br />
outside of the European Economic Area without<br />
adequate protection measures being in place.<br />
When it comes to information destruction,<br />
the seventh principle of the Data Protection Act<br />
stipulates that appropriate measures must be<br />
taken against accidental loss, destruction or<br />
damage to personal data and against unlawful<br />
processing of that data. When the GDPR comes<br />
into force, companies in both the private and<br />
public sectors will need to prove that data is<br />
securely erased in line with the new European<br />
Union guidelines and show that they’re fully<br />
accountable for monitoring, reviewing and<br />
assessing all relevant processing procedures.<br />
Secure data destruction is the process of<br />
destroying confidential materials to the point at<br />
James Kelly: CEO of the British<br />
Security Industry Association<br />
17<br />
www.risk-uk.com
BSIA Briefing<br />
which they cannot be reconstituted. These<br />
materials can take many forms, including paper,<br />
computer hard drives and branded products.<br />
Crucially, all hold the potential to cause<br />
problems for businesses, employees or<br />
customers if they fall into the wrong hands.<br />
How might companies mitigate potentially<br />
expensive and reputational hazards when it<br />
comes to disposing of data that’s no longer<br />
needed? Shredding confidential material is a<br />
costly and time-consuming process which, for<br />
some firms at least, means that in-house data<br />
shredding simply isn’t a viable option. This is<br />
certainly true for those operations handling<br />
vast amounts of data across a variety of sites.<br />
In these situations, outsourcing to a regulated<br />
information destruction organisation is the<br />
most practical alternative.<br />
Highest possible standards<br />
Engaging a company specialising in this service<br />
and harbouring a high-security shredding<br />
facility affords organisations the reassurance<br />
that data destruction is being correctly<br />
conducted. Registered data shredders have to<br />
comply with the highest industry standards<br />
which are regularly updated.<br />
On that note, service providers must<br />
demonstrate that they’re certified to EN15713 –<br />
the European Standard for data destruction.<br />
EN15713 sets out the measures that<br />
organisations should take in order to maintain<br />
the security of confidential data and provides<br />
recommendations relating to the management<br />
and control of the collection, transportation and<br />
destruction of confidential material to ensure<br />
that such material is disposed of both safely<br />
and securely.<br />
Whether confidential materials are shredded<br />
on-site or at a high-security shredding facility,<br />
businesses outsourcing their shredding to a<br />
professional service provider can be assured<br />
that the data will be completely destroyed.<br />
Additionally, the services provided by<br />
professional information destruction companies<br />
often extend far beyond the actual destruction<br />
of confidential material to include secure<br />
document storage, data security advice and<br />
guidance, office clearance and recycling.<br />
The GDPR represents a great opportunity for<br />
information destruction companies. In the<br />
current climate there has been an increased<br />
“When the General Data Protection Regulation comes into<br />
force, companies in both the private and public sectors will<br />
need to prove that data is securely erased in line with the<br />
new European Union guidelines”<br />
demand for their specialist services from both<br />
new and existing customers, all of them asking<br />
about the GDPR and how information<br />
destruction can assist. Even with all of this help<br />
at hand, though, there’s still confusion around<br />
what it means to be fully GDPR compliant (and<br />
not just from the point of view of the customer,<br />
but also in terms of how it affects the industry<br />
as the holder of its own data).<br />
Industry feedback from customers highlights<br />
varying levels of concern, from companies<br />
looking for accreditation through to others<br />
happy with a downloaded template data policy<br />
or standard Terms and Conditions and on again<br />
to those simply choosing to ignore the looming<br />
EU deadline.<br />
From an industry standpoint there are three<br />
elements that could affect information<br />
destruction businesses: their own data<br />
responsibilities, their shredding services<br />
provided for the destruction of data as a data<br />
processor and marketing to opted-in clients (be<br />
they either existing or prospective).<br />
These elements are all currently open to<br />
interpretation both by experts and customers.<br />
They’re most likely common across all<br />
industries, so it’s arguable that even with all of<br />
this information to hand, companies are still<br />
not fully aware of their obligations, no matter<br />
how robustly they’ve been laid out by the ISO.<br />
Of course, some of these issues open up<br />
opportunities for companies dealing with data<br />
destruction to create new services, but they<br />
also highlight that, even at this late juncture,<br />
there’s still much work to be conducted in<br />
communicating what companies need to do in<br />
advance of what is a major data milestone.<br />
Severe consequences<br />
Every business will collect and generate<br />
confidential information relating to its<br />
operations, its employees or its customers.<br />
When this information is no longer required,<br />
there can be severe consequences for the data<br />
subjects if the information isn’t correctly<br />
disposed of and falls into the wrong hands.<br />
Therefore, any business that collects, holds,<br />
processes or disposes of a person’s personal<br />
information has a responsibility to ensure that<br />
it’s protected from loss or theft. In fact, since<br />
the Data Protection Act was passed into law in<br />
1998, there has been a legal obligation for<br />
businesses to act responsibly in terms of how<br />
they use personal information.<br />
The data protection landscape is all set to<br />
change in May when the GDPR comes into full<br />
effect and exerts potentially significant impacts<br />
on the ways in which UK businesses collect and<br />
process the personal data of individuals.<br />
18<br />
www.risk-uk.com
Do you know the people in your building?<br />
<br />
or security incident. However in the event of an emergency you may also need to be<br />
able to evacuate mobility impaired visitors and staff safely.<br />
Evac+Chair provide a universal solution for smooth stairway descent in an emergency<br />
evacuation, suitable for dual and multiple level buildings of any height.<br />
The Evac+Chair is the World’s No.1<br />
Emergency Stairway Evacuation Chair<br />
Call 0121 796 1372 now for a FREE evacuation<br />
assessment or visit www.evacchair.co.uk
The Global Context: Cyber Risks,<br />
Reputation and the Real World<br />
Cyber security, the<br />
EU’s upcoming GDPR,<br />
reputational risk and<br />
regulation and<br />
compliance are among<br />
the chief concerns for<br />
businesses voiced by<br />
some of the UK’s<br />
leading risk experts as<br />
they look ahead into<br />
2018. In the second<br />
instalment of an<br />
exclusive series for<br />
Risk UK, Nicola<br />
Crawford outlines the<br />
main points to be<br />
considered by today’s<br />
practising<br />
professionals<br />
Nicola Crawford CFIRM:<br />
Chair of the Institute of Risk<br />
Management<br />
This year will be the one when the world<br />
recognises that the majority of assets in<br />
the modern economy are intangible and<br />
the rapid movement to just-in-time and cloudbased<br />
economies creates significant<br />
vulnerabilities. More events will revolve around<br />
the impacts of cyber attacks on the real world.<br />
It will be less about data loss or ransomware<br />
attacks and more about the ‘real economy’ (as<br />
we saw in 2017 with Merck Pharmaceuticals<br />
and Reckitt production operations, including<br />
the extended supply chain being impacted).<br />
In other words, the cyber world and the<br />
extended supply chain will merge in terms of<br />
risk exposures. This will create new challenges<br />
for practising risk professionals.<br />
Alexander Larsen CFIRM, president of<br />
Baldwin Consulting and IRM trainer for Bitcoin<br />
and CryptoCurrencies Bubble, stated: “2018<br />
will be the year that Bitcoin goes mainstream.<br />
Having had a meteoric rise in 2017 with an<br />
increase of nearly 1,000% in price, Bitcoin has<br />
been receiving significant coverage in the<br />
media which has brought it to the attentions of<br />
the general public. A number of factors are<br />
coming together to indicate that 2018 will be<br />
the year that big money comes rushing into the<br />
cryptocurrency, including the intention of major<br />
funds to start investing as well as new<br />
platforms being introduced and making it<br />
easier to trade for individuals.”<br />
Larsen feels that Bitcoin is already volatile,<br />
although a less volatile investment than most<br />
cryptocurrencies which are known to swing by<br />
as much as 30%-40% per day and on occasions<br />
as much as 1,000% in a day. “This new money<br />
flooding the market will no doubt drive the<br />
price up to new heights,” said Larsen, “which<br />
leads me to believe that a major crash and<br />
correction will be on the horizon for 2018. Many<br />
people will lose a lot of money, although it<br />
remains to be seen if Bitcoin will survive or if<br />
the bubble will finally have burst.”<br />
Something that’s certainly likely is major<br />
regulations being put in place to control the<br />
trading of bitcoin, cryptocurrencies and the<br />
issuance of new tokens.<br />
Reputational risk<br />
Reputations take years to build and can be<br />
destroyed in seconds, as they say. The risk of<br />
reputational damage to organisations,<br />
Governments and individuals appears to be<br />
higher than it has ever been. This is a trend<br />
that’s likely to continue.<br />
A reputation is put at risk when some<br />
unethical or incompetent behaviour becomes<br />
public knowledge. This can be through the<br />
actions of an individual or something more<br />
systemic at an organisational or Governmental<br />
level. The media has been full of recent<br />
examples involving organisations (FIFA, IAAF),<br />
Governments (Brazil, Angola, and Zimbabwe),<br />
companies (VW, Rolls-Royce), industries in<br />
general (Hollywood) and individuals.<br />
The damage caused can manifest itself in the<br />
shape of lost revenues, increased costs and, in<br />
the case of listed companies, reduced<br />
shareholder value. Usually, heads roll as well.<br />
Where a company’s reputation is its main<br />
asset, damage can result in failure, as was the<br />
case with Arthur Anderson.<br />
Heart of the problem<br />
So why is this trend likely to continue? “Well,”<br />
said Ray Flynn CMIRM (independent risk<br />
consultant and IRM director), “the heart of the<br />
problem in each case – complacency and, in the<br />
extreme, arrogance – is unlikely to change. The<br />
mentality of ‘this will never happen to us’ and<br />
‘we have systems in place to prevent this from<br />
happening’ is hard to shake off. Very few have<br />
the foresight to address this particular risk until<br />
there’s an ‘issue’ that forces them to act. The<br />
risk of exposure is also increasing. There’s an<br />
element of iconoclasm and bloodletting<br />
involved as the gap between the ‘haves’ and<br />
‘have nots’ increases, which supports<br />
whistleblowing and places direct pressure on<br />
regulatory bodies to act.”<br />
The frequency of prosecutions for bribery,<br />
particularly in the UK and the US, but also<br />
elsewhere, as well as the level of fines imposed<br />
are increasing rapidly. This is another trend<br />
that’s highly likely to continue.<br />
“The bad news is that this comes with public<br />
battle weariness and shock fatigue,” added<br />
Flynn. “Those exposed are likely to suffer less<br />
and less damage. The good news is that sound<br />
risk management is the best way to protect a<br />
reputation including, as advocated in the<br />
guidance to the UK Bribery Act, having a fresh<br />
pair of eyes to carry out an independent review<br />
of systems already in place.”<br />
20<br />
www.risk-uk.com
Risk Predictions for 2018 and the Risk Agenda 2025 (Part Two)<br />
Alyson Pepperill CFIRM (client projects<br />
director for UK Retail at Arthur J Gallagher and<br />
chair of the IRM’s Charity Special Interest<br />
Group) explained: “Regulation and compliance<br />
will continue to be a key theme. There will be<br />
continued scrutiny of the charity sector by<br />
regulators, whether it be the Charity<br />
Commission, the Fundraising Regulator or the<br />
Information Commissioner’s Office. In 2017,<br />
selected charities were hauled over the coalsby<br />
all three. We don’t see this pattern changing.”<br />
The European Union’s General Data<br />
Protection Regulation (GDPR) has been a key<br />
focus of many charities’ efforts to be compliant<br />
ahead of the looming May 2018 deadline. This<br />
focus will continue up to and beyond the<br />
deadline for most.<br />
Linked to the GDPR, and in line with many<br />
‘for profit’ organisations, the broader context of<br />
cyber risks and their management remains a<br />
struggle for charities. Charities are known as<br />
innovators and will try new ways of generating<br />
funds that can potentially increase their<br />
exposure to cyber risks.<br />
“A more particular sector risk is the need for<br />
charities to measure through evidence-based<br />
reporting what they do and how successful they<br />
are at their delivery,” asserted Pepperill. “The<br />
expectations around how this is reported to key<br />
stakeholders have been increasing and, for<br />
many charities, represents a significant risk. If<br />
they fail to be accountable, the funding could<br />
then dry up.”<br />
Finally, we still see financial sustainability as<br />
a real challenge for many charities reliant on<br />
local Government and National Health Service<br />
contracts, as well as funding from central<br />
Government continuing to be cut back.<br />
Volunteering has reduced over the past year<br />
and this could place further strain on charities<br />
to balance the books. They have to care,<br />
respond to their mission with determination<br />
and create impact, keep costs down and comply<br />
with all manner of regulations.<br />
“The request for support never goes away,”<br />
concluded Pepperill, “but charities continue to<br />
be squeezed and squeezed. This is likely to<br />
result in some charities having to close or<br />
perhaps an increase in mergers.”<br />
Shift to renewable energy<br />
A major shift from oil and gas towards<br />
renewables is already happening on a global<br />
scale. This isn’t only occurring in terms of<br />
power generation, it must be said. It’s also<br />
occurring in the sphere of transportation.<br />
The EU has already targeted 2035 as being a<br />
year in which all new cars sold will be electric.<br />
Many individual countries like Scotland have<br />
announced more aggressive targets, while<br />
several Scandinavian countries are already well<br />
on their way towards becoming an electric cardriving<br />
nation.<br />
This major shift places significant pressure<br />
on oil and gas companies as well as car<br />
manufacturers to reconsider their strategies<br />
and business models. Companies in the sector<br />
will need to evaluate their target markets and<br />
offerings carefully, while also thinking seriously<br />
about what they want their company to look<br />
like in ten-to-20 years’ time.<br />
Oil and gas companies will need to position<br />
themselves for developing economies, while<br />
also making a decision on how heavily they<br />
wish to invest in renewable energies or if<br />
there’s any appetite to look at mining materials<br />
for batteries. For car manufacturers, there will<br />
have to be a blueprint for future development<br />
work on electric vehicles. Like the oil and gas<br />
companies, they too will need to decide how<br />
heavily they wish to be involved.<br />
Decisions made during 2018 could well turn<br />
out to be the difference between success<br />
and/or failure in the future.<br />
Longer Term: Risk Agenda 2025<br />
The Institute of Risk Management<br />
has also been involved in a major<br />
project entitled the Risk Agenda<br />
2025 led by IRM director Clive<br />
Thompson CFIRM. Key<br />
Boardroom concerns for the<br />
longer term include reputation,<br />
risk appetite, scenario planning<br />
and emerging risks. In terms of<br />
risk process priorities, concerns<br />
are to be found in risk<br />
connectivity, developing<br />
benchmarks and designing<br />
integrated risk assurance<br />
models. For risk professionals,<br />
the concerns centre on risk<br />
ownership and accountability,<br />
risk culture, risk education and<br />
training. Read the Executive<br />
Summary online at<br />
https://www.theirm.org/media/3<br />
398022/Risk-Agenda-Executive-<br />
Summary-A4_web.pdf<br />
“More events will revolve around the impacts of cyber<br />
attacks on the real world. It will be less about data loss or<br />
ransomware attacks and more about the ‘real economy’”<br />
21<br />
www.risk-uk.com
Acting on Auto: Autonomous Vehicles<br />
and the Terrorism Threat<br />
Developments in selfdriving<br />
technology<br />
suggest that fullyautonomous<br />
vehicles<br />
will be on our road<br />
networks in the near<br />
future, but just how far<br />
are we from the point<br />
of introduction?<br />
Importantly, is the<br />
advent of such<br />
vehicles potentially<br />
going to signal an<br />
increase in the<br />
terrorism threat?<br />
Paul Woodhouse<br />
evaluates the security<br />
mechanisms that must<br />
be put in place<br />
Paul Woodhouse:<br />
Marketing Manager of The<br />
Vindis Group<br />
An autonomous car (also known as a<br />
driverless car, a self-driving car or a robotic<br />
car) is, in essence, a vehicle that’s capable<br />
of sensing its surrounding environment and<br />
navigating without benefit of human input.<br />
Such vehicles employ a variety of techniques to<br />
detect their surroundings, such as radar, laser<br />
light, GPS, odometry (ie the use of data from<br />
motion sensors to estimate changes in position<br />
over time) and ‘computer vision’.<br />
In use, advanced control systems interpret<br />
sensory information to identify appropriate<br />
navigation paths, as well as obstacles and<br />
relevant signage. Autonomous cars must<br />
possess control systems capable of analysing<br />
sensory data in order to distinguish between<br />
different cars on the road.<br />
The potential benefits of fully-autonomous<br />
vehicles include reduced mobility and<br />
infrastructure costs, increased safety, enhanced<br />
mobility and a heightened degree of customer<br />
satisfaction. The hope is that there’ll be a<br />
significant reduction in traffic collisions and the<br />
resulting injuries and related costs, including<br />
less need for insurance.<br />
Autonomous cars are also predicted to<br />
increase traffic flow, provide enhanced mobility<br />
for children, the elderly, the disabled and the<br />
poor, relieve travellers from driving and<br />
navigation chores, lower fuel consumption,<br />
significantly reduce the need for parking space<br />
and facilitate business models for<br />
Transportation-as-a-Service, notably via the<br />
sharing economy.<br />
As Google tests its own self-drive vehicles,<br />
clocking more than 200,000 miles in a fleet of<br />
self-driving cars retrofitted with sensors, and<br />
the authorities in Las Vegas begin trials of selfdriving<br />
shuttle buses, it would appear that<br />
we’re not too far away from witnessing fullyautonomous<br />
vehicles on our roads.<br />
What are the risks?<br />
While there are a small number of issues that<br />
have been outlined in the trials so far, there<br />
could well be a more serious risk posed by<br />
autonomous vehicles that needs to be<br />
considered. In a recent article published by The<br />
Guardian, lawmakers have warned that<br />
autonomous vehicles must have secure and<br />
safe technology in place to prevent their use as<br />
an accessory in terrorist attacks.<br />
In recent times, trucks and vans have been<br />
the ‘weapon of choice’ in terror attacks across<br />
the globe. Last year alone, there were seven<br />
terrorist attack episodes that made use of<br />
vehicles. All of them realised disastrous<br />
consequences, costing the innocent lives of<br />
multiple individuals here in the UK as well as in<br />
Spain, Canada, Germany and Sweden.<br />
Unfortunately, instead of engendering a<br />
feeling of excitement around this new<br />
technology, talk of the development of selfdriving<br />
trucks and vans has left some practising<br />
security and risk management professionals<br />
extremely worried that terrorists will indeed<br />
look to take advantage of fully-autonomous<br />
vehicles in future attacks.<br />
Self-driving technology<br />
Modern-day cars are already showcasing some<br />
of the capabilities of self-driving technology,<br />
with many drivers progressively trusting their<br />
vehicles to carry out tasks which, in days gone<br />
by, would always need to be conducted on a<br />
manual basis.<br />
We already benefit from systems which keep<br />
us in our lanes on dual carriageways and<br />
motorways, technology that can help to parallel<br />
park our vehicles for us and software that<br />
automatically maintains a safe, steady speed<br />
on the UK’s roads – with some cars even<br />
advanced enough to also have automated<br />
braking systems when tracking the vehicle in<br />
front. Fair to say that self-driving technology is<br />
revolutionising the driving experience.<br />
Organisations trialling self-driving vehicles<br />
have found that, for the safe driving of these<br />
vehicles on our roads, they need to mirror<br />
human driving behaviour while eliminating<br />
human driving errors. What next, then?<br />
For fully-autonomous vehicles, manufacturers<br />
need to converge sensor-based technologies<br />
and connected-vehicle communications so that<br />
they can deliver safer self-driving techniques<br />
than could be realised by each approach being<br />
developed and then acting on its own.<br />
The use of vans and trucks as part of terrorist<br />
attacks has grown in frequency because of their<br />
size and anonymity. They’ve been used to drive<br />
into crowded pedestrian areas at high speeds<br />
with devastating results. It has been predicted<br />
that such vehicles will be among the first fullyautonomous<br />
vehicles on our roads.<br />
22<br />
www.risk-uk.com
Autonomous Vehicles – The Security Threat Dimension<br />
Consequently, officials know that they need to<br />
play a crucial role in mitigating the use of<br />
trucks as lethal rolling weapons.<br />
If terrorists can use a self-driving vehicle as a<br />
weapon in future terror attacks, then those<br />
vehicles become a weapon that separates the<br />
instigator from the event. Terrorists would no<br />
longer have to sacrifice their lives for attack<br />
episodes, and it would become harder to trace<br />
the suspect(s) if they don’t need to be at the<br />
scene of the attack when it happens.<br />
Cyber dimension<br />
Due to the nature of this threat, industry<br />
professionals and lawmakers are keen to point<br />
out that all self-driving vehicles must be fitted<br />
with specialist cyber technology to prevent<br />
terrorists from employing them in attacks.<br />
Lawmakers are passing legislation to say that<br />
all autonomous vehicles must be armed with<br />
cyber security technology so that they cannot<br />
be used as an accessory in a terror attack. This<br />
technology aims to make it incredibly hard, if<br />
not impossible, to hack vehicles for a hijack,<br />
meaning that potential terrorists cannot use<br />
autonomous technology as an accessory.<br />
The intention is that self-driving vehicles will<br />
not be able to be programmed by terrorists to<br />
break standard safe driving laws, either,<br />
meaning that the potential for high-speed<br />
driving attacks could potentially be eliminated<br />
if the cyber technology is indeed a success.<br />
Van hire and rental companies should also be<br />
aware of stricter rules and regulations that will<br />
be implemented. Many trucks and vans used in<br />
terror attacks around the world are rental<br />
vehicles. In recent attacks, hire vehicles have<br />
been used to cause mass disaster. It has been<br />
suggested that companies should have access<br />
to a wider database that reveals more sensitive<br />
information in the future, such that companies<br />
are aware of suspect individuals.<br />
While databases currently check against<br />
identities, credit ratings and insurance policies,<br />
the threat of terrorism may lead to a more<br />
detailed and sensitive database. The overriding<br />
aim is to afford rental companies access to<br />
police records and, in some cases, companies<br />
will be able to see if the individual is being<br />
watched on suspicion of having committed – or<br />
being about to commit – terrorist crimes.<br />
Stricter regulations should help companies to<br />
identify individuals who could be potential<br />
risks, in turn allowing them to alert the<br />
authorities of any suspicious individuals.<br />
The TRIP Suite<br />
Furthermore, the UK’s first suite of Terrorism<br />
Risk and Incident Prevention (TRIP) products<br />
and training to support fleet operators has<br />
been developed by Fleet Source, a leading<br />
provider of training and auditing services for<br />
the road transport industry. The overriding aim<br />
is to reduce the risk of commercial vehicles<br />
being used as weapons in terror attacks.<br />
The products and services available serve to<br />
educate fleet operators, managers and drivers<br />
of the risks of terrorism, the nature of the<br />
threat and safety precautions that can be<br />
implemented to reduce the possibilities of their<br />
vehicle being hijacked, stolen or otherwise<br />
employed in a terrorist incident.<br />
The Government also hopes to develop geofencing<br />
systems to prevent unauthorised<br />
vehicles from entering particular areas of a city.<br />
These systems create a virtual barrier that’s<br />
used to slow down vehicles and control their<br />
speed as soon as they enter the sensitive area<br />
by way of tracking satellites. In practice, the<br />
satellite system would automatically connect<br />
with the vehicle and take control of it such that<br />
the vehicle only travels at a safe speed within<br />
the defined area, thus acting as a ‘virtual<br />
barrier’ or ‘virtual bollard’ to stop the vehicle.<br />
The Government needs to act now before<br />
self-driving vehicles are readily available.<br />
Implementing rules and regulations from the<br />
word ‘Go’ means that everyone’s aware of the<br />
process from the start. Thankfully, with<br />
strategies such as TRIP already actively<br />
engineering safety precautions, we already find<br />
ourselves a crucial step ahead in the game.<br />
Sources<br />
*https://www.theguardian.<br />
com/technology/2017/sep/<br />
06/self-driving-carsterrorism-cybersecuritytechnology<br />
*https://www.inverse.com/<br />
article/29402-self-drivingtech-might-mitigate-terroristtruck-attacks<br />
*https://www.cnsnews.com/<br />
news/article/susanjones/autonomous-vehiclesprovide-avenue-terrorismcongress-told<br />
*http://www.fleetsource.co.<br />
uk/fleet-source-launches-uksfirst-terrorism-risk-andincident-prevention-trainingto-help-prevent-vehicle-as-aweapon-related-incidents/<br />
*http://edition.cnn.com/2017<br />
/05/03/world/terroristattacks-by-vehicle-fastfacts/index.html<br />
“Terrorists would no longer have to sacrifice their lives for<br />
attack episodes, and it would become harder to trace the<br />
suspect(s) if they don’t need to be at the scene of the attack”<br />
23<br />
www.risk-uk.com
Making Water Security Work<br />
Proposed changes in<br />
the 2019 Price Review<br />
formula for the water<br />
industry devised by<br />
regulator Ofwat could<br />
be pointing the way<br />
towards the sector<br />
having to elevate<br />
perimeter protection<br />
for key-critical sites<br />
such that it becomes a<br />
major issue of focus<br />
for a given company’s<br />
Board of Directors, as<br />
Jason Hunter discovers<br />
24<br />
www.risk-uk.com<br />
More commonly known as Ofwat, the<br />
Water Services Regulation Authority is<br />
the body responsible for economic<br />
regulation of the privatised water and sewerage<br />
industry in England and Wales. Ofwat is<br />
primarily responsible for setting limits on the<br />
prices charged for water and sewerage<br />
services, taking into account proposed capital<br />
investment schemes – such as building new<br />
wastewater treatment works – and expected<br />
operational efficiency gains.<br />
Every five years, Ofwat sets limits on the<br />
prices which water companies in England and<br />
Wales can charge to their customers. The<br />
process is known as a Price Review. There have<br />
been five Price Reviews so far, taking place in<br />
1994, 1999, 2004 and 2009 with the most<br />
recent in 2014. The 2009 Price Review, for<br />
instance, set the price limits for 2010-2015.<br />
These limits are set on a so-called ‘K Factor’<br />
which determines the average value of price<br />
rises above the current rate of inflation for the<br />
next five-year asset management plan period.<br />
Recently, Ofwat published the final<br />
methodology for its forthcoming 2019 Price<br />
Review – PR19 – which sets out the<br />
organisation’s expectations and requirements<br />
for water companies currently in the throes of<br />
preparing their 2020-2025 business plans. In<br />
essence, Ofwat’s assessments challenge the<br />
water companies to ‘step up’ on four key<br />
themes: customer service, affordability,<br />
innovation and long-term resilience.<br />
Further, Ofwat expects those same water<br />
companies to provide value for money bills and<br />
‘challenge themselves to push the efficiency<br />
frontier’ with a view towards providing scope<br />
for price reductions.<br />
On publication of its latest methodology,<br />
Ofwat stated: “The only way in which water<br />
companies will achieve all of this is to find new<br />
and better ways of delivering their services. Our<br />
2019 Price Review enables, incentivises and<br />
encourages water companies to achieve exactly<br />
that such that customers will receive more of<br />
what really matters to them.”<br />
Assessing vulnerability<br />
Tellingly for those operating in the perimeter<br />
protection and security field, vulnerability will<br />
be an explicit part of the Price Review for the<br />
very first time. Business plans will be assessed<br />
on how well companies use good quality data,<br />
how effectively they engage with other utilities<br />
companies and organisations to support the<br />
vulnerable and how targeted and efficient their<br />
measures really are when it comes to<br />
addressing vulnerabilities.<br />
In my view, when looking back on days past,<br />
all-too-often organisations have seen perimeter<br />
protection purely as a measure for protecting<br />
their facilities. In the case of water, other<br />
utilities and Government or military<br />
installations, we’ve referred to this as<br />
protecting sites of Critical National<br />
Infrastructure. The emphasis has always been<br />
on premises, equipment, machinery, ordinance<br />
and resources, and more recently on data and<br />
software, but very rarely on people.<br />
Historically, the overriding aim of perimeter<br />
protection has been to secure premises in order<br />
to prevent losses, while at the same time not<br />
hindering day-to-day business. This has often<br />
been achieved within budgets that, according<br />
to the ‘bean counters’ and those who hold the<br />
purse strings, should always be as low as is<br />
reasonably possible.<br />
The basic premise is that perimeter<br />
protection doesn’t contribute to the business<br />
and the bottom line, either by increasing<br />
revenue or by reducing cost. Indeed, so the<br />
argument goes, it simply adds to costs and,<br />
therefore, cuts profit. Interestingly, the<br />
methodology now adopted by Ofwat and which<br />
underpins the 2019 Price Review will directly<br />
challenge this approach and force water<br />
companies to regard reducing their<br />
vulnerability as a crucial investment.<br />
Perimeter protection isn’t simply about<br />
securing infrastructure or data. Enacted<br />
properly, it should be about appropriate risk<br />
management against both cyber and terrorist<br />
attack as well as more traditional forms of<br />
threat and, in turn, actually realise an<br />
opportunity for the host business to improve<br />
customer service, increase business efficiency<br />
and reduce overall costs.<br />
First and foremost, people should be at the<br />
heart of the process in terms of safety and<br />
security of premises and resources and also<br />
when it comes to planning and decision-making<br />
around appropriate protection measures. The<br />
water sector encapsulates this philosophy, and<br />
especially so in this age of increased fear<br />
around deliberate and shockingly lifedisregarding<br />
terrorist attacks wherein the<br />
sanctity of the water supply is so critical.<br />
For instance, the Thames Water desalination<br />
plant at Beckton – which cost £250 million to<br />
construct and started delivering clean drinking
Perimeter Protection: Solutions for the Utilities Sector<br />
water back in March 2010 – can produce<br />
anything from 140 to 150 million litres of water<br />
per day, which is enough for one million people<br />
in north east London. The impact of any<br />
infection of a supply such as this could make<br />
the final death toll in America on 9/11 appear<br />
somewhat minuscule in number by comparison.<br />
Integrated solutions<br />
We’ve found that perimeter protection is best<br />
planned as part of an integrated solution which<br />
includes physical, electronic and human<br />
measures, while also incorporating access<br />
control and other elements of facilities<br />
management in one holistic whole. Of course,<br />
this will require the usual security risk<br />
assessment to be conducted. Personally, I<br />
favour what’s often referred to as the ‘ABC’<br />
model here. This considers the ‘Area’,<br />
‘Boundary’ and ‘Contents’.<br />
We would recommend an increasing level of<br />
security the closer an intruder is to the most<br />
critical and sensitive assets. The perimeter<br />
serves as the first ‘cordon of security’ in these<br />
successive levels of protection, though some<br />
now argue that, given the increasing power and<br />
definition of radar and CCTV, you could even<br />
establish security layers external to the<br />
physical perimeter itself.<br />
This principle was perfectly, but sadly<br />
tragically illustrated only three months ago by<br />
the story of former England one-day<br />
international cricket captain Adam Hollioake,<br />
who remained in the Alokozay International<br />
Cricket Ground in Kabul, where he was working<br />
as a coach at the time, while a bomb blast<br />
killed at least three people.<br />
Hollioake explained: “The protocol is that we<br />
have three stages of security here. Attackers<br />
have to breach the first stage, which was<br />
probably 100 metres from the ground. Then<br />
there’s the second stage, which is around 50<br />
metres from the stadium, and the final stage is<br />
about 15 to 20 metres away. In this particular<br />
episode, the man involved was caught at the<br />
first checkpoint and, on being apprehended,<br />
detonated his device. Unfortunately, several of<br />
our security team and some members of the<br />
general public were killed.”<br />
Layers of security<br />
Our approach is to design from the perimeter<br />
inwards towards the centre, taking each<br />
successive boundary as an opportunity to<br />
harden security, thwart intruders and enable<br />
security personnel to respond to any attempted<br />
security breach. Security and risk managers<br />
should consider electronics for the outer layers<br />
and at doorways to gather intelligence about<br />
attackers and relay that intelligence direct to<br />
security officers’ mobile phones.<br />
Monitored pulse fencing can be of assistance<br />
when it comes to hardening either more<br />
vulnerable areas of the perimeter or assets that<br />
require additional levels of security. This<br />
consists of a grid of energised, high tensile<br />
wires that can be constructed inside a new or<br />
existing perimeter fence.<br />
The monitored wires detect unauthorised<br />
entry or exit into defined areas and trigger<br />
instant alerts. Attempts to breach the perimeter<br />
are deterred by an energised pulse sent around<br />
the perimeter fencing line. Zoned fences allow<br />
voltage levels to be adjusted to meet varying<br />
needs: high for maximum deterrent and low for<br />
periods of low risk.<br />
A networked perimeter security solution<br />
incorporates sensors that continuously<br />
measure and report on wire tension and<br />
monitor fence structure vibration or movement.<br />
Sensors can be used with or without an<br />
energised pulse to detect intrusion without the<br />
intruder being aware.<br />
Monitored pulse fencing systems intelligently<br />
differentiate between serious breaches and<br />
disturbances by wildlife, birds or harsh weather<br />
conditions. False alarms are prevented, and<br />
intruders are unable to use the cover of adverse<br />
weather in a determined attempt to breach the<br />
fence undetected.<br />
Jason Hunter:<br />
Business Development<br />
Manager (Perimeters) for<br />
Gallagher Security (Europe)<br />
“Monitored pulse fencing can be of assistance when it<br />
comes to either hardening more vulnerable areas of the<br />
perimeter or assets that require additional levels of security”<br />
25<br />
www.risk-uk.com
Powerful web based<br />
controller, powered<br />
by smart devices.<br />
DESIGNED<br />
IN<br />
A U ST R A<br />
R<br />
LIA<br />
Inception is an integrated access control and security<br />
alarm system with a design edge that sets it apart<br />
from the pack. Featuring built in web based software,<br />
the Inception system is simple to access using a web<br />
browser on a Computer, Tablet or Smartphone.<br />
With a step by step commissioning guide and<br />
outstanding user interface, Inception is easy to<br />
install and very easy to operate.<br />
For more information simply scan the QR code<br />
or visit innerrange.com.<br />
Security<br />
Alarm<br />
Access<br />
Control<br />
Automation<br />
No Software<br />
Required<br />
Multiple<br />
Devices<br />
Easy Setup<br />
with Checklist<br />
Prompting<br />
Send IP Alarms via<br />
the Multipath-IP<br />
Network<br />
T: +44 845 470 5000<br />
E: ireurope@innerrange.co.uk<br />
W: innerrange.com
Transport Security: Video Surveillance in Real-Time<br />
With a number of high-profile attacks on<br />
mass transport systems across Europe,<br />
and Scotland Yard recently warning that<br />
the UK’s terrorism threat level will remain at<br />
‘Severe’ for some time to come, it’s abundantly<br />
clear that the industry simply cannot be<br />
complacent when it comes to security<br />
investment. While funding remains a challenge,<br />
this must be weighed up against the<br />
requirements for public transport authorities to<br />
provide both an efficient and safe service.<br />
As per the three core principles prescribed by<br />
the UK Government’s Centre for the Protection<br />
of National Infrastructure in protecting assets,<br />
first of all a threat should be deterred, then<br />
detected and then delayed. It’s unlikely that an<br />
organised threat will be deterred by a security<br />
system which is only capable of providing an<br />
historical record of an attack episode. The<br />
system must also be able to provide real-time<br />
detection and allow countermeasures to be<br />
initiated in a timely manner.<br />
While the international transport market<br />
continues to keep pace with the latest<br />
developments in real-time network camera<br />
technology, the UK has stagnated in its<br />
adoption. Despite plans for pan-network IP<br />
systems to be installed in many areas, and<br />
certain transport providers leading the way,<br />
significant parts of the UK’s transport<br />
infrastructure are still to be upgraded from<br />
analogue. This is partially due to the lack of a<br />
modern communications infrastructure capable<br />
of handling large amounts of data.<br />
The UK: an early adopter<br />
Despite the relatively limited use of IP video<br />
technology across UK transport infrastructures,<br />
the UK was actually an early adopter of modern<br />
network cameras. Network Rail led the way<br />
with a comprehensive upgrade of Reading<br />
Station back in 2013, while London<br />
Underground followed close behind with its<br />
first fully-IP station at Canary Wharf in 2014.<br />
However, there are still significant parts of<br />
the rail network that are yet to be given the<br />
same attention.<br />
In a bid to understand the key challenges<br />
involved with upgrading to a networked<br />
solution, Axis Communications commissioned a<br />
survey in collaboration with Union<br />
Internationale des Transports Publics (the<br />
global public transport organisation) that<br />
deliberately targeted stakeholders in areas<br />
such as rail, bus and ferry transport. With<br />
virtually all respondents explaining that they<br />
had some form of video surveillance installed,<br />
85% also stated that they would consider IP<br />
camera adoption at some point in the future.<br />
From Forensics to Real-Time:<br />
Developing Transport Security<br />
Evolving technology has driven a shift across Europe from<br />
legacy analogue CCTV to network video solutions providing<br />
immediate and significant benefits when it comes to securing<br />
critical transport systems. As the UK struggles to keep pace,<br />
Lucas Young discusses the business case for protecting<br />
transport infrastructures with IP camera and audio technology<br />
When asked about obstacles to upgrading,<br />
the most common response was the perceived<br />
“lack of a clear business case”. This highlights<br />
that technology vendors perhaps haven’t<br />
played a big enough role in highlighting the<br />
safety, security and business benefits of<br />
upgrading to IP. Three quarters of those same<br />
respondents had analogue cameras in place,<br />
suggesting that more education is needed<br />
around the benefits of IP video systems beyond<br />
the forensic capabilities of CCTV.<br />
Latest IP technology<br />
While video surveillance technology is widely<br />
used in the transport sector, the UK must<br />
accelerate its adoption of the latest IP<br />
technology if it’s to keep pace with the rest of<br />
Europe. Educating key decision-makers on the<br />
benefits of integrating systems to deliver realtime<br />
video and alerts will be key, while also<br />
demonstrating the operational and business<br />
intelligence benefits to be realised.<br />
Ultimately, transport operators stand to gain<br />
in the form of a return on their investment from<br />
an enhanced ability to integrate IP cameras<br />
with business performance optimisation<br />
technology. This assists organisations to derive<br />
long-term value from their fiscal investment,<br />
adapting and scaling it in line with not only<br />
security, but also more traditional operational<br />
business needs.<br />
Real-time usage with analytics<br />
Real-time usage with analytics is on the rise as<br />
public transport system operators seek to<br />
respond to security events as and when they<br />
happen. Given that those operators are faced<br />
with hundreds of live feeds, automated alerts<br />
can assist in managing the large amounts of<br />
data generated, subsequently assisting with<br />
both monitoring and prioritisation.<br />
Incidents being reported in real-time means<br />
that there will be more opportunity for live<br />
feeds to be shared with third parties.<br />
Lucas Young:<br />
Business Development<br />
Manager for the<br />
Transportation Sector at Axis<br />
Communications<br />
27<br />
www.risk-uk.com
The Changing Face of Security Services: Customer Service<br />
Security companies<br />
providing contracted<br />
services to customers<br />
are having to raise the<br />
bar externally in order<br />
to satisfy ever-more<br />
stringent demands<br />
around service<br />
delivery. They’re also<br />
having to satisfy their<br />
internal customers – ie<br />
their employees – to<br />
attract and retain good<br />
quality people, as<br />
David Mundell outlines<br />
David Mundell: Managing<br />
Director of Axis Security<br />
Customer Service is King<br />
There are many factors feeding the need for<br />
development and change in the security<br />
business sector at present. These range<br />
from a more sophisticated and customer<br />
service-led approach for the security provision<br />
itself through to an upsurge in terrorist activity.<br />
Change is also being driven by recruitment<br />
difficulties brought on by low unemployment<br />
and comparatively poor remuneration packages<br />
in the sector when compared to some others<br />
with ‘nine-to-five’ responsibilities.<br />
Clearly, the more successful companies will<br />
have to fully embrace these challenges. In a<br />
service sector like ours, it pays to recognise<br />
your employees as your strongest asset.<br />
Employers need to have strategies to cover<br />
every facet of an individual’s journey with the<br />
company including their learning and<br />
development, reward and remuneration and<br />
health and well-being. Employees need to feel<br />
engaged by dint of a positive culture that’s top<br />
down in the business as well as bottom up.<br />
It’s a strategy that will only succeed if there’s<br />
universal ‘buy-in’ throughout the company. It<br />
cannot be stagnant. Rather, it has to be everevolving<br />
in nature. A work in progress capable<br />
of reacting to changing factors.<br />
Security is a demanding job, and it will<br />
always be imperative that officers are provided<br />
with the very best training and education,<br />
making sure they’re equipped to carry out their<br />
work and given the confidence to progress their<br />
careers. If we’re to raise the bar, and create a<br />
higher benchmark of excellence, employers<br />
need to go beyond the basic, required courses<br />
such as First Aid training and CCTV and look at<br />
other skills like hostile reconnaissance and<br />
terrorism awareness to widen the value that<br />
security provision can offer.<br />
Responding to need<br />
Businesses must also respond to the needs of<br />
customers and find innovative ways in which to<br />
build upon the traditional security offer.<br />
Security will always be the priority, but that<br />
doesn’t need to be at the exclusion of good<br />
customer service, for example.<br />
Clients increasingly expect more dedication<br />
to customer service from members of the senior<br />
team through to those on the front line. I<br />
suspect this is a trend that other solution<br />
providers are also seeing, so it’s not something<br />
that can be paid mere lip service. There needs<br />
to be a sea change across the sector in terms of<br />
how we tackle customer service.<br />
Every business will take a different approach,<br />
but our natural response has been to consult<br />
the experts. It was for this reason that Axis<br />
Security recently became a member of the<br />
Institute of Customer Service. We’re now in a<br />
position to use the Institute’s expertise and<br />
advice as we look to continue enhancing our<br />
service delivery and raising industry standards.<br />
Through the Institute’s bi-annual Customer<br />
Survey, companies can benchmark themselves<br />
against other sectors and industries. The<br />
Institute assists and supports businesses in<br />
their efforts to become ‘the employer of choice’<br />
within their chosen industry.<br />
Unemployment is at an all-time low, while the<br />
recruitment and development of high calibre<br />
individuals is of paramount importance not only<br />
to us, but also to an industry battling against<br />
historically low pay rates and huge pressure<br />
being placed on margins. Investing in people<br />
will only become more important with time.<br />
Obviously, that investment has to be paid for.<br />
That being so, we – much like many others also<br />
trying to raise the bar – very much hope that<br />
the ‘race to the bottom’ in terms of pricing has<br />
ended and that higher customer expectations<br />
will be matched by enhanced pay rates and<br />
sensible margins.<br />
With a clear focus on customer service, we’ve<br />
now added a new category to our Axis Security<br />
Annual Awards. The inaugural Customer Service<br />
Excellence Award was recently bestowed upon<br />
James Kassim (pictured above with Jonathan<br />
Levine, CEO of Axis Group Integrated Services),<br />
who works on the Crown Estate St James’<br />
Market contract, for providing a very high<br />
standard of customer service and exhibiting a<br />
great work ethic and level of commitment.<br />
28<br />
www.risk-uk.com
SECURITY WORKFORCE<br />
MANAGEMENT PLATFORM<br />
One platform providing actionable insights in real-time, from anywhere.<br />
160 000 +<br />
FACILITIES<br />
200 000 +<br />
USERS<br />
35<br />
COUNTRIES<br />
DRIVE OPTIMAL<br />
SECURITY DECISIONS<br />
SAVE MONEY<br />
IMPROVE PRODUCTIVITY<br />
& GROW REVENUE<br />
GAIN TIME<br />
INCREASE MOBILE<br />
OPERATIONAL PERFORMANCE<br />
OPTIMIZE SECURITY<br />
OPERATIONS<br />
LIMIT OVERTIME<br />
OUR CLIENTS<br />
“Digital transformation<br />
for security services? Not<br />
without TrackTik.”<br />
Matthieu Leroy, CEO<br />
“The very best<br />
in<br />
guard management<br />
software”<br />
Bill Barthelemy, COO<br />
“Enables data-driven drive<br />
security decisions”<br />
Luc Dupont, VP<br />
CONNECT WITH US<br />
+44 808 178 5442 TRACKTIK.COM DEMO@TRACKTIK.COM
The Changing Face of Security Services: The ‘Total FM’ Approach<br />
Security’s Eggs and the ‘Total FM’ Basket<br />
One of the biggest<br />
changes confronting<br />
the security industry is<br />
an increasing<br />
association with the<br />
FM world. While much<br />
of this association has<br />
realised very positive<br />
consequences, it can<br />
also be said to present<br />
several challenges.<br />
Some trepidation is<br />
required to avoid any<br />
negative fall-out that<br />
might result from<br />
being caught up in the<br />
‘Total FM’ tide, writes<br />
Amanda McCloskey<br />
Amanda McCloskey:<br />
Sales and Marketing Director<br />
for CIS Security and CIS Front<br />
of House<br />
30<br />
www.risk-uk.com<br />
As an industry, we’ve had to brace our profit<br />
margins as a result of the bundled service<br />
approach to which some customers are<br />
attracted. On the flip side, the increased<br />
competition can be seen to be a driver for ‘out<br />
of the box’ thinking. It can also mean improved<br />
collaboration between security and other soft<br />
services, subsequently resulting in added value<br />
for the end user customer.<br />
However, the extent of our integration is<br />
debatable. Security is a skilled and educated<br />
profession in its own right. Evolving threats<br />
such as terrorism and cyber crime mean that<br />
security requires even more specialist skills,<br />
‘ear to the ground’ expertise and continued<br />
training and development than ever before.<br />
The recent collapse of facilities management<br />
(FM) giant Carillion reminded me of the ‘eggs in<br />
one basket’ proverb. Questions are now being<br />
asked about how this very public crash could<br />
have been allowed to happen to such a large<br />
organisation presumed to be operating<br />
alongside some of the most rigorous worldclass<br />
financial experts. Was it a case of too<br />
many cooks and not enough real responsibility<br />
and accountability, perhaps?<br />
In terms of the security role within an<br />
organisation, what happens if the security<br />
function fails compared to, say, the cleaning or<br />
the waste management operation? It’s<br />
undeniable that any significant security failures<br />
are potentially crippling for any organisation.<br />
Fascinating complexity<br />
FM is a sector which is developing quickly and<br />
with fascinating complexity. Some customers<br />
may benefit from total FM handling, but most<br />
organisations who operate in the corporate,<br />
cultural and education sectors take risks in<br />
doing so because of the implications of a ‘Total<br />
FM tsunami’. Just because functions are<br />
grouped under the facility manager’s role in a<br />
given building/company, it doesn’t necessarily<br />
follow suit that they should be grouped and<br />
managed by the same supplier.<br />
Physical and Intellectual Property are some<br />
of the weightiest portions of the assets of an<br />
organisation at the professional end of the<br />
market with which I work, not to mention the<br />
Health and Safety of its users. How can anyone<br />
with a true stake in their business really entrust<br />
responsibility for this to a bundled FM service<br />
provider who may contract out the work to a<br />
potentially inexperienced, poorly vetted<br />
company prepared to risk property losses or PR<br />
catastrophes – perhaps even the ultimate<br />
safety of users – for a profit?<br />
Looking at the situation that has transpired<br />
at Carillion of late, one wonders how many<br />
individuals at the top were noticing problems<br />
and asking questions, and whether something<br />
could have been done earlier. A quick scan of<br />
some ‘Employer Review’ websites reveals a<br />
pattern of entries reporting a perceived lack of<br />
managerial visibility and support.<br />
Nurturing a culture<br />
Any accomplished security company will know<br />
that modern security isn’t just about managing<br />
security officers. It’s also focused on cultivating<br />
and nurturing a security culture which actively<br />
extends the reach of security managers and<br />
officers outwards and into the realms of the<br />
host of our services: the end user.<br />
In today’s climate, this means significant<br />
effort in developing relationships and<br />
communication channels between security<br />
teams and their end users. It also means<br />
regular engagement with targeted training for<br />
end users, encouraging daily chats to build<br />
trust and share knowledge about current<br />
threats and conveying the reporting of general<br />
observations into the norm.<br />
Without wishing to undermine the value of<br />
some FM functions, I do feel that a better<br />
balance should be struck such that security<br />
matters are not dwarfed by other more<br />
‘showbiz’ FM-centric features such as interior<br />
design or sustainability.<br />
It’s our responsibility as leaders in the<br />
security business sector to share stories about<br />
what’s going on in our world and both<br />
encourage and incentivise innovation among<br />
our rising stars. Subsequently, this will enable<br />
us to better reflect and relay how far we’ve<br />
come, as well as generate excitement about the<br />
promising path ahead of us.
We go above<br />
and beyond.<br />
Axis Security – exceeding expectations in customer service.<br />
• Our employees – are highly trained, valued and rewarded<br />
• Our proactive management approach – ensures service is continually improving<br />
• Our intelligent technology – ensures open lines of communication and transparency<br />
• Our prestigious industry recognition – includes 3 Security Guarding Company of the Year awards<br />
T. 020 7520 2100 | E. info@axis-security.co.uk | axis-security.co.uk
The Changing Face of Security Services: Risk Management<br />
For a long time,<br />
security was often sold<br />
thanks to an element<br />
of fear (ie the idea that<br />
if a company didn’t do<br />
X, then bad things<br />
could happen to that<br />
organisation, so it had<br />
better do X). Alas, this<br />
is seemingly still the<br />
case today, though<br />
thankfully to a lesser<br />
degree, suggests<br />
Mark Folmer<br />
Mark Folmer CPP MSyI:<br />
Vice-President for the Security<br />
Industry at TrackTik<br />
Is Security Poised for Progress?<br />
Today, the many true security professionals<br />
who view security risks as a whole, either<br />
through the perspective of Enterprise<br />
Security Risk Management (ESRM) or other<br />
standpoints, strive to define X, calculate<br />
likelihood and define an appropriate response.<br />
That’s how they choose to succeed.<br />
Clearly, there’s a concerted move away from<br />
‘guns, gates and guards’, fear mongering and<br />
the ‘no news is good news’ mindset. I’m not<br />
sure if it’s because of ESRM, convergence or<br />
simply a function of time and technology, but<br />
the industry is most certainly maturing. To that,<br />
I would say: “It’s about time.”<br />
Today, the security industry is being<br />
challenged to do more with less. Not<br />
necessarily an ideal scenario, but this situation<br />
has forced us to improve upon how we plan<br />
security and offer security services in order to<br />
both respond to and fulfil these new plans.<br />
What about the laggards, though? Those who<br />
are not embracing technology in its multiple<br />
forms to provide for better security? Well,<br />
they’re still doing things the way in which<br />
they’ve always done them and continuing to<br />
hope for the best. Interestingly, this approach<br />
applies to both corporate security buyers and<br />
security service providers alike.<br />
Focusing on ESRM<br />
As today’s security threats become more<br />
advanced and complex, organisations are<br />
sometimes lacking in their segmented<br />
approach towards the key discipline of risk<br />
management. The solution lies in ESRM.<br />
Essentially, this is an holistic strategy that<br />
targets the wide variety of protection issues<br />
faced by an organisation under one lens using<br />
internationally-recognised principles.<br />
With ESRM, a given organisation is able to<br />
assess the range of its current security risks –<br />
everything, in fact, from cyber security through<br />
to petty crime and on again to terrorism – and<br />
manage the situation across the board.<br />
ESRM is a proactive way in which to protect<br />
your organisation from all variables. Integrating<br />
ESRM into corporate strategy is critical for risk<br />
management success.<br />
There are a few points to consider. Identify<br />
the purpose behind your goals of asset<br />
protection and risk mitigation. Allocate proper<br />
resources that efficiently secure corporate<br />
assets and identify risks. Enable the front line’s<br />
contribution to the overall security programme<br />
by harnessing the data that’s generated and be<br />
equipped by turning the data that’s gathered<br />
into intelligence for the organisation.<br />
If you’re asking yourself how to adapt and<br />
succeed in the current security industry, the<br />
answer, I believe, rests with data – plain and<br />
simple. I’m not sharing anything new here,<br />
though. Corporate security people have been<br />
using data for years in the risk assessment<br />
process. Data is at the root of how you assess<br />
the likelihood of an incident happening,<br />
whether your preferred approach is a ‘worse<br />
case’ or ‘most likely’ scenario.<br />
Hub of information<br />
If integrated into your security programme,<br />
data, connectivity and mobility allow you to be<br />
the first to know. You can be the hub of<br />
information for your organisation. With tools<br />
like these in hand, you have the opportunity to<br />
step up and elevate your security programme<br />
from a purely operational concern to one<br />
contributing strategic value. By being the<br />
person that feeds senior management with<br />
value-building information, you may well earn<br />
yourself a seat at the decision-making table.<br />
The security industry is poised for change.<br />
Are you the one who will connect the dots,<br />
identify the trends and protect your<br />
corporation’s assets? Will you be perceived as a<br />
business enabler or as an old school thinker<br />
steadfastly set in your ways?<br />
I would like to leave you with a question. OK,<br />
a few questions, then… Do you agree that the<br />
security industry is poised for change? What<br />
have you done to support this change? What<br />
has worked in your business to drive change?<br />
Please feel free to send me your answers via e-<br />
mail (mark@tracktik.com)<br />
32<br />
www.risk-uk.com
Security and Fire Management<br />
BE SMART!<br />
Read Risk UK Magazine on<br />
your tablet or smartphone<br />
using the FREE app
Meet The Security Company<br />
This is the ninth<br />
instalment in a<br />
monthly series of<br />
articles for the readers<br />
of Risk UK where we<br />
shine the spotlight on<br />
NSI-approved<br />
businesses for the<br />
benefit of risk and<br />
security managers<br />
who purchase security<br />
guarding as well as<br />
systems-focused<br />
solutions. Answering<br />
our key questions this<br />
month is Graham Tilly,<br />
managing director of<br />
Risk Management<br />
Security Services<br />
Risk UK: Can you briefly describe your<br />
business’ activities and what you consider to<br />
be your USP as an organisation?<br />
Graham Tilly: Risk Management Security<br />
Services provides solutions across three main<br />
security disciplines that include security<br />
guarding, mobile security patrols and<br />
keyholding/alarm response. Within each<br />
discipline, we look to deliver many sub-services<br />
such as reception staff, Post Room operatives,<br />
locks/unlocks and complete combined<br />
solutions that actively integrate elements of<br />
each individual service.<br />
The business occupies a position within the<br />
industry between the very small ownermanaged<br />
companies and the very large<br />
national suppliers. This enables us to<br />
demonstrate the standards and policies<br />
required by large corporate organisations while<br />
maintaining the type of personal service that<br />
can be offered by the smaller companies.<br />
Risk UK: What do your clients value most<br />
about the services you deliver?<br />
Graham Tilly: Through our experienced and<br />
stable management team we maintain close<br />
working relationships with each customer. This<br />
About the National Security Inspectorate<br />
The National Security Inspectorate (NSI) is a wholly-independent, not-for-profit<br />
company limited by guarantee and operates as a UKAS-accredited certification<br />
body specialising in the security and fire safety sectors.<br />
For over 40 years, the NSI has served to protect businesses, homeowners<br />
and the general public alike, raising standards by providing robust and high<br />
quality audits of both security and fire safety service providers.<br />
enables us to fully understand their<br />
requirements and deliver a service that<br />
absolutely matches what was discussed at the<br />
point of sale.<br />
Customers also take great comfort in the fact<br />
that we operate our own 24-hour Control Centre<br />
and that we’ve maintained a specialism within<br />
the security sector without being tempted to<br />
diversify into other soft services.<br />
We adopt a completely honest approach<br />
when holding discussions with our customers,<br />
and in particular if there’s a problem to be<br />
solved or a challenge to be faced. This allows<br />
us to gain the trust of our customers and build<br />
true business relationships whereby we can<br />
work together to reach a satisfactory solution.<br />
Risk UK: How do you feel accreditations have<br />
assisted your company?<br />
Graham Tilly: Accreditation within the industry<br />
has really set up a base level of acceptable<br />
working practices that provides potential and<br />
existing customers with some comfort that the<br />
service they receive or that they’re looking for<br />
is consistent, suitable and appropriate. On a<br />
procedural front, this allows customers to have<br />
a base level which is a minimum standard that<br />
can be easily compared between those<br />
companies that have it and those that don’t.<br />
The fact that we operate to security<br />
standards BS 7499, BS 7984-1 and BS 7858,<br />
and the fact that these are voluntary, is<br />
basically saying to the market that we do things<br />
properly. We don’t cut corners and always<br />
demonstrate transparency in all that we do.<br />
Everything is validated by a third party.<br />
This is particularly relevant for larger end<br />
user organisations where many of these<br />
aspects have become very much a pass/fail<br />
aspect. Without them, you fall at the first<br />
hurdle. Accreditation as a base level also<br />
enables us to change the discussion away from<br />
basic functionality and allows us to focus more<br />
on the relationship aspects and how we work.<br />
We’re able to concentrate more on our USP.<br />
For smaller organisations and those<br />
customers who don’t know a lot about our<br />
34<br />
www.risk-uk.com
Meet The Security Company: Risk Management Security Services<br />
In association with the<br />
industry, accreditation also acts as a sort of<br />
‘qualification’ that really provides a level of<br />
comfort. Customers know that they’re<br />
discussing their security requirements with a<br />
reputable organisation.<br />
Risk UK: Specifically, what value does ACS<br />
registration and NSI Guarding Gold approval<br />
bring to your business and its clients?<br />
Graham Tilly: Approved Contractor Scheme<br />
(ACS) registration offers a toe in the door,<br />
enabling the security business to tender for<br />
work. For those who don’t know the ins and<br />
outs of the industry, it lends some weight to the<br />
services that we’re providing.<br />
The ACS is, of course, run by the Security<br />
Industry Authority (SIA), a Government body.<br />
This affords legitimacy to the services we offer<br />
our customers. It also helps us to build a<br />
working platform on which to do business and<br />
ensure that we’re not only delivering a great<br />
service, but also looking after our people.<br />
NSI Guarding Gold is slightly different. This is<br />
based more around ensuring and<br />
demonstrating that we have systems,<br />
processes, procedures and policies in place to<br />
support what it is that we do. NSI Guarding<br />
Gold brings together the product standards, the<br />
quality standards and day-to-day business<br />
operations. It assists in setting a foundation<br />
throughout our business and affords a platform<br />
on which to build an excellent service.<br />
NSI Guarding Gold adds some weight to what<br />
we do and the way that we do it. It<br />
demonstrates our transparency due to its<br />
voluntary nature and third party approval<br />
process, and also assists in keeping everyone<br />
focused on the tasks at hand.<br />
Risk UK: In practice, what are the main<br />
differences between ACS registration and NSI<br />
Guarding Gold approval?<br />
Graham Tilly: NSI Guarding Gold is focused<br />
around service quality (ISO 9001), functionality<br />
(security product standards) and service<br />
whereas ACS registration with the Regulator is<br />
more about being a reputable organisation, the<br />
softer aspects (such as people management or<br />
KPI monitoring) and compliance with licensing<br />
and the SIA’s specific requirements.<br />
NSI Guarding Gold is made up of compliance<br />
with British and international standards/Codes<br />
of Practice which affords security companies<br />
wider scope to use them as a framework and<br />
build their business model around them in<br />
order to support day-to-day operations in a<br />
systematic way and ensure that the very best<br />
possible service is provided to customers on a<br />
consistent basis.<br />
The ACS is focused around service delivery<br />
and demonstrating that we do what we say we<br />
do as a company. NSI Guarding Gold really<br />
helps us to run the business effectively,<br />
whereas the ACS is more of an addition to<br />
demonstrate our commitments to different<br />
areas of the business and the softer aspects<br />
involved with client and people management.<br />
Risk UK: How do you feel technology has<br />
changed the industry over the last couple of<br />
years and what do you believe will be the<br />
direction of travel in the future?<br />
Graham Tilly: Many companies have looked at<br />
the integration of technology to support<br />
existing security measures and, in some cases,<br />
have used technology to reduce the reliance on<br />
security guarding. We’ve seen many companies<br />
review traditional methods of securing sites,<br />
such as guarding, and replace them with<br />
technology-based solutions either as single<br />
solutions or combined with other practices.<br />
A large number of clients subscribe to our<br />
combined security solution that provides<br />
similar – and, in some cases, better – levels of<br />
security, but offers year-on-year savings of<br />
between 30% and 60%. Typically, this type of<br />
solution uses a combination of security<br />
guarding, mobile patrols and keyholding<br />
supported by security systems with each<br />
element being deployed on a measured basis to<br />
avoid unnecessary services being delivered or<br />
hours being covered.<br />
Risk UK: When it comes to negotiating<br />
contracts and responding to tender requests,<br />
what aspects are of most value to customers<br />
and how are these changing?<br />
Graham Tilly: Our ability to maintain a stable<br />
workforce of suitably trained and<br />
knowledgeable staff is very important to our<br />
customers, as is our ability to provide effective<br />
levels of management support.<br />
Over the last ten years, we’ve seen greater<br />
demands placed upon security staff and duties<br />
continuously increasing to provide enhanced<br />
levels of service and greater value for money.<br />
The days of a security officer simply providing<br />
access control and searches have gone. We’re<br />
experiencing security personnel forming an<br />
integral part of the facilities operation at many<br />
sites. This demonstrates a shift in expectation<br />
and changes traditional guarding services.<br />
As an industry, we need to work closely with<br />
customers to ensure that they have a better<br />
understanding of the challenges this can bring<br />
if pay rates don’t increase to accommodate<br />
these specific requirements. We’ve also seen an<br />
increase in requests for recommendations to be<br />
Graham Tilly:<br />
Managing Director of Risk<br />
Management Security<br />
Services<br />
35<br />
www.risk-uk.com
Meet The Security Company: Risk Management Security Services<br />
Name<br />
Graham Tilly<br />
Job title<br />
Managing Director<br />
Time in security business<br />
sector<br />
I’ve worked in the security<br />
business sector with Risk<br />
Management Security<br />
Services for 23 years. Prior to<br />
becoming managing director,<br />
I served in the roles of<br />
business development<br />
manager, business<br />
development director and<br />
operations director<br />
Location of the business<br />
High Wycombe,<br />
Buckinghamshire<br />
Areas of expertise<br />
Security guarding, mobile<br />
security patrols and<br />
keyholding/alarm response<br />
Accreditations<br />
NSI Guarding Gold, SIA ACS,<br />
SafeContractor, ACS<br />
Pacesetters<br />
provided as to how the service required can be<br />
delivered by using alternative methods. This is<br />
where a combined solutions package and the<br />
integration of security systems can prove to be<br />
an attractive solution.<br />
Some years ago, we experienced a trend of<br />
companies outlining contracts based on a<br />
‘Total FM’ solution and placing all of their soft<br />
services needs with a single supplier. We’re<br />
now seeing such solutions being challenged<br />
and replaced by companies that require<br />
specialists in key areas of their business such<br />
that they can gain benefits through<br />
management expertise and knowledge.<br />
Technology is also playing a key role in the<br />
changing face of security at many levels, and is<br />
very often a significant element of the tender<br />
requirement. The use of technology links<br />
directly to another key requirement of security<br />
companies: the need to continuously reduce<br />
our impact on the environment.<br />
Risk UK: How has Government legislation<br />
(eg the National Minimum Wage, the<br />
National Living Wage and holiday pay)<br />
affected your business? Do you believe such<br />
legislation is a good thing?<br />
Graham Tilly: To date, this has had very<br />
minimal impact on our business as our rates,<br />
across the majority of our locations, far exceed<br />
both the National Minimum Wage and the<br />
National Living Wage. As a company, we don’t<br />
believe in quoting low and unsustainable<br />
wages. While we do operate at a small<br />
percentage of sites where the wage rates are<br />
not in line with our model, we work with these<br />
clients to increase them to suitable levels.<br />
Legislation is important as it avoids<br />
companies offering unsustainable rates of pay<br />
to staff, which can only have a negative effect<br />
on the quality of people in the industry.<br />
However, we do still see companies using the<br />
Minimum Wage as their model to price up new<br />
business (excluding TUPE). While this may<br />
offer a tempting solution to companies<br />
sourcing security, as very often it’s one of the<br />
largest spends a company will make, you have<br />
to question how suitable security staff can be<br />
recruited at such wage levels.<br />
Some caution does need to be employed.<br />
Many organisations are looking to reduce their<br />
spend on security, not increase it. While wage<br />
increases are great for the individuals<br />
benefiting from them, someone has to pay for<br />
this and that’s only ever going to be the people<br />
buying the service. As wage rates increase,<br />
some customers will have to look very carefully<br />
at what they can justify paying for the services<br />
received, no matter how good they are.<br />
Risk UK: What are the most important<br />
attributes you look for in your security<br />
officers and staff members in general?<br />
Graham Tilly: Experience within the sector is<br />
critical. We’re seeing an influx of new security<br />
officers who are entering the industry, having<br />
received assistance to gain an SIA licence, but<br />
who have little understanding of how the<br />
industry works (ie shift work, 12-hour shifts,<br />
lone working, etc). It’s therefore vital that we<br />
recruit security staff who have experience in<br />
this type of environment and, furthermore, can<br />
offer reliability and loyalty.<br />
One of the most important aspects is<br />
attitude. People have to want to work in the<br />
industry. They have to want to do a good job<br />
and have to want to show up. You cannot teach<br />
people attitude. If they’re the sort of character<br />
that likes to cut corners or has a ‘take it or<br />
leave it’ approach towards their work then that<br />
isn’t going to cut it in a customer-facing sector.<br />
Within the company, we also look for staff<br />
members who fit the culture of our business in<br />
terms of understanding our philosophies and<br />
methods for delivering the service. We employ<br />
staff who can demonstrate a positive approach<br />
to service delivery at all times.<br />
Risk UK: How can the SIA, the NSI and<br />
industry standards best serve the sector in<br />
addition to the needs of your company’s<br />
clients and the wider public interest? Will<br />
the introduction of business licensing be a<br />
positive step?<br />
Graham Tilly: The standards outlined by both<br />
the NSI and the SIA need to be observed by all<br />
companies operating in the sector and be<br />
directly linked to business licensing that will<br />
hopefully then create an elite list of companies<br />
as originally expected when the ACS was born.<br />
I attended a meeting of industry companies<br />
prior to individual licensing and ACS<br />
assessment. The (then) chairman of the SIA<br />
advised that security companies would be able<br />
to charge customers an additional 35% due to<br />
officer licensing and registration with the ACS.<br />
That was 13 years ago. I sincerely hope that, if<br />
business licensing does come to fruition,<br />
companies within the industry can work with<br />
the SIA and the NSI to develop that elite list<br />
and raise standards even further.<br />
If business licensing enables customers to<br />
genuinely identify suppliers in the upper<br />
echelon of the industry, then it has to be a<br />
positive step. If it simply becomes another<br />
membership for the existing ACS companies –<br />
and bear in mind it has been suggested ACS<br />
companies will fast track to business licensing<br />
– then I cannot see any benefits arising.<br />
36<br />
www.risk-uk.com
3 July 2018<br />
Hilton London Canary Wharf<br />
ONE DAY DAY – – MULTIPLE SOLUTIONS TO YOUR CHALLENGES<br />
eet Meet with with the the most most trusted solution providers, learn from industry thought leaders and and connect with with<br />
eers peers over over the the course of of the the Summit, which is entirely FREE to attend for for security professionals.<br />
opics Topics covered covered include: include: Access Access Control •• Anti-Virus Browser •• Security Data Data • Theft/Loss • • Malware • Malware<br />
Mobile • Mobile Security Security • Network • Network Security Security Management • Trojan Detection • • UK UK Cyber Cyber Strategy Strategy<br />
For more information and to register, please contact Emily Gallagher<br />
on: 01992 374085 or e.gallagher@forumevents.co.uk.<br />
@SECIT_SUMMIT #SITSUMMIT<br />
SECURITYITSUMMIT.CO.UK<br />
MEDIA & INDUSTRY PARTNER<br />
HOSTED BY
Examining The Role of Insurance in<br />
Converged Security Solutions<br />
“Risk comes from not<br />
knowing what you are<br />
doing. Price is what<br />
you pay. Value is what<br />
you get. Someone’s<br />
sitting in the shade<br />
today because<br />
someone planted a<br />
tree a long time ago”<br />
Warren Buffett’s<br />
words are apt in<br />
describing today’s<br />
security environment.<br />
The more that we work<br />
together in generating<br />
holistic solutions, the<br />
better the results in<br />
the long term. Rachel<br />
Anne Carter focuses<br />
on the role of the<br />
insurance industry in<br />
the delivery of security<br />
solutions<br />
38<br />
www.risk-uk.com<br />
The security profession as we understand it<br />
includes a variety of security generalists<br />
and specialists: corporate and commercial<br />
security practitioners, police and law<br />
enforcement professionals, intelligence<br />
operatives and military personnel. However,<br />
when thinking more broadly of those who<br />
provide solutions to security breaches, we also<br />
have insurance providers, lawyers and others<br />
whose work directly affects security outcomes<br />
or regulates behaviour, and thus brings in<br />
different bands of membership from corporates<br />
or Government departments.<br />
Holistic solutions are essential. When there’s<br />
a lack of collaboration and an entrenchment of<br />
the silos, there’s a duplication of resources and<br />
an escalation in costs. Even worse, there’s the<br />
danger that certain threats will fall into the<br />
cracks between them.<br />
Within the security profession, it’s now being<br />
recognised that cyber security should not be<br />
regarded as a silo. Rather, it’s everyone’s<br />
business. Converged security solutions are<br />
necessary. The exact same principle applies to<br />
the integration of other specialisms.<br />
The insurance industry is one of those<br />
sectors resting on the outer edge of the<br />
security industry, and not always certain of its<br />
place within the security sector. Insurance is, of<br />
course, a security measure. Greater knowledge,<br />
learning and mutual benefits will emerge from<br />
breaking down the existing silos, generating a<br />
more communicative experience and achieving<br />
holistic security strategies. As a direct result,<br />
many insurance companies are now seeking to<br />
engage with the security business sector on a<br />
somewhat more effective footing.<br />
Taking the example of cyber insurance, as we<br />
innovate, adapt and develop product and<br />
service offerings, we’re seeking to be part of a<br />
holistic security experience. Although insurance<br />
is critical to the economic security of a<br />
company, entity or individual after a cyber<br />
attack, we do of course recognise that<br />
insurance alone isn’t enough.<br />
In order to address cyber risks, we seek to<br />
develop a joined-up approach where we can<br />
look at the problem of cyber threats and its<br />
transformation as a multifaceted issue and then<br />
respond accordingly.<br />
Understanding and insight<br />
Insurers have the best possible understanding<br />
and insight into economic protection against<br />
business risks. There’s often a convergence of<br />
physical and cyber risks. In some cases, the<br />
physical risk may be about access to a building<br />
or access to computer systems or servers, for<br />
example. This requires specialists in both areas<br />
to work together, and both types of specialist to<br />
have a strong working knowledge of the other’s<br />
domain. In the future, the distinction between<br />
the two may well disappear entirely.<br />
The insurance industry also relies upon<br />
technical cyber professionals who have<br />
specialist knowledge of IT and cyber<br />
infrastructure, vulnerabilities and programming<br />
capabilities and who can implement technical<br />
solutions. The ability of insurance, physical<br />
security and technical cyber experts to work<br />
together to generate holistic solutions will be<br />
preferable to a pure economic solution.<br />
The economic aspect of the solution within a<br />
broader security strategy will, however, aid the<br />
recovery process and enable a company to have<br />
the cashflow required to continue their<br />
operations after an event has transpired.<br />
Security breaches rarely affect only one part<br />
of a business. Rather, they’re more likely to<br />
impact several areas and may even affect the<br />
overall functionality and operability of a
The Security Institute’s View<br />
business (even if only temporarily). On that<br />
basis, a solution accounting for the various<br />
impacts is key. Generating the required<br />
information about the potential impact(s) of<br />
security breaches involves intelligence<br />
gathering, understanding of technical<br />
intricacies and behavioural and other<br />
observations. This understanding and holistic<br />
approach towards mitigating the threat and any<br />
potential implications takes into account<br />
minimisation, prevention and recovery from<br />
security breaches.<br />
Intelligence gathering as well as physical<br />
surveillance can monitor individuals, groups,<br />
potential state actors or others involved in<br />
generating the greatest physical, cyber or other<br />
security threats and the broad threat<br />
groupings. Law enforcement has a role to play<br />
in dealing with criminality, primarily after it<br />
happens, and prosecuting where possible those<br />
engaged in cyber crime. A joined-up approach<br />
will also help facilitate the identification of<br />
patterns used by adversaries to carry out<br />
attacks and put in place solutions to combat<br />
these as well as isolate any potential losses.<br />
It’s fair to suggest that collaboration is the<br />
strongest force we have available to us.<br />
Collaboration is key<br />
In addition to enhancing understanding,<br />
collaboration facilitates cost and time<br />
efficiencies as well as an enhanced likelihood<br />
of preventing many more security breaches<br />
(physical and/or virtual).<br />
Using the same cyber example, a security<br />
solution involves taking into account physical<br />
risks and ways of minimising these risks, cyber<br />
professionals being more prescriptive about<br />
what clients and stakeholders must or should<br />
do (and regularity) to ensure that systems are<br />
as safe as possible and that insurance adapts<br />
and optimises its offer while ensuring clarity in<br />
existing offerings.<br />
The bringing together and selling of such<br />
products and services will benefit all and<br />
provide far more robust solutions for clients.<br />
This will take the stress, time and<br />
inconvenience away from clients otherwise<br />
having to source their own vendors to meet a<br />
variety of different security objectives.<br />
For the provision of security and the level of<br />
insurance cover offered, it’s likely that a higher<br />
degree of security will be afforded and that<br />
insurance solutions may have higher limits or<br />
more extensive coverage. Optimal solutions<br />
protecting against all security eventualities will<br />
be provided to companies who understand their<br />
risks and vulnerabilities and abide by – or are<br />
willing to nurture – a strong security culture.<br />
Collaboration will inherently focus on<br />
solutions, but it also has an educational<br />
element attached to it. The different sectors<br />
within the security community can educate<br />
each other and also learn from each other.<br />
Opening and widening the dialogue between<br />
the different sectors is likely to create new<br />
business opportunities for all those involved.<br />
Whenever a breach of security occurs,<br />
whether it manifests itself in a physical, cyber<br />
or other medium, it’s in everyone’s best interest<br />
that the breach is contained and minimised,<br />
with a strategy for resilience and returning to a<br />
state of ‘business as normal’ as soon as<br />
practicable duly put into operation.<br />
Breaking down traditional barriers<br />
The breaking down of traditional barriers to<br />
promote a joined-up approach sends a very<br />
powerful signal to our adversaries. Together, we<br />
are stronger. By sharing knowledge, we make it<br />
harder for the adversary to exploit the gaps<br />
where information doesn’t filter through from<br />
one silo to the next. Instead, it provides a<br />
stronger position to analyse past events, learn<br />
from them and adapt accordingly.<br />
Ultimately, if there’s a loss event, it’s best<br />
that everyone’s on board from the security<br />
sector, as the only winners from these events<br />
are the cyber adversaries who’ve been able to<br />
exploit our own entrenched silo system to their<br />
own advantage. This is a plea to organisations<br />
that they ought to take guidance from the<br />
words of business magnate Warren Buffet and<br />
start to plant the necessary seeds now.<br />
All-encompassing profession<br />
Security is an all-encompassing profession<br />
focusing on the safety of people, business and<br />
communities. Insurance is part of the solution,<br />
providing an economic and financial buffer.<br />
As the year is yet young, let this one stand to<br />
be a turning point whereby there’s greater<br />
collaboration, adaptation and modernisation of<br />
the way in which various security risks are both<br />
perceived and then actively remedied.<br />
Let us become a united force for the future<br />
and a growing seed of resentment for our<br />
adversaries who are looking to carry out<br />
security breaches. If we grow stronger together,<br />
then the cyber attackers will realise they’re<br />
faced with a harder task when it comes to<br />
conducting their criminal escapades.<br />
The Security Institute’s View<br />
is compiled and edited by Dr<br />
Alison Wakefield FSyI<br />
(Chairman of The Security<br />
Institute) and Brian Sims BA<br />
(Hons) Hon FSyI (Editor of<br />
Risk UK)<br />
Dr Rachel Anne Carter MSyI:<br />
Director of Research and<br />
Policy at The Security Institute<br />
and Cyber Innovation Lead at<br />
AmTrust<br />
“Holistic solutions are essential. When there’s a lack of<br />
collaboration and entrenchment of the silos, there’s a<br />
duplication of resources and an escalation in costs”<br />
39<br />
www.risk-uk.com
Developing a Career in Security and<br />
Intelligence: The Pathway to Success<br />
The Young<br />
Professionals Group<br />
was created by ASIS<br />
UK to establish a<br />
comfortable<br />
environment both for<br />
members new to<br />
security and future<br />
leaders wishing to<br />
engage with ASIS<br />
programmes and<br />
activities. Its core<br />
mission is to develop<br />
and educate young<br />
careerists in the<br />
security industry.<br />
Recently, Jerry Ross<br />
was asked to speak at<br />
an ASIS Young<br />
Professionals Group<br />
event and give an<br />
account of how she<br />
embarked on a career<br />
in the field of<br />
intelligence and,<br />
subsequently, security<br />
Jerry Ross: Regional Intelligence<br />
Analyst at Securitas UK<br />
40<br />
www.risk-uk.com<br />
Though incredibly nerve-wracking, it was an<br />
honour to be asked to share my<br />
experiences on developing a career within<br />
the security business sector with the invited<br />
audience, the key points of which are now<br />
being shared here among the readers of Risk<br />
UK. After graduating from Oxford Brookes<br />
University in 2011 with a BA (Honours) degree<br />
in English Literature and Geography, like many<br />
graduates fresh out of university I wasn’t<br />
entirely clear on the way forward. I’ve always<br />
had an interest in the Armed Forces and<br />
counter-terrorism, in the main prompted by<br />
media coverage of the Iraq and Afghanistan<br />
wars, so I initially considered joining the Armed<br />
Forces or the police service.<br />
I’ve always harboured an inquisitive nature,<br />
enjoying the analysis and research I completed<br />
in my studies, whether that be researching<br />
people, events or history. It was a combination<br />
of these factors that led me to make up my<br />
ideal job title – Intelligence Researcher. It just<br />
so happened that this kind of role did actually<br />
exist, and so the pursuit of a role began.<br />
After extensive travelling and with some<br />
direction as to what career path to pursue, I hit<br />
the job market with a vengeance to track down<br />
the perfect starting job. In February 2013, I<br />
applied for – and duly secured – my first<br />
position as intelligence researcher with Surrey<br />
Police. Based in Staines, the role involved<br />
monitoring and investigating crimes in the local<br />
area, among them high-value burglaries,<br />
kidnapping and drug offences.<br />
Intelligence was gathered on a daily basis via<br />
open and closed sources to compile profiles on<br />
suspects and identify trends in criminal activity.<br />
The intelligence was used to proactively<br />
minimise and prevent repeat incidents. The<br />
responsibility and experience I gained from<br />
running my own operations on dangerous<br />
individuals, combined with the support of<br />
amazing colleagues, made this the perfect<br />
hands-on role for me.<br />
Eventually, it was time to join the on-call<br />
team, in turn dealing with crisis situations<br />
including kidnappings and extortion. I can still<br />
remember being called to assist with an<br />
incident on my first day with the unit and then<br />
on my last day with the force.<br />
In January 2014, I took the opportunity to<br />
transfer from criminal intelligence to Surrey<br />
Police’s Special Branch and begin combating<br />
terrorism. In this role, I continued<br />
investigations and assumed responsibility for<br />
gathering more in-depth open source<br />
intelligence. It was in this role that I began my<br />
unexpected journey as an open source<br />
intelligence specialist with the force, using<br />
bespoke software and investigation tools.<br />
I built up solid experience in open source<br />
intelligence, and was starting to train fellow<br />
colleagues in Best Practice methods and the<br />
use of specialist software. Training and<br />
upskilling are important aspects of any role in<br />
intelligence, as it’s very much the case that you<br />
have to stay ahead of the latest developments<br />
in systems, monitoring and technology.<br />
Come January 2016, and after two years in<br />
counter-terrorism, I transferred to the Anti-<br />
Corruption Unit within Surrey Police. This role<br />
was part of a small and specialised team<br />
focused on exposing corrupt individuals and<br />
practices within the force. During this time, our<br />
team received a Chief’s Commendation. That<br />
was an important highlight for me.<br />
After four-and-a-half exciting years with<br />
Surrey Police, I decided the time was right to<br />
make a change and focus on a new challenge. I<br />
was particularly keen to step out of my comfort<br />
zone and explore new opportunities. That being<br />
so, I set out to extend my professional network.<br />
One of the first events I attended was the<br />
Security and Counter-Terrorism Expo that ran at<br />
London’s Olympia in March 2016. It was here<br />
that I was first introduced to the ASIS UK<br />
Women in Security Group, a sub-group of the<br />
organisation that supports and assists women<br />
in the security sector and also encourages new<br />
entrants into the profession.<br />
Indeed, this was the first of many ASIS<br />
networking events I would subsequently<br />
attend. ASIS International is the largest<br />
organisation for security professionals, with<br />
more than 35,000 members worldwide,<br />
including 800 here in the UK.<br />
An intriguing career<br />
While attending the Expo, I met ASIS UK<br />
director Dawn Holmes CPP (at that time the<br />
lead for the ASIS UK Women in Security Group)<br />
who had just taken up the role of technical<br />
security specialist at Bloomberg LP. Up until<br />
this point, I hadn’t considered security as a
In the Spotlight: ASIS International UK Chapter<br />
career choice, but meeting Dawn as well as<br />
other professional women in the industry<br />
heightened my awareness and interest.<br />
In September 2016, I left Surrey Police to<br />
take on the role of intelligence researcher for<br />
the British Transport Police (BTP). As part of the<br />
change, I relocated from Guildford to London<br />
and, within a few short weeks, I was tasked<br />
with developing the open source intelligence<br />
policy, capability and training for the BTP.<br />
Then, in March last year, I attended the ASIS<br />
UK Spring Seminar where I met Iskander<br />
Jefferies CPP from Securitas. At this point, I had<br />
limited knowledge of Securitas or the private<br />
security sector in general. However, Iskander<br />
explained to me that there might be an -<br />
ntelligence position in the pipeline.<br />
Suddenly, the possibility of a new career and<br />
further professional development was<br />
presenting itself. Having never before placed<br />
much faith in the power of networking, I<br />
suddenly found new doors beginning to open.<br />
Starting a career in security<br />
Last July, the new role of regional intelligence<br />
analyst at Securitas came to fruition and I left<br />
BTP to begin my career in security. A few<br />
thoughts were running through my mind at the<br />
time, with some of them keenly focused on<br />
making the transition from the public to the<br />
private sector and what this would actually<br />
entail. Nevertheless, I was looking forward to a<br />
new challenge and broadening my horizons.<br />
I’ve been with Securitas for seven months<br />
now and I’ve fully immersed myself in the<br />
security industry.<br />
Law enforcement agencies have been<br />
scrutinised and under pressure in recent years.<br />
One positive takeaway from my experience with<br />
Surrey Police is an understanding of the<br />
importance of intelligence and how it can be<br />
gleaned through open source investigation.<br />
Although the security industry has made some<br />
headway, many organisations could do a lot<br />
more to investigate this pool of information.<br />
This is now my ambition: to bring open<br />
source investigation to the forefront of private<br />
security as a crucial means of safeguarding our<br />
clients and assets. As a business, Securitas<br />
understands the power of intelligence and<br />
enhanced vetting with a number of customers<br />
expressing an interest in this service. The<br />
ability to gather intelligence to counteract or<br />
prevent incidents and offer predictive security<br />
is critical, and particularly so in the aftermath<br />
of so many premeditated and targeted attacks<br />
across the UK in recent times.<br />
Today’s companies have to face a number of<br />
threats, and in particular the insider threat.<br />
This is where enhanced vetting comes into its<br />
own, and notably so for those roles with a<br />
heightened requirement for discretion.<br />
The development of the web and social<br />
media channels has presented many positives,<br />
but this has also opened the door to negative<br />
activity. Social media platforms are a primary<br />
source of communication for many, meaning<br />
that there’s an enormous amount of information<br />
and intelligence with which to work. People<br />
report suspicious behaviour, post images and<br />
videos of attacks and cover a whole host of<br />
interesting topics. They even report 101<br />
information to the police service through social<br />
media channels.<br />
The intelligence field is always evolving so<br />
it’s crucial to stay ahead and keep up-to-date<br />
on the latest developments with a heightened<br />
emphasis on the technology side of matters.<br />
Engaging with ASIS UK’s Women in Security<br />
Group and the ASIS Young Professionals Group<br />
has changed the direction of my career which<br />
has been an exciting and rewarding journey.<br />
That said, I believe there’s much more<br />
adventure still to come. I’m looking forward to<br />
learning much more about the security sector.<br />
I often think back to advice given by one of<br />
my former teachers when I was trying to decide<br />
what to study at university. I was urged to<br />
“stick to the core subjects” (which I did). I<br />
enjoyed my degree, but I’m glad I embarked on<br />
a completely different career path.<br />
“Training and upskilling are important aspects of any role<br />
in intelligence, as it’s very much the case that you have to<br />
stay ahead of the latest developments in systems,<br />
monitoring and technology”<br />
41<br />
www.risk-uk.com
Often, fire detection in<br />
large open spaces has<br />
proven to be<br />
somewhat<br />
challenging. Although<br />
BS 5839-1 provides<br />
clear guidelines for<br />
detection at the<br />
ceiling, some<br />
designers have been<br />
embarrassed to<br />
receive customer<br />
complaints of<br />
detection failing to<br />
respond to a fire<br />
outbreak despite the<br />
systems installed<br />
being compliant with<br />
the Code of Practice.<br />
Robert Yates and Peter<br />
Massingberd-Mundy<br />
investigate<br />
Robert Yates: Technical<br />
Manager at the Fire Industry<br />
Association<br />
Shedding Light on the<br />
Detection of Stratified Smoke<br />
The cause of poor fire detection system<br />
performance can often be attributed to<br />
stratification. This is where the fire has<br />
insufficient energy for the resultant smoke<br />
plume to rise to the ceiling because it has<br />
cooled to the temperature of the surrounding<br />
air and lost buoyancy, spreading out in a layer<br />
below where the detection equipment is sited.<br />
The challenge for system designers, then, is<br />
to predict when and where stratification may<br />
occur. In practice, it’s almost impossible to<br />
reliably predict the height at which the smoke<br />
layer will form because it depends upon the<br />
size and energy of the fire and the temperature<br />
gradient in the protected space.<br />
That gradient can in itself be influenced by<br />
many factors such as differing weather<br />
conditions, the time of day, building occupation<br />
and heating control, etc. As a consequence, it’s<br />
often simply argued that, as the fire develops,<br />
the heat output increases, hotter smoke will<br />
break through any thermal barrier and ceilingmounted<br />
detectors will eventually operate.<br />
In those spaces where smoke stratification is<br />
considered to be a risk, BS 5839-1 (and other<br />
similar Codes of Practice) has, for many years,<br />
recommended that a layer of several beam<br />
detectors is installed, with the detectors<br />
spaced sufficiently close to each other such<br />
that the rising smoke plume is unlikely to pass<br />
through the layer undetected. In reality, this<br />
recommendation is rarely followed because the<br />
number of beam detectors needed is<br />
prohibitively expensive.<br />
Instead, many fire protection system<br />
designers instinctively apply the use of angled<br />
beam detectors in the expectation that they will<br />
be obscured by the smoke layer no matter the<br />
height at which it happens to form.<br />
Research project<br />
This alternative approach using angled beams<br />
was first included in BS 5839-1 in 2013, but no<br />
specific guidance was provided as to where to<br />
place the beam detectors because such an<br />
approach had never been fully researched.<br />
On that basis, the Fire Industry Association<br />
(FIA) accepted a proposal from some of its<br />
member companies to invest in a research<br />
project purposefully designed to investigate the<br />
effectiveness of angled beams and provide data<br />
to support guidance as to where they should<br />
best be positioned.<br />
The research project was sponsored by the<br />
FIA in conjunction with Laluvein Consulting Ltd,<br />
Fire Fighting Enterprises Limited and Xtralis<br />
(UK) Ltd (part of Honeywell), all of them<br />
member organisations of the FIA.<br />
Using software called Fire Dynamic Simulator<br />
(FDS), the FIA (working in partnership with fire<br />
science researchers from the BRE’s Centre for<br />
Fire Safety Engineering at the University of<br />
Edinburgh) modelled a series of fire scenarios<br />
in a 25 metre-high space to simulate the effect<br />
of key variables such as fire size and<br />
temperature gradient on the characteristics of<br />
the smoke layer.<br />
The BRE’s Centre for Fire Safety Engineering<br />
exists to equip tomorrow’s leaders in the field<br />
with the skills they require, support today’s fire<br />
safety teams with multidisciplinary research,<br />
provide first-class education in fire safety<br />
engineering and structural fire engineering,<br />
deliver fire safety consultancy services to<br />
industry and other consultancies and<br />
disseminate information about advances and<br />
research in fire safety engineering through<br />
courses, symposia and publications.<br />
For those readers of Risk UK unfamiliar with<br />
FDS, it uses complex computerised<br />
mathematical modelling systems to simulate<br />
and predict the way in which smoke travels and<br />
how it rises within a building. Moreover, it<br />
includes models that can be used to predict the<br />
activation of smoke detectors (including beam<br />
detectors and aspirating smoke detectors).<br />
These models were fundamentally improved as<br />
part of the project to accurately model angled<br />
beams (of which there were over 100 included<br />
in the simulations).<br />
Useful insights<br />
As is the case with all such analysis, the<br />
absolute accuracy of the results cannot be<br />
relied upon until it has been verified. Despite<br />
this caveat, the results provide useful insights<br />
into the relative performance of detectors in<br />
different positions, while the visualisation<br />
afforded by SmokeView sheds some light on<br />
how the smoke layer develops.<br />
The first finding was that the tight spacing<br />
(¼ height) recommended in BS 5839-1 (for<br />
interstitial beams intended to detect the rising<br />
column of smoke) shouldn’t be relaxed. For<br />
example, if the interstitial beams are installed<br />
at 12 metres they need to be spaced every 3<br />
42<br />
www.risk-uk.com
FIA Technical Briefing: Detecting Stratified Smoke<br />
metres – requiring five times more devices than<br />
with the 15-metre spacing recommended for the<br />
ceiling-mounted beam detectors.<br />
The second finding was that the predicted<br />
response of angled beam detectors passing<br />
through a stratified layer of smoke (resulting<br />
from a small fire when there’s a temperature<br />
gradient) is similar to the response of beam<br />
detectors positioned on a ceiling (to the same<br />
small fire when there’s no temperature gradient<br />
to cause the smoke to stratify). This is an<br />
important finding as it confirms that angled<br />
devices are likely to be effective.<br />
One observation, and which differs from<br />
common/intuitive thinking, is that the<br />
horizontal velocity in the smoke layer reduces<br />
as the layer spreads. The research project<br />
indicates that the smoke layer doesn’t continue<br />
to stretch outwards across the room<br />
indefinitely, but instead tends to deepen<br />
around the centre and become more dense.<br />
When considering a design with angled beams,<br />
it’s therefore important that due attention is<br />
afforded to the extent – and speed – of the<br />
spread of the smoke layer.<br />
Applying the research<br />
The findings thus far are reflected in the current<br />
advice contained within BS 5839-1 for installing<br />
angled beam detectors, and particularly in the<br />
note under Clause 22.5d.<br />
One additional recommendation from the<br />
research which hasn’t been reflected in BS<br />
5839-1 as yet is that, when installing angled<br />
beams, they’re best deployed in a criss-cross<br />
arrangement. This is specifically intended to<br />
ensure that the distance to a beam at any given<br />
height isn’t in any way excessive.<br />
From this relatively short overview of the<br />
research underpinning the current<br />
recommendations for angled beams, it’s clear<br />
that further analysis and validation is needed.<br />
In anticipation of this, the FIA has agreed to<br />
sponsor a second phase of research into the<br />
challenges of detecting stratified smoke.<br />
The FIA’s Fire Detection and Alarm Council’s<br />
primary purpose is to find solutions to such<br />
technical issues on behalf of the fire industry.<br />
Council is comprised of roughly 30 individuals<br />
from FIA member companies, with selection<br />
conducted through an election process. The<br />
majority of those on Council have a senior<br />
background, an extensive range of experience<br />
and a deep knowledge and understanding of<br />
both British and European Standards.<br />
All of this means that technical guidance<br />
documents can be created to the highest<br />
industry standard based on the FIA’s research<br />
and partnerships with leading universities, the<br />
British Standards Institution and other<br />
standards bodies.<br />
The FIA acts as the springboard between<br />
industry and research at top Higher Education<br />
institutions, providing the industry with<br />
solutions and guiding standards by way of<br />
scientific evidence. The research helps in<br />
leading the FIA’s training and qualifications in<br />
fire detection and alarm systems.<br />
Specialist qualifications<br />
On that note, the FIA can now offer four new<br />
specialist qualifications: one each for the<br />
design, installation, maintenance and<br />
commissioning of fire detection and alarm<br />
systems. The qualifications have been carefully<br />
developed over time by a range of experts in<br />
the field to raise the level of professional<br />
knowledge and understanding of those working<br />
within the sector.<br />
These qualifications have been produced in<br />
consultation with industry leaders and<br />
employers, matching the needs of the industry<br />
with what learners really need to understand.<br />
The FIA has worked with reference to the<br />
National Occupational Standards, current UK<br />
legislation and published standards, along with<br />
Codes of Practice and industry Best Practice to<br />
give learners the opportunity to expand their<br />
knowledge and understanding in a format that’s<br />
in-depth and delivered under expert guidance.<br />
Further information<br />
concerning optical beam<br />
detection may be gathered by<br />
visiting the Resources Section<br />
of the FIA’s website<br />
(www.fia.uk.com) where an<br />
extensive technical library can<br />
be accessed<br />
Peter Massingberd-Mundy:<br />
Technology and Expert Practices<br />
Manager at Xtralis (a Member<br />
Company of the FIA)<br />
“The research project indicates that the smoke layer<br />
doesn’t continue to stretch outwards across the room<br />
indefinitely, but instead tends to deepen around the centre<br />
and become more dense”<br />
43<br />
www.risk-uk.com
Mental Health: Are You Doing Enough<br />
to Support Your People?<br />
With workplace stress<br />
on the increase and<br />
mental health issues<br />
now firmly on the<br />
agenda, this really<br />
should be something<br />
that security<br />
businesses are<br />
tackling head on. Yet,<br />
according to the<br />
charity Mind, 30% of<br />
employees questioned<br />
in a recent survey<br />
disagreed with the<br />
statement: “I would<br />
feel able to talk<br />
openly with my line<br />
manager if I was<br />
feeling stressed”.<br />
Louise McCree<br />
investigates<br />
44<br />
www.risk-uk.com<br />
Clearly, some managers don’t appreciate the<br />
implications of failing to address mental<br />
health issues within their organisation.<br />
Those who are aware of the consequences<br />
seem unclear about what the correct course of<br />
action should be. This is upheld by further<br />
statistics from Mind which state that,<br />
disappointingly, “56% of employers said that<br />
they would like to do more to improve staff<br />
well-being, but don’t feel they have the right<br />
training or guidance in order to do so.”<br />
Unfortunately, the number of people<br />
reporting mental health conditions seems to be<br />
on the increase. It’s unlikely that this situation<br />
will change. Part of the reason could be due to<br />
longer working hours and employees very often<br />
feeling obliged to take work home with them.<br />
Combined with this is an inability on the part of<br />
some people to ‘switch off’, and particularly so<br />
if they’re contactable all of the time.<br />
Exacerbating the situation is the rapid<br />
advance of technology, with individuals<br />
spending more time in front of screens. Most<br />
readers of Risk UK will already be aware of the<br />
harmful effects of blue light emitted from<br />
electronic devices and how this can impact our<br />
sleep. Also, the British Heart foundation<br />
reported last year that more than 20 million<br />
adults in the UK are failing to meet Government<br />
guidelines for physical activity, leading to all<br />
sorts of related health complications.<br />
On Thursday 1 February, Mind ran its ‘Time to<br />
Talk’ day, the idea being to promote a culture of<br />
speaking openly about mental health issues. If<br />
you missed this, then perhaps the charity’s<br />
‘Time to Change’ pledge may be something to<br />
look into? This could form part of the overall<br />
well-being strategy within your organisation.<br />
Complicated issue<br />
Mental health is a complicated issue. It’s a<br />
sensitive topic and often an emotive one for<br />
many. Therefore, the approach taken towards it<br />
needs to be considered and unhurried. Do<br />
nothing about it at your peril, though. More<br />
than one-in-five (21%, in fact) respondents to a<br />
recent Mind-orchestrated survey stated that<br />
they had called in sick to avoid work when<br />
asked how workplace stress had affected them.<br />
Other scenarios for not being equipped to deal<br />
with mental health issues in the workplace are<br />
PR disasters, potential tribunals and, most<br />
serious and devastating of all, suicide attempts.<br />
Rest assured that there are various ways in<br />
which a security business can prepare itself to<br />
tackle mental health issues and support its<br />
people. The best place to start is with a plan.<br />
Raise awareness. Ensure that employees feel<br />
comfortable talking about mental health issues<br />
and encourage discussions about stress and<br />
anxiety. Also, remember that mental health<br />
issues include eating disorders, panic attacks<br />
and addiction. These should be incorporated<br />
into any written policy. Mental Health<br />
Awareness Week commences in May, so why<br />
not plan ahead and schedule in some activities<br />
or functions that raise awareness?<br />
Consider creating a Well-Being Policy. Be<br />
aware that simply drawing up a policy will not<br />
solve all of the issues involved. It’s a helpful<br />
exercise to begin compiling the things which<br />
your business currently does in order to<br />
support members of staff. It’s also a good way<br />
to identify gaps. Furthermore, a policy is a<br />
simple and effective way of communicating<br />
what you do to clients and members of staff<br />
alike. It also gives those employees who are<br />
struggling something to which they can refer.<br />
Train your managers. This is vital as<br />
managers are likely to be the first people to<br />
notice any change in an employee. Managers<br />
should be taught to look for signs that an<br />
employee is struggling (for example, lack of<br />
concentration, an increase in absenteeism, a<br />
short temper, being emotional at work or a<br />
sudden change in performance level).
Security Services: Best Practice Casebook<br />
Employee Assistance Programmes<br />
Introduce an Employee Assistance Programme<br />
(EAP). Implementing an EAP is usually a<br />
relatively low cost exercise and a great way of<br />
offering additional, external support. Very<br />
often, an employee may not feel comfortable<br />
discussing a personal matter with a colleague.<br />
An EAP is a good alternative. Not only do they<br />
provide counselling, but they also afford<br />
practical advice (for example on matters such<br />
as financial debt or divorce which can often<br />
contribute towards a person’s depression).<br />
If as a business you already have an EAP in<br />
place, determine to make sure that your people<br />
know it’s there and that they make good use of<br />
it. Very often, schemes are paid for, but are<br />
then poorly communicated.<br />
Promote wellness initiatives. As an employer,<br />
you have a Duty of Care, meaning that you<br />
should take all reasonable steps to ensure the<br />
well-being of your employees. Introducing a<br />
wellness programme doesn’t have to be timeconsuming<br />
or expensive. It may be something<br />
as simple as providing a free fruit bowl on each<br />
of your floors at headquarters.<br />
If your organisation already has a ‘Cycle to<br />
Work’ scheme then make sure it’s adequately<br />
promoted. Consider corporate gym membership<br />
or providing a ‘quiet room’ at work wherein<br />
employees can retreat for ten minutes (the<br />
room should be a device-free zone). A number<br />
of companies have run campaigns designed to<br />
encourage staff to take proper breaks at work,<br />
while Stylist Magazine is relaunching its<br />
‘Reclaim Your Lunchbreak’ campaign.<br />
On that note, there’s significant evidence to<br />
suggest that taking even a 30-minute break<br />
away from their desk increases productivity and<br />
boosts an employee’s focus. In addition, it<br />
works wonders for creativity and, most<br />
importantly, mood.<br />
Create and foster a culture of openness,<br />
acceptance and support. A business might do<br />
this by appointing a wellness representative,<br />
ensuring regular communications about health,<br />
exercise, support and training or including such<br />
detail in client presentations or newsletters.<br />
Another great way of embedding the<br />
importance of talking about mental health<br />
issues is to align wellness with various existing<br />
policies and processes. This could include the<br />
annual appraisal or monthly reviews, such that<br />
employees understand what’s expected of<br />
them, what to look for in others and where to<br />
seek help if they should require it.<br />
Make the commitment<br />
In addition to Mind’s ‘Time to Change’ pledge,<br />
there are various other commitments your<br />
“Managers should be taught to look for signs that an<br />
employee is struggling (for example, lack of concentration,<br />
an increase in absenteeism, a short temper, being emotional<br />
at work or a sudden change in performance level)”<br />
business can undertake to make the workplace<br />
a happier and much healthier environment. One<br />
of these is the Healthy Workplace Charter. In<br />
essence, this is a set of standards that<br />
organisations set out to meet in order to<br />
receive an official accreditation.<br />
Mental health is different for everyone and,<br />
as such, you cannot – and, indeed, should not –<br />
approach it as a ‘one-size-fits-all’ solution. The<br />
one thing that many businesses really struggle<br />
with is what to do on a practical level if an<br />
employee has mental health concerns. There<br />
are some key steps to note here.<br />
Manage the employee in the same way as<br />
you would any other medical issue. By this, I<br />
mean ensure that the process you follow is<br />
consistent and in line with the normal company<br />
medical capability process. Meeting with the<br />
employee is essential to understand what’s<br />
going on. You may wish to allow them the right<br />
to be accompanied by a friend or a member of<br />
their family, even though this isn’t obligatory. It<br />
may well make them feel more at ease.<br />
Look at obtaining a medical report (you will<br />
need the employee’s consent for doing so). This<br />
will enable you to gain valuable insight and<br />
advice from a professional. Consider referring<br />
the employee to occupational health.<br />
Sometimes, it can be the case that someone<br />
completely independent and removed from the<br />
process is better able to offer support.<br />
Making reasonable adjustments<br />
Be mindful that you may need to make<br />
reasonable adjustments for the person<br />
concerned. These could include shortened<br />
hours, ‘buddying up’, counselling, adjusting<br />
workload or encouraging the employee to use<br />
some of their annual holiday entitlement for a<br />
break away from the business.<br />
Most importantly of all, though, you should<br />
remember that, because all mental health<br />
issues are different, you must never fall into the<br />
trap of making assumptions about a given<br />
individual’s condition.<br />
In observing that rule, you will undoubtedly<br />
bring about numerous positive changes to your<br />
organisation. You should see productivity<br />
increases, absenteeism reductions, Public<br />
Relations improvements leading to a more<br />
competitive edge and, most significantly of all,<br />
a happier and more motivated workforce.<br />
Louise McCree MCIPD:<br />
Founder of effectivehr<br />
45<br />
www.risk-uk.com
Hardware Cyber Security:<br />
From the Active to the Passive<br />
Iain Deuchars focuses<br />
on hardware cyber<br />
security, examining<br />
the possible<br />
approaches that an<br />
attacker might take<br />
before proceeding to<br />
describe the features<br />
within active network<br />
equipment that can<br />
prevent such attacks<br />
from being successful.<br />
Although<br />
concentrating on IP<br />
security and<br />
surveillance networks,<br />
what follows applies<br />
to any Ethernet-based<br />
network and, as such,<br />
covers a much wider<br />
scope of markets<br />
The term ‘Cyber Security’ is a common one<br />
in our world today, and can affect anything<br />
and anyone from national Governments<br />
and global corporate entities through to<br />
individuals both young and old. Due to its<br />
ubiquitous association, our comprehension of<br />
cyber security is based around the global<br />
Internet where software attacks, such as<br />
malware and DDoS episodes, threaten our<br />
working days and everyday lives. Websites can<br />
become unreachable and corporate servers are<br />
hacked, with expensive consequences for<br />
owners and operators alike.<br />
What we fail to relate cyber security to is the<br />
threat posed to autonomous computer<br />
networks. Here, a third party physically breaks<br />
into a system via its infrastructure devices<br />
resulting in the system being compromised or<br />
failing completely with disastrous outcomes<br />
from either scenario.<br />
Due to their nature, security and surveillance<br />
networks put network connections in both<br />
secure and unsecured locations. Vulnerable<br />
positioning provides ample opportunities for<br />
the would-be attacker, so due care and<br />
attention must be paid to equipment<br />
protection. However, installers must also treat<br />
secure sites in exactly the same way. The point<br />
of attack could originate from a source fully<br />
entitled to be within an area. On that basis, no<br />
chances can be taken.<br />
An Ethernet network comprises both active<br />
and passive equipment. Active equipment is<br />
defined as that which needs electrical power to<br />
operate, while passive equipment is that which<br />
doesn’t require electrical power. Active<br />
equipment includes Ethernet switches (this<br />
article is centred on Layer 2 Ethernet switches<br />
based on MAC addresses and not Layer 3<br />
devices that can switch on either IP or MAC<br />
address) and media converters, and the passive<br />
a combination of cables, connectors and<br />
management such as cabinets, which might<br />
also include additional active equipment<br />
(environmental conditioning and monitoring<br />
systems, for instance).<br />
Ethernet switches act like cable<br />
concentrators, bringing together signals from<br />
different edge devices and then relaying those<br />
signals to other devices based on address<br />
information attached to the signal. They can<br />
have combinations of electrical and optical<br />
ports (connections) in varying port densities.<br />
A media converter is a simple device that<br />
converts electrical signals to optical and viceversa.<br />
The security threat to the network at this<br />
level results from a third party physically<br />
connecting to the switch, or by removing an<br />
edge device from the network and attaching<br />
unauthorised equipment in its place.<br />
The connection could be to an optical port,<br />
but that would require the third party to have<br />
the correct optical interface so, for<br />
opportunistic reasons, it tends to be a<br />
connection via an electrical interface.<br />
Electrical Ethernet ports are based around an<br />
industry standard, so connecting to these is<br />
relatively simple. As every laptop today<br />
harbours such a connection, the probable<br />
weapon of attack is readily available.<br />
Active Equipment Defence<br />
Ethernet switches are available in managed or<br />
unmanaged forms, where the managed<br />
platform has many more features and allows<br />
the end user to configure and remotely monitor<br />
the device. The unmanaged unit has no such<br />
facilities. It simply does the basic job based on<br />
its shipped configuration. Media converters<br />
tend to be in an unmanaged format only.<br />
Where security is concerned, managed units<br />
offer a number of facilities to prevent<br />
unauthorised entry to the network. Unmanaged<br />
units don’t, so managed Ethernet switches<br />
should be used throughout your network.<br />
46<br />
www.risk-uk.com
Hardware Cyber Security: IP Security and Surveillance Networks<br />
It tends to be the case that the simplest<br />
features offer the best security, and with<br />
Ethernet managed switches that persists. The<br />
ability to disable a switch port that’s not being<br />
used in the current network configuration<br />
through the management interface might<br />
seem an obvious security feature, but it’s one<br />
that a lot of network operators fail to employ<br />
and may not even know exists on their devices.<br />
If the port isn’t being used then disable it<br />
such that no unwarranted party can plug<br />
directly into your network. If the port needs to<br />
be used for legitimate traffic in the future then<br />
simply open it via the management system.<br />
While we’re talking about the simplest<br />
features being the best, the default username<br />
and password that every managed Ethernet<br />
switch is shipped with to enable you to gain<br />
access should be changed to a username and<br />
password commensurate with your security<br />
policy. There’s no point in applying all of this<br />
security if it could be changed by our attacker<br />
connecting to the comms port of the switch and<br />
gaining access simply by reading the manual.<br />
Note that the communications port on an<br />
Ethernet switch is a serial data communications<br />
port that allows local access to the<br />
management configuration once a correct<br />
username and password are entered.<br />
Once a link has been established between<br />
two active units in the network, a link<br />
acknowledgement (normally an LED indication)<br />
is generated and dropped immediately the link<br />
is broken. This simple hardware-based trigger<br />
can be used to shut down a port on the basis<br />
that the loss of a link is a potential attack. The<br />
feature can be further expanded to shut down<br />
ports in the event that power is lost to the<br />
active device just in case our attacker has the<br />
smart idea of switching connections once the<br />
switch is powered down.<br />
If any units are deployed in unsecured<br />
locations then the port receiving<br />
communications from that site should be<br />
activated with this feature to counter link<br />
breaks in these areas.<br />
Any IP-based edge device such as a CCTV<br />
camera or speaker will have an Ethernet MAC<br />
address. This can be used to logically connect<br />
the associated Ethernet switch port to that<br />
particular MAC address. If a MAC address that’s<br />
not registered tries to connect, the switch will<br />
simply prevent access. Bear in mind, though,<br />
that the more knowledgeable attacker could<br />
use spoofing to find and copy your MAC<br />
address. This form of protection may buy you<br />
valuable time, but not complete safety.<br />
With the IP address of connected devices<br />
known, the switch can set up a polling routine<br />
“Where security is concerned, managed units offer a number<br />
of facilities to prevent unauthorised entry to the network,<br />
whereas unmanaged units don’t. Managed Ethernet<br />
switches should be used throughout your network”<br />
with the edge device and then run a preprogrammed<br />
procedure if there’s no response<br />
to the poll. Depending on the switch and the<br />
manufacturer, there could be a number of<br />
response procedures employed based on site<br />
security protocols.<br />
One could be to immediately shut the port<br />
down and, at the same time, generate a Simple<br />
Network Management Protocol (SNMP) trap.<br />
This is like an alert flag that tells the<br />
centralised management system something has<br />
happened to the device running SNMP and to<br />
start ringing the alarm bells if required. Another<br />
response could be to simply send the trap and<br />
keep the port open or, if the switch was<br />
supplying power to the edge device, a power<br />
cycle procedure could be run if the user thinks<br />
that the device has either stalled or hung-up.<br />
802.1x User Authentication is an IEEE-defined<br />
standard that should be available on all fullymanaged<br />
switches. It defines an authentication<br />
procedure for devices that wish to join the<br />
network. The standard defines three parties in<br />
the procedure: a Supplicant that wants to join<br />
the network, an Authenticator (which is the<br />
Ethernet switch) and the Authentication Server.<br />
In the system, the Ethernet switch acts to<br />
protect the network until the server has verified<br />
the credentials of the Supplicant and has either<br />
allowed or denied it access to the network.<br />
Passive Equipment Security<br />
Security should be applied to the passive<br />
components of the network as well as the<br />
active ones. How many times have you walked<br />
along the pavement and observed the door of a<br />
utilities company’s street cabinet hanging off,<br />
or the access flap open on a lamppost? The<br />
reason is that, in most cases, the system owner<br />
or operator has no idea that the door of their<br />
cabinet is open and their system isn’t secure.<br />
If any part of the network is housed within an<br />
enclosure, some form of sensor must be on the<br />
door to tell you if it’s open or closed. If the door<br />
is open and you’re not aware of it, then you’re<br />
providing an easy target for any attacker.<br />
Bear in mind that it doesn’t just need to be<br />
active equipment. If the enclosure simply<br />
houses cable management then that could<br />
present an attacker with the opportunity to<br />
break in to the network. Ignore the basics of<br />
network security at your peril.<br />
Iain Deuchars:<br />
Business Development<br />
Manager at ComNet<br />
47<br />
www.risk-uk.com
As part of their overall<br />
risk management<br />
posture, organisations<br />
worldwide can make a<br />
significant<br />
contribution towards<br />
reducing the impact of<br />
road traffic collisions<br />
by providing<br />
appropriate training in<br />
both medical and<br />
vehicle rescue<br />
capabilities for key<br />
members of staff and<br />
locations. Here, Neil<br />
Pedersen examines<br />
the main points of this<br />
strand of corporate<br />
risk mitigation<br />
A ‘Cut’ Above The Rest?<br />
Did you know that a figure of circa 1.2<br />
million represents the yearly death toll on<br />
road networks around the world? That<br />
figure doesn’t even include the further 50<br />
million or so individuals who are injured in<br />
traffic collisions. What’s more, the former<br />
statistic is one that’s expected to rise to 1.4<br />
million deaths per annum by the year 2030.<br />
In addition to the grief and suffering they<br />
cause, road traffic accidents constitute an<br />
important public health and development<br />
problem given the significant health and<br />
socioeconomic costs realised. Considerable<br />
economic losses are not only incurred by the<br />
victims and their families, of course, but also by<br />
organisations and, indeed, nations as a whole.<br />
Crashes on the roads actually cost most<br />
countries between 1% and 3% of their gross<br />
national product.<br />
As well as ensuring that members of staff,<br />
guests and clients are protected in the event of<br />
an emergency scenario, the added skills that<br />
can be delivered by specialist training in this<br />
area could also contribute towards the local<br />
emergency response arrangements in remote<br />
locations and assist in building positive local<br />
relationships in surrounding communities.<br />
For many years, it was only possible to have<br />
a sufficient rescue capability if you had a large<br />
hydraulic generator, hydraulic hoses and large<br />
heavy rescue tools to hand. This meant that it<br />
wasn’t realistically possible to provide a<br />
portable rescue provision in relation to traffic<br />
accidents. However, advancements in hydraulic<br />
tool design coupled with developments in<br />
battery technology now mean that it’s possible<br />
to produce tools capable of in excess of 50<br />
tonnes of cutting and spreading forces that can<br />
be combined into smaller and lighter tools<br />
without the need for generators or hoses.<br />
State-of-the-art capability<br />
As a direct result, it’s now possible to have a<br />
state-of-the-art rescue capability in your own<br />
vehicle which will allow you to enact an<br />
immediate rescue intervention on the scene of<br />
any accident or incident.<br />
There’s now a wide range of small, yet<br />
powerful rescue tools which will permit rescue<br />
operations and greatly increase survivability<br />
rates by allowing the rapid extraction of injured<br />
casualties whatever the location. These tools<br />
and associated training will be particularly<br />
useful to security and close protection teams,<br />
corporate risk management, military units and<br />
Special Forces, counter-terrorism teams,<br />
emergency responders and those tasked with<br />
transporting goods in remote locations.<br />
However, it’s vitally important that these<br />
tools are used in the correct manner and that<br />
personnel are familiar with the wide multitude<br />
of techniques employed during rescue<br />
operations. Any failure here could result in<br />
damage to those tools used or, even worse,<br />
injury to the users themselves.<br />
Many corporations around the world operate<br />
in remote environments and in countries with<br />
poor road infrastructures. Due to location, it’s<br />
often necessary to travel long distances on<br />
dangerous roads made so by the driving<br />
standards of other road users, adverse weather<br />
conditions and poorly maintained roadways.<br />
As part of their corporate risk assessment<br />
procedures, companies often overlook the fact<br />
that one of the biggest risks posed to<br />
personnel and any visiting guests is the journey<br />
from point of arrival to the final destination or<br />
those journeys undertaken while visiting<br />
specific sites around a given country.<br />
Basic rescue interventions<br />
In the event of a vehicle incident, in many areas<br />
of the world it’s highly unlikely that there will<br />
be any type of rescue services in close<br />
proximity and occupiers of vehicles could be<br />
trapped and injured for extremely long periods<br />
of time before any assistance arrives (if at all).<br />
Therefore, it’s vitally important to have an onboard<br />
capability to carry out basic rescue<br />
interventions and provide life-saving<br />
48<br />
www.risk-uk.com
Training and Career Development<br />
emergency medical equipment. Rescue options<br />
can range from having a single battery-powered<br />
hydraulic combination tool in the rear of your<br />
vehicle to having a fully-equipped support<br />
vehicle attached to your convoy.<br />
More important, however, is the necessity<br />
for having personnel who are both medically<br />
and technically trained in the event of an<br />
emergency and who are capable of rescuing<br />
and maintaining life until specialist support<br />
arrives at the scene.<br />
For many years, colleagues of ours in the<br />
close protection sector and the military have<br />
told us that what’s really needed while<br />
transporting their clients and personnel is the<br />
ability to carry out an emergency rescue<br />
immediately following a vehicle incident,<br />
whether that incident is accidental or a<br />
deliberate attack on their vehicles. Those<br />
vehicles may even be armoured, in turn<br />
presenting even further rescue difficulties.<br />
While in the UK we’re fortunate enough to<br />
have some of the best Emergency Services and<br />
rescue specialists in the world, that isn’t always<br />
the case overseas. If you’re lucky enough to<br />
gain access to a local service, it’s likely not to<br />
be carrying equipment capable of transacting a<br />
rescue from a modern vehicle boasting modern<br />
construction techniques.<br />
All of these factors greatly reduce the<br />
chances of survival following a vehicle incident,<br />
and especially so when time is of the essence.<br />
After all, you cannot effectively treat a casualty<br />
unless you can extract them from the vehicle.<br />
Combined approach<br />
Security and close protection teams are also<br />
responsible for ensuring the safety of their<br />
clients and, as a result, should be prepared for<br />
all eventualities. Clients of protection teams<br />
will be reassured that those teams carry rescue<br />
tools and are trained to use them during an<br />
emergency scenario, which also provides a<br />
further reason as to why their services should<br />
be employed to protect their clients.<br />
The way to view rescue provision is to<br />
consider the assertion that it has an equal<br />
weighting in relation to the problem. This<br />
means that, ideally, the methodology is 50%<br />
technical/physical rescue and 50% medical<br />
rescue. These two ideally work in harmony<br />
alongside each other to simply save life in the<br />
context of a vehicle accident.<br />
Of course, additional dynamics like the<br />
severity of the incident, geographical location<br />
and the time of day are all factors that can<br />
affect the situation. It must be borne in mind,<br />
though, that even with the odds stacked<br />
against you, having a technical rescue<br />
“As part of their corporate risk assessment procedures,<br />
companies often overlook the fact that one of the biggest<br />
risks posed to personnel and any visiting guests is the<br />
journey from point of arrival to the final destination”<br />
capability and a medical capability to hand is<br />
never to be underestimated. There are many<br />
examples of where this technical/medical<br />
capability hasn’t existed and lives have been<br />
lost. We cannot undo what is already done, but<br />
we can adapt, prepare for and be ready to react<br />
and respond better to similar incidents next<br />
time around. Why wait for tragedy to strike if<br />
you can play a part in reducing it?<br />
Consider your team travelling in a vehicle in a<br />
location that’s remote or has limited local<br />
rescue capability compared to the UK. A vehicle<br />
accident occurs. Consider then if, within that<br />
team or a following vehicle, there’s the<br />
capability to proactively react and carry out<br />
effective rescue operations and medical<br />
interventions. You can literally have UKstandard<br />
Fire and Rescue Service capability in<br />
the boot of a vehicle, but what’s really key here<br />
is the ability to use it to its full potency.<br />
Medical aspects are vital<br />
The approach adopted may be titrated and<br />
multifaceted to accommodate wide-ranging<br />
needs. Certainly, the medical aspects are vital.<br />
Consider travel in those areas or locations<br />
where medical response is poor, non-existent,<br />
ill-equipped or just too far away from where an<br />
incident has occurred. The option of dialling the<br />
Emergency Services and knowing that a<br />
response will attend the scene simply isn’t<br />
there in many places around the globe.<br />
The solution is to be self-sufficient, skilled,<br />
equipped and able to help yourselves and/or<br />
your team/colleagues. The medical<br />
methodology adopted should ideally be borne<br />
out of military experience, humanitarian<br />
experience, professional rescue experience and<br />
exposure gained from operational functionality<br />
over a prolonged period. It’s a methodology<br />
that works, achieves results and can literally<br />
mean the difference between life and death.<br />
Approaches to trauma and injury should be<br />
evidence-based, proven and honed from<br />
experiences gained in extreme situations.<br />
These approaches ought to be taught in an<br />
assertive and disciplined sense to deal with<br />
problems in order of severity, and are often<br />
underpinned by lessons learned in those<br />
extreme environments. If a given approach<br />
works in such environments, often hours away<br />
from definitive care, then it can work anywhere.<br />
Weber Rescue Systems UK’s<br />
E-Force battery-powered<br />
hydraulic rescue tools<br />
Neil Pedersen:<br />
Founder and Business Director<br />
of the International Road<br />
Rescue and Trauma<br />
Consultancy (IRRTC)<br />
49<br />
www.risk-uk.com
Risk in Action<br />
Risk in Action<br />
The Flood Company<br />
installs heavy duty<br />
flood mitigation<br />
solution for retailing<br />
giant Sainsbury’s<br />
The Flood Company has<br />
recently completed the<br />
installation of a heavy duty<br />
flood mitigation solution for<br />
nationwide supermarket<br />
giant Sainsbury’s at its store<br />
in Carlisle.<br />
The Flood Company was tasked with surveying the site, designing an<br />
aesthetically pleasing solution and installing flood prevention measures after<br />
the store was forced to close for several weeks as a direct result of flooding<br />
following the advent of Storm Desmond in 2015.<br />
The supermarket chain was left with a multi-million pound insurance claim<br />
following the disaster, which also saw its insurers threaten to increase the<br />
firm’s premium or even withdraw flood cover altogether should preventative<br />
measures not be implemented to protect from future flooding episodes.<br />
To provide a solution that matched the current appearance of Sainsbury’s<br />
supermarkets, The Flood Company innovated a Buffalo panel system. This has<br />
been retrofitted to the building and creates an exterior flood-proof seal.<br />
The Flood Company has installed Buffalo glass, which is an aesthetically<br />
pleasing barrier used in public areas, as well as a Buffalo HD barrier system<br />
around doors and loading bays.<br />
In addition to these three types of barriers, The Flood Company has also<br />
installed secondary pumps and control systems to control the flow of water and<br />
create a secondary line of defence for the store. The design underpins a system<br />
which is 95% passive. This means that only doors and loading bays require<br />
manual operation for the system to be implemented. The process may be<br />
completed in under an hour by four members of staff.<br />
The complete system minimises downtime for the store in the event of a<br />
flooding episode and has satisfied the insurer to re-insure the site.<br />
Warefence uses Hadley Group’s<br />
UltraFENCE palisade-style security<br />
solution to protect top car marques<br />
Founded back in 1981 and based in Oxfordshire,<br />
Warefence has established an enviable<br />
reputation for the supply and installation of<br />
security and access control fencing solutions<br />
leading to a strong working relationship with<br />
Hadley Group for the use of the manufacturer’s<br />
UltraFENCE palisade system as well as other<br />
products. This includes recent work at a<br />
prestigious new car showroom in Newbury.<br />
Warefence has chosen to once again make<br />
use of the proven UltraFENCE security solution<br />
in its contract at the Marshall Jaguar Land Rover<br />
dealership on the Greenham Business Park in<br />
Newbury having used it very successfully on<br />
other similar projects in the past.<br />
Hadley Group’s UltraFENCE exceeds the<br />
requirements of BS 1722 Part 12: 2006 while<br />
aiding the construction of boundaries which are<br />
both attractive and fully-functional as an<br />
effective deterrent to unauthorised entry. In this<br />
instance, some 50 metres of the 2.4-metre high<br />
UltraFENCE 200 option is employed to secure<br />
rear access to the vehicle yard, with another<br />
short stretch being erected at the front.<br />
UltraFENCE is quick to install. The system<br />
makes use of well-engineered and highly<br />
durable components including UltraRail,<br />
UltraPOST and UltraPALE.<br />
Videx completes bespoke door<br />
entry system installation at<br />
Connaught House<br />
Working in partnership with Enterprise<br />
Security Technologies, Videx has successfully<br />
installed a complex door entry management<br />
system at Connaught House, which provides<br />
private residential housing and commercial<br />
office space right in the heart of London.<br />
The key access control requirement was to<br />
provide a secure and easy-to-use system with<br />
24-hour video door entry for visitors, affording<br />
a clear image of the person(s) arriving.<br />
Talking about the installation, Ben Davies<br />
(South East sales manager at Videx)<br />
explained: “Most residents at Connaught<br />
House are internationally-based, some of<br />
them as far away as Saudi Arabia and India.<br />
They use their apartment as a London base,<br />
but mainly live elsewhere. Providing secure<br />
and convenient access control on site was a<br />
top priority for this project.”<br />
Davies continued: “A key aspect of the<br />
project was to install a system that’s<br />
specifically designed to meet the client’s<br />
needs. A bespoke panel was created such that<br />
the old panel could be replaced using existing<br />
cables without any unnecessary expense or<br />
time spent on making alternations to the<br />
surrounding brickwork or repairing damage<br />
realised by a completely new installation.”<br />
Enterprise Security Technologies<br />
recommended and installed Videx’s flagship<br />
VX2200 digital door entry system to ensure<br />
the security of the building as a whole.<br />
50<br />
www.risk-uk.com
Technology in Focus<br />
Technology in Focus<br />
Checkpoint Systems’ NEO heralds dawn of “EAS revolution”<br />
for retail sector specialists<br />
Checkpoint Systems, the supplier of<br />
source-to-shopper solutions for the<br />
global retail industry, has<br />
announced a “radical shake-up” of<br />
its range of electronic article<br />
surveillance (EAS) antennas with the<br />
introduction of a “revolutionary”<br />
new electronics platform. NEO will deliver enhanced detection and connectivity<br />
for retailers, in turn enabling them to improve store operations.<br />
The powerful new electronics are said to represent “a seismic shift” in the<br />
way radio frequency (RF)-based EAS solutions perform in store and enable the<br />
sensors to become a key part of the connected store environment.<br />
Available immediately, NEO debuts in a range of new and more aesthetically<br />
pleasing antenna designs, subsequently aiding those retailers who are looking<br />
to create a more enticing shop entrance.<br />
A ‘first’ for the retail industry, NEO-enabled antennas feature wireless<br />
Bluetooth connectivity. This means that stores will no longer have to connect<br />
antennas via underfloor cabling, which is both costly and time-consuming.<br />
www.checkpointsystems.com<br />
SoloProtect Go badged as<br />
“smallest and lightest” lone<br />
worker safety device<br />
International lone worker safety<br />
company SoloProtect is announcing<br />
several new developments within its<br />
product range for 2018, starting with the<br />
addition of SoloProtect Go. This is a fobstyle<br />
device supplied as part of the<br />
company’s range of solutions and<br />
accredited to BS 8484:2016.<br />
SoloProtect is primarily known for delivering solutions around its identity<br />
card device form-factor, Identicom and the SoloProtect ID, of which a combined<br />
260,000 devices have been supplied to lone workers directly and through a<br />
network of authorised partners. With SoloProtect Go, the company is<br />
diversifying its offer to cater for a wider set of customer requirements and<br />
afford SoloProtect solutions an even greater appeal.<br />
SoloProtect Go is a compact and easy-to-use, dedicated lone worker device<br />
affording discreet and simple operation. It’s also “the world’s lightest and<br />
smallest” dedicated lone worker device available to organisations<br />
implementing BS 8484-approved staff protection measures.<br />
The solution is supplied with all of the usual functionality expected of<br />
SoloProtect’s specialist lone worker devices including the ‘Device Check’,<br />
‘Amber Alert’ and ‘Red Alert’ functions as standard. The device is also water<br />
resistant to an IPX6 rating and configurable for those lone workers with a risk<br />
of incapacitation.<br />
SoloProtect Go is enabled with haptic (ie touch) feedback to discreetly make<br />
a given device user aware that their situation is being monitored and reassure<br />
them that appropriate action is being taken on their behalf.<br />
SoloProtect Go is supported by the company’s in-house, EN 50518-accredited<br />
Alarm Receiving Centre (ARC). This is a 24/7/365 resource and the only<br />
dedicated lone worker ARC in the UK to meet this European-level standard.<br />
www.soloprotect.com<br />
AMG brings benefits of enterpriselevel<br />
10 GB Ethernet networks to<br />
businesses of all sizes<br />
Pressures on business data networks are<br />
intensifying at an unprecedented rate as<br />
more and more devices rely on constant<br />
connectivity and speed which is bandwidth<br />
intensive. Standard 1 GB Ethernet networks<br />
may no longer meet the needs of even<br />
medium-sized businesses, but according to<br />
networking and transmission specialist AMG<br />
Systems there’s now an available solution.<br />
AMG’s Commercial Layer 2+ 10 GB<br />
managed Ethernet switch series brings the<br />
business benefits of high performance and<br />
low latency 10 GB Ethernet to businesses of<br />
all sizes. These switches are purposedesigned<br />
for both medium and large network<br />
environments and specifically aim to<br />
strengthen network connectivity.<br />
The products in AMG’s managed Ethernet<br />
switch range boast 8, 24 or 48 GB ports,<br />
with or without Power over Ethernet support,<br />
and 1/10 GB SFP+ uplink ports.<br />
www.amgsystems.com<br />
OPTEX integration to Genetec<br />
Security Center “heralds new era”<br />
for critical infrastructure security<br />
Laser scanning technology from OPTEX can now<br />
be integrated with Genetec’s Restricted Security<br />
Area (RSA) surveillance module to deliver “a<br />
new era” in security and detection for outdoor<br />
and indoor environments at airports and other<br />
critical infrastructure sites.<br />
Via the RSA module, OPTEX’s REDSCAN laser<br />
sensors can now send real-time events and<br />
alarm data to Genetec’s unified security<br />
platform, alerting Control Room operators to<br />
any intrusion in the surveillance area.<br />
Intrusions can be tracked on site maps.<br />
www.optex-europe.com<br />
51<br />
www.risk-uk.com
“<br />
You have to be here if you want<br />
to be regarded as a key player<br />
in the security market.<br />
“<br />
27,658<br />
visitors from<br />
116 countries<br />
79%<br />
of visitors come to<br />
source new products<br />
£20.7bn<br />
total budget of<br />
visitors to IFSEC 2017<br />
Enquire about exhibiting at IFSEC 2018: ifsec.events/international<br />
Proud to be supported by:
Appointments<br />
Andy Neal<br />
Cardinus Risk Management<br />
has acquired the talent and<br />
expertise of Protaris<br />
founder and expert Andy<br />
Neal to head up the<br />
company’s all-new Security<br />
Division. This move actively<br />
expands Cardinus’ solutions<br />
to cover the risks presented<br />
to its clients’ assets and workforces from the<br />
increasing work-related threats posed by lone<br />
wolf terrorism, safe travel (both national and<br />
international) and lone working.<br />
Neal’s existing on-site courses in travel<br />
safety, conflict management, hostile<br />
environments and responding to the threats of<br />
lone wolf terrorism will be enhanced by adding<br />
specialist e-Learning courses to Cardinus’ suite<br />
of Health and Safety, environmental and<br />
compliance courses. Neal is also an expert in<br />
behavioural safety, profiling and strategic asset<br />
protection having previously worked for major<br />
international organisations.<br />
Neal is also an expert in personal security<br />
and, to date, has advised Governments, royal<br />
families, major companies and high-profile<br />
celebrities in a career spanning 22 years. His<br />
military background coupled with a deep<br />
understanding of the commercial world is<br />
unique and provides the framework for a strong<br />
and well-established set of services that will be<br />
enhanced by Cardinus’ scope and global reach.<br />
Speaking about this move, Neal informed<br />
Risk UK: “I’m absolutely delighted to be joining<br />
Cardinus Risk Management. The business has a<br />
world class client list. At the present time, it’s<br />
clear that security and personal safety is a key<br />
risk for organisations and I very much look<br />
forward to working with the team here to help<br />
our clients manage this increasing risk.”<br />
Alan Nathan<br />
Axis Security has appointed Alan Nathan to<br />
the newly-created national position of<br />
business continuity and risk manager. Nathan<br />
has more than ten years of commercial<br />
security experience, primarily focusing on<br />
national and international client account<br />
management, and most recently completed a<br />
contract in Kazakhstan designing and<br />
managing security operations within the oil<br />
and gas industry.<br />
“Axis Security is dedicated to providing<br />
clients with support and solutions for their<br />
specific operational needs,” explained Nathan.<br />
“I’ve already begun to engage with both<br />
existing and potential clients in order to<br />
Appointments<br />
Risk UK keeps you up-to-date with all the latest people<br />
moves in the security, fire, IT and Government sectors<br />
Derek McGee<br />
Fusion Risk Management, the specialist<br />
provider of business continuity risk<br />
management software and services, has added<br />
two senior sales executives to its UK team.<br />
Derek McGee and Laura Sloan have joined the<br />
business as the company moves to expand its<br />
European operations in order to meet rapidly<br />
growing demand for the firm’s solutions.<br />
McGee brings 20 years of experience of<br />
providing solutions in the technology and<br />
software sector having served enterprise<br />
organisations in the UK and around the globe.<br />
As a senior sales and business development<br />
executive, McGee excels at understanding<br />
customers’ unique business requirements and<br />
brings a clear focus on providing flexible<br />
solutions to ensure success.<br />
McGee informed Risk UK: “Fusion Risk<br />
Management’s top position in the market for<br />
enterprise business continuity risk management<br />
software is affirmed by the company’s<br />
outstanding roster of globally-recognised<br />
clients, its leadership position in the Gartner<br />
Magic Quadrant Report, ongoing industry<br />
awards and also Fusion’s significant investment<br />
in Europe to meet growing demand. This is an<br />
exciting time to be joining the organisation.”<br />
Sloan also joins Fusion with more than 20<br />
years of experience gained in serving enterprise<br />
customers across a wide range of industries,<br />
and with a keen focus on client requirements for<br />
next generation business continuity solutions.<br />
develop our risk management and business<br />
continuity credentials.”<br />
Reporting to operations director John<br />
Fitzpatrick, Nathan’s immediate task is to<br />
review and develop Axis Security’s emergency<br />
notification and incident management<br />
capability for both the company’s staff safety<br />
assurance and clients’ own emergency<br />
notification and management procedures.<br />
David Mundell, managing director of Axis<br />
Security, explained to Risk UK: “Alan joins Axis<br />
Security in this new and important role with a<br />
wealth of experience in the industry, having<br />
designed and managed numerous large-scale<br />
security operations over the years. His<br />
appointment will further enhance the<br />
company’s support capability to its clients.”<br />
53<br />
www.risk-uk.com
Appointments<br />
Gary Frith<br />
Security product and service provider Webeye has just<br />
announced the appointment of Gary Frith as business<br />
development director. Frith brings with him 30 years of<br />
sales and business development experience and has a<br />
wealth of knowledge within the security industry.<br />
Before joining Webeye, Frith was the UK and Ireland<br />
commercial agent for RSI Video Technologies, the French<br />
manufacturer of battery-operated visual verification<br />
security products, growing it from a start-up position to<br />
become the major supplier of easily-deployable video alarms.<br />
Frith’s early career was spent in Germany working for REHAU AG and Co and<br />
Alexander Proudfoot plc, where his talents were quickly recognised. Frith<br />
oversaw a 30% productivity improvement after implementing an action plan<br />
involving new working methods and systems.<br />
On returning to the UK, Frith worked in consultancy roles for several<br />
companies including Ramtech Electronics, where he set up a CCTV business<br />
within the organisation specialising in IP network video.<br />
“Gary is joining Webeye at a very exciting time,” stated managing director<br />
Clive Mason in conversation with Risk UK. “We feel Gary will be the ideal fit to<br />
build on the already phenomenal global growth of Webeye.”<br />
Stephen James<br />
BAFE, the independent<br />
register of quality fire<br />
safety service providers,<br />
has appointed Stephen<br />
James as compliance<br />
manager. This new role<br />
has been introduced to<br />
acknowledge the<br />
substantial growth in<br />
BAFE-registered company numbers in recent<br />
years and also the responsibility the<br />
organisation shares with its certification bodies<br />
to ensure registered businesses remain<br />
compliant with the BAFE schemes.<br />
James brings a wealth of knowledge and<br />
experience having been part of the fire industry<br />
for over 35 years. He began his career covering<br />
the refilling, refurbishing and testing of<br />
portable fire extinguishers, while also working<br />
on hose reels, dry risers and fire hydrants.<br />
James developed into an extinguisher<br />
engineer and, later, a service manager<br />
responsible for quality procedures including<br />
ISO 9001 and third party certification.<br />
Stephen Adams, BAFE’s CEO, told Risk UK:<br />
“With an ever-growing demand for competent<br />
providers of fire protection works, it’s vital that<br />
we continue to ensure the BAFE marque of<br />
approval is used by competent and compliant<br />
organisations. Stephen will be a great addition<br />
to the organisation, duly assisting the BAFE<br />
scheme management, our partner certification<br />
bodies and registered companies in reviewing<br />
and acting upon any instances of nonconformities,<br />
while also helping to police the<br />
BAFE brand at all times.”<br />
Simon Shawley<br />
Wavestore, the British<br />
developer of open<br />
platform and highly<br />
secure Linux-based Video<br />
Management Software<br />
(VMS), has appointed<br />
Simon Shawley as its<br />
new sales director to<br />
oversee the company’s<br />
sales strategy and drive significant growth<br />
across the EMEA region.<br />
Shawley boasts over 25 years’ experience in<br />
the electronic security market having previously<br />
held senior sales and business development<br />
positions for major companies including<br />
Hanwha Techwin and DVTel.<br />
“It’s great to join the Wavestore team at such<br />
an exciting juncture,” enthused Shawley.<br />
“Organisations are increasingly using VMS to<br />
maximise their investment in electronic<br />
security. Wavestore’s ability to bring together<br />
third party devices and sub-systems such as<br />
cameras, intruder detection, access control and<br />
video analytics from the world’s leading brands<br />
on a common, future-proof and easy-to-operate<br />
platform delivers for clients in terms of both<br />
technology and total cost of ownership.”<br />
James Keith<br />
Safety and security<br />
solutions provider<br />
Allegion has appointed<br />
James Keith as end user<br />
solution strategy<br />
manager for its UK<br />
business to strengthen<br />
the company’s profile<br />
among customers.<br />
Keith joins Allegion following 13 years in<br />
product, brand and category management<br />
roles across the automative, Health and<br />
Safety and home improvement industries.<br />
His previous roles have seen him engage in<br />
project-led work, managing full portfolios<br />
and implementing key product roadmaps.<br />
Keith’s role at Allegion will involve direct<br />
engagement and involvement with end users<br />
and the challenges they face, bringing<br />
complete solution packages to full fruition.<br />
Specifically, he’ll deliver differentiated<br />
offerings to targeted vertical markets.<br />
Marc Lengahan, commercial director of<br />
Allegion UK and Ireland, said: “We’re thrilled<br />
to welcome Keith as part of the end user<br />
business development team. He will play an<br />
integral role in making Allegion a trusted<br />
advisor in the marketplace, in part by<br />
providing industry thought leadership.”<br />
54<br />
www.risk-uk.com
Vista adds new features and<br />
more functions to Viper<br />
Vista launched the Viper Family in 2017 and is continually working on developing the range in<br />
line with customer requirements and feedback to ensure that the perfect solution can be offered.<br />
The overall purpose of the Viper Family is to provide a multi-format recording platform, allowing end users to<br />
pull together Viper High Definition analogue DVRs and Viper IP NVRs into a single, seamless system. The Viper Virtual Matrix Controller provides<br />
complete control of the system through the uniform and intuitive central management software. The flexible range gives users the opportunity to<br />
upgrade their systems at their own pace, with Vista providing high quality service throughout.<br />
The latest addition to the range is Viper-Remote, the app that allows operators to be in constant contact with their security system. The app<br />
provides alarm notifications straight to the user’s device, the ability to view live and recorded images remotely, various display options and an<br />
intuitive navigation system. The wide-ranging search options also ensure that time is saved when reviewing footage and important events can be<br />
found with ease. The app also allows for the management of devices in the system providing the opportunity to add and remove devices whenever<br />
necessary from any remote location.<br />
Vista has also been working to enhance the functionality of the H5 range of NVRs. The latest development is the de-warping function that allows<br />
360-degree cameras to be viewed in a more user-friendly, 180 degree view. This helps to improve user experience by making reviewing images as<br />
simple as possible. In response to ‘Voice of Customer’ feedback and suggestions, Vista has also been working on making the range compatible<br />
with Immix. This is another hugely beneficial function which is on its way.<br />
Bob Forehand, Vista’s technical manager, comments: “The Viper Family is an incredibly flexible range that allows end users to ‘mix-and-match’<br />
Viper units, combining both IP and analogue systems. The flexibility of the range means that the solution can be developed over time, saving on<br />
upfront costs and accounting for the requirements of growing or developing systems.<br />
The addition of Viper Remote, Viper<br />
Central and the upcoming introduction<br />
of Immix make the already<br />
differentiated and<br />
comprehensive offering<br />
even more inviting.”<br />
For more information visit www.vista-cctv.com, contact us via<br />
e-mail at info@vista-cctv.com or telephone 0118-912 500
Best Value Security Products from Insight Security<br />
www.insight-security.com Tel: +44 (0)1273 475500<br />
...and<br />
lots<br />
more<br />
Computer<br />
Security<br />
Anti-Climb Paints<br />
& Barriers<br />
Metal Detectors<br />
(inc. Walkthru)<br />
Security, Search<br />
& Safety Mirrors<br />
Security Screws &<br />
Fastenings<br />
Padlocks, Hasps<br />
& Security Chains<br />
Key Safes & Key<br />
Control Products<br />
Traffic Flow &<br />
Management<br />
see our<br />
website<br />
ACCESS CONTROL<br />
KERI SYSTEMS UK LTD<br />
Tel: + 44 (0) 1763 273 243<br />
Fax: + 44 (0) 1763 274 106<br />
Email: sales@kerisystems.co.uk<br />
www.kerisystems.co.uk<br />
ACCESS CONTROL<br />
ACCESS CONTROL<br />
ACT<br />
ACT – Ireland, Unit C1, South City Business Park,<br />
Tallaght, Dublin, D24 PN28.Ireland. Tel: +353 1 960 1100<br />
ACT - United Kingdom, 601 Birchwood One, Dewhurst Road,<br />
Warrington, WA3 7GB. Tel: +44 161 236 9488<br />
sales@act.eu www.act.eu<br />
ACCESS CONTROL<br />
COVA SECURITY GATES LTD<br />
Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards<br />
Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68<br />
Tel: 01293 553888 Fax: 01293 611007<br />
Email: sales@covasecuritygates.com<br />
Web: www.covasecuritygates.com<br />
ACCESS CONTROL & DOOR HARDWARE<br />
ALPRO ARCHITECTURAL HARDWARE<br />
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,<br />
Waterproof Keypads, Door Closers, Deadlocks plus many more<br />
T: 01202 676262 Fax: 01202 680101<br />
E: info@alpro.co.uk<br />
Web: www.alpro.co.uk<br />
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES<br />
HTC PARKING AND SECURITY LIMITED<br />
St. James’ Bus. Centre, Wilderspool Causeway,<br />
Warrington Cheshire WA4 6PS<br />
Tel 01925 552740 M: 07969 650 394<br />
info@htcparkingandsecurity.co.uk<br />
www.htcparkingandsecurity.co.uk<br />
ACCESS CONTROL<br />
INTEGRATED DESIGN LIMITED<br />
Integrated Design Limited, Feltham Point,<br />
Air Park Way, Feltham, Middlesex. TW13 7EQ<br />
Tel: +44 (0) 208 890 5550<br />
sales@idl.co.uk<br />
www.fastlane-turnstiles.com<br />
ACCESS CONTROL<br />
SECURE ACCESS TECHNOLOGY LIMITED<br />
Authorised Dealer<br />
Tel: 0845 1 300 855 Fax: 0845 1 300 866<br />
Email: info@secure-access.co.uk<br />
Website: www.secure-access.co.uk<br />
ACCESS CONTROL MANUFACTURER<br />
NORTECH CONTROL SYSTEMS LTD.<br />
Nortech House, William Brown Close<br />
Llantarnam Park, Cwmbran NP44 3AB<br />
Tel: 01633 485533<br />
Email: sales@nortechcontrol.com<br />
www.nortechcontrol.com<br />
Custom Designed Equipment<br />
• Indicator Panels<br />
• Complex Door Interlocking<br />
• Sequence Control<br />
• Door Status Systems<br />
• Panic Alarms<br />
<br />
• Bespoke Products<br />
www.hoyles.com<br />
sales@hoyles.com<br />
Tel: +44 (0)1744 886600<br />
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES<br />
UKB INTERNATIONAL LTD<br />
Planet Place, Newcastle upon Tyne<br />
Tyne and Wear NE12 6RD<br />
Tel: 0845 643 2122<br />
Email: sales@ukbinternational.com<br />
Web: www.ukbinternational.com<br />
Hoyles are the UK’s leading supplier of<br />
custom designed equipment for the<br />
security and access control industry.<br />
From simple indicator panels to<br />
complex door interlock systems.<br />
BUSINESS CONTINUITY<br />
TO ADVERTISE HERE CONTACT:<br />
Paul Amura<br />
Tel: 020 8295 8307<br />
Email: paul.amura@proactivpubs.co.uk<br />
BUSINESS CONTINUITY MANAGEMENT<br />
CONTINUITY FORUM<br />
Creating Continuity ....... Building Resilience<br />
A not-for-profit organisation providing help and support<br />
Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845<br />
Email: membership@continuityforum.org<br />
Web: www.continuityforum.org<br />
www.insight-security.com Tel: +44 (0)1273 475500
CCTV<br />
CCTV<br />
Rapid Deployment Digital IP High Resolution CCTV<br />
40 hour battery, Solar, Wind Turbine and Thermal Imaging<br />
Wired or wireless communication fixed IP<br />
CE Certified<br />
Modicam Europe, 5 Station Road, Shepreth,<br />
Cambridgeshire SG8 6PZ<br />
www.modicam.com sales@modicameurope.com<br />
CCTV SPECIALISTS<br />
PLETTAC SECURITY LTD<br />
Unit 39 Sir Frank Whittle Business Centre,<br />
Great Central Way, Rugby, Warwickshire CV21 3XH<br />
Tel: 01788 567811 Fax: 01788 544 549<br />
Email: jackie@plettac.co.uk<br />
www.plettac.co.uk<br />
CONTROL ROOM & MONITORING SERVICES<br />
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS<br />
ALTRON COMMUNICATIONS EQUIPMENT LTD<br />
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ<br />
Tel: +44 (0) 1269 831431<br />
Email: cctvsales@altron.co.uk<br />
Web: www.altron.co.uk<br />
ADVANCED MONITORING SERVICES<br />
EUROTECH MONITORING SERVICES LTD.<br />
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring<br />
• Vehicle Tracking • Message Handling<br />
• Help Desk Facilities • Keyholding/Alarm Response<br />
Tel: 0208 889 0475 Fax: 0208 889 6679<br />
E-MAIL eurotech@eurotechmonitoring.net<br />
Web: www.eurotechmonitoring.net<br />
CCTV<br />
G-TEC DISTRIBUTION<br />
Gtec House, 35-37 Whitton Dene<br />
Hounslow, Middlesex TW3 2JN<br />
Tel: 0208 898 9500<br />
www.gtecsecurity.co.uk<br />
sales@gtecsecurity.co.uk<br />
DISTRIBUTORS<br />
SPECIALISTS IN HD CCTV<br />
MaxxOne<br />
Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP<br />
Tel +44 (0)161 430 3849<br />
www.maxxone.com<br />
sales@onlinesecurityproducts.co.uk<br />
www.onlinesecurityproducts.co.uk<br />
CCTV & IP SECURITY SOLUTIONS<br />
PANASONIC SYSTEM COMMUNICATIONS COMPANY<br />
EUROPE<br />
Panasonic House, Willoughby Road<br />
Bracknell, Berkshire RG12 8FP UK<br />
Tel: 0207 0226530<br />
Email: info@business.panasonic.co.uk<br />
AWARD-WINNING, LEADING GLOBAL WHOLESALE<br />
DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.<br />
ADI GLOBAL DISTRIBUTION<br />
Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company<br />
also offers an internal technical support team, dedicated field support engineers along with a suite of<br />
training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified<br />
time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online<br />
account, installers can order up to 7pm for next day delivery.<br />
Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk<br />
COMMUNICATIONS & TRANSMISSION EQUIPMENT<br />
KBC NETWORKS LTD.<br />
Barham Court, Teston, Maidstone, Kent ME18 5BZ<br />
www.kbcnetworks.com<br />
Phone: 01622 618787<br />
Fax: 020 7100 8147<br />
Email: emeasales@kbcnetworks.com<br />
TO ADVERTISE HERE CONTACT:<br />
Paul Amura<br />
Tel: 020 8295 8307<br />
Email: paul.amura@proactivpubs.co.uk<br />
DIGITAL IP CCTV<br />
SESYS LTD<br />
High resolution ATEX certified cameras, rapid deployment<br />
cameras and fixed IP CCTV surveillance solutions available with<br />
wired or wireless communications.<br />
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG<br />
Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333<br />
Email: info@sesys.co.uk www.sesys.co.uk<br />
www.insight-security.com Tel: +44 (0)1273 475500
THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS<br />
CONTROL AND INTRUDER DETECTION SOLUTIONS<br />
NORBAIN SD LTD<br />
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP<br />
Tel: 0118 912 5000 Fax: 0118 912 5001<br />
www.norbain.com<br />
Email: info@norbain.com<br />
INTEGRATED SECURITY SOLUTIONS<br />
INNER RANGE EUROPE LTD<br />
Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,<br />
Reading, Berkshire RG74GB, United Kingdom<br />
Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001<br />
Email: ireurope@innerrange.co.uk<br />
www.innerrange.com<br />
UK LEADERS IN BIG BRAND CCTV DISTRIBUTION<br />
SATSECURE<br />
Hikivision & MaxxOne (logos) Authorised Dealer<br />
Unit A10 Pear Mill, Lower Bredbury,<br />
Stockport. SK6 2BP<br />
Tel +44 (0)161 430 3849<br />
www.satsecure.uk<br />
IDENTIFICATION<br />
PERIMETER PROTECTION<br />
ADVANCED PRESENCE DETECTION AND SECURITY LIGHTING SYSTEMS<br />
GJD MANUFACTURING LTD<br />
Unit 2 Birch Business Park, Whittle Lane, Heywood, OL10 2SX<br />
Tel: + 44 (0) 1706 363998<br />
Fax: + 44 (0) 1706 363991<br />
Email: info@gjd.co.uk<br />
www.gjd.co.uk<br />
PERIMETER PROTECTION<br />
GPS PERIMETER SYSTEMS LTD<br />
14 Low Farm Place, Moulton Park<br />
Northampton, NN3 6HY UK<br />
Tel: +44(0)1604 648344 Fax: +44(0)1604 646097<br />
E-mail: info@gpsperimeter.co.uk<br />
Web site: www.gpsperimeter.co.uk<br />
COMPLETE SOLUTIONS FOR IDENTIFICATION<br />
DATABAC GROUP LIMITED<br />
1 The Ashway Centre, Elm Crescent,<br />
Kingston upon Thames, Surrey KT2 6HH<br />
Tel: +44 (0)20 8546 9826<br />
Fax:+44 (0)20 8547 1026<br />
enquiries@databac.com<br />
POWER<br />
INDUSTRY ORGANISATIONS<br />
POWER SUPPLIES – DC SWITCH MODE AND AC<br />
DYCON LTD<br />
Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER<br />
Tel: 01443 471900 Fax: 01443 479 374<br />
Email: sales@dyconpower.com<br />
www.dyconpower.com<br />
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY<br />
BRITISH SECURITY INDUSTRY ASSOCIATION<br />
Tel: 0845 389 3889<br />
Email: info@bsia.co.uk<br />
Website: www.bsia.co.uk<br />
Twitter: @thebsia<br />
INTEGRATED SECURITY SOLUTIONS<br />
UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />
ADEPT POWER SOLUTIONS LTD<br />
Adept House, 65 South Way, Walworth Business Park<br />
Andover, Hants SP10 5AF<br />
Tel: 01264 351415 Fax: 01264 351217<br />
Web: www.adeptpower.co.uk<br />
E-mail: sales@adeptpower.co.uk<br />
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS<br />
HONEYWELL SECURITY AND FIRE<br />
Tel: +44 (0) 844 8000 235<br />
E-mail: securitysales@honeywell.com<br />
UPS - UNINTERRUPTIBLE POWER SUPPLIES<br />
UNINTERRUPTIBLE POWER SUPPLIES LTD<br />
Woodgate, Bartley Wood Business Park<br />
Hook, Hampshire RG27 9XA<br />
Tel: 01256 386700 5152 e-mail:<br />
sales@upspower.co.uk<br />
www.upspower.co.uk<br />
www.insight-security.com Tel: +44 (0)1273 475500
SECURITY<br />
ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS<br />
INSIGHT SECURITY<br />
Units 1 & 2 Cliffe Industrial Estate<br />
Lewes, East Sussex BN8 6JL<br />
Tel: 01273 475500<br />
Email:info@insight-security.com<br />
www.insight-security.com<br />
CASH & VALUABLES IN TRANSIT<br />
CONTRACT SECURITY SERVICES LTD<br />
Challenger House, 125 Gunnersbury Lane, London W3 8LH<br />
Tel: 020 8752 0160 Fax: 020 8992 9536<br />
E: info@contractsecurity.co.uk<br />
E: sales@contractsecurity.co.uk<br />
Web: www.contractsecurity.co.uk<br />
EXPERTS IN X-RAY SCANNING SECURITY EQUIPMENT SINCE 1950<br />
TODD RESEARCH<br />
1 Stirling Way, Papworth Business Park<br />
Papworth Everard, Cambridgeshire CB23 3GY<br />
United Kingdom<br />
Tel: 01480 832202<br />
Email: xray@toddresearch.co.uk<br />
FENCING SPECIALISTS<br />
J B CORRIE & CO LTD<br />
Frenchmans Road<br />
Petersfield, Hampshire GU32 3AP<br />
Tel: 01730 237100<br />
Fax: 01730 264915<br />
email: fencing@jbcorrie.co.uk<br />
INTRUSION DETECTION AND PERIMETER PROTECTION<br />
OPTEX (EUROPE) LTD<br />
Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre<br />
optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B<br />
Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ<br />
Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311<br />
Email: sales@optex-europe.com<br />
www.optex-europe.com<br />
ONLINE SECURITY SUPERMARKET<br />
EBUYELECTRICAL.COM<br />
Lincoln House,<br />
Malcolm Street<br />
Derby DE23 8LT<br />
Tel: 0871 208 1187<br />
www.ebuyelectrical.com<br />
LIFE SAFETY EQUIPMENT<br />
C-TEC<br />
Challenge Way, Martland Park,<br />
Wigan WN5 OLD United Kingdom<br />
Tel: +44 (0) 1942 322744<br />
Fax: +44 (0) 1942 829867<br />
Website: www.c-tec.com<br />
PERIMETER SECURITY<br />
TAKEX EUROPE LTD<br />
Aviary Court, Wade Road, Basingstoke<br />
Hampshire RG24 8PE<br />
Tel: +44 (0) 1256 475555<br />
Fax: +44 (0) 1256 466268<br />
Email: sales@takex.com<br />
Web: www.takex.com<br />
SECURITY EQUIPMENT<br />
PYRONIX LIMITED<br />
Secure House, Braithwell Way, Hellaby,<br />
Rotherham, South Yorkshire, S66 8QY.<br />
Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042<br />
www.facebook.com/Pyronix<br />
www.linkedin.com/company/pyronix www.twitter.com/pyronix<br />
SECURITY SYSTEMS<br />
BOSCH SECURITY SYSTEMS LTD<br />
PO Box 750, Uxbridge, Middlesex UB9 5ZJ<br />
Tel: 0330 1239979<br />
E-mail: uk.securitysystems@bosch.com<br />
Web: uk.boschsecurity.com<br />
INTRUDER AND FIRE PRODUCTS<br />
CQR SECURITY<br />
125 Pasture road, Moreton, Wirral UK CH46 4 TH<br />
Tel: 0151 606 1000<br />
Fax: 0151 606 1122<br />
Email: andyw@cqr.co.uk<br />
www.cqr.co.uk<br />
SECURITY EQUIPMENT<br />
CASTLE<br />
Secure House, Braithwell Way, Hellaby,<br />
Rotherham, South Yorkshire, S66 8QY<br />
TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042<br />
www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity<br />
www.twitter.com/castlesecurity<br />
QUALITY SECURITY AND SUPPORT SERVICES<br />
CONSTANT SECURITY SERVICES<br />
Cliff Street, Rotherham, South Yorkshire S64 9HU<br />
Tel: 0845 330 4400<br />
Email: contact@constant-services.com<br />
www.constant-services.com<br />
SECURITY PRODUCTS<br />
EATON<br />
Eaton is one of the world’s leading manufacturers of security equipment<br />
its Scantronic and Menvier product lines are suitable for all types of<br />
commercial and residential installations.<br />
Tel: 01594 545 400 Email: securitysales@eaton.com<br />
Web: www.uk.eaton.com Twitter: @securityTP<br />
SECURE CONNECTIVITY PROVIDERS<br />
CSL<br />
T: +44 (0)1895 474 474<br />
sales@csldual.com<br />
@CSLDualCom<br />
www.csldual.com<br />
SECURITY SYSTEMS<br />
VICON INDUSTRIES LTD.<br />
Brunel Way, Fareham<br />
Hampshire, PO15 5TX<br />
United Kingdom<br />
www.vicon.com<br />
www.insight-security.com Tel: +44 (0)1273 475500
NOTHING MISSED<br />
Independent left and right detection<br />
with BX Shield PIRs<br />
BX Shield<br />
Outdoor curtain PIRs<br />
up to 12m per side<br />
wired/wireless & anti masking<br />
The BX Shield sensors combine superior outdoor performance with<br />
a versatile, modern design. The result is a range of easy-to-install curtain<br />
sensors protecting the immediate boundary of your premises against intrusion.<br />
With two pyro-elements on the left, and two on the right, the motion sensors<br />
detect completely independently on each side and up to 12m to suit the needs<br />
of your property. Not affected by small animals or by environmental changes,<br />
it is a perfect trigger for outdoor CCTV cameras providing visual verification<br />
for residential or commercial applications.<br />
For more information visit www.optex-europe.com<br />
or contact us at +44(0) 1628 631 000<br />
INDOOR DETECTION | OUTDOOR DETECTION | TAILGATING DETECTION | PEOPLE COUNTING | ENTRANCE DETECTION