RiskUKApril2018

April 2018
www.risk-uk.com
Security and Fire Management
The Politics of Protection
UK-EU Security Co-operation in a Post-Brexit World
Risk Management: Adapting to Devolving Threats
Access Control: Integrated Business Systems for End Users
Continuity of Service: Developments in UPS Systems
Mobile Technology: BYOD Security Management Planning

April 2018
Contents
32 The Voice of Reason
Malcolm Crummey explains why it’s time to take audio solutions
every bit as seriously as the provision of CCTV surveillance
Training and Career Development (pp48-49)
5 Editorial Comment
6 News Update
National Crime Agency Annual Plan 2018-2019. National Security
Capability Review. New Counter-Terrorism Hub for London
8 News Analysis: UK-EU Security Co-operation
The latest Home Affairs Committee report warns of “serious
legal, constitutional and political obstacles” in the way of
achieving close policing and security co-operation post-Brexit
11 News Special: AML Regime Review
With the support of EY, the Lloyds Banking Group and Thomson
Reuters, RUSI is set to conduct a detailed review of the current
anti-money laundering regime. Risk UK delves into the detail
13 Opinion: Access Control and the Equality Act
John Davies examines the importance of effective access control
in making the lives of the less able-bodied that bit easier
16 Opinion: Mind Your Own Business
Daniel Hardy assesses the scale of violence in the workplace
specifically in the retail sector, the reasons behind its growth
and what needs to be done to keep employees safe
19 Adapting to Devolving Threats
Upticks in terrorism and violent crime have occurred in recent
times. Philip Strand and Christine Annerfalk look for a solution
34 Meet The Security Company
In association with the NSI, Risk UK continues its ‘Meet The
Security Company’ series by asking Westgrove Group’s brand
and development director Laurie Barton Wright some questions
37 The Security Institute’s View
Dr Chaditsa Poulatova and Hannah Saunders investigate how
well the Prevent duty is playing out in the education sector
40 In The Spotlight: ASIS International UK Chapter
Nerve Agents and Novichoks... Dan Kaszeta evaluates the impact
of the recent Salisbury attack on Sergei Skripal and his daughter
42 FIA Technical Briefing
The Fire Industry Manufacturers Expo is coming to Ashton Gate
Stadium in Bristol. Ian Moore previews what’s in store
44 Security Services: Best Practice Casebook
As Amanda McCloskey details, investment in security staff
confidence and motivation drivers reaps multiple benefits
46 Mobile Technology: Bring Your Own Device
Jocelyn Krystlik offers some thought-provoking views on Bring
Your Own Device security regimes for today’s organisations
48 Training and Career Development
Charlie Swanson on security training in the retail environment
50 Risk in Action
51 Technology in Focus
53 Appointments
22 Securing Critical Assets
Pip Courcoux discusses integrated access control and the
importance of planned protection regimes for physical assets
24 The Risk Management Journey
Steve Schlarman observes the specific stages involved in
building an integrated risk management programme
27 Fault Intolerance
Risk UK interviews Leo Craig about future developments in the
realm of Uninterruptible Power Supply systems
30 Time for Transformation
Danny Williams tracks the move away from traditional security
guarding towards the delivery of a new style of service
56 The Risk UK Directory
ISSN 1740-3480
Risk UK is published monthly by Pro-Activ Publications
Ltd and specifically aimed at security and risk
management, loss prevention, business continuity and
fire safety professionals operating within the UK’s largest
commercial organisations
© Pro-Activ Publications Ltd 2018
All rights reserved. No part of this publication may be
reproduced or transmitted in any form or by any means
electronic or mechanical (including photocopying, recording
or any information storage and retrieval system) without the
prior written permission of the publisher
The views expressed in Risk UK are not necessarily those of
the publisher
Risk UK is currently available for an annual subscription rate of
£78.00 (UK only)
www.risk-uk.com
Risk UK
PO Box 332
Dartford DA1 9FF
Editor Brian Sims BA (Hons) Hon FSyI
Tel: 0208 295 8304 Mob: 07500 606013
e-mail: brian.sims@risk-uk.com
Design and Production Matt Jarvis
Tel: 0208 295 8310 Fax: 0870 429 2015
e-mail: matt.jarvis@proactivpubs.co.uk
Advertisement Director Paul Amura
Tel: 0208 295 8307 Fax: 01322 292295
e-mail: paul.amura@proactivpubs.co.uk
Administration Tracey Beale
Tel: 0208 295 8306 Fax: 01322 292295
e-mail: tracey.beale@proactivpubs.co.uk
Managing Director Mark Quittenton
Chairman Larry O’Leary
Editorial: 0208 295 8304
Advertising: 0208 295 8307
3
www.risk-uk.com

Add more to your security system
Interact, control and integrate your Texecom security system like never before
www.texe.com
Sales: +44 (0)1706 212524

Editorial Comment
Violent Times
The British Retail Consortium’s (BRC) detailed annual Retail
Crime Survey for 2017 reveals a concerning spike in violence
against shop staff causing injury, with the number of
incidents occurring at twice the rate of the prior survey (which, in
point of fact, held the previous record).
BRC members report that career criminals intentionally use
violence and abuse when challenged over stealing. The
increasingly common requirement for retail colleagues to agecheck
and refuse sales is also triggering an uptick in violence
and threat episodes.
Overall, this year’s survey presents a mixed picture. There have
been noticeable improvements in some areas, such as fraud,
where the cost to retailers has fallen by nearly £30 million as a
result of their significant investment in prevention. Despite that
spending, though, the total direct financial cost of retail crime
has climbed. That represents an increase of 6% from the
previous year. ‘Customer theft’ remains the largest element. This
now weighs in at over half a billion pounds per annum. That’s a
15% increase on the previous results.
The BRC’s Retail Crime Survey covers the period from 1 April
2016 to 31 March last year and encompasses the experiences of
1.1 million employees (accounting for approximately one third of
the retail industry). The total direct cost of retail crime has risen
to just over £700 million. The rate of reported violence with
injury has doubled in a year to six episodes per 1,000 workers. At
that rate, across all roles in retail, an average of 13 individuals
were injured each day of the 12-month period under survey.
The direct cost of customer theft has burgeoned by £65 million
(or nearly 15%), while the direct cost of fraud has reduced by
£27 million (or just under 15%).
On average, retailers spent around the same amount of money
on (non-cyber) crime prevention in 12 weeks as they did in the
whole of the previous year. Nearly half of respondents to the
study have witnessed an increase in the number of cyber attacks
over the last year.
Commenting on the startling findings, Helen Dickinson OBE
(CEO of the BRC) stated: “Retail directly employs nearly one in
every ten workers in the UK, as well as millions more indirectly.
The sector already faces its own challenges, with margins
shrinking. Set against this backdrop, the pressures that retail
crime exerts are having a stronger impact.”
Dickinson went on to observe: “The figures on violence
against staff in particular present a deeply concerning picture.
Attacks on retail workers are intolerable. Retailers are doing
everything possible to ensure that their members of staff and
customers alike are safe and protected, but they’re now having
to spend record amounts on crime prevention in order to do so.
This is a drag on the economic viability of retail outlets and not
infinitely sustainable. It’s clear that a new approach is required.”
Importantly, the BRC is working to build a new model for cooperation
around tackling retail crime and encouraging decisionmakers
throughout the country to apply the priority level the key
issues deserve. This is absolutely the right course of action.
Brian Sims BA (Hons) Hon FSyI
Editor
December 2012
5
www.risk-uk.com

Annual Plan 2018-2019 issued by National
Crime Agency to “deliver step change”
The National Crime Agency (NCA) has published
its Annual Plan for 2018-2019, setting out what
the organisation will do over the coming year to
make itself “leaner and more efficient” and
“deliver a step change” to the way in which it
works with law enforcement and intelligence
partners to fight serious and organised crime.
In the Home Secretary’s foreword to the 19-
page document, Amber Rudd praises the NCA’s
performance, stating that the organisation has
“gone from strength to strength with an
impressive and sustained track record of
disruptions across the full range of serious and
organised crime threats.”
NCA director general Lynne Owens echoes
these sentiments in her own statement,
highlighting that the NCA has delivered “some
outstanding results since its inception”. Owens
added: “We’re not complacent. There’s more to
be done in order to protect the public from the
effects of serious and organised crime, which
continues to grow in complexity and challenge.”
Owens concluded: “Tackling the breadth of
serious and organised crime is beyond the
capacity and capabilities of any one body. It’s
clear that agencies can no longer act in
isolation to protect members of the public, and
nor can any one agency hold all the tools
required for a comprehensive response. This
Annual Plan sets out how we will play our part
in leading that response.”
The NCA’s Annual Plan, which follows on from
the Government’s National Security Capability
Review, is ambitious in its scope, detailing the
concrete steps that the organisation will take
towards transformation over the coming period.
Steps to take in 2018-2019
In 2018-2019, the organisation will:
*Build critical capability through the creation of
the National Assessment Centre, the National
Data Exploitation Capability and the National
Economic Crime Centre
*Continue to demonstrate its leadership role in
tackling serious and organised crime by
embedding a consistent approach towards
threat leadership, including prioritisation and
tasking, in order to become threat agnostic and
intelligence-led in all of its investigations
*Deliver specialist and unique services
designed to support its own operations as well
as those of its partners
*Work with partner organisations to continually
build an evidence base for sustainable funding
*Implement the recommendations of its
international review, ensuring that activity to
tackle serious and organised crime upstream is
driven by agreed national priorities
*Introduce a new streamlined structure that will
also make the NCA a more efficient, agile and
flexible organisation. Savings will be reinvested
to increase the number of frontline officers
“Halfway house” National Security Capability Review “a cause for concern”
The importance of a robust and coherent process in setting the National Security Strategy (NSS)
has been underlined by the Joint Committee on the National Security Strategy (JCNSS) with the
publication of its first report on the National Security Capability Review (NSCR).
Last year, the Government launched the NSCR as a ‘quick refresh’ of national security capabilities
in the light of changing security challenges. The NSCR is still underway, but the Joint Committee’s
report offers preliminary comments on the process and key issues that the review process should
address. The election of the Trump administration in the US, the UK’s decision to leave the EU,
intensifying threats to the UK’s national security and a significant structural hole in the defence
budget have all presented real reasons to revisit the 2015 NSS and Strategic Defence and Security
Review before the next expected review process is conducted during 2020.
However, according to the JCNSS, the decision to focus on capabilities, and not the underlying
strategy, “doesn’t do justice” to the changes to the wider security environment. The announcement
in January of the Modernising Defence Programme puts work on defence on a different basis and
timeline from the rest of the NSCR.
The Joint Committee has stated: “It appears that the NSCR has inadvertently become an
uncomfortable ‘halfway house’ between a ‘quick refresh’ of national security capabilities and a full
review. An honest conversation on defence spending is required if the Government is to match its
ambitions for national security with the realities of the UK’s capabilities and funding. The nation’s
security capabilities are far too important to be allowed to evolve without proper thought or
direction from ministers.”
6
www.risk-uk.com

News Update
Mayor of London confirms
£412 million investment in all-new
counter-terrorism hub
Sadiq Khan, the Mayor of London, and the
Metropolitan Police Service have unveiled the
detail behind a £412 million investment
initiated to create a new counter-terrorism and
organised crime hub in the capital. The major
new investment includes the £250 million
purchase of the Empress State Building in
Hammersmith and Fulham and a “significant
upgrade project” to make the building and its
associated sites secure and fit for purpose.
These plans will bring together for the very
first time under one roof the Metropolitan
Police Service’s Counter-Terrorism Command
and Specialist Crime and Operations in line
with other cities like Manchester and
Birmingham. The move to focus on a single
site, and dispose of other buildings, will also
save on rent, freeing up more money to
support front line policing.
According to a statement issued by the
Mayor’s Office for Policing and Crime, London’s
new counter-terrorism hub will serve to
“streamline operations and capabilities” and
“ensure more effective and efficient working”
in order to keep the capital as safe as possible
from the now constant and ever-evolving
threat of terrorism.
The current threat from international
terrorism in the UK remains at ‘Severe’, which
means an attack is highly likely. The increase
in terrorist activity has been described by
police and security experts as “a shift, not a
spike”. The horrific events that took place in
London and Manchester last year remind us all
that attacks can happen at any time and
without warning.
Until now, a significant proportion of the
Empress State Building has been leased by
the Metropolitan Police Service and used for a
range of purposes including back office and
operational functions. In addition to the
benefits for London’s counter-terror provision,
the purchase of the freehold offers better
value for money than the alternative options
(that include signing another 15-year lease).
Sadiq Khan explained: “Keeping Londoners
safe is my first priority. This means ensuring
that the capital is as protected as possible
from the threat of terrorism and organised
crime. Last year, our city was subjected to four
terrorist attacks. We know that countless more
planned attacks have been thwarted by our
hard-working and dedicated counter-terrorism
officers whose heroism in these times of
adversity we must never take for granted. At a
time when policing budgets continue to be cut
by Government, it’s right for us to prioritise
investment in those areas that matter most.”
Carillion collapse should act as
“wake-up call” for effective risk
management approaches
Public sector officials and the heads of major
corporations must use the collapse of Carillion
as a “wake-up call” and recognise the value of
an effective risk management approach.
Speaking at the recent launch event for the
2018 EURisk Convention, Dr Calie Pistorious
(CEO of technological consultancy firm
DeltaHedron) and international negotiation
trainer Bob Spence implored senior
management figures to recognise the
importance of effective risk management.
Carillion plc is a British multinational FM
and construction services company
headquartered in Wolverhampton. The
business experienced financial difficulties in
2017, and went into compulsory liquidation on
15 January this year, which is the most drastic
procedure in UK insolvency law.
Before its recent liquidation event, Carillion
was the second largest construction company
in the UK, listed on the London Stock
Exchange and an employer of some 43,000
members of staff (around 20,000 of them here
in the UK).
On home shores, the insolvency has caused
project shutdowns, job losses (in Carillion –
1,536 UK redundancies up to 12 March 2018 –
and its suppliers), losses to joint venture
partners and lenders and potential financial
losses to Carillion’s 30,000 suppliers and
28,500 pensioners.
It has led to questions and Parliamentary
enquiries about the conduct of the firm’s
directors and auditors, and about the UK
Government’s relationships with major
suppliers working on PFI schemes and other
privatised provisions of public services.
PFI projects in Ireland have been
suspended, while four of Carillion’s Canadian
businesses have moved to seek legal
bankruptcy protection.
“A lot of companies look at risk as a boxticking
exercise, but that’s a waste of time,”
said Dr Pistorious. “It’s a change of mindset
that’s needed in order to understand the
business value of having an effective risk
approach. The struggles of companies like
Carillion are to do with risk multiplied by
company culture. If those two things work
together then it can be an extremely powerful
force for good. If they’re out of sync, though,
then it’s a nightmare scenario.”
7
www.risk-uk.com

Brexit negotiations “must focus on security
co-operation” urges Home Affairs Committee
A report published by
the Home Affairs
Committee in
Parliament warns of
“serious legal,
constitutional and
political obstacles” in
the way of achieving
continued close
policing and security
co-operation post-
Brexit. Entitled ‘UK-EU
Security Co-operation
After Brexit’, the
document cautions
that these issues need
to be resolved “as a
matter of urgency” or
the UK’s future
policing and security
capabilities risk being
“seriously
undermined”. Brian
Sims analyses the
main talking points
The detailed report welcomes the
Conservative Government’s objectives for a
Security Treaty designed to replicate
current co-operation on Europol, the European
Arrest Warrant and data sharing on criminality,
but at the same time criticises the Conservative
administration for “complacency over the
timetable” and warns about the complexity of
the negotiations.
The Home Affairs Committee is pushing for
security and policing negotiations to begin
immediately, and also calls upon the
Government and the European Commission to
show flexibility. The Committee argues that the
EU should not try to restrict co-operation to
existing third country models, and that the UK
should not be rigid about artificial red lines.
Further, the Committee argues that both
parties should be ready to extend the transition
period, as it’s highly likely to take longer than
two years to resolve new legal arrangements
for extradition and data sharing.
In addition, the Committee warns that the
Government “risks sleepwalking into a crisis”
by appearing to assume that the shared UK-EU
interest in security co-operation will lead to the
swift and easy agreement of complex legal and
constitutional problems.
Yvette Cooper MP, chair of the Home Affairs
Committee. commented: “Given the scale of
cross-border crime, trafficking and terrorism
threats, we need security and policing cooperation
now more than ever, but there’s a
serious risk that we will lose some of the vital
data and extradition arrangements if there isn’t
urgent work conducted by both the UK and the
EU to deal with the trickiest issues.”
Cooper continued: “We agree with the
Government that the European Arrest Warrant,
Europol capabilities and database access
should be replicated in full, and that this is in
Europe’s interests, too, but just because we all
want something, it doesn’t mean that it will
happen unless enough work is put in ahead of
time to overcome the legal, constitutional and
political obstacles we’ve uncovered.”
Embellishing this theme, Cooper went on to
state: “We’re extremely concerned that neither
the Government nor the European Commission
is focusing enough attention on this area of
Brexit in order to sort these problems out in
time. Yet the consequences of running out of
transition time before the Security Treaty is in
place are immensely serious, both for the UK
and Europe. Losing or weakening extradition
arrangements could mean being unable to
extradite rapists like Zdenko Turtak, who fled
back to Slovakia but, using the European Arrest
Warrant, was returned to face a long prison
sentence. Losing or weakening data access
could prevent the police service from gaining
the vital information they need to catch
dangerous criminals or keep victims safe.”
Easing the red line
Cooper asserted that Prime Minister Theresa
May appears to have eased the Court of Justice
of the European Union’s (CJEU) red line when it
comes to security co-operation. “That’s
welcome and essential if we’re to be able to
replicate current co-operation after Brexit,”
outlined Cooper, “but other tricky problems
remain unresolved. We need much more detail
and flexibility from both the Government and
the European Commission.”
According to Cooper and her colleagues on
the Home Affairs Committee, much more
urgency needs to be given to this whole area.
“Otherwise, we risk sleepwalking into a crisis.
That’s why the Committee is ringing the alarm
bell before it’s too late. Policing co-operation,
extradition arrangements and data sharing are
too important to either lose or diminish. The
costs of failure are unthinkable.”
The Home Affairs Committee concludes that
the UK should seek to maintain its security
capabilities in full after Brexit – including
8
www.risk-uk.com

News Analysis: UK-EU Security Co-operation Post-Brexit
Europol membership, replicating the provisions
of the European Arrest Warrant and retaining
full access to EU data sharing mechanisms –
and that the Government is right to aim to
secure those in a Security Treaty separate from
the other negotiations.
The Committee asserts that the Government
should be honest about the complex technical
and legal obstacles to achieving such a close
degree of co-operation as a third country. As far
as the Home Affairs Committee’s concerned, it’s
crucial that the negotiations in this area begin
imminently. The Government and the EU must
be ready to extend the transition period for
security arrangements beyond the proposed
end date of December 2020.
Cross-border crime
With the growing prevalence of cross-border
crime, there can be no substitute for UK access
to Europol’s capabilities and services.
Maintaining this access should be a key priority
in the Brexit negotiations.
Current EU proposals for the UK to lose its
role on the Europol Board during the transition
period are a real concern. Disrupting Europol’s
governance arrangements next March, in
advance of a wider negotiation for the new
relationship, would not benefit anyone’s
security or safety.
The UK and the EU should work to negotiate
a bespoke relationship. Existing Europol
models for co-operation with non-EU countries
would involve a reduction of security
capabilities. The Prime Minister’s willingness to
accept the CJEU is “welcome and essential”
towards securing the closest partnership.
The efficiency and effectiveness of the
European Arrest Warrant is “beyond doubt”.
Being forced to fall back on the 1957 European
Convention on Extradition after Brexit would be
a “catastrophic outcome”.
Establishing a new extradition agreement is
vital, but that process faces serious legal and
constitutional obstacles. For example, Germany
and Slovakia currently have constitutional bars
against extraditing their own citizens to a non-
EU country. That would have shielded Zdenko
Turtak from extradition from Slovakia to face
trial and imprisonment for a violent rape that
occurred in Leeds two years ago.
Data gathering and sharing
The Home Affairs Committee agrees with the
Government that the sharing of criminal data,
including full access to the Second Generation
Schengen Information System (SIS II) and other
EU databases, must continue after the Brexit
process has reached its conclusion.
“Policing co-operation, extradition arrangements and data
sharing are too important to either lose or diminish. The
costs of failure are unthinkable”
However, the Committee is concerned that
there are likely to be significant judicial and
legal obstacles and delays to securing a data
adequacy agreement and reaching the data
protection standards needed to maintain
access to those databases. This could include
increased examination by the EU of the UK’s
surveillance and interception regime as we will
no longer benefit from the national security
exemption for Member States.
The Government could also encounter
problems because of its decision not to
incorporate Article 8 of the EU Charter of
Fundamental Rights into UK law to exempt
immigration cases from the Data Protection Bill.
In summary, then, the Home Affairs
Committee is concerned that the Government is
“worryingly complacent” about the UK’s future
access to EU data.
Given the uncertain prospects for a
comprehensive deal on law enforcement cooperation,
there’s no alternative to contingency
planning for the loss of some or all EU security
measures. The Home Affairs Committee feels
that the Government should dedicate a
substantial proportion of the £3 billion Brexit
planning fund to policing and security cooperation,
including publishing detailed impact
assessments of different scenarios, along with
fully-costed contingency arrangement plans.
Pragmatism on both sides
The Home Affairs Committee argues that
success in this area of Brexit will require
pragmatism on both sides. The EU should not
be so inflexible that it confines co-operation to
existing models, but the UK should not be rigid
about its own red lines, including the future
jurisdiction of the CJEU.
The Committee agrees with Home Secretary
Amber Rudd that a ‘no deal’ outcome in the
sphere of security should be unthinkable, but
isn’t convinced that the Government has a clear
strategy to prevent the unthinkable from
becoming a reality. Indeed, the Committee has
moved to express “serious concerns” about the
apparent lack of investment and interest in
contingency planning in this area.
The detailed Home Affairs Committee report
concludes by stating that it’s time for the
Conservative Government to flesh out the
details of the ‘bespoke deal’ it says it hopes to
secure in this area.
Yvette Cooper: Chair of the
Home Affairs Select Committee
in Parliament
Prime Minister Theresa May
9
www.risk-uk.com

TCP/IP
network
PAVIRO
Public Address and Voice Evacuation System
with Professional Sound Quality
Flexibility from the start
PAVIRO offers you smart features making system specification and installation faster, simpler
and more efficient than ever before. Design a complete system with just a few parameters. Avoid
unexpected costs thanks to the system’s extreme flexibility and low operational costs. What‘s
more? The new Dante network interface module ensures IP networking functionality allowing
larger areas with more audio channels with up to four decentralized controllers.
Find out more at boschsecurity.com

News Special: Anti-Money Laundering Regime Review
EY, Lloyds Banking Group and Thomson
Reuters support RUSI review of AML regime
Money laundering threats and
vulnerabilities have radically changed
since the fundamental architecture of
the international AML regime was designed
back in the 1990s. Technological developments
have enabled criminals to become increasingly
sophisticated and evade traditional methods of
detection. The range of available responses has
also evolved. By allowing financial institutions
and supervisors to harness larger amounts of
data, advanced analytics have the potential to
really increase the impact of AML efforts across
sectors and within individual organisations.
Over the next two years, the Financial Crime
2.0 programme will determine how the AML
regime could be updated in order to be more
effective and reflect today’s technological
landscape. The research will be carried out by
RUSI, supported by partners from EY, the
Lloyds Banking Group and Thomson Reuters.
The programme recognises that better
information sharing has enhanced the
effectiveness of AML in recent years. Beyond
these initiatives, however, wider changes are
required in order to allow stakeholders to make
the most effective use of this information and
respond to new challenges.
To inform this discussion, the programme will
combine two concurrent initiatives. The first
initiative is policy-focused and will identify how
core elements of the AML regime could be
improved to create an enabling environment for
the use of technology. In a report to be
published at the end of 2018, it will establish
what reporting requirements provide the most
effective and proportionate basis for the use of
advanced analytics by AML supervisors.
By mid-2019, it will also assess to what
extent the current compliance framework
supports the effective prevention of money
laundering in the private sector. This research
will be informed by the growing role of Artificial
Intelligence and also by developments in data
protection, particularly the European Union’s
General Data Protection Regulation.
The second initiative focuses on the effective
mitigation of new money laundering risks that
are not fully addressed by the existing AML
regime. This will include the threat stemming
from the proceeds of emerging crimes such as
ransomware, as well as the vulnerabilities of
sectors like virtual currencies and e-commerce
that call for an innovative AML response.
Throughout this two-year period, the
programme will engage with a wide range of
stakeholders in the UK and globally through
interviews and workshops, building on the
desire to increase the impact of AML efforts.
Today’s technology
Tom Keatinge, director of the Centre for
Financial Crime and Security Studies at RUSI,
explained: “Designing an AML regime that
harnesses the opportunities presented by
technology is one of the programme’s key
objectives. We need to make sure that new
technologies are not simply used to make the
current system work more efficiently. Rather,
they have the potential to make a real
difference in terms of how effectively we tackle
ill-gotten gains. The Financial Crime 2.0
programme will help realise that potential.”
Patrick Craig, EY’s financial crime leader for
the EMEIA region, observed: “We recognise
that co-ordinated action by financial
institutions, regulators, Governments and
international bodies is needed, and we’re
pleased to be a part of the co-operation that’s
being launched. Taking an intelligence-led
approach, enabled by technological innovation
and behavioural science, is critical to the
effectiveness of financial crime management.
We want to help the industry to innovate.”
Brian Dilley, director for fraud and financial
crime prevention at the Lloyds Banking Group,
added: “The world has changed since many of
the AML regimes were put in place and we need
to ensure that we keep pace with the criminals
to reduce the harm they do to society. It’s no
longer effective to consider different types of
financial crime separately as the criminals don’t
do so. Cyber crime, fraud and money laundering
are all part of the same process for them and,
unless we look at these issues collectively, the
criminals will hide in the gaps. It’s time to use
innovation as a tool to fight crime rather than
seeing it as a threat.”
Phil Cotter, managing director of risk at
Thomson Reuters, concluded: “Despite
considerable efforts and resources devoted to
anti-money laundering, we only detect and
recover around 1% of the more than $2.4 trillion
of money laundering and other criminal activity
estimated to be flowing through the
international financial system. More needs to
be done in both the private and public sectors.”
With the support of EY,
the Lloyds Banking
Group and Thomson
Reuters, the Royal
United Services
Institute (RUSI) is set
to conduct a detailed
review of the current
anti-money laundering
(AML) regime in order
to assess what
reforms are required
to tackle financial
crime in the modern
age. Risk UK reports
11
www.risk-uk.com

Nedap’s Global Client Programme
Standardise your security worldwide
always up to date?
The Global Client Programme by Nedap Security Management supports you in implementing,
maintaining and updating AEOS – the leading access control system – across multiple
international sites.
We’ll be at ASIS Europe 2018 in Rotterdam from Wednesday 18 to Friday 20 April. Call by to
As an ASIS member, you’re welcome to join us at our ASIS welcome party on 18 April.
www.nedapsecurity.com/how-we-help/global-client

Opinion: Access Control and the Equality Act 2010
As professionals operating in the security
industry, we have strict obligations to help
our customers enforce the protection of
people and assets, but equally so to assist
authorised users in using security systems on a
regular basis. Unfortunately, it can be all-tooeasy
to overlook features or specific designs
which can make all the difference to those
people with a whole range of disabilities and
specific needs.
It’s vital that everyone is supported by
effective access control. This goes beyond the
obvious moral obligations and is rightly
enshrined in law in many parts of the world.
A key piece of UK legislation here is the
Equality Act 2010, which applies to England,
Scotland and Wales. According to the Act, a
given individual has a disability if they have a
physical or mental impairment and that
impairment exerts a substantial and long-term
adverse effect on their ability to carry out
normal day-to-day activities.
The Equality Act 2010 specifically stipulates
that discrimination occurs if a person treats
another unfavourably because of something
arising in consequence of their disability, and it
cannot be shown that the treatment is a
proportionate means of achieving a legitimate
aim. This doesn’t apply if it can be shown that
the person didn’t know – and could not
reasonably have been expected to know – that
the other had the disability.
Beyond this careful wording, the key
message to remember is that no person with a
disability should be placed at a
disproportionate disadvantage by the facilities
they use. This simple and fair assessment does,
however, mean that security solution providers
need to understand the full range of
requirements and the best ways of catering for
all security system end users.
Broad range of needs
The blanket term ‘disabilities’ covers a very
broad range of additional needs, so careful
consideration is required to ensure that secure
access control systems best cater for everyone
needing to use them. Disabilities can be
physical or learning-related difficulties, as well
as a combination of both. They may be just as
unique as the individual themselves.
Difficulty of movement and interaction are
obvious challenges for those with disabilities
when it comes to using access control. Equally,
those who are registered blind (or have varying
degrees of sight impairment and/or hearing
difficulties) can also struggle with security
systems if they’re not installed in a way that’s
mindful of varying needs.
Access Control:
Designing for All
In our everyday world, it can sometimes be far too easy for us
to forget the obstacles many people with disabilities face
when it comes to just living their daily lives. Here, John
Davies examines the importance of effective access control in
making their lives that bit easier
Individuals with learning difficulties may also
require additional assistance with access
control systems. For instance, biometric readers
may be far more suitable than a PIN code
reader as they’re particularly intuitive and
straightforward for individuals to use, without
any requirement for reading or memorising any
kind of information.
The Equality Act 2010 isn’t prescriptive with
regards to ‘reasonable adjustments’, but suffice
to say these will vary depending on the facility
where the access control solution is being
installed, the specifics of the building(s)
involved and the collective needs of the people
using the location(s).
It’s fair to say that common sense is a key
part of any security installation and this is no
different when it comes to systems that will
support people with additional needs. The
starting point is to examine the physical
features of the installation facility and the
needs of the individuals and groups who make
use of it. This isn’t just the people who
currently use a given location. Ideally, it needs
to include anyone who could use the location in
the future as well.
John Davies:
Managing Director of TDSi
13
www.risk-uk.com

Opinion: Access Control and the Equality Act 2010
Building features
Building features can be numerous. They could
be features arising from the design or
construction of a building, an approach to/exit
from or access to a building, fixtures or
fittings/furniture/furnishings/materials or
indeed any other physical element or quality.
Again, common sense is demanded here to
assess these against the requirements of
security and people.
Obvious adjustments include improved
physical accessibility, such as using barriers
instead of traditional turnstiles and adding
handrails, ramps or lifts where required. It
could also be about using braille, audio
announcements or voice recognition to
overcome visual impairments, or equally visual
announcements to help those individuals who
are hearing-impaired. People with arthritis may
benefit from specially-designed security
keyboards/touchscreens or displays. Readers
may need to be positioned such that those with
wheelchairs and movement aids can more
easily use them.
The question of if an improvement is
reasonable must be addressed. Does it work
and successfully help people to overcome a
difficulty? Is it practical to install and use, and
will it cause significant disruption in doing so?
Is there a financial impact and a possibility of
financial or other assistance to help (such as a
grant)? Every case is individual and needs
careful consideration in its own right.
Different organisations and projects will
inevitably require different solutions. For
example, a school for children with special
needs may need a completely different access
control approach to an office facility. The school
may cater for pupils with specific disabilities
and will therefore require specific systems
designed to actively assist both them and the
teaching/care staff.
It’s also dangerous to make generalised
assumptions with regards to access needs.
With the special needs school, for example,
new pupils may be enrolled who require
additional support over current facilities. It’s
also important that people don’t feel excluded
or segregated because of their needs. For most
installations it makes perfect sense to design
an access control solution that can be used by
anyone and everyone.
“The Equality Act isn’t prescriptive with regards to
‘reasonable adjustments’, but suffice to say these will vary
depending on the facility where the access control solution
is being installed and the specifics of the building(s)”
Ensuring that access control is easy to locate
and use (even for first-time users) is also key.
Signage or instructions is a vital part of these
systems and needs to cater for everyone.
Written instructions may be fine for some, but
those with sight impairment or learning
difficulties may struggle. Audio or pictorial
alternatives offer options that can be
understood by a greater percentage of people.
Always safety first
Naturally, access control isn’t just about
security. It also has a vital role to play in safety,
and there’s no room for error when it comes to
ensuring everyone’s protected. As well as
protecting from intruders or attacks, access
control is often central to evacuation in the
event of a fire or other emergency.
Undoubtedly, safety comes first and is about
far more than just a ‘reasonable adjustment’
being made. If access control systems could
impede anyone’s safety in any way, then they’re
not doing their job properly. BS 8300 outlines
recommendations for the design of new
buildings and their approaches to meet the
needs of people with disabilities, while BS
9999 outlines specific recommendations on
means of escape.
While the legalisation is in place to provide
guidance on safe access and evacuation, these
considerations also need to be at the heart of
any access control planning.
In an ideal world, access control facilities
would have a highly prescriptive set of rules
with regards to catering for anyone with
disabilities. In the real world, of course, there
are any number of variables that can complicate
the situation. Many facilities were designed and
built in less enlightened times, when
practicality for the majority of users and cost
were still considered overriding considerations.
Legislation such as the Equality Act 2010 is
necessarily open to interpretation to address
the reality of an imperfect world. However,
security experts are well placed to ensure that
systems and installations meet the needs of as
many people as possible, while also preserving
the overall integrity of protection.
The PyeongChang Paralympic Winter Games
2018 took place last month. Watching the
competitors perform was even more profound
when you consider the additional challenges
they face compared to many other athletes and
sporting competitors around the globe. The
Paralympics served as a timely reminder of the
endurance and ability of the human spirit to
overcome adversity. This is something that
secure access control solutions can positively
help people with in their everyday lives.
14
www.risk-uk.com

Advertisement Feature
Redefining Critical Communications
As is the case each year, Critical
Communications World (CCW) will
highlight the latest innovations that
advance the state-of-the-art in mission-critical
communications. Celebrating its 20th
Anniversary in 2018, CCW is the ‘must attend’
event for critical communications professionals,
bringing the whole industry together under one
roof to drive innovation and knowledge
exchange. CCW is the largest exhibition of its
kind, gathering critical communications
professionals from all around the world.
Over the 20-year history of CCW, much of the
focus has been on establishing TETRA as the
professional mobile radio (PMR) technology of
choice for mission-critical voice and data
communications. This year, however, marks a
turning point for CCW’s parent as The Critical
Communications Association (TCCA) moves to
supplement TETRA communications with highcapacity
mobile broadband data capabilities
solidly built on LTE networking.
While debates continue to rage about the
potential of shifting mission-critical voice
communications to LTE, the benefits of
incorporating robust mobile broadband
networking into the communications toolkit are
certainly well-understood by stakeholders in
Government. CCW 2018 will bring these
stakeholders as well as supporting ecosystem
partners from across industry together for indepth
discussions on the future of public safety
communications around the globe.
Mobile network operators
The timing of CCW 2018 is particularly
important for mobile network operators. Terror
attacks and natural disasters have prompted
security officials worldwide to look aggressively
at LTE technology. By augmenting voice-centric
TETRA communications with mobile broadband
networks, these officials can deliver better
incident command tools that increase
situational awareness. Mobile network
operators need to take advantage of CCW 2018
in order to engage with these potential
customers and explore their requirements.
Today, mobile networks offer IP data services
designed to serve both consumer and
enterprise customers. Fortunately, the
continued evolution of LTE technology provides
quality of service and access barring tools that
serve to protect select traffic streams during
times of network congestion.
CCW 2018 is an ideal opportunity for strategy
planners to explore future opportunities in
depth. Aside from myriad conference sessions
featuring Governmental leaders, the exhibition
floor hosts a wide range of vendors ready to
add different perspectives on the opportunities
and challenges ahead. Just as important, the
one-on-one networking that’s possible at
conference assists in opening direct lines of
communication between MNO planners and
Government agency officials.
Masterclasses and conference
The ‘Pushing The Boundaries of Innovation’
Masterclass runs on 15 May from 9.30 am to
4.30 pm. Do you want to derive more from your
PMR system? Do you wish to migrate to
broadband, but are not sure what else you
could connect to it? Could your business
benefit from the IoT revolution?
On the same day, the ‘How To Manage Large-
Scale Events’ Masterclass is hosted by the
Federal Agency for Public Safety Digital Radio
(BDBOS) and targets the critical communication
community in general, but addresses especially
end users and practitioners. Those who attend
will enjoy thought-provoking and first-hand
reports on how to manage large-scale events.
The first part of the ‘BDBOS Tactical Day’
examines international experiences. Users,
operators and experts will share their
knowledge gathered in a variety of international
mission-critical events. In the afternoon,
technical solutions are to emphasise both the
technical and tactical challenges faced when
managing operations.
The conference programme running on 16
and 17 May is split into three streams of
content. On 16 May, topics covered are
scheduled to include a presentation and
discussion on 5G and critical communications,
the new possibilities to be realised by
combining critical comms with the IoT and Big
Data analysis and how end users can overcome
the challenges presented by TETRA and LTE
interconnection. Using IP networks as a secure
platform for critical comms is the subject of
Peter Cox’s presentation in Stream B. Cox is the
CEO and Founder of UM Labs.
Paul Steinberg (senior vice-president and
CTO at Motorola Solutions) is speaking on Day
Three at conference and will observe how
technology is going to actively support first
responders in the field going forward.
There’s also a detailed delivery on LTE
devices in critical communications and how to
ensure a reliable ecosystem. The speaker here
is Bittium director Markku Korkiakosi.
The Critical
Communications
Association is set to
run its flagship
industry event, Critical
Communications
World 2018, at Messe
Berlin from 15-17 May.
Event organiser MA
Exhibitions (the Mark
Allen Group) offers the
readers of Risk UK a
preview of the content
lined up for delegates
attending the various
conference sessions,
the Masterclass
Programme and, of
course, the exhibition
Register online for CCW 2018
www.critical-communicationsworld.com

Quelling Those Aggressive Streaks
Violence in the
workplace includes
everything from verbal
abuse, pushing and
punching to spitting,
sexual assault and
even stabbing. While
stabbings and sexual
assaults are not an
everyday occurrence,
the other incidents are
more common than
you might wish to
believe. Daniel Hardy
examines the scale of
the problem
specifically in the
retail sector, the
reasons behind its
growth and what
needs to be done to
keep employees safe
The Health and Safety Executive (HSE)
defines work-related violence as “any
incident in which an employee is abused,
threatened or assaulted by a member of the
public in circumstances arising out of the
course of his/her employment”. The
repercussions of such violence can have
devastating consequences on the physical and
psychological health of those affected.
Although the Health and Safety at Work etc
Act 1974 states that employers have a legal
Duty of Care to ensure (so far as is practicable)
the health, safety and welfare at work of their
employees, the measures implemented can
often fall very short of what’s required.
The 2015-2016 Crime Survey for England and
Wales found that an estimated 1.4% of working
adults have been the victims of one or more
violent incidents at work, with 350,000 adults
having experienced an event of this nature.
During this period, there were an estimated
698,000 incidents of violence comprising
329,000 assaults and 369,000 threats.
Employees in the protective service
occupations are at highest risk, with healthcare
professionals and health and social care
specialists also regularly affected. However,
those working in the retail sector are
increasingly in danger, with the British Retail
Consortium’s (BRC) just published 2017 Retail
Crime Survey figures highlighting the fact that
the rate of incidents of violence with injury has
doubled since the previous year to total six per
1,000 members of staff.
While these statistics identify a clear and
worrying trend, what’s just as concerning is the
lack of conversation relating to what’s causing
these figures. First of all, shopping habits have
changed. Shopping is now a daily occurrence
and, therefore, footfall across the retail sector
is up which, in turn, means that the volume of
crime has risen. Second, the operating model of
retail businesses has changed, with the number
of colleagues working in stores diminishing due
to the use of technology such as self-serve tills.
While stores working smarter and using
technology is, in many ways, very much a good
thing, the big downside to all of this is that
there’s less customer engagement.
Better customer service prevents violence
and, as anyone who has had to stand in a long
queue will recognise, avoids customers’
patience wearing thin. However, the prevalence
of defensive merchandising and planograms
means that high risk or high value items are
locked in a cabinet or kept behind the checkout
counter. This can frustrate the shopper, may
lead to lost sales and could be a contributing
driver for acts of violence.
Retailers have a responsibility to comply with
age-related sales legislation relating to
products such as alcohol, knives and cigarettes,
but criminals are increasingly using violence
and abuse when challenged, in turn triggering
enhanced threats. If these points are combined
with poor or non-existent confrontation
management training, some colleagues could
inadvertently exacerbate a problem still further
and actually serve to inflame potentially
volatile situations through a lack of what’s best
described as emotional intelligence.
Such a ‘perfect storm’ means that violence is
becoming more commonplace and, when it
does occur, there are too few colleagues on
hand who are able to deal with the problem in a
swift and efficient manner.
Time isn’t a healer
Reporting crime takes time and, therefore, an
increasing number of retail staff are opting not
to do so, as it usually requires internal
documentation, dealing with the police and
perhaps liaison with local crime partnerships.
In addition, given that the Anti-Social
Behaviour, Crime and Policing Act 2014 makes
theft from a shop of goods worth £200 or less a
summary-only offence, it seems that retailers
are simply not bothering to pursue some cases.
The same often goes for acts of verbal and
physical aggression. The former have become
so normalised that they’re often not considered
a violent act, just ‘par for the course’. There’s
16
www.risk-uk.com

Opinion: Mind Your Own Business
also the lack of respect that some people have
for authority and this is combined with an
awareness that police services are under so
much resource pressure that they will probably
not attend the scene of anything but the most
serious of incidents.
The issue of inefficient reporting shouldn’t be
underestimated or ignored, as it creates a
situation wherein the scale of the problem is
unclear, so sufficient law enforcement or
security resources cannot be allocated to deal
with it. Worryingly, on the subject of reporting
incidents, the BRC’s 2016 Retail Crime Survey
stated that 56% of retailers questioned thought
that the police service’s performance was either
‘Poor’ or ‘Very poor’.
Taking action
With the rising crime figures and falling police
numbers, the frontline of retail clearly has the
potential to be a dangerous environment for
many shop workers. There’s still a lot to do to
help protect them. Employers should do all they
can to prevent attacks occurring in the first
place and, if an event does occur, provide their
employees with all the support they need.
Health and Safety law applies to risks from
violence, just as it does to other risks from
work. In parallel with the Health and Safety at
Work etc Act 1974, the Management of Health
and Safety at Work Regulations 1999 state that
employers must consider all risks to employees
(including the possibility of reasonably
foreseeable violence), decide how significant
these risks are, determine what to do to
prevent or control them and develop a clear
management plan.
Developing a policy on the management and
prevention of violence can help employers
avoid costs relating to low staff morale, high
absenteeism and staff turnover, expensive
insurance premiums and, possibly,
compensation payments. A policy should
identify how any risk can be controlled and set
out how preventative measures will operate
while detailing training, changing work patterns
or dealing with specific customer groups.
For example, those working in pharmacies
will often have to deal with vulnerable people
such as drug addicts and the mentally ill, while
those in off-licences will sometimes encounter
individuals who abuse alcohol.
Protect and survive
Even though retailers are initiating leaner
operational strategies to protect profit margins,
the BRC claims that they’re also spending
record amounts on crime prevention, security
and other measures to keep staff safe. The
BRC also recognises that this level of financial
investment is, ultimately, unsustainable.
This isn’t really a surprise, as security
guarding can be costly to implement and
maintain, as can remote monitoring. Although
technology such as lone worker devices and
panic buttons have proven to be effective in
other sectors, many retailers question whether
it’s worth investing in them if the police are
unlikely to show up when they’re activated.
Likewise, although civil injunctions and
Banning Orders can be used to address antisocial
behaviour, they can be costly and timeconsuming
to pursue.
There’s certainly a good return on investment
argument to be made for the more widespread
collaboration between retailers to pool
knowledge, share information on Best Practice,
build a safer working community and set up
crime prevention initiatives. The General Data
Protection Regulation isn’t a blocker to
legitimately preventing crime, lowering risks
and protecting staff.
By joining forces, retailers can also use
technology, security guarding, data acquisition,
analytics and information sharing as tools in
the battle against workplace violence. This
reduces expense for retailers and can facilitate
the deployment of a shared resource of highly
trained and skilled personnel who can be
notified about an incident via a smart device as
to where help is needed and provide an
immediate response. Key Performance
Indicators can be agreed in advance and there’s
also the potential for live incident reporting.
This can help to ensure a police response.
On a related subject, the process regarding
the development of Business Improvement
Districts must be enhanced. Charging a levy on
all ratepayers, in addition to the Business Rates
Bill, in order to benefit businesses in a given
local area has seen a certain level of success.
However, as things stand it offers an
inconsistent approach towards delivering real
improvements as safety and security are not
part of the manifesto of a bid. This situation
needs to change and must become part of the
five-yearly renewal process.
Physical violence in retail workplaces is
increasing year on year. Decisive action must be
taken to counter this trend or the consequences
could – quite literally – prove to be fatal.
Daniel Hardy:
Managing Director at the
National Business Crime
Solution (NBCS)
*Mind Your Own Business is the
space where the NBCS examines
current and often key-critical
business crime issues directly
affecting today’s companies. The
thoughts and opinions expressed
here are intended to generate
debate and discussion among
practitioners within the
professional security and risk
management sectors. If you would
like to make comment on the
views outlined, please send an
e-mail to: brian.sims@risk-uk.com
**The NBCS is a ‘Not-for-Profit’
initiative that enables the effective
sharing of appropriate data
between the police service, crime
reduction agencies and the
business community to reduce
crime and risks posed to all. By
providing a central repository
where business crime data is
submitted, shared and analysed,
the NBCS is able to gather the
necessary intelligence and support
to more effectively detect, prevent
and, subsequently, respond to
crimes affecting the UK’s business
community. For further information
access the website at:
www.nationalbusinesscrime
solution.com
“The British Retail Consortium’s 2017 Retail Crime Survey
highlights the fact that the rate of incidents of violence
with injury has doubled since the previous year to total six
such episodes per 1,000 members of staff”
17
www.risk-uk.com

3 July 2018
Hilton London Canary Wharf
ONE DAY DAY – – MULTIPLE SOLUTIONS TO YOUR CHALLENGES
eet Meet with with the the most most trusted solution providers, learn from industry thought leaders and and connect with with
eers peers over over the the course of of the the Summit, which is entirely FREE to attend for for security professionals.
opics Topics covered covered include: include: Access Access Control •• Anti-Virus Browser •• Security Data Data • Theft/Loss • • Malware • Malware
Mobile • Mobile Security Security • Network • Network Security Security Management • Trojan Detection • • UK UK Cyber Cyber Strategy Strategy
For more information and to register, please contact Emily Gallagher
on: 01992 374085 or e.gallagher@forumevents.co.uk.
@SECIT_SUMMIT #SITSUMMIT
SECURITYITSUMMIT.CO.UK
MEDIA & INDUSTRY PARTNER
HOSTED BY

Risk Management Strategy: Adapting to Devolving Threats
Government agencies and, in many cases,
commercial security providers usually
have far more technology, manpower and
purchasing power at their disposal than do
today’s smaller and seemingly weaker threats,
and yet it appears that the whole of the UK’s
security industry remains constantly challenged
to ‘keep up’ with ‘evolving’ threats.
Two types of threat that have recently
(d)evolved to become more problematic than
ever include terrorists who have had a great
deal of success using vehicles as weapons and
street robbers who’ve enjoyed similar levels of
success by using motorbikes as get-away
vehicles throughout London and other major
cities. Each of these threats make for
interesting Case Studies for risk professionals
who should be constantly on the lookout for
‘metrics that matter’ as they conduct their risk,
threat and vulnerability assessments.
While technology, manpower and big budgets
have contributed a great deal towards security
throughout the UK, recent trends have shown
that a great deal of damage can still be done by
‘underdog’ threats operating alone and on
shoestring budgets. It’s imperative that risk
professionals don’t underestimate the value of
key capabilities, like speed and surprise, both
of which have been well-leveraged with
unprecedented effect in recent times.
Evolving Backwards:
Strategies for Adapting
to Devolving Threats
With relatively efficient and professional policing and a
robust private security sector, terrorism and organised crime
have historically been kept to manageable levels. Across the
past few years, though, there have been upticks in terrorism
and violent crime trends as perpetrators have found low-cost
solutions to escape detection and evade arrest. Philip Strand
and Christine Annerfalk search for a solution
Variety of metrics
A wide variety of metrics can be used to assess
the capabilities of threat actors. Technological
capabilities are often measured in terms of
available weaponry, communications
equipment and transport. Total numbers of
threat actors are almost always of interest to
risk analysts, while the ability of a threat actor
or group to secure funding for purchasing
additional supplies and training is normally
factored into risk assessments.
That said, are these metrics always the most
important in comparison to target
organisations’ people and assets? While
criminals, terrorists and other threat actors are
usually fewer in number, lower on funding and
sometimes less well educated than members of
the UK’s public and private security services,
it’s not uncommon for threats to slip by even
sophisticated security systems. It’s arguably
true that the less technology attackers use, the
less effective and capable they are, but their
lack of sophistication can make them extremely
difficult to both detect and disrupt.
It quickly becomes the case that many
successful small-scale attacks can have a
greater effect on a Government, a given
organisation or a population than a few largescale
attacks that never actually make it past
the planning stage.
Islamist-inspired terrorism
One type of threat actor that has ‘devolved’ to
circumvent the strengths and advantages of the
UK’s Security Services is the Islamist-inspired
terrorist. In the wake of several high-profile
terrorist attacks in Belgium and France
involving guns and explosives, law enforcement
agencies throughout Europe took swift action
to stem the spread of high(er)-tech weaponry.
Not to be deterred from their goals, terrorist
leaders re-assessed their followers’ capabilities
and the defences of their primary targets:
citizens in the streets. Calls went out from Al-
Qaeda and ISIS “explicitly… to employ cars as
weapons” to “mow down [their] enemies”.
Terrorist groups’ correct assessments of their
own capabilities compared to those of their
Dr Philip Strand PhD MBA:
Senior Risk Consultant at
CornerStone
19
www.risk-uk.com

Risk Management Strategy: Adapting to Devolving Threats
Christine Annerfalk:
Associate Researcher at
CornerStone
targets resulted in a spate of successful attacks
within technologically-advanced societies.
Vehicle attacks in London, Antwerp and
Stockholm last year left no doubt that a new
trend had emerged in the tactics and modus
operandi of Islamist-inspired terrorism.
Unfortunately, the spread of knowledge
didn’t stop with that particular threat group,
but extended into the ranks of far-right
terrorists, as evidenced by the 2017 Finsbury
Park attack which resulted in one person’s life
being lost and eleven others wounded as they
emerged from a place of worship.
There may once have been a day when the
stereotypical image of a Jihadi terrorist was a
man in a difficult-to-manufacture explosive vest
carrying an expensive-to-procure assault rifle.
Islamist propaganda and magazines succeeded
in making terrorism accessible to everyone and
not necessarily less effective for any lack of
complex weapons, equipment and training. Law
enforcement agencies’ superior training,
weaponry, communications and processes were
enough to limit the attacks, but not enough to
prevent them from occurring in the first place.
Outmanoeuvring technology
A second type of threat actor that has used
simple tactics and tools to outmanoeuvre
technologically-superior security personnel are
the motorbike thieves of London.
Throughout the capital, criminals have
figured out that scooters, mopeds and
motorbikes offer low-cost solutions to mobility
challenges. Historically, the UK’s police have
had the advantage of superior numbers and
command, control and communications (ie C3)
capabilities. In the face of budget cuts, the
police adopted a strategy of intelligence-led
policing, which enabled them to reach crime
scenes before the robbers could move on to
their next victims, effectively limiting the
amount of harm a single robber could cause.
Not to be outdone by superior intelligence
and information capabilities, robbers have now
realised that speed and manoeuvrability are
key when it comes to overmatching the police’s
dwindling numbers. From motorbikes, a pair of
robbers can snatch mobile phones and
handbags throughout a square kilometre area
at a pace of 12 to 15 items within a 30 to 45
minute-long spree.
“It’s arguably true that the less technology attackers use,
the less effective and capable they are, but their lack of
sophistication can make them extremely difficult to both
detect and disrupt”
According to police, a scooter can be stolen
in 30 to 40 seconds by an experienced thief and
that scooter can then become an enabler for a
spate of follow-on crimes. To make matters
worse, scooter gangs can take advantage of UK
laws stating that the police must discontinue
pursuit if that pursuit poses risks to life.
In practice, motorbike-mounted thieves know
that the passenger can simply remove their
helmet and the police will discontinue their
pursuit. The police’s co-ordination, equipment
and ability to rapidly respond becomes useless
when they’re slowed down by traffic.
Low-tech tools in use
While it’s clear that both terrorists and street
criminals have now embraced the use of easyto-obtain
vehicles to carry out their attacks,
they’ve also shown that they realise it’s not just
the vehicles themselves that offer them
advantages. Many of these two types of threat
actors have also employed knives, hammers
and other widely-available and unsophisticated
tools to threaten or harm their victims. The
trend towards low-tech tools suggests a
conscious realisation that ‘gearing up for war’ is
counterproductive in an environment where the
security forces have so many advantages and
the same goals can be achieved with much less.
It’s now time for the UK’s security community
– and the citizens who support it – to make the
next move. Fortunately for tax payers and
businesses alike, levelling the playing field
doesn’t require pouring more money into old
risk management strategies. Motorbike gang
members may be difficult to catch in the
streets, but we can support the police in their
efforts to provide crime prevention advice to
citizens on social media and hold Open Days
with city councils specifically aimed at
combating motorbike-assisted crime.
In the same way that it requires other built-in
safety features on vehicles, the UK Government
can also demand that motorbike manufacturers
take steps to make machines more difficult to
steal. It may also be necessary to fund the
deployment of greater numbers of unmarked
vehicles with highly-trained drivers who will
have greater leeway to pursue moped-riding
robbers if they should spot them in the street.
Preventing vehicle-enabled terrorism is a
more complicated, but not impossible task.
Terrorist leaders who promote low-tech attacks
still rely on high-tech forms of communication
and networking. Terrorists may benefit from
hiding in plain sight, but the Government can
leverage its greater expertise, funding and
access to Big Data in order to identify threats
before they become operational.
20
www.risk-uk.com

www.coie.uk.com
Cortech Open
Innovation Event
IFSEC 2018, ExCel, South Gallery Room 28, E16 1XL
19-21 June 2018
The Mitigation of Risk for Workplace Safety, High Security
Be educated, informed and better equipped to manage evolving building needs
See technology in action as part of the live demonstration
Discover the latest smart integration techniques
Discuss industry challenges with fellow security professionals and technology experts
Learn about GDPR compliance and cyber security resilience
Attending Partners
Cortech
Media Partner

Securing Critical Assets
various levels of authorisation and needing
access to specific locations at certain times.
Access control
systems have come a
long way since the
invention of the lock
and key.
Advancements in
technology have
realised solutions to
be integrated with
web-based systems,
allowing for
traceability and time
management within
mechanical keys.
Here, Pip Courcoux
discusses integrated
access control and
why the protection
regime enacted for
physical assets is just
as important as that
imparted with data
security in mind
The technological evolution in access control
has created passkeys, cryptographic keys
and encryption keys. Although all of these
new access control products are available,
cyber security often remains the focus of many
organisations’ security concerns, with physical
security an afterthought. For example, you
know to change your e-mail password and web
logins every three months in order to keep your
online information secure, but how often do
you change your keys?
Data and cyber security vigilance is
important, but it’s a futile exercise if someone
can attack your assets through the use of your
keys. In short, organisations shouldn’t become
so focused on cyber security that they’re failing
to protect their premises effectively.
Keys provide physical access to critical
assets, including areas that house servers
holding customer data, and to offices where
customers’ accounts are managed. Despite this,
we often see organisations unsure of how many
keys they have in circulation, or where they are
at any given moment in time.
One of the issues faced by large
organisations, and especially those residing in
the Critical National Infrastructure (CNI) sphere,
is the vast number of key holders accessing
disparate sites. This presents major difficulties
in controlling those keys. Key holders can range
from full-time employees through to temporary
staff members and on to contractors. All of
these key holders will have different and
individual access control requirements, with
Compliance is key
Take contractors as an example. If you have a
data processing contract, they would require
access to data for a period of time to complete
their work, but there would be defined steps in
place to make sure that, once the contract has
finished, they no longer have access to (or any
visibility of) the data involved. If the contractor
has a physical key it’s much harder to restrict
their future access to the system.
When it comes to temporary staff, you may
have new employees joining an organisation,
people moving to different departments and
also members of staff leaving. Once an
employee moves departments, electronic
access to software and systems can be easily
controlled, but physical access restriction is far
trickier. It’s easy to wipe someone’s phone or
laptop if they lose it or leave the business, but
you cannot do this with a mechanical key.
With regards to permanent staff, compliance
is vital. Do they have the permits to work in a
given area and can you control it? Any business
changes such as mergers and acquisitions can
alter a person’s responsibility. In this instance,
data access may be controlled electronically
with ease, but it’s difficult to be so flexible on
physical access with mechanical keys.
Taking control
What, then, is the solution to this issue of key
control to protect critical assets and
information? Electronic key solutions that
feature web-based management can be
integrated with existing telemetry systems to
help control and manage operations. This offers
a high level of both physical and data
protection, given that they only use accredited
software and infrastructure providers. For
example, some systems boast an electronic key
system where all the power is retained by the
key or locks themselves. This means no wiring
is required, whether the system uses door
cylinders, cabinet locks or padlocks.
End users have secure access to an online
management application from anywhere in the
world and can change key access permissions,
profiles, schedules and validity, even revoking
their use virtually at the click of a button. Keys
may be validated daily, weekly or monthly for
continuous security. Users are required to
change their password every three months.
22
www.risk-uk.com

Access Control: Integrated Business Systems for Risk Professionals
This enables an organisation to
comprehensively track and audit who has
access to which locations, when they had
access and on how many occasions. Access can
be granted only at the exact moment it’s
required, thereby mitigating the risks
associated with lost or stolen keys.
Bluetooth 4.0 technology
What’s more, certain advanced systems take
advantage of the latest Bluetooth 4.0
technology, meaning that keys can be activated
through a smart phone and access rights
granted to the user ‘on site’. This revolutionises
remote access control by bringing it firmly and
squarely into the mobile era, subsequently
offering flexibility and time savings as well as
enhancing ease of use.
This offers a solution to the issue of key
control and being able to effectively manage
access rights in organisations where there’s
staff fluidity. If a key should happen to be lost,
or if a contractor or temporary member of staff
needs access revoking, this can all be done
centrally by an administrator, minimising the
risk of a physical security breach.
In addition, if access rights need to be
altered, with a permanent employee being
given permission to enter more areas, this can
be done both quickly and easily, even with the
use of a smart phone.
Operational efficiency
In the case of CNI operations, security is vital to
the continuity of essential services. As well as
minimising the vulnerability of an organisation,
there are many additional benefits to be gained
when installing a solution such as this and
integrating it with other ‘smart’ systems.
Financial savings, CO 2 emissions reduction
and, most importantly, time savings can all be
made with smart infrastructure integration. For
example, access control can be linked with
‘Enterprise Resource Planning’ systems to
identify key holders on shift. ‘Permit to Work’
systems can be linked to ensure that they’re
still compliant for the job at hand and with
telemetry and SCADA systems to ascertain
where they need to be.
The hybrid between mechanical and
electronic technologies is the ‘key’ to success
in this arena, maintaining the strict standards
required for security while also enhancing
operational efficiencies for the future.
Many organisations in the power generation,
water supply, telecoms, financial and
healthcare sectors have witnessed improved
operational control and efficiency when moving
to an integrated web-based access control
“Certain advanced systems take advantage of the latest
Bluetooth 4.0 technology, meaning that keys can be
activated through a smart phone and access rights granted to
the user on site. This revolutionises remote access control”
system. One institution even saw a return on
investment of 600% in the first 12 months
following installation. Most importantly for any
host organisation, when the data’s secure and
managed effectively, the service continuity and
resilience is guaranteed.
Supply chain data
When integrating an access control solution
with other cloud-based systems, it’s inevitable
that the issue of data security does come into
play. Although implementing an access control
system such as the one previously mentioned
offers high security and operational
efficiencies, data security in the supply chain
needs to be considered in detail as well.
Resilience is a key factor. Ensuring a safe
supply chain environment can seem like an
impossible task, but there are ways to minimise
risk. Ask yourself: “How ‘stable’ are my
suppliers?”…“From where do they source their
products?”...”How safe and protected are their
assets?”… and “How robust are their own
relationships with their suppliers?”
To mitigate risk, it’s crucial to identify
dependencies and vulnerabilities that can
impact supply chains. Increasing the visibility of
these areas allows organisations to anticipate
their impact and plan ahead for contingencies.
In a similar vein, in order to ensure the
highest level of access control security, the inhouse
security or risk-focused professional
must select a supplier who uses accredited
software and infrastructure providers that
provide enterprise level Software as a Service
solutions compliant with European and national
standards for physically secure key systems.
Three-factor authentications
Three-factor authentications are also desirable,
including standard 256-bit encryption,
advanced encryption and industry standard
SHA-2 SSL certificates.
When it comes to integrated access control,
then, it’s important for security professionals
not to focus all of their attentions solely on the
safety of data. It’s just as important to
guarantee the physical security of assets.
Covering all bases will ensure resilience and
continuity of essential services, while
organisations can reap the additional benefits
of improved operational control and efficiency.
Pip Courcoux:
Sales and Product Manager
for CLIQ Systems at Abloy UK
23
www.risk-uk.com

The Risk Management Journey
There’s no crystal ball
that will magically
outline opportunities,
map risks and provide
a distinct and
unobstructed path to
success. Nonetheless,
as Steve Schlarman
observes, there are
specific stages that
organisations can
expect to move
through when building
an integrated risk
management
programme
24
www.risk-uk.com
Broadly speaking, there are three distinct
stages of risk management maturity:
siloed, managed and advanced. Before a
business can start to move through its own risk
management journey, it must first work out at
which of the three stages it currently resides.
The most common and most basic form of
risk management is to tackle all of the
individual elements within a vacuum or silo.
Many organisations can become stuck in the
most elementary risk and compliance
approaches, with narrow strategies that lack
the context of wider business objectives and
priorities. This strategy relies on front line
employees being in a constant firefighting
mode and can be effective up to a point.
However, with the focus typically on
compliance and tactical risks, the organisation
cannot see beyond the immediate issue. Risk
managers are hunkered down in the trenches
with little forward movement, relying on oldfashioned
approaches that may see the job
done, but will never truly enable them to keep
pace in today’s market.
These organisations need to prioritise
beyond immediate compliance deadlines and
start addressing regulatory and industry
requirements in the most efficient and effective
manner. This requires automating compliance
and building a cohesive strategy to deal with
the ‘table stakes’ of doing business.
Compliance obligations need to be tackled, but
with an eye towards the future.
Building more silos at this point is futile. Risk
and compliance functions need to focus on
where data and processes can be leveraged, reused
and shared and where the limitations of
niche, operational tools can be overcome. By
transforming compliance, companies can
actively pave the way forward to the next stage
in their risk management journey.
Managed risk
Companies that have moved beyond the silo
and made steps to transform compliance will
have common policies, standards and controls,
an effective control infrastructure and efficient
methods to measure, monitor and report the
business’ compliance state. Companies in this
stage have solved – or are well on their way
towards solving – the compliance conundrum
and are poised to harness risk.
These organisations need to become aware
of the various risks they’re juggling and put
plans in place to manage these risks within the
context of a broader strategy. A key factor in
this evolution is addressing both
cyber/technical risk and business risk with a
combined strategy. The business needs to
understand the risks in its technology
landscape, while technologists must be active
participants in addressing business risk.
The risk programme should be focused on
affording the business the insight to navigate
major issues. This process is being fuelled
more and more by metrics and analytical
capabilities that provide visibility into risk.
Companies in the managed stage begin
building the bigger picture, shoring up strong
competencies and bringing weaker elements up
to a stable state. As the business risk
management programme matures, effort begins
shifting from compliance as the key driver to
focus more on risk. The organisation eventually
reaches a point whereby the business
objectives take the lead and the company is
then poised to move to the next stage.
Advanced management
When the organisation has mapped out and
conquered the risk landscape, it’s time to begin
exploring the opportunity landscape. The
organisation is now ready to realise the
competitive advantages of harnessing risk:
beating competitors to market, launching new
products and services with calculated
efficiencies and avoiding major issues that can
affect reputation and the bottom line.
The organisation has turned the corner from
managing unrewarded risk to benefiting from
rewarded risk. Companies in this situation
understand that risk and reward are
intrinsically linked and are ready to focus on
the latter having already conquered the former.
How, though, does a business actually go about
reaching this promised land?
Any journey through the three stages of risk
maturity will depend on many things. There’s
no single path to improving risk management in
an organisation. Organisational complexities,
cultural differences, market factors, business
changes, leadership shifts, technology
strategies and other variables will all impact
the journey. While there isn’t a ‘typical’ journey,
then, there are generally four phases involved:
the incline of improvement, the dip of
determination, the ramp of Return on
Investment and the terrain of transformation.
The majority of organisations begin their risk
journey by focusing on individual and tactical

Risk Management: The Three Stages of Maturity
needs. Defined by the organisation’s business
priorities, these use cases should build a
foundation and begin demonstrating quick
wins. This can be called the incline of
improvement as the organisation moves up the
maturity scale. The business will start seeing
some efficiencies immediately, including a
reduction in the time and effort needed to meet
risk management requirements, improved
reporting around those use cases, some data
sharing and other indicators of improvement.
A key turning point for many organisations is
a stronger commitment from senior leadership
to a more enterprise-level approach. While the
initial implementation may be sponsored by
senior leadership, as organisations progress up
the ‘incline’, at some point the wins start
adding up. Executive management sees the
value in the effort expended and issues a
mandate to break down silos, consolidate
platforms, establish common taxonomy and
assessment approaches and streamline
reporting, etc. This is a big step forward as it
gathers more resources and momentum for the
risk management programme itself.
However, most organisations will witness a
dip as processes take one step backward to
take two steps forward. This ‘dip of
determination’ is a positive step, as it sets up a
stronger programme, but you must keep the
focus. As you do, some processes may need to
change in order to break down organisational
barriers (the step backward) and to move on to
the next phase (the two steps forward) that is
the ramp of Return on Investment.
Inflection point
At this point, organisations are in the managed
state of maturity and really starting to connect
the dots. It’s important to keep momentum
going in order to ascend that ramp.
Somewhere along this ramp there’s an
important inflection point. As the risk
programme matures, the goal is to take the
next step towards addressing new and
changing business activities (ie those growth
activities that are fuelling the business).
Organisations are seeking to reach the ‘terrain
of transformation’ whereby risk management is
part of the culture.
At this phase, the discussion is around
business opportunities and the organisation
reaches the advanced stage of maturity. Once
an organisation reaches this terrain, there must
be constant and continuous measurement of
the risk management programme. The
organisation cannot be lulled into a false sense
of security since the business constantly
changes. The good news is that organisations
attaining this level of maturity generally have a
good sense of how to ride through the waves of
change and adjust themselves accordingly.
It’s also vital that organisations are prepared
for challenges and disruptions. For instance,
anywhere along this journey a ‘paused
programme’ can lead to a downward spiral. This
could be triggered by several different factors.
Many times, the loss of a programme
champion, a lack of resources or a general lack
of progress (programme wins or demonstrated
value) can serve to derail the strategic plan.
Imperative to demonstrate progress
If the programme pauses, it will lose
momentum and could end up dissolving to the
point where it has to be reformulated and reestablished.
The process then starts over as the
organisation goes back through the phases.
Given how important risk management is today,
it’s imperative to show progress and keep the
risk management programme on track.
While the risk management journey is rarely
straightforward, organisations need not travel
alone. There are numerous services and
partners who can assist in carrying a company
throughout the process, helping it to make
faster and more informed decisions about risk.
Steve Schlarman:
GRC Strategist at RSA
“The majority of organisations begin their risk journey by
focusing on individual and tactical needs. Defined by the
organisation’s business priorities, these use cases should
build a foundation and begin demonstrating quick wins”
25
www.risk-uk.com

Power Supply Continuity and Management
Risk UK: A continuous power supply is vital
for many businesses with critical operations.
What can you tell us about the current state
of the industry and why UPS is the best
solution for organisations that would suffer
the most from a major power failure?
Leo Craig: A dependable Uninterruptible Power
Supply (UPS) should be seen as a business’
first and foremost line of defence against
potential power outages and disruptions. IT
downtime is catastrophic, not just in terms of
financial losses or drops in productivity, but
also in terms of reputational damage. With a
reliable UPS protecting your critical power
supply, you have that ultimate insurance policy
bridging the gap until your back-up generators
kick-in or letting your computer systems safely
shut down until the power’s back on.
Risk UK: Which business sectors do you
think find a UPS system to be most valuable
and why?
Leo Craig: UPS units are obviously essential in
any Data Centre environment, whether that’s in
the banking or insurance industries, telecoms
and IT or retail. It’s similarly important in
manufacturing, too, where one unplanned
incidence of downtime can cost an average of
£1.6 million in lost productivity.
It’s not just in sectors that prioritise profits
and the interests of shareholders where a UPS
can prove invaluable. It’s not an exaggeration to
suggest that a UPS can sometimes be the
difference between life and death. Hospital
operating theatres and A&E Departments, the
Emergency Services, roads, railways, docks and
airports – all of this critical infrastructure
demands the clean and consistent power
supply that a UPS can provide.
Risk UK: Do you feel that UPS will innovate
or expand in any new or existing sectors in
the near future?
Leo Craig: It’s not so much a case of innovating
or expanding into other sectors. These days,
virtually every industry relies on electricity and
IT in some form or another, so a UPS system is
a valuable safeguard to protect against any
unexpected outages. For example, we’ve
recently secured a number of clients in the
sports stadiums and facilities sectors.
Given the continued growth and popularity of
connected devices, smart industry and the
Internet of Things, our personal and
professional lives are only going to become
more increasingly interconnected and
dependent on a robust and consistent power
supply. That being so, the demand for UPS
protection is only likely to burgeon.
Fault Intolerance:
Future Directions for UPS
Uninterruptible Power Supply systems are typically used to
protect hardware such as computers, telecoms systems or
other electrical equipment where an unexpected power
disruption could cause injuries, fatalities, serious business
disruption or data loss. Risk UK interviews Leo Craig, general
manager at Riello UPS, about future developments in this area
Risk UK: What are the key issues to
remember around ownership of a UPS system
and how can firms avoid potential failures?
Leo Craig: While a UPS is an essential piece of
power protection equipment for businesses of
all shapes and sizes, it’s by no means perfect.
Indeed, no safeguard can ever be 100%
infallible. A UPS unit is a complex machine and,
over time, parts will fail or components such as
batteries or fans will need replacing.
Once a UPS has been installed, it’s the
ongoing monitoring, maintenance and servicing
that keeps it operating at peak performance. A
well-maintained UPS obviously helps to
minimise downtime and promote uptime, which
is the ultimate goal of the host company.
Risk UK: What are the biggest obstructions
to UPS maintenance?
Leo Craig: More than two-thirds of downtime
incidents are actually thought to be preventable
in the first place, with poor maintenance
highlighted as one of the key culprits. Basic
human error is the most common cause. At the
Leo Craig:
General Manager at Riello UPS
27
www.risk-uk.com

Power Supply Continuity and Management
simplest level, ensuring labels are clear and
that switching procedure documentation is
easy to understand can avert possible disaster.
Incorporating castell interlocks into the initial
system design will help to ensure that switches
are thrown in a controlled and safe fashion. In
the most critical environments, a pilot/co-pilot
arrangement (whereby two engineers both
check a procedure before ever carrying out the
action) can reduce the risk of human failure.
The best way to eliminate such a threat is by
making sure you work alongside a dependable
UPS maintenance supplier that only uses fullytrained
and competent field engineers.
Risk UK: What should a business look for in
a UPS maintenance package and what are the
most important issues to bear in mind here?
Leo Craig: Sadly, not all UPS maintenance
agreements are the same. Too many contracts
are full of big promises that, in reality, don’t live
up to expectations. It’s crucial that you clarify
several key issues before signing up.
The first point to cover is emergency
response times – how quickly will you receive
help if disaster strikes? Options tend to range
from 8 or 12 working hours down to four clock
hours. Just as importantly, find out exactly what
that ‘response’ is. Is it an automated message,
a phone call from tech support or a certified
UPS engineer fixing the problem on site?
Availability of replacement parts is also
something to consider. Ask whether your
supplier stores spares in several different
locations such that they can be with you as
quickly as possible. Even better still, do they
provide ‘crash kits’ of the most common spare
parts that you can keep at your location ready
for use in case of an emergency scenario?
Finally, you need to be sure that the person
you’re entrusting to service your UPS unit
knows exactly what they’re doing. Field
engineers should successfully pass a
challenging Certified Engineer training
programme in order to prove their competence.
Risk UK: How about energy wastage through
UPS? Is this a problem and is there a way in
which wastage can be reduced to lower
carbon emissions and cut back on cost?
Leo Craig: The rise in popularity of modular
UPS systems is helping to improve energy
efficiency. Moving away from larger static UPS
to a more modular approach means that loads
can be configured more closely to the business’
actual power requirements, in turn ensuring
there’s less wasted capacity without
compromising on performance or redundancy. If
and when the client needs to scale-up, they can
simply ‘Pay as you Grow’ by adding in extra
modules. Compact modular UPS solutions also
produce far less heat, thereby reducing the
reliance on energy-intensive cooling.
We recently worked on a major Data Centre
upgrade that saw several larger static UPS
replaced with more modern modular units. The
client benefited from a 72% reduction in annual
CO 2 emissions and saved more than £335,000
per annum on its UPS and air conditioning
costs. This is conclusive proof that there are
significant efficiency savings to be made.
Risk UK: Are there any other applications for
UPS that haven’t yet been widely adopted?
Leo Craig: Although it will need something of a
shift in mindset across our industry, there’s
definitely merit in embracing the move towards
demand side response by using the untapped
potential of UPS batteries to store electricity
and feed it into the National Grid.
The move to Lithium-Ion batteries makes this
a real possibility and offers obvious ‘wins’ for
both sides. With demands for electricity only
ever going to increase, energy harnessed from
UPS units could become a valuable additional
source of renewable power to add to the
nation’s energy mix. From the host
organisation’s perspective, it’ll help reduce
their environmental footprint as well as
providing an extra revenue stream.
At present, mission-critical businesses tend
to be risk-averse. UPS resilience is by far and
away their foremost priority. Even something
seemingly straightforward such as harnessing
power from back-up generators hasn’t gained
much traction yet, so asking these businesses
to go beyond that and adopt UPS energy
storage will need a major change in mentality.
It’s up to us as a sector to keep pushing the
environmental and economic benefits.
Risk UK: Where is the industry heading now?
Have there been any recent developments or
technological advances in UPS systems?
Leo Craig: The aforementioned move to
Lithium-Ion batteries has been very positive.
Compared to the more traditional sealed lead
acid (SLA) batteries, they offer several
advantages. Lithium-Ion versions take up half
the space, but provide a much higher power
density. They charge far quicker and can be
recharged many more times than SLA batteries.
Lithium-Ion batteries can operate effectively
at 40 o C, twice the recommendation for SLA
types, which also happens to be closer to the
optimum temperature at which a UPS should
operate. This means there’s less need for costly
air conditioning to keep the unit/batteries cool.
28
www.risk-uk.com

D E S I G N I M A N U F A C T U R E I I N S T A L L
PERIMETER SECURITY
SOLUTIONS
OUR PASSION
IS YOUR SECURITY
High security perimeter and
access solutions, including fence
and gate systems, designed and
built in the UK to answer the needs
of your project, from security
rating of LPS 1175 SR1 to SR5.
Call 0800 408 4749 or visit
www.jacksons-fencing.co.uk/secure

Looking towards the
future roadmap for
private sector security
provision in the UK,
Danny Williams tracks
the move from
traditional security
guarding to the
delivery of a new style
of service that affords
value-driven,
predictive and
intelligent solutions
making use of client
and industry data
while at the same time
encompassing open
source intelligence
Danny Williams:
Managing Director (North,
Midlands and South West) at
Securitas UK
Time for Transformation
Five years ago, although security was
considered to be a necessary purchase, it’s
fair to suggest that many clients had
limited visibility or clarity as to why security
services were required or how they could
proactively protect their assets and people. In
the intervening period, times have most
certainly changed. Clients are now far more
aware of the importance of security and how
effective risk management strategies can serve
to protect their assets, people and property.
In today’s world, the industry is moving away
from the traditional security guarding model,
whereby a physical presence used to be a
standalone feature, and more towards
collaborative partnerships wherein security
providers offer a range of protective services
that realise end-to-end security solutions.
Undoubtedly, the security of today – and,
indeed, the future – will rely heavily on a
combination of people, technology and
knowledge working in unison to ensure that
clients receive value-driven and predictive total
security solutions.
People will continue to play a pivotal role in
security, of course. Given their local knowledge,
experience and personal judgement, security
officers will always be at the very heart of
service delivery and best placed to develop
collaborative relationships and understand
local client needs. As is the case across many
industries, though, the advent of new
technology and digital innovation is certainly
redefining the role of the security officer. It’s a
change pattern that the industry simply must
embrace with open arms.
With increasingly innovative and advanced
technology solutions, one might expect the role
of the security officer to be in some way
diminished going forward. However, the reverse
is true. Innovation and technology is actually
enhancing the value of security officers on the
ground. Clients now expect better qualified and
more highly engaged individuals who possess
core skills and have both the knowledge and
flexibility to deliver the important personal
element of a total security solution.
As the number of tasks an officer is expected
to perform continues to multiply, and clients’
expectations increase in unison, the role of an
officer provides enormous opportunities for
personal growth and development.
From reactive to predictive
If the industry is to make a successful transition
from reactive to predictive security, we must
harness Big Data to provide intelligent security
solutions. Tailored security solutions are
already being devised using detailed databased
risk analyses filtered to specific levels,
and by a variety of parameters, including
geographical areas, site and even type and
propensity of criminality. The intelligence
gleaned then allows security providers to
foresee and proactively mitigate risk to
implement preventative measures.
The ability to proactively mitigate risk,
particularly in today’s climate and with an eye
towards the future, will become the modus
operandi of the security industry going forward.
Proactive data management and the analysis of
real-time and historical data allows us to review
security solutions implemented on a site and
consider: ‘Is the solution still appropriate and is
it fit for purpose?’
For example, does a location need on-site
officers present at all times or would a flexible
allocation of resource to risk in the form of
mobile patrols actually present a more efficient
and appropriate solution? These are questions
that detailed data analysis coupled with
thorough risk assessments can answer.
Security providers boasting an Operations
Centre capability are able to share real-time
information with security officers via a number
of mobile devices, among them smart phones
and PDAs. As necessary, operators liaise with
officers to guide their actions on site or send
out a mobile patrol vehicle if required.
The connection between the Operations
Centre staff and the officer(s) on site helps to
reduce false alarms and ensures that valuable
resources are allocated to those situations
where they’re most needed.
Security in a digital age
Technology is making a breakthrough impact on
the industry, with the onset of virtual reality
training, augmented reality patrol systems and
autonomous robots all now entering the
security space as support tools for the security
officer. Investment in these groundbreaking
technologies is essential and must continue in
order to allow security providers to build those
aforementioned value-driven and predictive
total security solutions for their clients.
In addition, the next generation of monitoring
hardware is evolving. We’re now witnessing a
move away from passive CCTV cameras to a
combination of smart cameras, various types of
sensor and analysis software. These solutions
will not only record and detect incidents, but
30
www.risk-uk.com

Security Management: Transitioning to Predictive Solutions
also analyse, draw conclusions and suggest
appropriate actions.
A much-publicised development is the use of
drone technology. The option to deploy drones
in support of officers is a further example of
people and technology working in unison. One
of the benefits of drones is their ability to scan
and patrol far-reaching areas not usually
accessible to humans.
While this presents an obvious positive,
there’s also an obverse consideration for clients
working in sensitive environments who need to
keep their sites secure from the general public.
However, technology now allows for anti-drone
solutions to combat this risk.
Trusted advisor
As the digital transformation of the industry
continues to gather momentum, we will
increasingly see improvements in efficiencies,
lower costs for customers and an increase in
the safety of security officers. However, it’s also
important to appreciate that the move towards
technology-based security management
solutions may seem intimidating for clients,
and particularly so those who are used to a
physical presence alone.
It’s here that a security provider should
establish itself as a trusted advisor in order to
help the client feel comfortable in making any
transition. The rise in the adoption of mobile,
remote and electronic security solutions over
recent years is a direct reflection of the
changing face of security and demonstrates a
move away from purely on-site or security
guarding solutions.
While innovation and technology are creating
positive changes in this era of digital
transformation, we must also remember that
there’s a flip-side to all of this as more and
more people have access to information and
data widely available through the Internet and
social media channels. A much greater focus on
these platforms is going to be necessary in
order to combat potential security threats.
Law enforcement agencies understand that
intelligence can be gleaned through open
source investigation and this is something that
security providers are now starting to offer their
clients. In the first instance, open source
investigation can begin to combat the insider
threat, providing an enhanced level of vetting
for particular roles that have a heightened
requirement for discretion.
Add to this the ability to offer enhanced
social media screening through the right
monitoring software and you’re then in a
position to mitigate any potential risk at the
very outset.
In countries outside the UK, the role of the
security officer is seen as a career pathway. It’s
a respected profession with long-term career
prospects. Here in the UK, we still have some
work to do. With a greater focus on security as
a specialisation, we must strive to improve the
perception of the security officer’s role.
When you compare security to other
industries in the UK, there’s a misconception
that the industry is unattractive and
unrewarding, but this is changing. Technology
and innovation have paved the way for IT-based
security solutions, and it’s this innovation that
will undoubtedly appeal to the next generation
of security professionals.
Indeed, young people now embarking on a
career in security expect technology and
innovation to play just as important a role in
their working life as it does in their personal
life. The security industry needs to challenge
itself. It must evolve to attract and retain the
best talent. There’s no denying that people
remain at the heart of security, and rightly so,
but it’s important to look beyond traditional
ways of working, embrace change and build
long-term sustainable partnerships with clients.
Security is developing. Technologies and
client needs are changing. Our industry cannot
solve the challenges of an evolving landscape
with traditional approaches from yesterday.
“The connection between the Operations Centre staff and
the officer(s) on site helps to reduce false alarms and
ensures that valuable resources are allocated to those
situations where they’re most needed”
31
www.risk-uk.com

Although HD video
surveillance has
become the norm
when configuring and
implementing a
security strategy, less
attention has been
given to the benefits
of audio. Malcolm
Crummey explains
why it’s time to take
audio seriously and
evaluates how it can
help to prevent
security problems
before they start
The Voice of Reason
All of us have become used to living in a
‘surveillance society’. CCTV cameras are
now part of everyday life, with the average
Londoner caught on camera over 300 times
each day. However, while the visual element of
a security strategy is very much a ‘given’,
what’s far less prevalent is the use of voice
address technology. It’s high time for the
benefits of using audio to be reappraised.
In the majority of cases, CCTV is
retrospectively used to analyse where a crime
took place, establish the events that occurred
and, if necessary, provide prosecution evidence.
A subject of some debate is whether CCTV
alone actually acts as a deterrent or is simply
something of an inconvenience for those with
criminal intent in mind.
Audio technology has some significant
advantages in this regard. In the event that an
intruder is identified, an operative at a Remote
Monitoring Centre (RMC) can issue a verbal
warning to that intruder to cease what they’re
doing and disperse – an approach that has
been proven to prevent the majority of
incidents from going any further. If this doesn’t
work then further action can be initiated, such
as deploying security officers or summoning
the police service to the scene.
Furthermore, not all remote monitoring needs
to be carried out on a live basis. For those
customers looking for constant round-the-clock
surveillance of their premises and operations,
alert-based remote monitoring is the perfect
solution. In fact, it’s most effective when linked
to a range of other technology such as intruder
alarms, access control and fire detection
systems. RMC operators can pick up alerts,
which are then visually confirmed, meaning
that the response from the Emergency Services
is taken to an enhanced level.
Sound move
Although video surveillance is the dominant
technology in a security system, the time has
surely now come to recognise audio monitoring
as an equally critical component. Indeed, it
should be part of any remote monitoring
facility’s range of services.
There have been massive developments in
terms of security technology in recent years
thanks to the use of Internet Protocol (IP)-
based systems, and audio is no exception. IP is
a communications mechanism that allows every
computer or other device on a network to have
an individual address, affording the ability to
control and monitor them from anywhere on a
network. What’s more, they can even be
configured and controlled from an off-site
location. That’s part of the reason why a
growing number of organisations are choosing
to use third party RMCs as a way of maximising
the efficiency of their operations.
Thanks to IP, it’s now possible to control a
wide variety of building services over one
infrastructure. From logistical and capital
expenditure points of view, there’s the potential
for substantial savings on cabling installation
costs in that an existing network can be used
instead of installing totally new cables. This is
something that can reduce installation time.
That’s important, as security technology has
traditionally been viewed by corporate
management as a ‘necessary evil’ – something
that doesn’t typically create or generate
revenue for the business in which it’s deployed.
IP-based systems can reduce overheads.
Take, for example, barrier and access control.
Shopping Centres often have one dedicated
person on site to provide access for deliveries,
etc. While this is obviously important from a
security point of view, there may well be long
periods of time where that operative is doing
very little. By using an IP-based video and voice
system, the RMC is able to carry out this
function as part of a broader range of activities.
32
www.risk-uk.com

CCTV and Audio Monitoring
Features and benefits
As part of an IT network infrastructure, IPbased
audio technology is compatible with a
wide range of other security devices, including
cameras, recorders and software. This helps to
ensure full integration.
IP-enabled speakers provide clear, long range
speech for remote speaking in surveillance
applications and, as well as enabling an
operator to remotely address people and deter
unwanted activity, they can also play a prerecorded
message when it’s manually or
automatically activated in response to a
specific event. Alarms can also be triggered
based on audio sounds above a specified
decibel level.
What’s more, IP audio provides real-time
confirmation of an intrusion. That being so,
organisations then have an effective way of
keeping people, property and assets safe, while
also avoiding false alarms and the unnecessary
deployment of personnel.
As each speaker has its own IP address, it
can be isolated. When it’s only necessary to
communicate with a person – or persons – in a
specific area, this can be achieved without
using the entire system. This type of flexibility
serves the security needs of a wide range of
locations including educational establishments,
car parks, building sites, hospitals, car
dealerships, industrial estates, warehouses and
utilities sites, etc.
In addition, IP audio harbours less obvious
benefits in terms of ensuring adequate
standards of Health and Safety. For instance, in
high density locations such as Shopping
Centres and sports stadiums it can be used to
make announcements that avoid the build-up of
dangerous ‘bottlenecks’.
Power over Ethernet
Back in 2003, the IEEE 802.3af standard – more
commonly known to industry professionals as
Power over Ethernet (PoE) – was ratified and
allows surveillance cameras, audio equipment,
access control technology and other embedded
devices to receive power as well as data over
existing cabling.
The original PoE standard was limited to
provide up to 15.4 W of DC power per device,
but in 2009 the higher power IEEE 802.3at
standard – or PoE+ – came into play, enhancing
provision up to 25.5 W of power. Standardscompliant
PoE applications are intended to
operate over twisted pair copper cables from
Category 5 upwards, with a channel distance of
up to 100 metres.
PoE has been an enabler of IP-based
security and the benefits extend to audio. It
eliminates the need for separate data and
power cables, while also simplifying the
installation and maintenance of networked
devices. One of the biggest benefits of PoE is
its ability to simplify the management of the
network. Installation becomes less complex
and the process is also quicker due to the need
for fewer cables and power sockets.
In addition, global organisations can also
deploy PoE everywhere, without concern for
any local variances in AC power standards,
outlets or plugs.
Sound advice
Given its clear advantages, the use of IP-based
audio technology is set to rise in the coming
years. Some systems also have the capability to
operate in a two-way capacity, meaning that
there’s the potential to ‘listen in’ and record
conversations. Those thinking of using audio
for this purpose in a business application need
to be careful, though, as they could be entering
an ethical and legal minefield by doing so.
The Information Commissioner’s Office’s
(ICO) CCTV Code of Practice states that sound
recording is unnecessary and in most cases
intrusive, and could undermine public support
for CCTV. In addition, if used inappropriately it
could be in violation of the ‘Right to Privacy’
section of the Human Rights Act 1998.
Violating privacy laws is considered a serious
crime and the ICO advises that organisations
should choose a system without this facility if
possible. If a system is supplied equipped with
a sound recording facility, then this should be
turned off or otherwise disabled.
Power of audio
Proven to be highly effective at deterring those
individuals about to commit acts of crime, IPbased
audio systems should be considered an
essential part of any remotely monitored CCTV
system. To be frank, more organisations need to
start tapping into the power of audio in order to
meet their security needs.
‘Prevention is better than cure’ is what the
old adage states, so the ability to issue a
warning and stop an incident before it starts
will always be preferable to simply reviewing
footage on a retrospective basis, locating the
culprits and spending precious time and money
dealing with the aftermath.
Malcolm Crummey:
Sales Manager (UK and
Ireland) at TOA Corporation UK
“Although video surveillance is the dominant technology in
a security system, the time has come to recognise audio
monitoring as an equally critical component. Indeed, it
should be part of any remote monitoring facility’s services”
33
www.risk-uk.com

Meet The
Security Company
This is the tenth
instalment in a
monthly series of
articles for the readers
of Risk UK where we
shine the spotlight on
NSI-approved
businesses for the
benefit of risk and
security managers
who purchase security
guarding as well as
systems-focused
solutions. Answering
our key questions on
this occasion is Laurie
Barton Wright, brand
and development
director at the
Westgrove Group
Risk UK: Can you briefly describe your
business’ activities and what you consider to
be your USP as an organisation?
Laurie Barton Wright: Westgrove Group is a
soft services provider specialising in high
footfall destinations such as Shopping Centres
and public realm spaces. We provide security
and cleaning solutions plus customer services
ambassadors on over 70 sites across the UK.
We have a ‘people-centric’ approach to our
business and we believe that this sets us apart
from other providers. We have a number of
USPs: we form partnerships with a long-term
vision, have a willingness to invest in people
through colleague engagement, show flexibility
in problem-solving and provide the drive
needed to support on-site management teams.
Westgrove is a true retail property service
provider. Our portfolio extends to commercial
buildings, but we excel in retail locations where
we can help to deliver a face-to-face guest
experience and add to the customer journey.
Over 90% of our business is within the retail
sector and we plan to increase this even further
through the introduction of ‘Synergy by
Westgrove’ which is our bespoke service
provision for Shopping Centres and retail parks.
About the National Security Inspectorate
The National Security Inspectorate (NSI) is a wholly-independent, not-forprofit
company limited by guarantee and operates as a UKAS-accredited
certification body specialising in the security and fire safety sectors.
For over 40 years, the NSI has served to protect businesses, homeowners
and the general public alike, raising standards by providing robust and high
quality audits of both security and fire safety service providers.
Westgrove Group’s expertise and culture
stems from an independent business which has
grown organically over the past 18 years. The
company boasts a senior management team
offering a wealth of direct retail experience. We
have a dynamic DNA within the business that’s
common to our whole organisation and affords
us a true understanding of our Shopping Centre
management teams.
Risk UK: What do your clients value most
about the services you deliver?
Laurie Barton Wright: We refer to our clients
as partners and our staff as colleagues. This
sets us apart from other providers and is
something that we feel supports our
partnership approach and colleague-centred
DNA. That helps to cement long-term working
relationships as we truly add value to our
partners’ businesses, whether that be through
our innovative ideas or by upskilling on-site
teams to be a greater value asset.
We prioritise our investment in training and
development to ensure that all colleagues are
given the same opportunities to enhance their
knowledge and skills. This extends even further
to customer service training and targeted
service excellence-focused initiatives.
Risk UK: How do you feel accreditations have
assisted your company?
Laurie Barton Wright: Accreditations are very
important to us, and particularly so when
tendering for new business. We can show that
we have the necessary accreditations in place
to afford potential partners confidence.
Accreditations are a benchmark to show that
we’re operating at a defined level of excellence
within our industry. They also assist us
internally by helping to support and develop
processes and procedures which add structure
and robustness to our business.
Risk UK: Specifically, what value does ACS
registration and NSI Guarding Gold approval
bring to your business and its clients?
Laurie Barton Wright: Approved Contractor
Scheme (ACS) registration and NSI Guarding
Gold approval gives us confidence that we’re
operating at a level of excellence which is
recognised externally. The ACS registration and
NSI approval are not always requested by
purchasing customers, but are recognised by
many partners and help us to demonstrate that
34
www.risk-uk.com

Meet The Security Company: Westgrove Group
In association with the
we take our business, its performance and
integrity very seriously indeed.
It’s important for us to be measured and to
think about how we’re operating and how we
can make continuous improvements. We’re an
independent business, but we offer the same
service standards as the major plcs. This is a
real USP for us in the marketplace.
Risk UK: In practice, what are the main
differences between ACS registration and NSI
Guarding Gold approval?
Laurie Barton Wright: The NSI was the first
security industry assessing body that offered
access to the ACS via the Passport route. The
Passport route is open to NSI approved
companies providing services for security
guarding, CCTV, door supervision, close
protection, key holding and Cash-in-Transit.
The Passport route offers qualifying
companies an additional option for access to
the ACS. NSI approved companies achieving
this must meet an NSI Passport Specification,
but will not be required to pass through
separate ACS assessments.
Risk UK: How do you think technology has
changed the industry over the last couple of
years and what do you feel will be the
direction of travel in the future?
Laurie Barton Wright: We use a good deal of
cloud-based technology and this has really
helped us to deliver a better service for our
partners. There are a number of key systems
which we’ve been able to develop and roll out
and which show real benefits for our partners.
Accuracy and collection of data is vital both
in security and cleaning to demonstrate a
number of outcomes and support Key
Performance Indicators around productivity of
the team on site, Health and Safety, customer
feedback and so much more.
All of our systems are cloud-based and
accessible to our partners. This promotes a
greater sense of trust and transparency. The
fact that we’re ‘paperless’ aligns with partners’
Corporate Social Responsibility aspirations.
Going forward, we’re keen to develop our
systems further. We know our partners see the
benefits and we’re continually trying to develop
them further to enhance reporting capabilities
and integration with their own systems on site.
Risk UK: When it comes to negotiating
contracts and responding to tender requests,
what aspects are of most value to customers
and how are these changing?
Laurie Barton Wright: Partners are keen to see
an innovative approach. Of course, cost is
always a factor, but it’s not always the
overriding one. Partners are keen to see a new
way of thinking and innovative solutions.
There’s always the potential for many
contracts to be left to almost ‘stagnate’ which is
why we continue to strategically revisit our
contracts on a regular basis post-mobilisation.
Budgets are always a consideration and,
again, flexibility of approach showing long-term
gain for our partners is the desired route.
Risk UK: How has Government legislation (eg
the National Minimum Wage, the National
Living Wage and holiday pay) affected your
business? Do you believe such legislation is
a good thing?
Laurie Barton Wright: Being a solutions
provider means that we can only recommend
pay rates. Having the National Living Wage in
place is helpful to ensure a consistent level of
approach. It also gives us a better ability to
look at costs for our partners going forward so
that there are no surprises.
We do try and encourage pay rates to go
above the National Living Wage or, in some
cases, consider the same pay rate for cleaning
and security.
On many of our sites we provide a ‘dual’
service and we often ‘de-badge’ our colleagues
from the traditional security/cleaning roles,
instead moving towards a customer service
ambassador-focused structure.
We firmly believe that our internal reward
and recognition scheme and training and
development all help to benefit colleagues.
Importantly, we also factor in the
Apprenticeship Levy at 0.5% of all labour costs
such that partner organisations can take
advantage of this funding stream.
Risk UK: What are the most important
attributes you look for in your security
officers and staff members in general?
Laurie Barton Wright: The answer to this
question differs from site to site depending on
our partners’ needs. Outside of the normal
vetting requirements, we also place a lot of
importance on face-to-face interviews.
As stated, our contracts are mainly within the
retail/property sector so our colleagues are
very ‘front-facing’. This requires them to be
open to the idea of customer service and ‘going
the extra mile’ to support our partners’ own
business objectives.
A willingness to learn and engage is vital. We
have training and development for all levels,
right up from basic job training through to
management training plus developmental
instruction for dementia and autism awareness.
Name
Laurie Barton Wright
Job title
Brand and Development
Director
Time in the security sector
Two years as a contractor and
20 years in property
management (client side)
working for CBRE, Cushman
and Wakefield and Westfield
Location of the business
Warrington, Cheshire
Areas of expertise
Security, cleaning and
customer service
ambassadors for property
partners including retail
(Shopping Centres/retail
parks) and mixed use
destinations
Accreditations
NSI Guarding Gold, FM Gold,
Health and Safety Gold and
EMS Gold, SIA ACS,
SafeContractor, Contractor
Plus, Member of the British
Safety Council, Member of
the British Council of
Shopping Centres, ISO 14001,
ISO 9001 and OHSAS 18001
Laurie Barton Wright Dip SCM:
Brand and Development
Director at Westgrove Group
35
www.risk-uk.com

BENCHMARK
Smart Solutions
BENCHMARK
Innovative and smart solutions can add value and benefits to
modern systems for customers. With the technological landscape
rapidly evolving, the Benchmark Smart Solutions project assesses
the potential on offer from system integration, advanced
connectivity and intelligent technology. Bringing together field trials
and assessments, proof of concept and real-world experience of
implementing smart solutions, it represents an essential resource
for all involved in innovative system design.
Launching in 2017, Benchmark Smart Solutions will be the industry’s only real-world resource for
security professionals who are intent on offering added value through the delivery of smarter solutions.
@Benchmark_Smart
Partner Companies
www.benchmarksmart.com

The Security Institute’s View
The basic aim of the Government’s Prevent
strategy is to reduce the risk to the UK and
its interests overseas from terrorism such
that citizens can go about their daily lives freely
and with confidence. According to the Home
Office’s 2011 policy paper, the key objectives of
Prevent are to respond to the ideological
challenge of terrorism and the threat we face
from those who promote it, prevent people
from being drawn into terrorism and ensure
that they’re given appropriate advice and
support and work with sectors and institutions
where there are risks of radicalisation
demanding to be addressed.
The strategy has evolved to reflect the terror
threat posed to the UK’s national security. The
biggest change came with the passing of the
Counter-Terrorism and Security Act (CTSA) 2015
after the threat level from international
terrorism was raised to ‘Severe’ in 2014 in
response to the increased number of British
nationals travelling to the Middle East in order
to join the ongoing conflicts in Iraq and Syria.
That same year, the Quilliam Foundation
estimated that around 500 foreign terrorist
fighters were British out of approximately 2,600
Western Europeans and 16,000 globally, in turn
raising concerns of battle-hardened extremists
returning to the UK. The main driver for the
CTSA was the prevention of terrorist acts on
British soil perpetrated due to radicalisation.
According to the UK Government, 30% of
convicted terrorists in the UK since 2001 have
attended university or further education, with
examples including Bradford University (three
students were questioned on suspicion of terror
offences in 2006) and Liverpool John Moores
University (two former students have been
killed while fighting for ISIS in Syria, another
has been named as a senior ISIS commander
who left behind a wife and a child to wage Jihad
in the Middle East and a fourth was jailed in the
USA for 40 years for plotting terror attacks
across the globe in 2015).
Further examples are Queen Mary University
in London (a student group called The
Ideological Society was described as being a
front for Hizb ut-Tahrir, the pan-Islamist
movement pressing for restoration of the
caliphate and the introduction of Sharia Law)
and University College London (the Detroit
‘underpants bomber’ of 2009 was allegedly
indoctrinated while studying there).
CTSA 2015 in focus
The CTSA 2015 consists of six main parts and
aims to disrupt the ability of people to travel
abroad to fight in countries like Syria and Iraq,
control their return to the UK, enhance
The Prevent Duty on
Universities: The Right Balance
Prevent is one of the four Ps that make up the pillars of the
UK’s counter-terrorism strategy developed by the Home
Office in early 2003, although it remained secret until 2006.
Its remit was widened in 2011 and it was placed on a
statutory footing in 2015, but how effectively is Prevent
playing out in the education sector? Dr Chaditsa Poulatova
and Hannah Saunders investigate
operational capabilities to monitor and control
the actions of those in the UK who pose a
threat and help to combat the underlying
ideology that supports terrorism.
It enables the seizure of passports and
introduced reforms to the terrorism prevention
and investigation measures which can be
placed on terrorism suspects to restrict their
movements and invoke temporary exclusion
from the UK. This has some far-reaching
implications for UK citizens and visitors.
The core mission of Part V (ie Sections 26 to
41) of the CTSA 2015 is to put Prevent on a
statutory footing, while placing a duty on
“specified authorities” as listed in Schedule 6
of the Act (among them universities) to have
“due regard to the need to prevent people from
being drawn into terrorism”.
Paragraph 9.4 makes Prevent a safeguarding
and student welfare issue “based on the
premise that people being drawn into
radicalisation and recruitment can be identified
and then provided with support”. According to
the Prevent Duty Guidance for Higher Education
Institutions in England and Wales, such
Dr Chaditsa Poulatova MSyI:
Strategic Advisor to the Cyber
Rescue Alliance
37
www.risk-uk.com

The Security Institute’s View
The Security Institute’s View
is compiled and edited by Dr
Alison Wakefield FSyI
(Chairman of The Security
Institute) and Brian Sims BA
(Hons) Hon FSyI (Editor of
Risk UK)
Institutions “are required to provide adequate
training and development for leadership and
staff” to ensure that vulnerability factors are
identified at an early stage and that the
Institution’s Prevent officer, who’s often that
Institution’s safeguarding officer, is informed.
In order to support universities in fulfilling
their Prevent duties, back in 2013 Universities
UK (the representative body for university vicechancellors)
launched the Safe Campus
Communities website in order to facilitate
information sharing on issues such as external
speaker protocols, effective community and
police engagement and inter-faith relations on
campus, in turn enabling the sharing of good
practice. Since 2015, a monitoring framework
has been in place via the UK regions’
appropriate regulatory bodies for higher
education, with the new Office for Students
now fulfilling that role on behalf of English
universities, as set out on its web page entitled
‘Counter-Terrorism: The Prevent Duty’.
Guidance for university governing
bodies/councils to inform their oversight of
senior management in the delivery of the
Prevent requirements, and in accordance with
the Higher Education Code of Governance
which informs the effective governance of
universities, has also been published by the
Leadership Foundation in conjunction with the
Committee of University Chairs.
Challenges of implementation
Re-casting Prevent as “safeguarding” seems to
have allayed some anxieties about the duty, but
the CTSA has not been without controversy.
Frances Webber, vice-chair of the Institute of
Race Relations, stated that it “impinged on
basic freedoms and further alienated the
already under threat Muslim community”, while
Sir Peter Fahy (former chief constable of
Greater Manchester Police) has argued: “The
extension of the Prevent duty to the education
sector was introduced in haste and without the
time for proper training which resulted, in some
cases, in inappropriate referrals.”
The University and College Union has
suggested that Prevent represented a
draconian crackdown on the rights of
academics and students, which would have an
adverse effect on freedom of speech within an
environment where views are routinely
challenged and boundaries tested in the spirit
of academic endeavour. The latter view was
also shared by the Parliamentary Joint
Committee on Human Rights.
It’s inevitable that some terrorists have
attended university: a level of 30% is roughly
what one would expect of a sample of young
people of the right age. The statistic quoted by
the Government fails to distinguish correlation
and causation, however, and in the words of
Lord Andrew Phillips in the House of Lords:
“That seems to me to be an utterly useless
statistic. Were they terrorists before they went
to university? Were they terrorists as a result of
going to university, or were they terrorists as a
result of what happened to them after
university? We have not the slightest idea.”
It’s very difficult to measure the full extent of
the Prevent strategy’s successes and failures.
Out of 7,500 referrals made to the scheme in
2015-2016, no action was taken in 37% of the
cases, while a quarter of individuals referred
were found to be vulnerable, but not at risk of
terrorist involvement. The fact remains that it’s
impossible to know how many people may or
may not have gone on to commit terrorist acts
without coming into contact with Prevent.
Although the core mission of Part V of the
CTSA 2015 is to put Prevent on a statutory
footing, the legislation does so selectively by
way of a basic framework approach.
Universities participate on a voluntary basis
and have no power to refer anyone directly to a
de-radicalisation programme.
There are no legal sanctions under the CTSA
or elsewhere for failures to act upon
information or make a formal Prevent referral,
even when an act of terrorism is committed
which might otherwise have been averted.
Where next for Prevent?
Given the practical challenges underpinning the
Prevent duty in universities, there have been
calls by Parliament’s Joint Committee on Human
Rights, Human Rights organisation Liberty and
the Open Society Justice Initiative for a “full
and transparent review of the application of the
Prevent strategy to the educational setting”.
Certainly, this would give some clarity around
the relevant risks that each university has
faced, the mitigating actions undertaken and
the extent to which the Prevent duty is
effectively integrated into universities’ current
corporate risk assessment strategies.
Hannah Saunders:
Student of Journalism at
Emerson College in Boston,
Massachusetts
“The extension of the Prevent duty to the education sector was
introduced in haste and without the time for proper training which
resulted, in some cases, in inappropriate referrals”
38
www.risk-uk.com

thepaper
Business News for Security Professionals
Pro-Activ Publications is embarking on a revolutionary
launch: a FORTNIGHTLY NEWSPAPER dedicated to the
latest financial and business information for
professionals operating in the security sector
The Paper will bring subscribers (including CEOs,
managing directors and finance directors within the
UK’s major security businesses) all the latest company
and sector financials, details of business re-brands,
market research and trends and M&A activity
FOR FURTHER INFORMATION
ON THE PAPER CONTACT:
Brian Sims BA (Hons) Hon FSyI
(Editor, The Paper and Risk UK)
Telephone: 020 8295 8304
e-mail: brian.sims@risk-uk.com
www.thepaper.uk.com

Accusations and
recriminations
between Britain and
Russia are set to
escalate with the
recent news that
scientists at the
Porton Down military
research facility have
been unable to
establish exactly
where the nerve agent
used to carry out the
attack on former MI6
agent Sergei Skripal
and his daughter Yulia
in Salisbury was
manufactured. Dan
Kaszeta examines the
episode and its
political and security
implications to date
Dan Kaszeta MA:
Founder and Managing Director
of Strongpoint Security
40
www.risk-uk.com
Nerve Agents and Novichoks
The recent Salisbury attack on the Skripals
is, in many ways, part of a broad trend
reaching back decades, but on the other
hand, it could be viewed as a reckless act of
terror due to its prevailing effects on people
and property that were not the evident target.
The revelation that the Salisbury episode was
transacted not just by a nerve agent, but
possibly by a particular nerve agent called a
Novichok, is deemed particularly disturbing.
At the time of writing, it’s theorised that a
nerve agent was applied to the handle on the
door of Sergei Skripal’s car. Nerve agents are a
specific family of chemicals. The term ‘nerve
agent’ has strict definitions in military, scientific
and medical literature. Nerve agents are a
subset of the broader category that we could
call “bad things affecting the nervous system”.
Accepted references define nerve agents as
chemicals that interfere with the normal
operations of the chemicals acetylcholine and
acetylcholinesterase in the human nervous
system. Some sources go as far as to restrict
the definition to those chemicals present in the
organophosphate family. However, there’s a
strong case to be made that chemicals in the
related carbamate family could be considered
nerve agents because their biological action is
similar. All are complex to manufacture and all
are highly dangerous to human beings.
Nerve agents include military chemical
warfare agents and a large range of
insecticides. The better-known military
chemical warfare nerve agents include Tabun,
Sarin, Soman and VX. One should never use the
phrase ‘nerve gas’ here as none of them are
gases in their natural state. Nerve agents are
mostly liquids, while some are even solids.
Many of the insecticides in the nerve agent
category include the now banned Amiton, the
highly restricted Parathion and several others.
Chemical imbalance
Depending on the particular nerve agent and
existing environmental conditions, they can last
in the environment for widely varying lengths of
time. On a warm day, Sarin may only last a few
minutes, whereas VX or one of the pesticides
could last for many months, and particularly so
if soaked into material.
Nerve agents affect the human body by
causing a chemical imbalance called a
cholinergic crisis. They can be inhaled when
you breathe, ingested in food or drink or
absorbed through the skin and eyes. They
usually operate quickly through respiratory and
ocular exposure, with the onset of adverse
effects occurring within a period of a few
seconds to a few minutes depending on dose.
Absorption through the skin is slower (ie
minutes to hours) depending on the dose. The
rate of action for wound exposure is believed to
be intermediate in speed between respiratory
and dermal absorption. Gastrointestinal
absorption isn’t well documented, but is likely
to be fast. It has been theorised that nerve
agents could be engineered to have a delayed
onset of their effects.
The signs and symptoms, and their order of
appearance, vary depending on the route of
exposure. They’re drawn from the Textbook of
Military Medicine volume on chemical warfare
agents. In terms of liquid exposure to skin, the
rate of action is from minutes to hours after
exposure. Mild effects will be muscle twitching
at the site of exposure (fasciculations),
sweating, nausea, vomiting and weakness.
Serious effects would be the mild symptoms
plus difficulty in breathing, generalised muscle
twitching, weakness, paralysis, convulsions and
loss of bladder/bowel control.
Note that miosis (ie ‘pinpointing’ of the eye
pupils) is often a late sign in situations where
the victim is exposed only to liquid.
When it comes to the inhalation of
aerosolised droplets or vapour, the rate of
action is from seconds to minutes after
exposure. Mild effects here will be the
aforementioned miosis, dimness of vision,
headache, runny nose, salivation and a feeling
of tightness in the chest. Serious effects are,
once again, the mild symptoms plus difficulty in
breathing, generalised muscle twitching,
weakness, paralysis, convulsions and loss of
bladder/bowel control.
The phenomenon of ingested nerve agents is
less well-studied, so the exact presentation of
symptoms and the order in which they’re likely
to appear is less certain. Logically,
gastrointestinal effects may present themselves
earlier. The rate of action of nerve agents could
theoretically vary. Some compounds are more
fat soluble than others, and this affects the rate
of absorption through skin.
What are Novichok agents?
Novichok means ‘newcomer’ in Russian. The
Novichok agents were developed by the Soviet
Union in conditions of great secrecy back in the
1980s. For a full background, read the book

In the Spotlight: ASIS International UK Chapter
‘State Secrets’ authored by Vil Mirzayanov, a
defector from Moscow’s chemical warfare
research programme and creator of Novichoks.
The Novichoks were created for several
reasons. First, they would avoid the (then
current) state-of-the-art military chemical
warfare detectors used in the West. Second,
they could be made from precursor chemicals
that were not proscribed or controlled under
the arms control arrangements that were either
in place or under negotiation at the time. It
should be noted that, as Moscow was a party to
the negotiations drawing up lists of specifically
proscribed chemicals, it’s not surprising that
the Novichoks didn’t make these lists.
Third, the agents were more toxic than any of
the nerve agents already in existence, meaning
that a smaller amount of agent could have the
same wide area effects. Fourth, at least one of
the Novichoks was a solid, so it could be
deployed as a dust or a powder. This has
bearings on weapon design, detection and
decontamination. Indeed, a powder would be
absorbed much more slowly in many instances,
which could explain the timeline of the recent
Salisbury case.
Finally, the Novichoks – according to some
scientific literature, at least – have more
potential for causing permanent damage to the
nervous system.
Implications of Salisbury
The implications of the Salisbury attack are
immensely important. There are four aspects of
this attack that are clear to me.
First, nerve agents are, by their very
definition, indiscriminate area weapons rather
than precision weapons. The hazard spreads by
contact. The perpetrators cared not one bit
whether other people were killed or injured in
the attack. It’s akin to burning down an
apartment building to kill one individual.
Second, Novichoks contaminate things. This
leads to extensive property damage of a type
that will not be covered by insurance. It isn’t
just an attack on health. Rather, it’s an area
denial weapon. Third, the injuries produced by
Novichoks may include permanent neurological
damage. It could even be argued that, in this
particular instance, death wasn’t even the
sought after result. Permanent disfigurement is
at least as intimidating as sudden death.
Fourth, as Novichoks are the Intellectual
Property of the Russian State (having been
invented there), if they were used in Salisbury
this means the perpetrators didn’t care about
attribution. In fact, clear attribution to Russia
may be exactly the point of this attack. It’s a
way of saying: “We did it and we don’t care
that you know that we did it.” Putin’s Russia
has had a long history of deliberately provoking
crises in order to suit domestic political goals.
Let’s not forget there was an election on.
Denials and conspiracies
An apocryphal maxim of covert operations is
“admit nothing, deny everything, make counteraccusations.”
It’s clear that the Russian State
takes this expression to heart. If anyone
doubted the existence of Russian ‘troll farms’
and other types of information warfare
apparatus, the speed with which various
conspiracy theories have circulated is evidence.
The full weight of the information operations
establishment seems to be spreading
‘alternative narratives’ to try to explain away
the attempted murders. At the time of writing, I
count at least ten ‘theories’ that point fingers
away from Russia. As is often the case, they’re
generally mutually exclusive from each other,
yet often the same outlets are pushing things
that are exceedingly unlikely to be true and
even contradictory of one another.
It takes an Orwellian degree of doublethink
to believe simultaneously: “There’s no such
thing as a Novichok” and “Someone used a
Novichok as a ‘false flag’ attack”. However,
social media is ablaze with this sort of thing.
For many commentators on the issue, the
existence of such a defiant campaign of denial
and obfuscation represents evidence in itself.
“Nerve agents are, by their very definition, indiscriminate
area weapons rather than precision weapons. It’s akin to
burning down an apartment building to kill one individual”
41
www.risk-uk.com

New Opportunities at FIM Expo 2018
At the end of this
month, the Fire
Industry
Manufacturers Expo is
coming to Ashton Gate
Stadium in Bristol. The
event is organised by
the Fire Industry
Association (FIA) and
helps to build the
bridge between
manufacturers of fire
detection and alarm
products and those in
the services world. Ian
Moore elaborates on
the key detail of the
day for attendees
Ian Moore: CEO of the Fire
Industry Association
For security companies, the Fire Industry
Manufacturers (FIM) Expo is a great place
to meet manufacturers and network with
other service professionals if they’re thinking of
expanding from security service installation and
maintenance into this other somewhat niche,
but still buoyant area of business. It’s a big step
if a company hasn’t yet expanded, but the
Expo’s light and informal atmosphere is
renowned for making those close connections
and business partnerships due to its small size.
Here, instead of wandering aimlessly
between stands for hours, you can easily make
all the connections you need within a relatively
short period of time. A major advantage is that
you can see all the products and glean answers
on how they all work, which is helpful if you’re
unfamiliar with this particular area.
If you’re already operating within fire
detection and alarm services, there’s still plenty
to engage with at the FIM Expo even for a more
seasoned professional. The confirmed
exhibitors will be showcasing a range of
products and, with new ranges being
developed, it’s a good time to find out if there
are any new solutions to be sourced or explore
other manufacturers’ products that you might
not have known much about previously.
For those operating within this specialist
sector, there’s good news in that the market is
continuing to grow. Demand for fire safety
services such as fire detection and alarm
maintenance and installation is ever-present.
The FIA’s Market Conditions Survey, which has
been repeated every six months since 2008,
has shown that, if any industry is relatively
financially fire-proof (if you’ll excuse the pun),
then it’s the fire industry.
Reports spanning the last few years have
continually demonstrated a period of financial
stability and, on the whole, respondents don’t
feel that Brexit is necessarily going to
negatively impact their business (though there
are a few responders to the survey with
understandable concerns at present, such as
the rise in supplier costs).
As such, now might be a good time to start
having those business conversations with a
range of different contacts to look at different
product series and prices. The FIM Expo is a
good opportunity for this. The atmosphere
tends to be relaxed, there’s no pressure and
exhibitors tend to have more time for in-depth
conversations in person than at some of the
larger shows where they simply take your
details down and say they’ll call you back at
some point next week.
If you’re a regular attendee at the FIM Expo,
you’ll know just how valuable those
conversations with others in the business can
be in the real world. It’s a great place to seek
advice and build worthwhile connections with
new people, to meet up or make an
appointment to see a business contact over a
coffee (tea and coffee is provided free of charge
alongside a buffet luncheon).
42
www.risk-uk.com

FIA Technical Briefing: Fire Industry Manufacturers Expo 2018
BS 5839-1: 2017 examined
Alongside the chance to meet with the
exhibitors themselves, there’s the added bonus
of two free seminars at the Expo. Last time out,
the seminars were completely full with standing
room only, so it’s worth arriving early to ensure
you can grab a seat.
The first seminar in 2018, running under the
title ‘BS 5839-1: 2017 – What has changed?’ is
presented by the FIA’s technical manager Will
Lloyd, who also helped to write the materials
for the FIA’s new qualifications in fire detection
and alarms. Will is very well known for his
encyclopaedic knowledge of British Standards,
and can provide expert advice on a wide range
of fire detection and alarm-centric issues.
This seminar covers the latest major revision
of British Standard BS 5839-1, and the
differences between this version and the old
variant. Despite it being 2018, there may still be
some aspects of the 2017 revision of this
document of which you (or indeed your
colleagues) may be unaware.
The update seminar covers a long list of
areas including multi-sensor detectors in
escape routes, L3 and L2 systems, the use of
manual Call Point covers, places of ‘ultimate
safety’, manual Call Point locations,
communications with the Fire and Rescue
Service, staff alarms, video fire detection, types
of fire detectors and their selection, the spacing
and siting of automatic fire detectors, detector
spacing and siting on honeycomb ceilings, the
siting of optical beam smoke detectors, ceiling
height limits, cables, wiring and other
interconnections and inspection and servicing.
This isn’t a full and complete list, but does
afford an indication of the degree of depth of
the seminar. The FIA is committed to improving
levels of professionalism throughout the
industry and this seminar will provide plenty of
insight into what is a complex subject area.
The second seminar running at FIM Expo will
be discussing the future of the fire industry.
What levels of competency will be expected or
needed in 2018 and beyond? In the current
climate, wherein pressures on responsible
persons/duty holders are rising, what will
potential clients be looking for in their chosen
fire detection and alarm service company?
Entitled ‘The Future of Qualifications in Fire
Detection and Alarms’, this is a good
opportunity to hear from industry experts and
ask questions about the movement of the
industry over the next few years. This
presentation will be given by the FIA’s general
manager Martin Duggan who has served the
organisation since 2001 and can offer a high
level of intelligent and comprehensive
observations and answers about the future of
the industry and where it might be heading.
Both seminars at this year’s FIM Expo are
fully Continuing Professional Development
(CPD)-accredited. CPD certificates will be
available to pick up from the registration desk
at the end of the presentations.
Diversifying security businesses
Back to the big question: ‘If you’re in security,
should you diversify your business and move
into fire as well?’ There’s a great deal of
support available should you wish to do so, but
success within the fire industry does come with
a number of hoops to jump through in the first
instance. It’s important to understand that the
fire industry is framed by a large amount of
legislation that the security industry doesn’t
necessarily have, including the need to be
‘competent’ (according to that legislation).
While the legislation doesn’t say how to
show competence, accessing accredited CPD
(such as by attending seminars at FIM Expo)
should help, along with achieving third party
certification through an independent scheme
such as BAFE. This will allow you to become a
member of the FIA, subsequently putting you in
good standing to gain larger contracts from
bigger clients who tend to be more insistent on
third party certification That isn’t always the
case, but it’s most certainly a growing trend.
However, only companies that have third
party certification (such as BAFE SP203,
SP101/ST104 or LPS1014) are eligible for
membership of the FIA, so too manufacturers
that are BS EN ISO 9001 certificated. We’re not
interested in representing contractors who are
not up to the job and who give the industry a
bad name. Credibility and a reputation for high
quality and second-to-none service are what
FIA members are all about.
Becoming certified requires being audited by
a certification body and the process can
certainly be a somewhat long and confusing
one if you’ve never worked within this area.
Thankfully, the FIA enjoys a partnership with
the Security Systems and Alarms Inspection
Board and a wealth of information and help to
ease you through the certification process.
Probationary membership is available for up
to 12 months for any organisation which is on
the way to achieving accreditation.
Logistics for the day
The FIM Expo 2018 takes
place at Ashton Gate Stadium
in Bristol on Wednesday 25
April. The Expo is open from
9.30 am through until 3.30
pm. The first seminar
focusing on BS 5839-1:2017
is being presented at 11.00
am, with the second
concentrating on the
industry’s future roadmap
running at 2.00 pm
Although the event is free to
attend, spaces are limited
and it’s recommended to
register in advance to secure
a space. Full details are
available on the event
website. Visit www.fimexpo.com
to register
“Confirmed exhibitors at the FIM Expo will be showcasing a
range of products and, with new ranges being developed,
it’s a good opportunity to find out if there are any
particular solutions you need to source”
43
www.risk-uk.com

Recognising ‘The Hero Factor’
find it difficult to share positive stories about
themselves and their work with colleagues and
clients, preferring instead to exercise modesty
and humility.
Isn’t that a waste of potentially powerful
content, which could be used in a number of
ways to promote the individual, the company
and the industry?
Showing members of
the security staff that
they’re appreciated
through visible
recognition and
reward is important if
the employer and
service buyer wants to
see the best return
from those on duty. As
Amanda McCloskey
details, investment in
staff confidence and
motivation drivers has
multiple benefits, not
least when it comes to
fostering a culture
built on the desire to
exceed expectations
Hero (Verb): “To treat or honour as a hero”.
The use of the word ‘Hero’ as a verb might
be relatively new, perhaps appearing
more commonly in business speak vernacular
thanks to the advertising industry whose
moguls use it to describe how they want their
product to shine out over everything else. It’s
also an appropriate turn of phrase to enact
when talking about the potential in spotlighting
and delighting valued employees.
On that note, security industry leaders need
to understand what motivates their staff to get
out of bed and go to work in order to prevent
them from being lured away by competitors or
even other industries. Notoriety and rewards
are important, but ideally as part of a broad
and creative approach towards showing
appreciation for employees and respect for
their motivational drivers. Different people are
motivated by different things, but there are a
few elements which are common to all.
Purpose and meaning are increasingly
important to today’s employees. Many value
regular praise from their bosses more highly
than monetary rewards. The security industry
can be said to have purpose in abundance, but
spotlighting and storytelling needs to come
into it to ensure that the value of this purpose
is communicated to all those involved.
Experience tells me that many security
officers are genuinely motivated by the desire
to make the world a fairer and safer place. The
drive to be a ‘Force for Good’ is strong and
many an officer’s raison d’être. Yet some may
Celebrating achievement
When I reflect on the individual and team
success stories that we’ve relied upon as
“reasons to believe” in supporting the
communication of our sales, recruitment and
employee messages, not to mention emotive
Case Studies to back up our industry award
entries, I’m left in no doubt about the
importance of celebrating staff achievements.
Hero-ing people makes them feel like they’re
fulfilling their job role, and we know that job
purpose is inextricably linked to productivity.
According to workplace behaviour expert Hatch,
94% of people it surveyed said the more
meaning their job has, the more likely they are
to be engaged. Hatch also found that
companies who afford their employees greater
control grow four times as fast. Handing over
more control breeds confidence and resilience.
Empowering staff with transparency on
company plans and encouraging the provision
of feedback through focus groups and surveys
cultivates a sense of involvement, while acts of
generosity (to reward loyalty or help given on a
project, etc) and inclusive company events
create a sense of community and belonging.
Among a growing list of skills, qualities and
characteristics that an effective modern security
professional is expected to have, confidence is
an absolute lynchpin. Of course, a certain
amount of self-assurance is essential, and
particularly so for those working in high-profile
security roles. Senior management are missing
an opportunity if they fail to foster and further
develop confidence levels in individuals.
Confidence and competence
A good security officer should project
confidence and competence. Therefore, it’s
important that successes be noted and
celebrated to enable the building of trust in
one’s own abilities and decision-making skills.
Neglecting to hero your most talented and
hardworking staff is a significant business risk.
Anyone who deals regularly with recruitment
agents will be aware of the cost of replacing
44
www.risk-uk.com

Security Services: Best Practice Casebook
staff versus the nurturing of existing
employees. Much better to keep them under
your roof by building them into your succession
plans and allowing them to continue spreading
ripples of inspiration and a positive work ethic.
Platform to self-report
Staff should be given a platform to self-report
their moments of glory through a well-run
recognition programme which is communicated
throughout the business and incentivised with
a mix of rewards that ideally echo the
messages imbued by the company.
World-class customer service is a
prerequisite for CIS Security’s clients. You
simply cannot have happy customers unless
you have loyal and faithful staff who are being
noticed for their good efforts. Security officers
will happily go above and beyond the Call of
Duty if they know they’ll be acknowledged and
praised for doing so, ideally in front of all of
their colleagues and clients.
Awards ceremonies are a great idea to show
appreciation and promote dedication to duty.
Layer up the extravagance according to your
budget, but don’t scrimp and be clear and
consistent in your criteria for qualification and
winning. Honour the most talented staff with all
the pomp and ceremony that they deserve for
their continued hard work and determination.
When it comes to external events, some
managers may be insecure about letting their
best people out into the networking world lest
they be enticed to a competitor. On the
contrary, cultivating their ‘celebrity’ can have
the positive impact of making them appreciate
their role as a valued brand ambassador. Offer
to take a fantastic photo for their LinkedIn
account and highlight them as a Newsletter
columnist with a regular feature on their
industry-related area of interest or expertise.
They’ll appreciate your belief in them as an
individual and reward you with their loyalty.
The ‘War for Talent’
Every conference I attend these days seems to
refer to the “War for Talent”. This isn’t as
simple as offering a good package anymore.
Today’s talented individuals see themselves as
a micro business and, as such, will conduct
thorough due diligence before accepting a role
at any company. This includes searching online
news for any mention of a prospective employer
to ensure they don’t have any form of unfair
treatment of staff being reported.
They will also scan any employer review
websites, taking in any snapshot ‘Star Ratings’
and accompanying comments from current and
past employees to gauge the general
satisfaction levels of those who work within the
business. Any credible negative commenters
should be contacted to find out more so that
lessons can be learned going forward.
What else can you do to keep your best
people performing at the very pinnacle of their
ability? If you were to ask them, more than a
few would say: “It’s the little things that
matter”. For instance, comfortable workplaces
are essential for motivating staff to stay and
finish their work on time. Good ergonomics
such as comfortable, adjustable seats and
considered lighting are a ‘must’. Push your
budget a little further to positively transform
the aesthetic of the workplace.
Mental health policy
Even superheroes have challenging days.
Security life can be stressful and some
experiences can have a lasting impact. Pastoral
support and strong mental health awareness is
important to maintain a healthy workforce, as
detailed by Louise McCree in the Security
Services: Best Practice Casebook article
published in last month’s Risk UK.
A functioning mental health policy, tools and
communication campaign can help mitigate the
risks of the high costs related to employees
who might otherwise become absent from work
for lengthy periods. Home working is now a far
more viable option for some employees due to
advances in remote technology. While not for
everyone, it may be just the right space certain
personality types need in order to transact their
job role with a sense of comfort.
Celebrated individualism and control breeds
confidence and, combined with considered
workspaces and approaches, makes for happy
members of staff who will dutifully remain with
the business through thick and thin.
From my own point of view, I thoroughly
enjoy reading about hero colleagues within the
company, whether they’re enjoying a team night
out as a reward for excellent collaboration in
apprehending a nuisance criminal, receiving a
long service award or even sharing photos of
themselves red-faced from running their charity
marathon in our Newsletter.
Hero-ing individuals feels right for this
industry and allows me to identify and
remember those members of staff both for who
they are and what they’ve achieved inside and
outside of the working environment.
Amanda McCloskey:
Sales and Marketing Director
at CIS Security
“Empowering staff with transparency on company plans and
encouraging the provision of feedback through focus
groups and surveys cultivates a sense of involvement”
45
www.risk-uk.com

Successful Cloud and Mobile
Technology Strategies: Security of Data
malware attacks occur. This isn’t only a problem
faced by large organisations, either. As BYOD
has become more acceptable among SMEs, so
it has created even more challenges because
this size of enterprise simply doesn’t have the
resources needed to manage breaches to the IP
network on a large scale.
Companies have faced
unprecedented
security challenges
and risks to the
integrity of their
networks since cloud
computing, the Bring
Your Own Device
(BYOD) concept and
mobile technology
forged a permanent
place in business IT
strategies. How, then,
might those risks and
challenges be met
head on? Jocelyn
Krystlik offers some
thought-provoking
views on the matter
Today’s security managers and network
administrators fear the cyber security
dangers outside and the dangers lurking
within pretty much in equal measure, knowing
full well that they’re no longer able to rely upon
the existence of a solid and reliable IP
‘perimeter fence’ to defend the business.
Admittedly, ongoing improvements in
connectivity have brought about many benefits,
allowing employees to work remotely on a
much bigger scale, with increased collaboration
and often lower capital expenditures. Whether
from a home office or on the move, employees
want to be able to access vital data from the
corporate network, but the challenge is that the
environments they inhabit are not always safe.
Mobile devices in particular introduce
potential breaches, because in the urgency to
access an important document or update a
calendar, the employee will almost always
choose convenience over security. Access to the
Internet or Wi-Fi means that, as soon as a given
phone is connected to the corporate network, it
creates a two-way bridge from the safety of the
internal zone to the outside world. This is
precisely why businesses need to consider the
cloud very carefully if they’re to manage the
inevitable loss of security control which could
expose their digital assets.
This is all-too-easy to do. While on the one
hand organisations encourage their staff to use
company mobiles or even their own smart
phones and tablets as part of a Bring Your Own
Device (BYOD) policy, primarily because it’s
cost-efficient and easy, on the other hand the
security team has to pick up the pieces and
solve breaches to the network as and when
Start with data
Any discussion around security, the cloud,
BYOD and mobility must beging with the topic
of data. Companies need to adopt a datacentric
approach because of the difficulties in
protecting devices that are being used by
individual employees. One of the main
challenges lies in the inability to keep files
encrypted as they move into and away from the
cloud or are otherwise e-mailed to customers,
colleagues and business partners via cloudbased
services.
Device-based encryption and data loss
prevention technologies do keep files protected
to a certain extent when they remain on the
premises or on devices, but once the files are
uploaded to the cloud, sent via e-mail or shared
on the cloud platform, the encryption is often
removed. As a result, digital assets can become
dangerously exposed.
On premises, sensitive data is the priority of
the company, but for cloud providers, the
priority will always be delivering access to their
cloud platforms 24/7 rather than preventing
access to data. This is why it’s important to
encrypt data end-to-end. It’s the only way that
companies will be able to fully protect their
data from security breaches.
While it’s vital that businesses afford
employees and end users alike the freedom to
collaborate and share files with each other as
well as trusted contractors, service providers
and partners, they have to strike a balance with
protecting their key digital assets.
Battle to remain secure
Encryption is a great – if fallible – weapon to
use in the battle to remain secure. Documents
can be encrypted via certified trust solutions
which provide each file with a unique
encryption key, thereby limiting data leaks in
the event of a compromise. The encryption key
is controlled by the user or the organisation,
removing responsibility from the cloud provider.
46
www.risk-uk.com

Mobile Technology: Security Management for BYOD
Device-based encryption allows embedded
drives or removable drives to be encrypted,
enabling data to be protected. This is great if
the device is lost or stolen, but problems arise
if a user is logged into the device and the data
is unencrypted (allowing it to be used in other
Apps running on the device). To overcome the
encryption gaps, data can be classified by data
loss prevention, but it does present issues
relating to which data files need to be
encrypted and when it comes to configuring the
decryption policies and rules.
There’s also a more personal approach which
can be used by employees and end users to
apply encryption among their own trusted circle
of collaborators with whom they may share
password access keys to view the files.
Combining this approach with centralised
controls and rules creates a powerful security
defence system that may be used to secure
data ranging from video surveillance images
through to employee records on laptops,
desktops, tablets and smart phones.
Even though it’s applied by employees, the IT
Department is in control, defining, managing,
enforcing, tracking, auditing and reporting on
data protection policies for the company.
Encryption limitations
Implementation of end-to-end encryption does
go a long way towards minimising the dangers
that the data itself can find on the path from
the repository to the mobile device or at rest in
the cloud or a third party environment.
However, companies shouldn’t fool
themselves into believing that encryption can
solve all of the challenges. Like many other
solutions, it works for specific cyber security
issues, in particular to protect data that’s being
moved on and off the cloud via different
devices, but it will not stop an attacking virus
from deleting the entire contents of a hard drive
and it doesn’t halt ransomware. Also, it doesn’t
provide protection against unauthorised access
to – and the misuse of – corporate internal
networks. Encryption cannot protect or obscure
metadata, which in some circumstances is as
revealing and valuable as corporate data.
If properly implemented and managed with a
methodology and solution for the creation,
storage, control and distribution of encryption
keys, then encryption is probably the single
biggest improvement that companies can make
to their security, and particularly so when
they’re using the cloud, BYOD and mobiles.
When the IP perimeter was diminished, we
also said goodbye to trust. The only real
solution to this issue is strong authentication.
This isn’t the same as two-factor authentication
“Documents can be encrypted via certified trust solutions
which provide each file with a unique encryption key,
thereby limiting data leaks in the event of a compromise”
or multi-factor authentication, but instead it’s
the underlying basis of both – the method of
verifying the identity of a user or device that’s
intrinsically stringent enough to ensure the
security of the system it protects by
withstanding any attacks it’s likely to encounter
and, by its very nature, creating an element of
trust in the device or system used.
Both two-factor authentication and multifactor
authentication are strong
authentications, but then so are several multichallenge/response
approaches using singlefactor
(although it must be said that these rely
on multiple points of validation of the
knowledge factor).
As we’re now operating in a more open and
collaborative working environment, it would be
to our advantage to shift from the old ‘reside
inside’ mindset and instead establish point-topoint
trust between machines, end users and
applications. Following a policy of
segmentation and separation, whether it’s the
physical separation of networks into data plus
security plus external, or segmenting networks
in application-based geographies or functions,
all provide a fundamental basis for the
implementation of strong authentication. In
fact, it’s the next big step for consideration.
Asking for help
Security and network managers already have
big challenges to oversee. Keeping their arms
around the risks that cloud computing, BYOD
policies and mobility present is becoming more
difficult, not less. The responsibility of network
administration in complex and dangerous
environments has increased exponentially.
The most committed IT security manager is
unlikely to be able to manage it all, even in
smaller-sized companies, so if it’s at all
affordable, it’s always good practice to pull
together a pool of experts with segmented
responsibilities or the services of reputable
security companies. Outsourcing means they
can provide Security Operations Centre services
and a broad range of skills. They will be as
invested and involved in protecting the data of
their client as the company itself, and
particularly so since any issues that do arise
will render them culpable.
Ultimately, iit’s vital to implement encryption
and to ensure that at least primary systems are
protected with strong authentication.
Jocelyn Krystlik:
Product Marketing Manager at
Stormshield
47
www.risk-uk.com

Risk Assessments and Education: Key for
the Safety of Shoppers, Staff and Stock
money makes a strong headline and investing
in the latest security systems may seem like the
right thing to do (and, in some instances, it may
well be), but how much of that investment in
combating retail crime is spent wisely?
Let’s face it, the statistics tell us that such
criminality is continuing to rise.
Tackling the
continuing rise in the
rate of retail crime as
reported by the British
Retail Consortium
means concentrating
heavily on the basics
(and doing them well).
Here, Charlie Swanson
explains in detail why
thorough risk
assessments, careful
systems procurement
and targeted training
for members of staff
form the key
ingredients of a
successful security mix
in the retail arena
Retailers are having a tough time of late,
with Toys R Us, Maplin and Mothercare
(among others) all hitting the headlines in
a negative way. The British Retail Consortium
(BRC) did little to lighten the mood when
recently publishing the findings of its annual
Retail Crime Survey, shining a light on the
increasing levels of violence being experienced
by shop workers and how the industry is
shouldering a burden of £700 million as a
direct cost of retail crime.
While theft represents three-quarters of the
total cost of retail crime, the most worrying
revelation is that escalating rate of reported
violence against employees which has doubled
in a year to number six attacks per thousand
members of staff. This suggests that 13 shop
workers (and that includes security officers)
become victims each and every day.
Thankfully, the retail sector isn’t resting on
its laurels, as the BRC’s CEO Helen Dickinson
states in her Foreword to the 2017 Retail Crime
Survey report. “Our members are fully playing
their part in tackling retail crime, spending in 12
weeks on crime prevention what they did for
the whole of the previous year. However, that
level of spending may not be viable in the
longer-term,” comments Dickinson.
Here, I would argue that there’s a world of
difference between doing things right and
doing the right things. Spending huge sums of
Always risk assess
If we’re going to tackle the rise in retail crime
we need to start at the beginning. That means
making sure we’re doing the basics and doing
them well. This begins with the uncomfortable
acknowledgment that the criminal is always on
the front foot. They are all-too-often successful
because they’re adept at spotting and
exploiting vulnerabilities. Put simply, they do
something many retailers are failing to do
adequately or altogether – they risk assess.
It sounds obvious, but if you can pinpoint
areas of exposure and close them, the risk
posed to the organisation is greatly reduced.
This holds true whether you’re talking about
the physical security of a given store in a
Shopping Centre or an online store seeking to
mitigate the growing threat of cyber crime.
Much of the money spent on securing retail
establishments is dedicated to systems (both
physical and, increasingly, cyber).
Organisations are always being told that there’s
a new solution to their woes, and there are
many excellent examples of where technology
in many different guises is being used to great
effect. Similarly, there are many instances
where what has been specified wasn’t fit for
purpose, installed poorly or used inefficiently.
Many buyers are not clear on what they want
and what they need their security systems to
do, and don’t always understand the limitations
of those systems (which, for obvious reasons,
are rarely explained during the procurement
process). This is just one area where a risk
assessment, conducted by a qualified security
professional, would help to ensure the right
questions are being asked. Any investment not
directly addressing an identified vulnerability
would be ineffective and discounted.
Untrained staff at risk
Of course, the larger retailers such as
supermarkets have dedicated security teams
who tend to understand security systems and
the need for regular risk assessments (albeit
48
www.risk-uk.com

Training and Career Development
perhaps only to a certain degree). For small
independent store owners, though, the whole
process can be a challenge, because they want
to spend as little as possible on security as
such an investment can have an even greater
impact on their bottom line. However, even if
the store with one CCTV camera and monitor
hasn’t undertaken a thorough risk assessment
and trained the operator(s), the system isn’t
then being used to its full potential.
What’s more, some security systems that are
commonplace for larger retail stores have been
installed without adequate training or
processes, and are potentially putting people in
danger. A good example is the electronic
tagging of products. When the alarm sounds as
someone exits the store, it’s likely that
members of staff may not have a full
appreciation of the situation. It could be an
innocent mistake. Perhaps the cashier didn’t
remove the tag from an item of clothing. It may
be an attempted theft. All-too-often, it’s the
nearest member of staff who reacts based on
instinct rather than Best Practice and, again
potentially, places themselves in harm’s way.
To give one example of poor procedural
understanding and communication, I once
spoke with two young shop employees who
chased a thief running out of a store with some
electrical goods. When they caught up with the
male he produced a syringe seemingly filled
with blood and exclaimed that he was HIV
positive. When asked why they ran after him,
they explained that the manager had told them
to do so or else face disciplinary proceedings.
The BRC’s report highlights syringes to be
the second most significant weapon now used
in retail crime. However, the incident to which
I’m referring took place way back in 1994. Such
occurrences may still be happening today and,
if so, this is both wrong and extremely
concerning on so many levels.
Awareness and education
You can conduct a risk assessment and have
the right systems installed in the right way, but
all of this must be accompanied by awareness
and, critically, appropriate training in order for
that risk assessment to be truly effective.
In the previous example, the store manager
clearly acted irresponsibly. However, the two
members of staff on the shop floor should have
been trained to know what response was
required of them, which most certainly would
not be to give chase to the thief.
Lack of training and adherence to Best
Practice is currently a massive problem area in
the retail world. Often, members of staff at all
levels of the business are ill-prepared regarding
“You can conduct a risk assessment and have the right
systems installed in the right way, but all of this must be
accompanied by awareness and appropriate training”
how to mitigate the risks presented to
themselves, customers and merchandise. Every
store manager needs to be aware of their Duty
of Care when it comes to the safety and security
of staff, customers and merchandise. The CEO,
Saturday staff and everyone in-between also
need to be mindful of the risks posed to the
business and the checks and balances in place
to mitigate them. Any organisation is only ever
as strong as its weakest link, and you can be
sure that a criminal – whether they’re physically
entering a store or attacking online – will
always look to exploit this weak point.
Another important factor is ensuring that
those who commit crime are prosecuted. This
means being able to furnish the police with
sufficient evidence that’s admissible in a Court
of Law. With police resources stretched, they
now need all the help they can muster when
investigating an incident.
Basic steps such as ensuring that camera
systems are installed correctly can make a huge
difference. This can be a challenge for smaller
retailers. One shining light is the retailer Card
Factory which has been complimented by the
police service for the phenomenal quality of
CCTV images that it’s able to share with law
enforcers from its estate of 900-plus stores.
Communicating the risk
From my own point of view, I’ve been teaching
risk management for more than 30 years and, in
many respects, my mantra hasn’t changed
when it comes to extolling the virtues of a
thorough risk assessment and communicating
the risk right across the organisation in some
form of training and awareness.
Before another penny is invested, my advice
to you is to start assessing, planning and
preparing today. Whether this is completed inhouse
or with the aid of a specialist consultant,
good security is about nurturing the right blend
of people, process and technology.
At the moment, in many instances this isn’t
happening, and maybe falling down the cracks
somewhere between the CEO and the shop
floor. The bottom line is that, without effective
risk mitigation measures, retailers will continue
to render their business to unnecessary risks
and suffer increasing violence against staff and
shrinkage, which includes the loss of stock
attributed to factors ranging from staff theft
through to shoplifting and vendor fraud.
Charlie Swanson MSc PG Dip
CSyP FSyI SIRM:
Principal Trainer at the Linx
International Group
49
www.risk-uk.com

Risk in Action
Risk in Action
Abloy UK secures O2
Arena thanks to
Hillsborough BR4
ballistic doors
Located in London’s
Docklands, the O2 Arena is a
multi-purpose indoor venue
with the second highest
seating capacity of any such
venue in the UK. In 2015, the
O2 was the busiest music
arena in the world in terms
of ticket sales, handling no less than 1,819,487 tickets for myriad events.
Given the increase in gun crime and terrorist attacks in the UK, high capacity
venues must prepare for emerging threats. Last year, the O2 Arena was faced
with a problem. The venue’s interior doors were no longer fit for purpose due to
wear and damage caused by the constant flow of people entering the site. The
main priority for the venue’s management team was to have doors fitted which
could ensure the safety of visitors and staff from fire or criminal attacks.
Abloy UK had a complete understanding of the security requirements here
thanks to having worked on many Critical National Infrastructure projects
across varied sectors. At the survey stage it was agreed that, in order to ensure
the level of security needed and provide doors that are fire-rated, the most
suitable solution was the Hillsborough BR4 ballistic doors.
These fire-rated ballistic door sets designed by Abloy UK offer protection
from 9 mm handguns through to armour-piercing rounds. All system testing is
to European and British Standards BS EN 1522 and BS EN 1523.
Abloy UK provided a full service for this project covering site survey, supply
and installation and ensured that the job was carried out with one main point of
contact (in this instance Wren Construction Limited, the main contractor on site
throughout the project).
The company was able to adapt to any additional requests during the build
and fit-out process. Furthermore, Abloy UK was also able to produce a bespoke
colour ‘O2 blue’ to guarantee that the door sets are aesthetically pleasing in
terms of matching the O2 Arena’s colour scheme.
£260 million Bradford Broadway
retail complex safeguarded by
Advanced fire panels
The Broadway is the latest UK retail venture for
property investment management business
Meyer Bergman, which also owns The Bentall
Centre in Kingston upon Thames and London’s
iconic Burlington Arcade. It’s home to over
570,000 sq ft of retail and leisure units in
addition to 1,300 parking spaces.
At the heart of The Broadway’s active fire
protection system is a network of ten Advanced
MxPro 5 intelligent multiprotocol panels. This
network is augmented by a TouchControl
touchscreen repeater panel, a special
evacuation zone control package, a BMS
interface and a bespoke PC-based graphical
user interface. The network was designed,
configured and commissioned by Carlton Fire
Systems, a long-time Advanced partner, with
the installation of equipment and cables being
undertaken by Pitts Wilson Electrical.
TouchControl is a fully-functional remote
terminal and repeater with a ten-inch HD
touchscreen that delivers new solutions
including Active Maps and zone plans. These
are easily added to the system from almost any
drawing or image.
The TouchControl interface offers fire panel,
network control and reporting right down to
individual device level.
Nortech’s parking system enhances
risk management efficiencies at
Tewkesbury Community Hospital
Gloucestershire Care Services NHS Trust has
recently updated and improved Tewkesbury
Community Hospital’s car park by using
Nortech’s FeeMaster system. The Feemaster
range was installed by entry control system
specialist ASGuk, who had been appointed to
the project by the NHS Trust to design and
install a parking control system to prevent
visitors from misusing the site’s car park.
ASGuk proposed a time and budget-friendly
solution that fitted the client’s needs now and
into the future, combining both automatic
barriers and parking ticket control. The
company selected Nortech’s FeeMaster
parking system as part of the design, which
includes the FeeMaster Smart Entry Station,
the FeeMaster Smart Exit Station and a
number of FeeMaster Smart Consoles for
inside the building.
The consoles allow members of staff to
control any misuse of the car park and ensure
that there are enough parking spaces for
visitors and patients alike at any given time.
Nortech’s FeeMaster Smart parking
management system is a flexible, simple and
cost-effective way of managing car parking
access and controlling validity periods using
Mifare smart cards. This avoids the need for
expensive cabling between components and
minimises on-site disruption. The Smart Entry
Station is designed to be used to record the
date and time that a vehicle enters a car park.
50
www.risk-uk.com

Technology in Focus
Technology in Focus
Milestone Systems focuses on performance and privacy
issues with XProtect 2018 R1
Milestone Systems, the open
platform company in networked
video management software (VMS),
has released XProtect 2018 R1. The
business is responding to the
market’s rising demands for costeffective
video solutions with its first
VMS update this year.
In this release, Milestone pioneers the use of multiple NVIDIA graphics cards
on top of Intel GPU acceleration to achieve “ultra-high performance”.
The XProtect Smart Client 2018 R1 and Smart Wall are now specifically
configured to actively support hardware acceleration, whereby system
performance can be boosted by adding a supported graphics card to take over
the ‘heavy lifting’ when it comes to decoding video, in turn leaving room for the
system to handle other key tasks.
This means that the end user can view more HD or Ultra HD streams just by
adding one or more supported graphics cards to the computer running the
XProtect Smart Client or Smart Wall.
www.milestonesys.com
Commend partners with
TeleData UK to deliver hosted
intercom platform
Commend (the provider of integrated
security communication systems) and
TeleData UK (a highly secure Data Centre
operator and cloud hosting provider)
have announced details of a partnership
which has enabled the former to bring a
“groundbreaking” hosted security
communication solution to market.
The latest solution from Commend is
based on a hosted platform enabling
customers to gain all the advantages of a secure communication system
without the need for on-site server hardware. Hugely scalable, this hosted
solution enables end user customers to start small and grow on a subscription
basis over a period of time.
Although Commend has developed and owns the intercom platform, the
company required a specialist partner to deliver the cloud infrastructure on
which the application would reside. It was vital that this partner was able to
offer huge scalability, immediately available technical support and a committed
quality of service to guarantee the continued availability of Commend
customers’ service. It was also critical to ensure that the chosen partner met
Commend’s commitment to both physical and virtual security.
TeleData operates some of the most secure Data Centre facilities in Europe
and offers customers a range of cloud, IaaS, co-location and resilient network
services. The company was able to offer Commend a cloud-based Data Centre
product delivering scalability and usability and a commercial model to assist in
the whole product lifecycle, from proof of concept to final product delivery.
Matthew Edgley, TeleData UK’s commercial director, commented: “Commend
and TeleData have some key synergies, with a real focus on physical and virtual
security, application performance and service stability.”
www.commend.co.uk
ASSA ABLOY introduces eCLIQ
electronic locking system to
security market
ASSA ABLOY, the
door opening
solutions specialist,
has launched its
eCLIQ electronic
locking system
through ASSA
ABLOY Security
Solutions, offering end users “reliable
protection and maximum flexibility” for a
wide range of buildings and facilities.
Featuring what ASSA ABLOY describes as a
“pioneering” chip and 128-bit AES
encryption, the system has been developed
to offer high security and resistance to
electronic attack. Proven technology and
advanced microelectronics ensure quick and
secure communication between lock and
key, while the eCLIQ cylinders and
programmable keys are robust enough to
withstand the harshest of weather.
Security managers can easily update
access authorisations when required. Lost
eCLIQ keys may be quickly revoked, thus
eliminating the time and money spent on
changing lock cylinders and re-cutting keys.
www.assaabloy.co.uk
Herongrange integrates ievo’s
biometric fingerprint readers
Security system provider Herongrange has
become the latest organisation to integrate
biometric fingerprint readers designed and
manufactured by Newcastle-based ievo with its
own security access system.
The integration with Herongrange’s system
offers clients multi-layer security services to
meet the changing needs of site access and
workforce management. The biometric lead
solution can reduce the risk of unauthorised
access to sites and the fraudulent access and
time recording commonly associated with
traditional PIN or card-controlled systems.
www.ievoreader.com
51
www.risk-uk.com

“
You have to be here if you want
to be regarded as a key player
in the security market.
“
27,658
visitors from
116 countries
79%
of visitors come to
source new products
£20.7bn
total budget of
visitors to IFSEC 2017
Enquire about exhibiting at IFSEC 2018: ifsec.events/international
Proud to be supported by:

Appointments
Socrates Coudounaris
The Institute of Risk
Management (IRM) has
announced that Socrates
Coudounaris CFIRM will
step up from his position of
deputy chair of the
organisation’s Board when
current chair Nicola
Crawford CFIRM steps down
in early May. Coudounaris is the executive
director of risk for the EMEA region at the
Reinsurance Group of America.
Crawford is stepping down to pursue
business opportunities having devoted a
considerable amount of her professional time to
the Institute with a hugely positive impact.
“It’s with significant regret that I’m stepping
down as the IRM’s chair,” explained Crawford in
conversation with Risk UK. “I have enjoyed the
role and will continue to remain involved with
the IRM when it comes to supporting various
initiatives, as well as being an advisory member
of the Enterprise Risk Management in Banking
and Financial Services Special Interest Group
and the IRM Turkey Regional Group.”
Coudounaris and Crawford are currently
working through their transition plan to ensure
that there’s a smooth handover period.
On behalf of the IRM’s Board and senior
management team, Coudounaris has thanked
Crawford for her “dedication and contribution”
to the organisation and now looks forward to
taking on the vitally important role of chair.
An independent, not-for-profit organisation
that champions excellence in managing risk to
improve organisational performance, the IRM is
the leading international professional body for
risk management. The Institute provides
internationally-recognised qualifications and
training for practising professionals.
Rob Wainwright
Deloitte has announced the appointment of
Rob Wainwright as a senior partner in its
European cyber security practice to help lead
and grow the team and energise business with
clients. In his new role, Wainwright will also be
engaged in areas of related risk, such as
financial crime and fraud prevention.
Wainwright joins Deloitte from Europol, the
European Union (EU) law enforcement agency,
where he has served as executive director for
the past nine years. As a high-level executive
in the EU and the leading voice in European
policing, Wainwright managed the agency that
harbours 1,000 members of staff and boasts
an operational network spanning 40 countries.
Appointments
Risk UK keeps you up-to-date with all the latest people
moves in the security, fire, IT and Government sectors
Mike Haley
The Board of Cifas, the UK’s fraud prevention
agency, has just announced the selection of
Mike Haley as the new CEO for the organisation
when current chief executive Simon Dukes steps
down this month.
Haley harbours over 30 years’ experience of
tackling and preventing fraud across the public,
private and not-for-profit sectors, leading
investigative teams and directing fraud strategy
at organisations including the NHS, the Ministry
of Defence, the Office of Fair Trading, the
National Fraud Authority, Her Majesty’s Revenue
and Customs and the Solicitors Regulation
Authority. Haley joined Cifas back in 2015 in the
role of deputy CEO.
Commenting on Haley’s appointment, Simon
Dukes stated: “Mike has already contributed a
wealth of experience and expertise to Cifas. I’m
very pleased that he has been chosen by the
Board to bring these skills to the role of chief
executive and I wish him every success.”
Dukes is set to leave Cifas on Monday 30
April after nearly five years of dedicated service
to the organisation in order to take up the
position of CEO of the Pharmaceutical Services
Negotiating Committee.
For his part, Mike Haley said: “I’m delighted
to be taking up this role. I look forward to
continuing to develop Cifas as an innovative and
authoritative leader in the field of fraud
prevention as we navigate the challenges and
opportunities of the coming years.”
Wainwright has enjoyed a 25-year career in
the spheres of intelligence, policing,
Government, EU and international affairs,
including posts with the Serious Organised
Crime Agency, the National Criminal
Intelligence Service and the British Security
Service. Wainwright is an honorary fellow at
the University of Exeter and Cardiff University
and a member of Prime Minister Theresa May’s
Task Force on Modern Slavery.
Speaking about his new role, Wainwright
observed: “I fully intend to bring the
experience I’ve gained at Europol to the
private sector, working with a wide range of
clients in multiple industry sectors as part of
what is undoubtedly a highly enterprising and
professional team at Deloitte.”
53
www.risk-uk.com

Appointments
Ciaran Barry
The Linx International Group has appointed Ciaran Barry
as director of Group operations to oversee all parts of the
business, including the Linx International Consultancy,
Tavcom Training, ARC Training International and
Perpetuity Training.
Barry has an experienced and varied background in
both security and business. Following the attainment of
his BA (Honours) degree in Business and French, he held
a number of commercial roles before serving in the
British Army for nine years and then the Hertfordshire Constabulary for over
eight years in the role of detective.
In 2015, Barry joined the Linx International Group as a senior consultant. He
studied for a Diploma in Security Management (achieved with Distinction) and
recently attained the prestigious Certified Protection Professional (CPP)
qualification from ASIS International. Indeed, as an avid supporter of
professionalism within the industry, Barry is actively involved with not just ASIS
International, but also The Security Institute.
Commenting on his appointment, Barry told Risk UK: “I’m delighted and
honoured to be taking on this new and pivotal role. I’ll be taking the lead in
ensuring that the market is fully aware of all services the Group has to offer.”
Emma Walker
Emma Walker has stepped
up to the role of managing
director at security
specialist Ashridge Group.
Ashridge Group Ltd was
founded back in 2012 and
is comprised of Ashridge
Security Management,
Ashridge Facilities
Management and consultancy firm Cognitious.
As the company enhances its senior
capabilities, it’s also looking to build on the
value of its ‘People First, Security Second’
ethos, which focuses on prioritising its own
employees’ needs in order to deliver customer
service excellence.
Given her strong people management skills
and depth of understanding of the industry,
Walker is set to redress the gender divide in
this traditionally male-dominated sector.
“Broadly speaking, the business case for
parity is understood, and those in pursuit of it
are very much on the right path to success,”
explained Walker.
Previously working as the company’s
operations director, Walker’s track record
combines achievements in security and
business continuity planning with expertise in
managing a range of resilience, major site and
asset protection-focused operations.
As chair of Herts Crimestoppers, Walker is
also involved in driving forward various
community safety projects, including work for
the charity’s ‘Fearless’ dedicated youth service,
whereby she has led on various safety training
and awareness initiatives.
Vince Bell
Securitas has appointed
Vince Bell in the role of
fire and safety service
delivery manager. With a
remit to cover the South
of the UK, Bell joins
Securitas after 32 years
of service with the
London Fire Brigade.
During the course of his successful career in
the Fire and Rescue Service, Bell has
undertaken a number of diverse roles. The first
of these focused on the development, testing
and delivery of tactical plans for the Control of
Major Accident Hazards sites for operational
and strategic management teams.
Bell was also instrumental in the design and
development of bespoke Health and Safety
assurance audits on transport and
infrastructure projects worth billions of pounds.
These projects have included the Thames
Tideway and Crossrail.
Event operations formed a significant part of
Bell’s remit during his time with the London Fire
Brigade, including the development of plans for
major London-based events. This involved close
collaboration with Police Gold Commanders.
Tony Aston FSyI
The Security Institute is
pleased to announce
the co-option to its
Board of Directors of
the Institute’s Validation
Board vice-chairman
Tony Aston FSyI.
Institute chairman Dr
Alison Wakefield FSyI
said: “I’m delighted to welcome Tony to the
Institute’s Board of Directors. He has been an
active Institute member for over ten years,
having served on the Validation Board since
2010 and becoming vice-chairman in 2012.
Tony is also chairman of the Validation
Board’s Working Group, which was
established to continually review and
improve the Board’s process in order to
ensure that it’s fit for purpose and in line
with the Institute’s long-term objectives.”
Having been a career police officer for 27
years, Aston then moved into the UK defence
industry in 1996, joining the Government
defence contractor (now known as Thales
UK) under the ‘List X’ umbrella.
The Security Institute’s vice-chairman Paul
Drury FSyI said: “Tony has a great attention
to detail and always puts the membership
first in his decision-making processes.”
54
www.risk-uk.com

SECURITY WORKFORCE
MANAGEMENT PLATFORM
One platform providing actionable insights in real-time, from anywhere.
160 000 +
FACILITIES
200 000 +
USERS
35
COUNTRIES
DRIVE OPTIMAL
SECURITY DECISIONS
SAVE MONEY
IMPROVE PRODUCTIVITY
& GROW REVENUE
GAIN TIME
INCREASE MOBILE
OPERATIONAL PERFORMANCE
OPTIMIZE SECURITY
OPERATIONS
LIMIT OVERTIME
OUR CLIENTS
“Digital transformation
for security services? Not
without TrackTik.”
Matthieu Leroy, CEO
“The very best
in
guard management
software”
Bill Barthelemy, COO
“Enables data-driven drive
security decisions”
Luc Dupont, VP
CONNECT WITH US
+44 808 178 5442 TRACKTIK.COM DEMO@TRACKTIK.COM

Best Value Security Products from Insight Security
www.insight-security.com Tel: +44 (0)1273 475500
...and
lots
more
Computer
Security
Anti-Climb Paints
& Barriers
Metal Detectors
(inc. Walkthru)
Security, Search
& Safety Mirrors
Security Screws &
Fastenings
Padlocks, Hasps
& Security Chains
Key Safes & Key
Control Products
Traffic Flow &
Management
see our
website
ACCESS CONTROL
KERI SYSTEMS UK LTD
Tel: + 44 (0) 1763 273 243
Fax: + 44 (0) 1763 274 106
Email: sales@kerisystems.co.uk
www.kerisystems.co.uk
ACCESS CONTROL
ACCESS CONTROL & DOOR HARDWARE
ALPRO ARCHITECTURAL HARDWARE
Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,
Waterproof Keypads, Door Closers, Deadlocks plus many more
T: 01202 676262 Fax: 01202 680101
E: info@alpro.co.uk
Web: www.alpro.co.uk
ACCESS CONTROL – SPEED GATES, BI-FOLD GATES
HTC PARKING AND SECURITY LIMITED
St. James’ Bus. Centre, Wilderspool Causeway,
Warrington Cheshire WA4 6PS
Tel 01925 552740 M: 07969 650 394
info@htcparkingandsecurity.co.uk
www.htcparkingandsecurity.co.uk
ACCESS CONTROL
COVA SECURITY GATES LTD
Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards
Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68
Tel: 01293 553888 Fax: 01293 611007
Email: sales@covasecuritygates.com
Web: www.covasecuritygates.com
ACCESS CONTROL
INTEGRATED DESIGN LIMITED
Integrated Design Limited, Feltham Point,
Air Park Way, Feltham, Middlesex. TW13 7EQ
Tel: +44 (0) 208 890 5550
sales@idl.co.uk
www.fastlane-turnstiles.com
ACCESS CONTROL
SECURE ACCESS TECHNOLOGY LIMITED
Authorised Dealer
ACCESS CONTROL MANUFACTURER
NORTECH CONTROL SYSTEMS LTD.
Nortech House, William Brown Close
Llantarnam Park, Cwmbran NP44 3AB
Tel: 01633 485533
Email: sales@nortechcontrol.com
www.nortechcontrol.com
ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES
UKB INTERNATIONAL LTD
Planet Place, Newcastle upon Tyne
Tyne and Wear NE12 6RD
Tel: 0845 643 2122
Email: sales@ukbinternational.com
Web: www.ukbinternational.com
Tel: 0845 1 300 855 Fax: 0845 1 300 866
Email: info@secure-access.co.uk
Website: www.secure-access.co.uk
Custom Designed Equipment
• Indicator Panels
• Complex Door Interlocking
• Sequence Control
• Door Status Systems
• Panic Alarms
• Bespoke Products
Hoyles are the UK’s leading supplier of
custom designed equipment for the
security and access control industry.
From simple indicator panels to
complex door interlock systems.
www.hoyles.com
sales@hoyles.com
Tel: +44 (0)1744 886600
BUSINESS CONTINUITY
TO ADVERTISE HERE CONTACT:
Paul Amura
Tel: 020 8295 8307
Email: paul.amura@proactivpubs.co.uk
BUSINESS CONTINUITY MANAGEMENT
CONTINUITY FORUM
Creating Continuity ....... Building Resilience
A not-for-profit organisation providing help and support
Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845
Email: membership@continuityforum.org
Web: www.continuityforum.org
www.insight-security.com Tel: +44 (0)1273 475500

CCTV
CCTV
Rapid Deployment Digital IP High Resolution CCTV
40 hour battery, Solar, Wind Turbine and Thermal Imaging
Wired or wireless communication fixed IP
CE Certified
Modicam Europe, 5 Station Road, Shepreth,
Cambridgeshire SG8 6PZ
www.modicam.com sales@modicameurope.com
CCTV SPECIALISTS
PLETTAC SECURITY LTD
Unit 39 Sir Frank Whittle Business Centre,
Great Central Way, Rugby, Warwickshire CV21 3XH
Tel: 01788 567811 Fax: 01788 544 549
Email: jackie@plettac.co.uk
www.plettac.co.uk
CONTROL ROOM & MONITORING SERVICES
CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS
ALTRON COMMUNICATIONS EQUIPMENT LTD
Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ
Tel: +44 (0) 1269 831431
Email: cctvsales@altron.co.uk
Web: www.altron.co.uk
ADVANCED MONITORING SERVICES
EUROTECH MONITORING SERVICES LTD.
Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring
• Vehicle Tracking • Message Handling
• Help Desk Facilities • Keyholding/Alarm Response
Tel: 0208 889 0475 Fax: 0208 889 6679
E-MAIL eurotech@eurotechmonitoring.net
Web: www.eurotechmonitoring.net
DISTRIBUTORS
CCTV
G-TEC DISTRIBUTION
Gtec House, 35-37 Whitton Dene
Hounslow, Middlesex TW3 2JN
Tel: 0208 898 9500
www.gtecsecurity.co.uk
sales@gtecsecurity.co.uk
SPECIALISTS IN HD CCTV
MaxxOne
Unit A10 Pear Mill, Lower Bredbury, Stockport. SK6 2BP
Tel +44 (0)161 430 3849
www.maxxone.com
sales@onlinesecurityproducts.co.uk
www.onlinesecurityproducts.co.uk
AWARD-WINNING, LEADING GLOBAL WHOLESALE
DISTRIBUTOR OF SECURITY AND LOW VOLTAGE PRODUCTS.
ADI GLOBAL DISTRIBUTION
Distributor of electronic security systems and solutions for over 250 leading manufacturers, the company
also offers an internal technical support team, dedicated field support engineers along with a suite of
training courses and services. ADI also offers a variety of fast, reliable delivery options, including specified
time delivery, next day or collection from any one of 28 branches nationwide. Plus, with an ADI online
account, installers can order up to 7pm for next day delivery.
Tel: 0161 767 2990 Fax: 0161 767 2999 Email: sales.uk@adiglobal.com www.adiglobal.com/uk
CCTV & IP SECURITY SOLUTIONS
PANASONIC SYSTEM COMMUNICATIONS COMPANY
EUROPE
Panasonic House, Willoughby Road
Bracknell, Berkshire RG12 8FP UK
Tel: 0207 0226530
Email: info@business.panasonic.co.uk
TO ADVERTISE HERE CONTACT:
Paul Amura
Tel: 020 8295 8307
Email: paul.amura@proactivpubs.co.uk
DIGITAL IP CCTV
SESYS LTD
High resolution ATEX certified cameras, rapid deployment
cameras and fixed IP CCTV surveillance solutions available with
wired or wireless communications.
1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG
Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333
Email: info@sesys.co.uk www.sesys.co.uk
www.insight-security.com Tel: +44 (0)1273 475500

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS
CONTROL AND INTRUDER DETECTION SOLUTIONS
NORBAIN SD LTD
210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP
Tel: 0118 912 5000 Fax: 0118 912 5001
www.norbain.com
Email: info@norbain.com
INTEGRATED SECURITY SOLUTIONS
INNER RANGE EUROPE LTD
Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,
Reading, Berkshire RG74GB, United Kingdom
Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001
Email: ireurope@innerrange.co.uk
www.innerrange.com
UK LEADERS IN BIG BRAND CCTV DISTRIBUTION
SATSECURE
Hikivision & MaxxOne (logos) Authorised Dealer
Unit A10 Pear Mill, Lower Bredbury,
Stockport. SK6 2BP
Tel +44 (0)161 430 3849
www.satsecure.uk
PERIMETER PROTECTION
IDENTIFICATION
PERIMETER PROTECTION
GPS PERIMETER SYSTEMS LTD
14 Low Farm Place, Moulton Park
Northampton, NN3 6HY UK
Tel: +44(0)1604 648344 Fax: +44(0)1604 646097
E-mail: info@gpsperimeter.co.uk
Web site: www.gpsperimeter.co.uk
POWER
COMPLETE SOLUTIONS FOR IDENTIFICATION
DATABAC GROUP LIMITED
1 The Ashway Centre, Elm Crescent,
Kingston upon Thames, Surrey KT2 6HH
Tel: +44 (0)20 8546 9826
Fax:+44 (0)20 8547 1026
enquiries@databac.com
INDUSTRY ORGANISATIONS
POWER SUPPLIES – DC SWITCH MODE AND AC
DYCON LTD
Unit A, Cwm Cynon Business Park, Mountain Ash, CF45 4ER
Tel: 01443 471900 Fax: 01443 479 374
Email: sales@dyconpower.com
www.dyconpower.com
TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY
BRITISH SECURITY INDUSTRY ASSOCIATION
Tel: 0845 389 3889
Email: info@bsia.co.uk
Website: www.bsia.co.uk
Twitter: @thebsia
UPS - UNINTERRUPTIBLE POWER SUPPLIES
ADEPT POWER SOLUTIONS LTD
Adept House, 65 South Way, Walworth Business Park
Andover, Hants SP10 5AF
Tel: 01264 351415 Fax: 01264 351217
Web: www.adeptpower.co.uk
E-mail: sales@adeptpower.co.uk
INTEGRATED SECURITY SOLUTIONS
SECURITY PRODUCTS AND INTEGRATED SOLUTIONS
HONEYWELL SECURITY AND FIRE
Tel: +44 (0) 844 8000 235
E-mail: securitysales@honeywell.com
UPS - UNINTERRUPTIBLE POWER SUPPLIES
UNINTERRUPTIBLE POWER SUPPLIES LTD
Woodgate, Bartley Wood Business Park
Hook, Hampshire RG27 9XA
Tel: 01256 386700 5152 e-mail:
sales@upspower.co.uk
www.upspower.co.uk
www.insight-security.com Tel: +44 (0)1273 475500

SECURITY
ANTI-CLIMB SOLUTIONS & SECURITY PRODUCT SPECIALISTS
INSIGHT SECURITY
Units 1 & 2 Cliffe Industrial Estate
Lewes, East Sussex BN8 6JL
Tel: 01273 475500
Email:info@insight-security.com
www.insight-security.com
CASH & VALUABLES IN TRANSIT
CONTRACT SECURITY SERVICES LTD
Challenger House, 125 Gunnersbury Lane, London W3 8LH
Tel: 020 8752 0160 Fax: 020 8992 9536
E: info@contractsecurity.co.uk
E: sales@contractsecurity.co.uk
Web: www.contractsecurity.co.uk
EXPERTS IN X-RAY SCANNING SECURITY EQUIPMENT SINCE 1950
TODD RESEARCH
1 Stirling Way, Papworth Business Park
Papworth Everard, Cambridgeshire CB23 3GY
United Kingdom
Tel: 01480 832202
Email: xray@toddresearch.co.uk
FENCING SPECIALISTS
J B CORRIE & CO LTD
Frenchmans Road
Petersfield, Hampshire GU32 3AP
Tel: 01730 237100
Fax: 01730 264915
email: fencing@jbcorrie.co.uk
INTRUSION DETECTION AND PERIMETER PROTECTION
OPTEX (EUROPE) LTD
Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre
optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B
Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ
Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311
Email: sales@optex-europe.com
www.optex-europe.com
ONLINE SECURITY SUPERMARKET
EBUYELECTRICAL.COM
Lincoln House,
Malcolm Street
Derby DE23 8LT
Tel: 0871 208 1187
www.ebuyelectrical.com
LIFE SAFETY EQUIPMENT
C-TEC
Challenge Way, Martland Park,
Wigan WN5 OLD United Kingdom
Tel: +44 (0) 1942 322744
Fax: +44 (0) 1942 829867
Website: www.c-tec.com
PERIMETER SECURITY
TAKEX EUROPE LTD
Aviary Court, Wade Road, Basingstoke
Hampshire RG24 8PE
Tel: +44 (0) 1256 475555
Fax: +44 (0) 1256 466268
Email: sales@takex.com
Web: www.takex.com
SECURITY EQUIPMENT
PYRONIX LIMITED
Secure House, Braithwell Way, Hellaby,
Rotherham, South Yorkshire, S66 8QY.
Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042
www.facebook.com/Pyronix
www.linkedin.com/company/pyronix www.twitter.com/pyronix
SECURITY SYSTEMS
BOSCH SECURITY SYSTEMS LTD
PO Box 750, Uxbridge, Middlesex UB9 5ZJ
Tel: 0330 1239979
E-mail: uk.securitysystems@bosch.com
Web: uk.boschsecurity.com
INTRUDER AND FIRE PRODUCTS
CQR SECURITY
125 Pasture road, Moreton, Wirral UK CH46 4 TH
Tel: 0151 606 1000
Fax: 0151 606 1122
Email: andyw@cqr.co.uk
www.cqr.co.uk
SECURITY EQUIPMENT
CASTLE
Secure House, Braithwell Way, Hellaby,
Rotherham, South Yorkshire, S66 8QY
TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042
www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity
www.twitter.com/castlesecurity
QUALITY SECURITY AND SUPPORT SERVICES
CONSTANT SECURITY SERVICES
Cliff Street, Rotherham, South Yorkshire S64 9HU
Tel: 0845 330 4400
Email: contact@constant-services.com
www.constant-services.com
SECURITY PRODUCTS
EATON
Eaton is one of the world’s leading manufacturers of security equipment
its Scantronic and Menvier product lines are suitable for all types of
commercial and residential installations.
Tel: 01594 545 400 Email: securitysales@eaton.com
Web: www.uk.eaton.com Twitter: @securityTP
SECURE CONNECTIVITY PROVIDERS
CSL
T: +44 (0)1895 474 474
sales@csldual.com
@CSLDualCom
www.csldual.com
SECURITY SYSTEMS
VICON INDUSTRIES LTD.
Brunel Way, Fareham
Hampshire, PO15 5TX
United Kingdom
www.vicon.com
www.insight-security.com Tel: +44 (0)1273 475500

Inner Range’s Integriti
High Security System is
a complete Hardware/
Software solution designed
specifically for High Security
installations.
Our range includes:
All Software
Hardware Controllers
End of Line Modules
Power Supplies
Keypads
Enclosures
Communications Devices
Access Control Readers
Credentials
WHY TAKE CHANCES?
FULL END TO END DATA ENCRYPTION EXTERNALLY CERTIFIED
T: +44 845 470 5000 | E: ireurope@innerrange.co.uk innerrange.com