Silva Consultant's Blog

Writing an Effective RFP for Security Systems

Jun 5

Posted by masilva in Buying Security | No Comments

 

Security and facilities managers commonly issue a “Request-for-Proposal” (RFP) when purchasing an electronic security system such as a video surveillance system, access control system, or intrusion alarm system. For larger projects, an independent security consultant or engineer may be hired to create formal design documents and draft a specification, but for smaller projects, the security or facilities manager is often left on his or her own to prepare the RFP.

Within this Security Tip, we provide some ideas that will help you to write an effective security systems RFP and help you to avoid some common mistakes made by beginning RFP writers.

#1. – Do Your Homework First

Before writing the RFP, carefully define what problems you are trying to solve and how the type of system that you wish to purchase will help you to accomplish this. If there are multiple people in your organization that have input on the purchasing decision, try to reach internal consensus on what will be done and how it will be purchased.

Do some research to educate yourself on the types of systems that you are considering buying and to gain an understanding of common product features and options. Meet with security system vendors to have them explain their system offerings and to provide product demonstrations. Be honest about your intentions; explain that you are doing preliminary research before writing an RFP, and that at this stage you are only seeking to educate yourself on what’s available. (Don’t waste the vendors time by asking them to prepare a formal proposal if you are only doing preliminary research.)

Talk with your peers at other organizations to see what types of systems that they are using and how well they have worked. Visit online security forums and/or subscription-based surveillance product research services (such as IPVM) to get product reviews and to participate in discussions concerning product capabilities and system design. If possible, attend seminars or security trade shows (such as ASIS or ISC) to gain a better understanding of the range of product options that are available.

 

#2. – Determine How You Will Specify What You Want To Buy

Once you have figured out what you want to buy, you need to determine how you will specify it within the RFP. This part of RFP preparation is known as “specification writing” and is a complex subject that even design professionals such as architects and engineers struggle with. There are numerous methods of writing specifications, but a complete description of all of these methods could fill a textbook and is beyond the scope of this article.

To make things simple, we will describe three basic ways to write a specification when preparing a security system RFP. Professional specification writers will probably take issue with the semantics and oversimplification in the narrative that follows, but it should provide basic guidance to the security or facilities manager when writing a security RFP.

The first method of specifying is what we call the “Proprietary Method”. Using this method, the buyer describes specifically what he wants to buy and specifically how he wants it installed. This method typically includes a detailed product description, including manufacturer name and model number. An example of this type of specification would be as follows:

“Contractor shall provide two (2) Acme Model #1123 Electronic Sirens in the warehouse area. One siren shall be installed on the north warehouse wall, one siren shall be installed on the south warehouse wall. Both sirens shall be mounted in the center of the wall at a height of 12′.”

The advantage of the Proprietary Method is that it gives the buyer complete control over what is being purchased and how it will be installed. When evaluating proposals, it is easy to compare results because each proposer is bidding “apples-to-apples”. The disadvantage of this method is that it places complete responsibility for system performance upon the buyer. You must do your own homework to make sure that what you specify will do the job. Also, proprietary specifications may tend to limit completion which may in turn result in increased costs.

The second method of specifying is what we call the “Descriptive Method”. Using this method, the exact characteristics of the equipment are described in detail, but manufacturer’s names and model numbers are not used. Details on how the equipment is to be installed are also provided. An example of this type of specification would be as follows:

“Contractor shall provide two (2) electronic sirens in the warehouse area. Siren shall be 6″ trumpet style paging speaker rated at 15 watts with integral amplifier and siren tone generator. Siren shall operate at 12 VDC and provide both yelp and steady tones. Siren cone shall be constructed of ABS plastic. One siren shall be installed on the north warehouse wall, one siren shall be installed on the south warehouse wall. Both sirens shall be mounted in the center of the wall at a height of 12′.”

The advantage of the Descriptive Method is that it gives the buyer some control over the types of products being purchased, but gives the proposer flexibility in choosing products. This often results in increased competition and lower costs. The disadvantage of this method is that it requires the preparation of a detailed specification for each system component. This can be time consuming and beyond the technical capabilities of many buyers. It is also somewhat more difficult to compare proposals “apples-to-apples” when each proposer is proposing a different combination of equipment.

The third method of specifying is what we call the “Performance Method”. Using this method, the buyer describes the desired end result, but leaves it to the proposer to determine how this result will be accomplished. An example of this type of specification would be as follows:

“Contractor shall provide electronic sirens that can be heard clearly throughout the entire warehouse area. Sirens shall be capable of producing two distinct siren tones. Minimum sound level produced by sirens shall be not less than 65 dBA throughout the warehouse when measured with a sound level meter.”

The advantage of the Performance Method is that it gives the proposer total freedom in system design and product selection. This can result in creative solutions to your problems and very competitive prices. This method also places responsibility on the contractor rather than the buyer for achieving the desired result. The disadvantage of this method is that it can make proposal evaluation very difficult; each proposer may be offering a completely different solution and price and it can be challenging for a non-technical person to make an intelligent comparison between proposals. It can also be very time consuming to write a good performance specification – expectations must be clearly and completely spelled out and terminology carefully defined so that there is no confusion.

There are many, many variations on the three methods of specifying that we have described above. For example, one may use the Proprietary Method, but list more than one manufacturer and model number; or use the Descriptive Method, and list multiple manufacturers and products that can meet the descriptive requirements.

Most private businesses can use any method of specifying method that they choose. Most government entities are restricted on the types of specification methods that they can use, and often cannot use the Proprietary Method except under very special circumstances.

 

3. – Avoid Common Specifying Mistakes

There are several common mistakes made by inexperienced specification writers. These mistakes include:

Specifying a Product that Doesn’t Exist

When conducting product research, buyers sometime evaluate the products of several different manufacturers, and then select the best features of each. They then write a specification that includes all of these features in a single product. The problem is, no single manufacturer’s product can do everything that is being asked for, so the product being requested in the specification doesn’t exist.

Mixing Methods of Specifying

The general rule is, the more specifically you tell a contractor how to do his job, the less responsible he has for final outcome of the project. You, not the contractor, become responsible for the integrity of the design. For example, if you specify an exact quantity of a specific model of electronic siren, you cannot then turn around and complain when the sirens aren’t loud enough. If the contractor installs the specified product at the specified locations, you cannot hold him responsible if the results you obtain fail to meet your expectations.

This mistake often occurs when buyer writes a specification using the Proprietary Method, but then adds a few lines of requirements using the Performance Method. An example of such a specification would be as follows:

“Contractor shall provide two (2) Acme Model #1123 Electronic Sirens in the warehouse area. One siren shall be installed on the north warehouse wall, one siren shall be installed on the south warehouse wall. Both sirens shall be mounted in the center of the wall at a height of 12′. Minimum sound level produced by sirens shall be not less than 65 dBA throughout the warehouse when measured with a sound level meter.”

This type of specification places the bidder in a quandary – does he bid the project using the quantities and products specified by the buyer, or does he bid the project in order to meet the sound level requirement? This “tails I win and heads you lose” type of specification writing creates project uncertainty and is responsible for many change orders and contract disputes.

While skilled specification writers can sometimes get away with mixing specification methods, the beginning specification writer should generally pick one method of specifying each project and stick with it.

Careless Use of the Phrase “Or Equal”

Many buyers start out with a specification written using the Proprietary Method, perhaps using a manufacturer supplied specification as a template. They then decide that, to keep things competitive, that they should also allow the products of other manufacturers to be considered. To achieve this, they simply add the words “Or Equal” at various places with the specification document.

The problem with this approach is that rarely are security or surveillance products ever truly “equal”. Specifications written for one manufacturer’s product can often never be directly applied to the product of another manufacturer. This is particularly true for things like video management systems (VMS) and security management systems (SMS), where system architecture, application design, and terminology can vary greatly between manufacturers. Trying to enforce the requirements of a specification written for a product different from the one actually being supplied can be a nightmare.

While skilled specification writers can sometime make judicious use of the words “Or Equal”, the beginning specification writer is urged to avoid this technique completely. If you wish to allow the products of multiple manufacturers to be considered, you are far better off writing a specification using either the Descriptive Method or the Performance Method.

Inserting Non-Essential Requirements in Specifications

The specifications should only contain requirements that give you the desired end-product and that are essential for the success of your project. Novice specification writers often insert non-essential language into the specifications because they think that “more is better” or because they think that the use of this language makes the spec look more “professional”. In many cases, this language is lifted directly off of a product data sheet provided by one or more equipment manufacturers. Some examples of this type of language are:

“Product shall comply with ANSI 301.1, NFPA 101, and UL 692″ (Do you really know what these standards mean and why they are important to your project?)

“Controller board shall be 3.25″ wide x 6.5″ high” (Unless there is a specific space limitation, why do the size of the boards matter?)

“Equipment cabinets shall have a light blue, acrylic paint finish” (Does the color of the cabinets installed in the electrical room really matter?)

“Manufacturer shall have been in business for not less than ten years.” (Can you justify the ten year requirement? Why would a manufacturer that had only been in business 9 1/2 years not be qualified?)

Requirements such as the ones listed above tend to limit competition and restrict product choices. Manufacturers often deliberately insert such requirements into their factory specifications in an attempt to block the use of a competitor’s product. For this reason, good specification writers tend to avoid the use of factory specifications, and if they do use them, careful edit out requirements that are non-essential and that restrict competition.

 

4. – Define Realistic Schedule For Project Delivery

The expected schedule for project completion should be clearly spelled out in the RFP. Be sure to allow time for contract negotiation, equipment purchase and delivery and contractor mobilization in addition to the time required for the actual installation. Setting too ambitious of a schedule can increase costs and sometimes discourage qualified contractors from submitting a proposal on your project. (See related article How To Keep Your Security System Project On Schedule ).

 

5. – Accurately Describe Working Conditions

The RFP should clearly spell out the working conditions that the contractor will be expected to comply with while he is working at your facility. These include things such as:

  • Working hours
  • Security and safety requirements
  • Availability of parking
  • Loading./unloading procedures
  • Availability of storage for tools and equipment on-site

To avoid problems, you must clearly define working conditions in advance. These can have an impact on costs and must be understood by the contractor before he prepares his proposal. It is unfair to the contractor to make him comply with working conditions that he did not know about when bidding the project. For example, telling a contractor that his technicians can only work on the premises after regular business hours, or telling him that he must park his service trucks three miles from the job site is not something he should find out about only after the project has begun.

 

6. – Define Expectations for Support Services

Support services such as training, system programming and configuration, and warranty service are not free and cost the contractor money to provide. Unless your requirements are carefully spelled out in the RFP, it is likely that each contractor will be proposing a different level of support.

For example, each contractors idea of what constitutes “training” may be different. One contractor may be planning on hiring a professional trainer from the manufacturer to conduct formal classroom training, another contractor may be only planning on having one of his technicians spend a few hours with you briefly explaining the system.

Unless requirements for training and other support services are clearly spelled out in the RFP, this can be a major cause of discrepancies in bid prices, and a major source of controversy when the contractor delivers less than what is expected.

 

7. – Get Real With “Boilerplate” Requirements

Most organizations have some form of standard terms and conditions that they typically attach to RFPs and other contract documents. Usually, these same terms and conditions are used to purchase anything from a box of paperclips to a tractor-trailer rig and they contain many requirements that may not be applicable to the typical security or surveillance project.

Before incorporating standard terms are conditions into your RFP, carefully review them to determine if they make sense for your specific project. In particular, look at things such as insurance requirements to make sure that they are reasonable and appropriate considering the size of your project. Asking a contractor to have $5,000,000 in liability insurance for a $25,000 video surveillance system project probably doesn’t make sense and can drive away all but the very largest of contractors. This can limit competition and increase bid costs.

 

8. – Describe The Desired Proposal Format

The desired outcome of RFP process is to receive proposals from security contractors who are qualified to work on your project. The proposals must contain enough information to allow you to properly analyze them. To make them easier to review, proposals should be formatted in a similar manner and provide the same degree of detail.

To make sure that the proposals you receive are relatively consistent, clearly specify the types of information that must be submitted with each proposal and how it should be organized. The typical security or surveillance systems proposal should contain at least the following information:

  • Background information on the proposer’s company, including qualifications and experience with similar projects.
  • Narrative that demonstrates contractor’s basic understanding of project requirements
  • Itemized list of products and services to be provided including breakdown of material and labor costs.
  • List of optional products and services offered or recommended.
  • List of exceptions taken to specifications and areas of non-compliance with requirements of RFP.
  • Detailed project schedule.
  • Resumes of key team members who will be working on the project.
  • Project references.
  • Proof of ability to comply with licensing and insurance requirements.
  • Product data sheets.

 

9. – Describe the Procurement Process

To make the project go smoothly, your procurement process should be clearly understood by potential proposers from the very start. It is recommended that a detailed set of instructions be included in each RFP. These instructions should contain at least the following information:

  • Date and time that the proposal is due.
  • Date and time of pre-proposal conference and/or job walk-through.
  • Name of person in your organization to contact with questions concerning technical or administrative requirements of RFP.
  • Availability of floor plan and site drawings.
  • Procedures for requesting additional tours of the site (if offered).
  • Process for requesting formal clarifications of requirements of RFP.
  • Process for requesting the use of substitute products (if allowed).
  • Cut-off date for questions and the issuance of final addendum.
  • Proposal evaluation criteria and selection process.
  • Expected date for interviews with finalists. (if needed)
  • Expected date of contract award and notice to proceed.

 

If you have any questions concerning the preparation of security systems RFPs, or need help in writing your RFP or evaluating proposals, please Contact Us

Introduction to Security Intercom Systems

May 14

Posted by masilva in Security Systems | No Comments

Purpose

Security intercom systems are used to provide voice communications between two or more locations for security purposes. Security intercom systems are frequently used between a locked building entrance door and a constantly attended location in the building, such as a manned security control room. In this application, the security intercom system gives visitors a means to contact someone in the building when they arrive at the entrance door. Other common locations where security intercom systems are used in commercial buildings includes loading dock doors and at vehicle gates that provide entrance to the property. In residential applications, security intercom systems are commonly used between the main entrance door and a location within the interior of the home.

Simple Intercom System with One Sub-Station

 

A simple intercom system consists of one “Master Station” and one “Sub-Station”. The Master Station is typically located at the point inside the building where communications is to be received. The Sub-Station is typically located at the point where the communication is to be originated. For example, in an office building, it may be desirable to keep the front entrance door locked, and to provide a security intercom system to allow communications between the outside of the entrance door and the receptionist’s desk in the lobby. In this situation, the intercom Master Station would be installed at the receptionist’s desk, and the Sub-Station would be installed on the wall outside of the entrance door.

The Master Station provides control of the intercom system and typically includes a station selector switch, talk button, speaker, amplifier and volume control. The Sub-Station typically includes just a speaker and call button. When the visitor arrives, he or she presses the call button on the Sub-Station. This causes the Master Station to ring. To accept the call, the receptionist presses the station selector switch. When this button is pressed, the receptionist can instanlly to listen to sounds at the Sub-Station. To talk to the visitor, the receptionist presses the talk button. When finished speaking, the receptionist releases the talk button to listen to the reply from the visitor. This goes back and forth for as long as the conversation continues, with the receptionist pressing the talk button when she wishes to speak, and releasing the talk button when she wishes to listen. At the conclusion of the conversation, the receptionist presses the station selector switch again to terminate the connection.

Simple Intercom System with Multiple Sub-Stations

 

In many facilities, there may be a need to communicate with more than location. For example, in the office building described above, there may be a need for the receptionist to communicate with the employee entrance door and the loading dock door in addition to the front entrance door. To meet this need, Master Stations are available that can accommodate multiple Sub-Stations. Models that have a capacity of three, five, or ten Sub-Stations are common.

Master Stations that work with multiple Sub-Stations have a station selector switch for each station. Above each switch is an indicator light as well as a label that identifies the Sub-Station (“Front Door”, “Back Door”, etc.) When a visitor presses the call button on a Sub-Station, it causes the Master Station to ring, and for the indicator light above the appropriate station selector switch to illuminate. The receptionist can then press the station selector switch for the station that is calling and begin the conversation using the talk button as described above.

Simple Intercom System with Multiple Master Stations

Sometimes, there is a need to receive intercom calls at more than one location in a building. For example, you may wish for the receptionist to receive calls during normal business hours, but after-hours, you may wish for calls to be received at the security control room. To meet this need, it is possible to provide multiple Master Stations, each capable of communicating with one or more Sub-Stations. Communications between each of the Master Stations can also occur if this is needed (for example, receptionist could use intercom to talk with security control room and vice versa).

In most cases, the system is designed so that calls from Sub-Stations are received at all Master Stations. The first Master Station that answers the call handles it and all other Master Stations ignore it. Typically, when one Master Station is in use, other Master Stations cannot be used. The system provides a “busy” indicator light at each Master Station to indicate when the system is in use by others.

Simplex or Duplex Communications

The simple intercom system described above uses what is known as “simplex” communications. “Simplex” communications means that communications can occur in only one direction at a time. In the examples above, the receptionist uses the talk button on the master station to control the flow of communications. The receptionist can either talk or listen, but not do both at the same time.

More sophisticated intercom systems are available that use what is known as “duplex” communications. “Duplex” communications means that communications can occur in both directions at the same time. When using an intercom system that has duplex communications, there is no need for a talk button; once a connection is established between a Master Station and a Sub-Station, a two-way conversation can occur without either party having to operate any type of control. This is a much more natural way to communicate and avoids the gaps in a conversation that can occur when the talk button is pressed too soon or too late.

As a general rule, most simple, inexpensive intercom systems use simplex communications, while more expensive intercom systems use duplex communications.

Handset or Hands-Free Intercoms

Intercom stations are typically available in two versions, a “handset” version, and a “hands-free” version.

Handset intercom stations use a corded handset similar to that found on a telephone. The advantage of handset intercom stations is that they work well in noisy environments and that they provide some degree of privacy. The disadvantage of corded intercom stations is that they are less convenient to use and that they are more prone to vandalism and routine wear and tear.

Hands-free intercom stations use a speaker/microphone that is built into the unit. Hand-free intercom stations are more convenient use and less prone to damage, but sometimes can be difficult to use in noisy environments. Hands-free intercoms stations also offer little privacy.

Some intercom stations come with a handset but are also capable of being used hands-free. These stations have a speaker/microphone in addition to a handset and usually work as a hands-free unit unless the handset is picked up.

Wired or Wireless Intercoms

Most intercom systems have traditionally been the “wired” type that require low-voltage wiring be installed between each of the Master Stations and Sub-Stations. On larger or more complicated systems, this wiring can become quite extensive and may be costly to install. However, once installed, wired intercom systems tend to be very reliable and require very little maintenance. Because of this, wired intercom systems have long been the preferred choice of most commercial and industrial users.

Intercom systems are also available that allow “wireless” communications between Master Stations and Sub-Stations. These systems typically use radio signals to provide the communications path between stations and don’t require any type of wiring. The advantage of these systems is that they are quick and convenient to install. The disadvantage of these systems is that they don’t work well in all settings, and may not work at all in buildings that contain large quantities of concrete and steel or when there are long distances between the stations. Most wireless intercom systems also lack the features needed for the larger commercial user and are considered to be less reliable over time than a wired system. Because of this, wireless intercom systems are usually best suited for use in private homes and at smaller commercial businesses.

IP Network Connected Intercoms

A recent development in intercom systems is IP network connected intercom stations. These stations are capable of being connected directly to an organization’s existing data network. This usually means that the intercom station can be plugged into a nearby network outlet or unused port on a nearby network switch. This can greatly reduce the costs of installing wiring and offers great flexibility in the way that intercom systems can be installed and modified. IP connected intercom stations are well-suited for use in large campus environments, particularly when the campus includes buildings that are off-site.

Door Release Buttons

When an intercom system is used to communicate with a door, it is often desirable to have the ability to remotely unlock that door. For example, if an intercom system is used between a receptionist’s desk and a locked entrance door, it is common to provide the ability to remotely unlock the door for authorized visitors. Many simple intercom systems incorporate a door release button into the intercom Master Station specifically for this purpose. This button is wired to electrified locking hardware (such as an electric strike) on the door, and when the button is pressed, the door unlocks.

When multiple doors and multiple Sub-Stations are used, remotely unlocking doors becomes a little trickier. Some Master Stations can use accessory relays that allow the door release button to work in unison with the station selector switch. This allows the door release button to release the door that the station is currently in communication with.

Video Intercom Systems

Intercom systems are available that incorporate video surveillance features. Video intercom Sub-Stations are similar to regular Sub-Stations except that they also include a small built-in video camera that provides a direct view of the person operating the station. Most cameras offer a fixed viewing angle; some cameras can be moved up and down and right and left by the person receiving the call. Video intercom Master Stations are similar to regular Master Stations except that they also contain a small video monitor. This monitor is used to view the image produced by the camera in the video intercom Sub-Station.

The advantage of video intercom systems is that they allow the person receiving a call to verify the identity of the person calling. This can be particularly useful in door control applications where it is desirable to confirm which person is at the door before pressing the door release button.

While most video intercom systems provide a good view of a person standing directly in front of the intercom Sub-Station, they generally don’t provide a wide-angle view of the overall doorway itself. In addition, cameras in video intercom systems tend to be only of moderate quality and generally not suitable for use with video recording systems. For these reasons, most organizations who are serious about security don’t consider the cameras built into video intercom systems to be a substitute for regular surveillance cameras and generally install both at entrance doors.

Exchange Intercom Systems

It is possible to mix and match simple intercom Master Stations and Sub-Stations to create a relative large system. However, when a facility becomes very large and has  many Sub-Stations and Master Stations, the system can become complex and unwieldy. This can occur in campus settings where there are many buildings and many doors.

To meet the needs of larger systems, “exchange” intercom systems were developed. These systems get their name because a central controller, called an “exchange”, is used to manage intercom system traffic. Rather than being connected directly together, Master Stations and Sub-Stations are connected to the exchange. Most exchanges allow the use of both wired intercom stations and IP network connected stations. When a call is placed, it first goes to the exchange, where it is them routed to the appropriate station.

Master Stations used with exchange intercom systems often are microprocessor based and operate using a menu driven system. This also a powerful set of features to be packed into a relatively compact station. The benefits of using an exchange intercom system are many and include:

  • Can be expanded to a practically unlimited number of intercom stations
  • Can carry out multiple conversations between stations at the same time.
  • Can route calls to specific stations based on time of day.
  • Can forward calls if station is busy or if call goes unanswered.
  • Can operate auxilary relays to unlock doors, turn on lights, etc.
  • Can use plain text to identify stations within operating menus.
  • Can interface with telephone and two-way radio systems.
  • Can interface with security management systems.
  • Have ability to be programmed and controlled using a computer.

As might be expected, exchange intercom systems are considerably more expensive than simple intercom systems and are most cost effective when used at larger facilities. The cost of an exchange intercom systen cannot generally be justified at a smaller facility.

“Exchange-Less” Intercom Systems

A new breed of system, called an “exchange-less” intercom system has recently been introduced. These systems use IP connected stations that have built-in processors and memory that allow them to provide many of the features and benefits of a exchange system, without requiring the use of an exchange itself. These systems can offer the smaller user a very capable system at a fraction of the cost of an exchange system. While still more expensive today than simple intercom systems, we see exchange-less IP network connected systems as the wave of the future.

Using Security Intercom Systems to Enhance Your Security Program

In addition to being used for basic communications purposes, security intercom systems can be used to enhance your facility’s overall security program. Security intercom systems can be particularly powerful when integrated with other systems such as security management systems and video surveillance systems.

For example, with a fully integrated system, when a “door-forced-open” or “door propped” alarm occurs at at access controlled door, the Sub-Station at that door can automatically  be connected to an intercom Master Station at the security control room. In addition, the camera at that door can automatically be displayed on a video monitor. This allows the security officer to both listen to and see what is going on at the door and possibly give a verbal warning to those who may be violating a security procedure (“Hey, you, please don’t prop the door open…”).

Security intercom systems, when combined with appropriate signage, can also be used for customer service functions such as providing directions to visitors, allowing employees to request a security escort to their cars, and notifying security of safety violations.

 

If you have questions regarding security intercom systems, or need help in designing a security intercom system for your facility, please Contact Us.

Point of Diminishing Returns in Security Investments

Feb 8

Posted by masilva in Basic Concepts, Security Management | No Comments

Good security management practices require balancing the amount of money spent on security improvements with the level of security risk. While almost any security problem can be solved by spending enough money, it often does not make sense to do so. As in many other areas of business, there comes a point of “diminishing returns” in investments in security improvements. This is shown graphically in the chart below.

When you begin to improve to security at a facility, there are many simple and inexpensive things that can be done. During the first stage of security improvement, you can do things such as create good security policies and procedures, conduct security awareness training for employees, and make simple improvements in physical security that can greatly enhance security with very little investment. Because of the ease in which security can improved at minimal cost at this stage, it is often called the “low-hanging fruit” stage.

The second stage of security improvement often requires major capital investments or making commitments for significant ongoing security operating costs. This can involve things such as hiring an on-site security staff, installing card access control or video surveillance systems, or remodelling the lobby to better control the flow of visitors. These things can increase security significantly, but cost substantial money to install and maintain.

The final stage of security improvement is the most expensive. This stage usually involves making investments in things that increase security incrementally, but at a very great cost. This can involve installing biometric access devices, weapon screening equipment, biological agent detection systems, or blast resistant rooms. Often, only those facilities with the highest level of security risk can justify making these investments.

The key decision is deciding when there is “enough” security and when you are about to pass the point of diminishing returns. Any investments made beyond this point won’t reduce your risk by any appreciable amount and are probably a waste of money.

A common mistake is for a facility owner to jump right to the second stage of security improvement without harvesting the “low-hanging fruit” available during the first stage. An example of this would a facility manager who installs a video surveillance system before he has developed good security policies or provided adequate security training for his employees.

The critical factor in deciding what security investments to make is a good understanding of your specific security risks. Every security improvement made should be in direct response to one or more of your specific risks, starting with your highest priority risks, and working your way down to your lowest priority risks.

For example, if your risk assessment shows that the theft of trade secrets is your greatest risk, the greatest emphasis of your security program should be in protecting trade secrets. This could involve installing better filing cabinets, more effective shredders, or enforcing a clean-desk policies for employees. Installing cameras in the parking lots would not be a effective measure to offset this type of risk and should only be considered after your trade secrets risks have been mitigated.

Many facility owners make bad security investment decisions because they really don’t know what their security risks are or how to prioritize them. As a result, they spend a lot of money solving problems that are unimportant, and completely ignore problems that are critical. Formal Security Assessments are one way to properly identify and prioritize your security risks. Having a Security Assessment conducted is often the best first step in improving security at a facility and should be considered before making any substantial investments in security improvements.

To learn more about managing your security risks in the most cost-effective manner, or if you have any questions, please Contact Us.

 

How to be a World-Class Security Systems Integrator

Feb 5

Posted by masilva in Buying Security | No Comments

I have been an independent security consultant for over 27 years. I have worked with literally hundreds of different security system integrators, ranging from one-man shops to the largest security systems integration companies in the world.

Every once in a while, I come across a security integrator that really stands-out. These integrators seem to exceed customer expectations in every way and set the standard for professional, high-quality security and surveillance installation and service work. I call these integrators “world-class”, and enthusiastically recommend them to my clients.

Here are some of the characteristics possessed by a “world-class” security systems integrator:

During the sales process

  1. Really listens to the customer’s needs before trying to sell them anything.
  2. Talks to the customer on his level and uses a minimum of technical jargon.
  3. Honestly explains the strengths and weaknesses of the product he is selling.
  4. Gives the customer an itemized quotation so that he fully understands what he is buying.
  5. Truthfully explains the ongoing maintenance and upgrade costs of the system he is proposing.
  6. Gives the customer a realistic idea of how long the system is really going to last and how quickly it may become obsolete.
  7. Has the courage to tell the customer that what he is asking for really won’t solve his security problem.
  8. Is quick to refer the customer to other service providers when they may be better able to meet the customer’s needs.
  9. Doesn’t try to sell the customer something he doesn’t need just to make a sale.

During the installation process

  1. Fully complies with the agreed upon specifications or contract.
  2. Sends only well-qualified technicians to the jobsite to perform the installation work.
  3. Is respectful of the customer’s workspace; causes minimum disruption, cleans up messes as they are made.
  4. Regularly keeps customer informed as to the status of the installation so that there are no surprises.
  5. Keeps schedule commitments and finishes the installation on time.
  6. Provides an adequate level of user training until the customer is fully comfortable in using the system.

After the sale

  1. Is as quick to return calls and emails to the customer as they were before the sale.
  2. Has a service organization in place so that service calls can be handled promptly and professionally. Has more than one person in their company who can work on the customer’s system.
  3. Takes full responsibility for the problems the client is experiencing – doesn’t try to blame problems on the manufacturer or other parties. Stands behind their product even if it ends up costing them money.
  4. Honors warranty commitments even if customer may be unaware of them.
  5. Lets customer know of expected costs of repairs before they are performed.
  6. Keeps customer informed as to the status of their service request. Tells customer what they are working on, when problem is solved, and what they found.
  7. Calls the customer back periodically to check-in to see how things are going.
  8. Keeps customer informed of system upgrades and enhancements. Doesn’t wait until last minute to tell the customer that their system is at “end-of-life”.

The difference between top-performers and mediocre performers is often only in the way that they handle the small details. Simple things done repeatedly can place a company in the top 5% and allow it to become a “world-class” security systems integrator.

Effective Key Management Procedures

Jan 22

Posted by masilva in Lock Hardware, Security Management | No Comments

Introduction

Despite the widespread use of electronic card access control systems, most facilities still make extensive use of traditional locks and keys at their facilities. It is still much less expensive to equip a door with a standard lock than it is with any type of electronic access control device. For these reasons, most organizations equip only a small percentage of their doors with electronic access devices, and install traditional locks on the majority of their other doors.

Because traditional locks and keys continue to be widely used, it is important that effective security management procedures be put into place to effectively control them.

Lock System Selection

The first step in effective key management begins with the initial selection of the lock system. The first decision is what type of lock system should be used, a “standard security lock system”, or “high-security lock system”. A standard security lock system is less expensive, widely available,  and offers more flexibility in the way that keys can be duplicated. High-security lock systems offer much greater security but are more expensive, available through fewer channels, and generally require that duplicate keys be obtained only through authorized distributors. (See related article High-Security Locks for more information).

Once the type of lock system has been decided upon, the next decision is to choose a lock manufacturer. In many cases, selecting a lock manufacturer also chooses the type of lock cylinders and key that will be used. For example, a series of locks manufactured by the “XYZ Lock Company” probably comes with XYZ lock cylinders and XYZ keys. Cylinders and keys are generally not interchangeable between brands, so once an organization picks one brand of lock and key, they usually need to stick with it.

(High-security lock systems can be the exception to this rule – high-security lock cylinders can often be installed in locks produced by other manufacturers. This allows locks to be upgraded to use high-security keys without requiring that the lock itself be replaced.)

Lock System Design and Keying

Once a type and brand of lock system has been chosen, the next step is to design the system and to determine how it will be “keyed”. This process is normally facilitated by the architectural hardware consultant who is specifying the lock system. The process generally involves creating a matrix that shows all doors in the building, identifying all of the categories of employees that require access through these doors, and establishing which categories of employees need access through each of the doors.

Once this process is completed, the hardware  consultant will design the keying system and create keying chart. This chart may be simple or complicated depending on the type of facility and total number of doors to be controlled. An example of a simple keying chart is shown below.

Simple Keying Chart

The chart shows three levels of keying. The keys at the lowest level are known as “Change Keys”. These keys typically allow access to only a single area or department. For example, in the chart above, the Accounting change key would only allow access into the Accounting Department, and the Human Resources change key would only allow access to the Human Resources department.

The keys at the next level are known as “Master Keys”. These keys allow access to all of the areas or departments shown below them on the keying chart. For example, in the chart above, the Administration Master Key would allow access to both the Accounting Department and Human Resources Department.

The key at the top of the chart is known as the “Grand Master Key”. This key would typically allow access to all areas and all departments in the facility.

The design of a keying system can be a very complex subject and this article just touches on some of the basics. However, when designing a keying system, the following should be considered:

  • There is always a trade-off between security and convenience. While it is very convenient for a manager to have a grand master key that opens every door on the premises, consider the damage that would be caused if this key fell into the wrong hands. Also, having such a key lost or stolen would require rekeying the entire facility – a very costly proposition.
  • When using standard security lock cylinders, master keying makes the lock more susceptible to both “picking” and “bumping”.
  • High-security areas in the facility sometimes should be keyed so that they are not part of the master key system. This is sometimes called keying “off-master”. In some cases, this may be mandated by regulatory requirements. For example, in hospitals, only registered pharmacists are allowed access to pharmacy areas; even the top executives of the hospital are not allowed to enter the pharmacy unless a pharmacist is present. However, keying locks off-master should be done sparingly, otherwise you may end up with a complicated and unwieldy key system.
  • The keying system should be designed to accommodate future growth. For example, if you are constructing one building in a campus that is expected to eventually have three buildings, the keying system should be designed with this in mind.

Using Keys in Conjunction With Electronic Access Control Systems

Doors that are equipped with card readers or other access control devices often have lock cylinders on them to allow them to also be opened with a key.

It is our recommendation that these lock cylinders not be keyed to any key that is routinely carried by employees, including master keys. Having the ability to open an access-controlled door with a key causes false door-forced-open alarms and defeats the accountability feature provided by the access control system.  (See related article Solving the False “Door-Forced-Open” Alarm Problem  )

We recommend that lock cylinders on access-controlled doors be keyed to a special “emergency key” that is used only in the event of system failure. These keys should be kept in a secure location and only issued in the event of an extended access control system failure.

Determining Who Gets Which Keys

Determining who has access to which areas in the facility is an important decision. Some security or facility managers feel pressure to give keys out to anyone who requests them, regardless of need. This is particularly true when the request is being made by a senior executive or manager.

We recommend the following:

  • Written policies and procedures for key issuance and management should be developed and approved by the company’s senior leadership. Once these policies and procedures have been approved, they should be consistently applied.
  • Keys should be issued strictly based on job responsibilities and not seen as a symbol of rank within the organization. Not every manager, director or vice president needs to have a grand master key.
  • Access privileges should be based on normal needs and not exceptions. For example, an employee may be assigned to the Accounting Department and work a majority of his time there, but once or twice per year, he may be called in to work in the Payroll Department. This employee should be assigned a key that works only in the Accounting Department. A key that works in the Payroll Department should be temporarily assigned to the employee only while he is working there and returned when he goes back to his regular job.
  • Many employees request keys that provide access beyond what they need on a daily basis just so that they can respond “in an emergency”. For example, a nighttime supervisor in the Manufacturing Department may claim he needs a master key for the Administrative Offices so that he can get in case of a fire or a water leak. Again, the rule should be to issue access privileges based only on routine needs, and have a procedure in place to allow special access in an emergency.

Key Authorization and Issuance Procedures

Good key authorization and issuance procedures are an essential part of any effective key management system. The following is recommended:

  • All requests for keys should be made on a written Key Authorization Form. Electronic forms may be used as an alternative provided that a reliable method is used to authenticate signatures. An example Key Authorization Form is shown below.
  • Key requests should always be submitted and approved by a second party. In most cases, this will be the employee’s supervisor or manager. An employee should never be able to request and approve a key for himself.
  • Keys that provide access to high-security or hazardous areas should have the approval of the manager that “owns” that area in addition to the employee’s supervisor. For example, a request for a maintenance employee to have access to a Lab area might require the approval of both the Maintenance Manager and the Lab Director.
  • Keys are always issued to individual people, not to departments or companies. For example, if all employees of the IT Department need access to a specific room, each employee should be individually assigned a key. It should never be acceptable for a department head to say “send me up five keys for my people” or to maintain a local stock of unassigned keys that he can hand out at his discretion.
  • All keys should be stamped with a unique key identifier and serial number. The serial number of each key issued to an employee should be recorded on the Key Authorization Form.
  • All employees should be required to personally sign for keys when they are issued.

 

Key Authorization Fom

Getting Keys Back from Employees When They Leave

The biggest key management problems that many organizations face involves getting keys back from employees when they leave the organization. Some typical problems include:

  • Employee quits or is terminated and fails to return keys at the time of their departure.
  • Employee fails to return to work and is terminated but keys are never retrieved.
  • Employee leaves company and turns keys in to departmental supervisor or manager. Keys are kept in department and never returned to person responsible for managing the key system.
  • Employee is promoted or transferred to another department or site and is issued keys for new job but fails to return keys from previous job.

Solving these problems requires close cooperation with your Human Resources (HR) Department. HR is normally involved in every employee resignation, termination or transfer and usually conducts an exit interview with employees on their last day of work. HR should have access to key records so that they know which keys have been issued to each employee. Retrieving the employees keys (as well as access card and other company-owned property) should be an integral part of the exit interview process. When HR receives returned keys, they should be forwarded to the person or department that manage the key system for the organization.

Reporting Lost or Stolen Keys

Employees should be encouraged to report lost or stolen keys immediately. Sometimes, an employee may misplace his or her key and not report it missing right away, thinking that the key may have been left at home or in another place. This can allow several days to transpire between the time a key is first missed and when it is reported lost.

Some organizations charge employees for replacement keys or even make employees pay for all or part of the expense of rekeying locks when a key is lost. In our opinion, this is a poor practice as it often discourages employees from reporting lost or stolen keys. We think it is better for an organization to know that a key has been compromised and bear the expense of rekeying rather than not to know about it at all.

Dealing With Exceptions

Procedures need to be in place to get keys to those who need them under special circumstances. Examples can include employees who temporarily need a key to an area other than their normal workplace, and contractors or service technicians who need keys to work on a specific project.

It is recommended that some type of secure key storage system be used. These can include wall-mounted key cabinets, file cabinets with hanging key files, and drawers used to store keys that have been sealed in small envelopes.

The key storage system should provide the ability to identify and locate each of the keys quickly, and to identify keys which are missing or have not been returned. A written key issuance log should be kept that tracks who each key has been issued to, who approved it, when the key was issued, when it is expected to be returned, and when it was actually returned.

Key Issuance Log

The key issuance log should be periodically audited to identify keys that are missing or which have not been returned at the agreed upon time. Audits should be conducted by the person managing the key system on at least a weekly basis. In addition, independent audits should be conducted by an outside party (such as the security manager) on at least a monthly basis.

To more effectively manage the key storage and issuance process, there are automated key cabinets available. These cabinets store and dispense keys and maintain an electronic record of which key has been issued to who and when. The cabinets also allow alerts to automatically be sent by email when a key isn’t returned as expected. Automated cabinets typically require the use of a numeric PIN code in order to remove or return a key. Some cabinets are also capable of using the employee’s proximity access card to operate the cabinet and remove a key.

Automatic key cabinets are fairly expensive and not right for everyone, but can be a good choice for larger organizations who sign in and out a large number of keys on a daily basis

Automated Key Cabinet

Emergency Access

Many fire departments now require that that keys to the building be kept in a fire department key boxes (often called “Knox Boxes”) located outside of the building. These key boxes are exclusively for the use of emergency responders and cannot be used by company employees. (See related article Security Vulnerabilities Created by Fire Department Key Boxes )

There are cases where employees may need emergency access into areas where they are not ordinarily allowed. If the facility has security officers on duty 24/7, emergency access to locked areas usually can be provided by the on-duty officer.

For facilities without 24/7 security, the best choice is to use an emergency key box. These key boxes are locked but have a breakable glass front. When emergency access to a key is needed, the glass is broken and the key inside removed. The emergency key box should be kept is an area that is secure but accessible to employees who may need to use it. A tamper switch connected to the building’s intrusion alarm or security management system should be provided so that an alarm signal is received anytime a key is removed from the emergency key box.

A written security report  should be required anytime that a security officer unlocks a door to provide emergency access or whenever an emergency key box is used.

Emergency Key Box

 

If you have questions about anything in this article, or need help in planning effective key management procedures for your organization, please Contact Us.

Bad Shear Locks

Jan 22

Posted by masilva in Access Control, Lock Hardware | No Comments

Electromagnetic “shear locks” are a popular choice of architects because the lock mechanism can be completely concealed with the door frame. Unfortunately, our experience with these types of locks has been almost entirely negative. First of all, the door must align perfectly in order for these locks to work. If the door doesn’t fully close and seat properly in the opening, the lock will not bond properly. It’s tough to get a door to align perfectly when its new, and nearly impossible to keep it aligned properly as the door ages.

Second, many of our clients have reported that electromagnetic shear locks are very noisy. When the door closes, the electromagnet in the door frame pulls the armature mounted at the top of the door against the lock. This metal on metal contact can make a loud “clunking” sound that many users find annoying. This noise can be particularly pronounced in places that have hard acoustical surfaces such as building lobbies.

We strongly urge our clients not to use electromagnetic shear locks. In several cases, these locks were installed during new construction but proved to be so unreliable that the building owner decided to replace them with frame mounted electromagnetic locks.  The shear locks were left in the door frame so that there wouldn’t be a need to install a filler plate. This creates a condition where there appears to be two locks on the door, even though the shear locks are no longer operational.

Here are a couple of actual examples of where frame mounted locks were used to replace shear locks:

Example #1:

Example #2:

 

Please Contact Us if you have any questions or need help in solving any type of security door hardware problem.

 

Use of LED Lighting for Security Purposes

Nov 19

Posted by masilva in Security Lighting | No Comments

Having good outdoor lighting is a critical element in providing effective security at your facility. Having good lighting can discourage crime, make it easier to identify criminals, and make your employees and guests feel safer and more secure.

History of Outdoor Lighting

Since the late 1800′s, a variety of different types of technology have been used to provide outdoor lighting. Initially, open arc lamps were used to provide outdoor lighting, but these were soon displaced by the incandescent lamp, which quickly became the standard for both indoor and outdoor lighting.

In the late 1940′s, mercury vapor light fixtures were introduced, and offered the advantages of increased brightness, energy efficiency, and relatively long lamp life. One downside of mercury vapor lamps was the bluish-green color of the light that they produced, which many people found unpleasant. Despite this disadvantage, mercury vapor lights became a popular choice for outdoor lighting and street lighting in the 1950′s and 1960′s.

In about 1970, high-pressure sodium light fixtures came into use. High-pressure sodium lamps are very energy-efficient and quickly replaced the mercury vapor lamp as the preferred choice for outdoor and street lighting. Initially, people were turned off by the orange-yellow glow produced by the high-pressure sodium lamp, but they gradually became accustomed to this type of light. Today, high-pressure sodium lamps are the most popular type of lamp used in outdoor lighting applications.

Despite their popularity, high-pressure sodium lamps are not the best choice for all outdoor applications. In particular, the orange-yellow glow produced by the high-pressure sodium lamp makes it unsuitable when there is a need to accurately identify or display colors. Objects viewed under high-pressure sodium lamps may appear to be different than their actual color; for example an object that is blue may appear to be purple. This is undesirable in some applications, such as at auto dealerships, where it is desirable to display vehicles in their actual colors, or in security applications, where it may be necessary to accurately identify the colors of clothing and vehicles.

To meet the need for an outdoor light source that properly displays colors, metal halide lamps started to be used in some exterior lighting applications starting in the early 1980′s. Metal halide lamps produce a true white light that allows colors to be properly displayed, overcoming this limitation of the high-pressure sodium lamp. Unfortunately, metal halide lamps cost more than high-pressure sodium lamps, are less energy efficient, and don’t have as long of an operating life. Because of these reasons, metal halide lamps have not widely displaced high-pressure sodium lamps and are generally only used where their benefits outweigh the increased costs.

Other types of light sources have been used in outdoor lighting over the years, including compact fluorescent, low pressure sodium, and several others, but none of these have become widely-used alternatives to the high-pressure sodium lamp.

A New Concept in Outdoor Lighting

Recently a new type of lighting known as “LED lighting” has been introduced. “LED” stands for light-emitting-diode, a semiconductor-based light source that creates light through a process known as “electroluminescence”. While most people think that LEDS are a new development, they have actually been around for more than fifty years. However, for most of these years, LEDs were only capable of producing a relatively small amount of light and their use was confined to things such as digital displays and indicator lights. Recent developments have created LEDS that are capable of producing much higher levels of light, allowing them to be used in general lighting applications in place of incandescent or other types of lamps.

The benefits of LED lighting are many and include:

  • Energy savings: LED lights allow a 60% to 90% reduction in the amount of energy used.
  • Long-life: LED lights can last up to 10 years or more.
  • Better color rendition: LED lights are available that produce near white light, allowing colors to be displayed accurately.
  • More directional: LED lights can be directed to the specific area where light is needed, avoiding “light pollution” in unwanted areas.
  • Instant-on capability: LED lights can be turned on and off instantly, making them suitable for use with motion detectors and in other security applications.
  • Ruggedness: LED lights are made of solid-state components and have no filament or glass envelope to break.
  • Friendly to the Environment: LED lights contain no toxic materials.
  • Controllable: LED lights can be dimmed and controlled for color.
  • Flexibility: LED lights are available in a variety of form factors, including wall mounted fixtures, pole mounted fixtures, bollard fixtures and strip lighting fixtures. LED lamps that are direct replacements for incandescent and other types of lamps are also available.

Almost all of the major lighting manufacturers see LED lighting as the wave of the future and are rushing to bring LED products to the market. GE, Phillips, and Osram Sylvania all have LED products available on the market today and plan to introduce many more in coming years. It is reported that some manufacturers have abandoned research on other types of lighting technology because they can’t see it competing with LED technology in the future.

Costs of LED Lighting

At the present time, the cost of LED lamps and fixtures can be four to ten times the cost of traditional lamps and fixtures. Despite the significant savings in energy and maintenance that can be achieved using LED lighting, it can take three to five years worth of savings to pay for the initial purchase price. This length of time often exceeds the “return-on-investment” (ROI) criteria used by many commercial businesses when deciding on whether or not to make a capital investment.

However, many local power companies want to encourage the use of energy-saving technologies such as LED lighting and may offer one-time rebates and/or a reduced rate per kilowatt hour if LED lighting is installed. Some organizations may also be eligible to receive grants from government agencies to fully or partially fund an upgrade to LED lighting. This can alter the economics of the investment decision and may help justify the purchase of LED lighting.

Should You Upgrade Your Security Lighting to LED?

It is the opinion of Silva Consultants that LED lighting will eventually become the preferred choice for all outdoor security lighting. However, we are hesitant to recommend that all facilities immediately upgrade to LED lighting at this time. It is our opinion that this emerging technology will only get better and cheaper over the next several years, and that those who can postpone making an upgrade at this time probably should. Often those who are “early adopters” of any technology come to regret it just a year or two later when the same or better products are available at half the cost.

We suggest the following:

  • If your facility has an immediate need to upgrade its lighting, go ahead and consider the use of LED light fixtures as an alternative to traditional high-pressure sodium or metal halide fixtures.
  • If you don’t have a need to immediately upgrade your lighting, take some time to research LED lighting but consider postponing your upgrade plans for a year or two.
  • If you want to take some “baby steps”, experiment by using LED lighting fixtures on a limited basis now. For example, try replacing some of your existing wall pack light fixtures with an equivalent LED wall-pack fixture, or buy some LED lamps as replacements for some of your incandescent lamps.

Have questions about the use of LED lighting for security purposes? If so, please Contact Us.

Also see related article: Evaluating Your Parking Lot Lighting

Understanding the Risks of Local Crime

Oct 10

Posted by masilva in Security Management | No Comments

The Need to Understand Local Crime Conditions

To properly manage security risks at your facility, you need to know what they are. Yet it is amazing just how many managers responsible for security are totally ignorant of the types of crimes occurring in their community or even within their own facilities.

Property owners who are sued by an employee, tenant or guest for “negligent security” often find out too late just how important having knowledge of local crime conditions is. Often the first thing the plaintiff’s attorney does is to obtain local crime data for the site where the alleged incident occurred in order to determine if the crime was “foreseeable”, and if so, was “reasonable care” taken on the part of the property owner to prevent the crime from occurring.

It looks very bad to the jury when the property owner’s representative on the witness stand is asked: “How many crimes of a similar type were committed in your neighborhood over the last three years?” or “What did you do to determine the degree of potential crime at your property?” and the witness cannot properly answer. If you don’t know the type and degree of crime at your site, how could you have possibly designed an effective security program to prevent it?

Aside from legal liability considerations, there are many practical reasons for accurately knowing local crime conditions. Most security budgets are tight and it makes sense to direct the money being spent to areas where it matters most. For example, if the threat of armed robbery is high at your site, money should probably be spent on preventing robberies before making security investments elsewhere.

Determining the Risks of Local Crime

There are many sources of data that can help the property owner to determine the risks of local crime. Most of these data sources are publically available at little or no charge; a few require the payment of a fee. Because no source of data is perfect, it is generally necessary to gather information from multiple sources in order to gather a complete picture of the crime risks at your location.

There are six primary sources of local crime data: internal incident reports, crime data provided by neighboring facilities, police crime statistic reports, police calls-for-service reports, commercial crime forecast reports, and custom crime analyses prepared by security consultants.

Internal Incident Reports

Many organizations have an internal security incident reporting system that gathers data about crimes and other security incidents occurring at their facilities. Employees report crimes and security incidents to a central source such as the security department, and this data is compiled on a periodic basis to produce reports that summarize the rate of reported crime at the facility. If well managed, an internal incident reporting system can produce a highly accurate picture of the rate of crime at any given facility.

If your organization does not have a good security incident reporting system in place, it should establish one immediately. (See related article: Security Incident Reporting System )

Crime Data Provided by Neighboring Facilities

The type and frequency of crimes occurring at neighboring facilities are very significant when attempting to determine the risk of crime at your facility. While some of this type of information may be obtainable through public sources such as police reports, it is best to get it directly from your neighbors when possible. This can be a delicate situation, as people often don’t want to share information about security problems with outsiders. These objections can usually be overcome when a mutually beneficial relationship with the neighbor has been established in advance.

We recommend that people who are responsible for security reach out to their counterparts at neighboring facilities. For example, if you operate a factory in an industrial park, you should contact the security and/or facility managers at each major business within a one-mile area surrounding your facility. Introduce yourself and explain that you want to establish an informal network for sharing information about security problems occurring within the neighborhood. Some businesses actually form a “crime watch” group and have regular meetings; others just get together for coffee occasionally to discuss areas of mutual concern.

Once your information sharing “network” has been established, you should proactively reach out to neighbors to get periodic updates on what types of security problems that they have been experiencing. You should consider this information to be an important indicator of the types of crimes that could occur at your facility, and make corresponding adjustments to your security program as needed.

Police Crime Statistics Reports

Police departments and other local law enforcement agencies maintain some type of crime reporting system and typically provide crime statistics reports on at least an annual basis. Although agencies are encouraged to use the Uniform Crime Reporting (UCR) Program and National Incident-Based Reporting System (NIBRS) established by the FBI, participation is voluntary. As a result, there is vast inconsistency in the type and quality of police crime statistics available as you go from city to city throughout the United States.

In general, each city or county will be divided up into multiple geographical areas, which may be called “zones”, “sectors”, or “precincts”. Each of these areas may be further sub-divided into “beats” or “districts”. These areas sometimes correspond with US Census Bureau Census Tracts.

Crimes are usually categorized by type and whether they are “violent” or “non-violent”. Some police agencies provide detailed breakdowns of each type of crime, others summarize crimes in a more general way.

Periodically, the police agency may produce an updated Crime Statistics Report. This is usually done at least annually, but some better agencies also produce reports on a quarterly or even monthly basis. An example of a typical Crime Statistics Report is shown below.

Police crime statistics can be a useful tool in determining the level of security risk at your site, but are not perfect. Often, the geographical areas used in police crime statistics reports may be too large to accurately indicate crime conditions at your specific site. For a example, if the “beat” in which your facility is located is five square miles in size, it is unlikely that crime is evenly distributed throughout this geographic area. There may be one or more “hotspots” within this area that are responsible for generating a large percentage of the reported crime.

Police crime statistics are best used to provide a general awareness about crime occurring in your city and neighborhood and to establish whether crime has increased or decreased within recent years. By obtaining several years worth of reports, and comparing them year to year, it may be possible to establish a trend as to which types of crimes are on their way up and which types are on their way down.

Police Calls-for-Service Reports

Almost every local law enforcement agency today uses some form of computerized dispatch system. These systems keep track of every call made to 911, and log the time the call was received, the location, the nature of the incident, the officers who were sent to call, and the final disposition. Using the computerized dispatch system, it is possible to create a report of every call made to the police concerning any given address in the city. These reports are known as “Calls-for-Service” reports.

Calls-for-Service reports often can be obtained from the law enforcement agency for free or for a small charge. In some jurisdictions, a report can simply be requested by telephone or email, in other jurisdictions, a formal request must be filed using Freedom of Information Act procedures.

Reports are requested by providing the address of the facility and the time period for which the information is needed. For example, one might request all calls-for-service information for the address 101 Main Street for the years 2010, 2011 and 2012. In some cases, requests can be made for a range of street addresses (100 block of Main Street through 1200 block of Main Street) rather than just for a single address.

Once obtained, the Calls-for-Service report will provide a listing of incidents at the location by date, including type of incident (theft, vandalism, etc.) and disposition (arrest made, report taken, false alarm, etc.) An example of a Calls-for Service report is shown below.

It is important to note that most Calls-for-Service reports are not written to be used by the average consumer. They are cryptic in nature and provide raw data that may include numerous codes and abbreviations. You will need to get explanations of each type of code in order for the data to be meaningful, and will need patience in attempting to make sense of the report. Also, there are generally no summaries or recaps provided in the report, you will need to do this yourself to get statistics that can be properly analyzed.

While Calls-for-Service reports can be difficult to obtain and hard to use, they are one of the best sources of crime data available as they provide actual information about reported crime at any given location.

Commercial Crime Forecast Reports

There are commercial service providers who sell Crime Forecast Reports that specifically rate the risk of crime at any given address. These reports are created using a computer model that evaluates police crime statistics as well as many other factors including population data, economic data, housing data, and other socioeconomic conditions. One popular provider of Crime Forecast Reports is CAP Index.

Commercial Crime Forecast reports can be purchased online. To obtain a report, you simply type in the address of the facility and within minutes a customized report is available for download. This report provides numeric scores for each type of crime including homicide, rape, robbery, assault, burglary, larceny, and car theft. Separate scores are provided that compare crimes on a county, state and national level. Scores for previous years as well as projected scores for future years are provided that allow you to establish whether crime is on the upswing or downswing. A map is typically provided with the report that shows crime scores at the site as well as in the surrounding neighborhoods.

The advantage of Commercial Crime Forecast reports is that they are quick and easy to obtain, and that they allow rapid apple-to-apples comparison of crime rates between sites. For example, if you own a chain of 30 fast-food restaurants in different cities, you can obtain Commercial Crime Forecast reports for each one, allowing you to quickly identify locations that have higher than average crime scores. Trying to do this through other means (such as by using police crime statistics reports ) is nearly impossible because of the inconsistency in the ways in which different police departments provide crime data. Because of this, Commercial Crime Forecast reports are widely used by many large corporations who operate facilities in multiple locations throughout the county.

Despite the popularity of Commercial Crime Forecast reports, some security professionals are skeptical of their accuracy. These professionals claim that the computer algorithms and methodology used to create the crime forecast scores are proprietary and have not been subject to any type of peer review. Further, many security professionals are opposed to the use of any type of socioeconomic data in crime forecasting as they feel that it is inaccurate and possibly discriminatory.

Custom Crime Analyses

Because of the complexities of determining the risks of local crime, some property owners choose to hire a security professional to conduct a custom crime analysis for their facility. This can be done as a part of a complete Security Assessment for the facility by a physical security consultant, or can be done as a separate engagement by a consultant who specializes in crime analysis.

The consultant will typically gather data from sources such as incident reports, crime statistics, and calls-for-service reports and compile it into a usable format. The data can then be analyzed and presented to the property owner in a meaningful way. Most consultants who specialize in this work have spreadsheets or computer programs that simplify the data gathering and analysis process.

While probably the most expensive method of obtaining crime data, custom crime analyses are generally the most accurate. They should be used when contemplating major investments in security improvements or when legal litigation is a possibility.

Other Sources of Crime Data

There are several other sources of crime data that may be available at your location:

  • Many police departments now provide online crime maps that provide real-time information on reported crimes occurring within their jurisdiction. Be careful; there are some commercial providers that offer crime maps that are inaccurate or provide incomplete information.
  • Some jurisdictions provide a mapping service that includes the locations of the homes of registered sex offenders. While not applicable to all situations, this information can be useful to know when planning security for some types of facilities.
  • Some police departments now offer real-time Twitter feeds that provide notification when certain types of crimes are reported in the community. If your police department doesn’t offer this service, consider using Google Alerts to create your own notifications when local crimes occur in your community.

If you have questions about how to determine the risks of local crime, or need help in assessing your security risks and in planning your security program, please Contact Us.

 

Top 15 Problems Found During a Security Assessment

Sep 4

Posted by masilva in Security Management | No Comments

Over the past 25 years, Silva Consultants has conducted more than 350 physical security assessments for a wide variety of different types of clients. While each project is unique, certain problems seem to come up time and time again. The following is a list of the top fifteen problems that we have found when conducting physical security assessments for our corporate clients. Check this list to see of any of these problems may exist at your company:

  • There is no real support for the company’s security program from senior management. Members of the leadership team fail to follow security procedures themselves, setting a bad example for the rest of the company’s employees.
  • Employees don’t receive formal security awareness training and lack knowledge of the company’s security policies and procedures. Employees have not been properly trained on how to deal with events such as workplace violence.
  • Employees fail to take basic precautions to protect company-owned and personally-owned assets. Offices, desks and workstations are frequently left unlocked; high-value items such as laptop computers, purses and backpacks are left unsecured.
  • There is poor supervision of the contract security guard service used at the company. Too much reliance is placed on the contract security agency to properly supervise its own security guards, with little of no oversight provided by the client who hired them.
  • There are poor visitor control procedures: visitors aren’t required to verify their identity, some types of visitors come through back entrances and don’t sign in, visitors are not properly escorted in and out by employees, many visitors fail to sign out when they leave.
  • There is poor compliance with the company’s identification badge wearing policy; many employees and vendors don’t wear their badges, badges are worn in the wrong location or hidden, pictures on badges are outdated and unrecognizable.
  • There are gaps in security background check procedures; while procedures for regular employees may be good, there is improper reliance on vendors and contractors to background check their own employees; some types of contract employees may go unscreened.
  • There is poor control of keys issued to employees: no justification for who gets issued which keys, no good record of who has been issued keys or when, no procedures for dealing with lost or missing keys, no assurance that keys are turned in when an employee leaves the company.
  • There is no good system in place to track thefts, losses and other security incidents: many incidents go unreported, there is no follow-up on incidents, and a quarterly or annual report that summarizes incidents is not prepared or analyzed.
  • There are poor procedures for handling confidential information: sensitive documents are found left lying in unsecured areas, confidential file cabinets have inadequate locks, confidential information is placed in regular trash or recycle containers rather than shredded.
  • Doors at building entrances and at secured interior areas don’t close properly or are left unlocked or propped open by employees.
  • There is poor control of shipping/receiving/loading dock areas: doors are left open while unattended, valuable merchandise is left unsecured on the dock, and delivery drivers allowed to wander into secured areas.
  • Employees managing and monitoring the company’s electronic security systems don’t really know how to use them. Only a small fraction of the security systems capabilities are being used.
  • Electronic security systems are not thoroughly tested on a regularly scheduled basis.
  • There is inadequate lighting in the company’s exterior parking areas and along the exterior pathways to the building.

If you need Security Assessments conducted for any of your facilities, or need help in solving any of the problems listed above, please Contact Us.

The Receptionist’s Role in Security

Jul 27

Posted by masilva in Security Procedures | No Comments

Most companies and organizations have a receptionist at their front desk or main building lobby. Duties of the receptionist typically include greeting visitors, answering the telephones, and the handling of incoming mail. At some companies, the receptionist may perform other duties such as filing, the scheduling of conference rooms, managing employee schedules and other clerical functions.

In addition to their other duties, receptionists also play a critical role in the building’s overall security program. Receptionists are often given the task of signing in visitors, issuing visitor badges, controlling access in and out of the building, and observing suspicious activity. This is particularly true at buildings where no security officers are provided and the receptionist serves as the first (and sometimes only) line of defense against unwanted guests and intruders.

Because of the crucial role that they play in security, it is important that tools be given to receptionists to allow them to effectively perform their security duties. Here are some suggestions:

  • The receptionist’s security responsibilities should be formally defined and included in the receptionist’s job description. When both a receptionist and a security officer are assigned to work in the lobby, the specific roles and responsibilities of each should be clearly defined.
  • People who are assigned to be a receptionist should have the personality and aptitude necessary to perform this job. Receptionists should have a cheerful and outgoing personality, enjoy working with people, and have the ability to deal with conflict when necessary. Many people who are excellent at doing other types of clerical work may be unqualified to work as a receptionist or be uncomfortable when performing this role.
  • Receptionists should receive formal security training that includes guidelines for spotting suspicious behavior and techniques to verbally de-escalate potentially dangerous situations.
  • The building lobby should be designed in such a way that the receptionist is not the only thing that stands in the way of an intruder entering the building. A well-designed lobby can greatly increase the effectiveness of the receptionist and greatly improve building security. (See Designing Lobbies for Good Security).
  • The receptionist’s primary job should be to greet visitors. If the volume of visitor traffic is relatively low, the receptionist can be assigned other duties, but these duties should be of a type that can be stopped immediately when a visitor arrives. Duties assigned to the receptionist should not require the receptionist to leave the lobby area.
  • It is common practice for the receptionist to also serve as a telephone operator and to answer the organization’s main telephone line. We discourage this practice because the telephone operator role can be a time consuming job during certain periods of the day, and because the receptionist cannot immediately stop talking on the phone when a visitor arrives. We also think that it is unwise to give everyone sitting in the lobby the opportunity to overhear incoming telephone calls.
  • Good visitor control procedures should be established and communicated to all employees. To automate the visitor sign-in process, consider the use of an electronic visitor management system. (See Introduction to Electronic Visitor Management Systems).
  • We highly recommend that all incoming deliveries and packages be received at the mailroom or shipping/receiving department, not at the receptionist’s desk. If this is not possible, receptionists should receive training on the spotting and handling of suspicious packages, and a separate storage area for packages should be provided near the receptionist’s desk.
  • The receptionist’s desk should include a panic alarm system that allows help to be summoned quickly in the event of an emergency. (See Introduction to Panic Alarms).

 

If you have questions, or need more information about the role of the receptionist in security, please Contact Us