Risk UK March 2014

Security and Fire Management

Access control and integrationIdentifying security blind spotsThe proactive approach to data managementNews and views from the Industry Associations

March 2014

Cover mar14_001 06/03/2014 13:55

Galaxy® Mobile App

Complete remote control, at the touch of a button

GX Remote Control the new Mobile App from Honeywell, allows you to access your Galaxy system remotely anytime, anywhere. Managing the security of your home or premises has never been easier, whether you need to check if the children have arrived home safely or if you have set your security alarm, GX Remote Control has it covered. Download GX Remote Control free from iTunes or Google play to experience the convenience and simplicity of security on the move.

All other company names and products are trade names, trademarks or registered trademarks of their respective companies.

For more information on the Galaxy Mobile App visit www.galaxyflex.com or call 08448 000 235

© 2014 Honeywell International Inc. All rights reserved.

Project2_Layout 1 06/03/2014 12:53 Page 1

Contents42 Going backwards?UK property protection in reverse gear? Here we digest theopinions expressed in the recent AiS London lecture

44 Floods make wavesFlood claims volumes should prompt review of insurance claimsoperations says Owen Knight of RPost UK

46 Justice for all... Victims of crime – justice where art thou? Asks CrawfordChalmers, ASIS UK Chapter Charity Liaison Lead

48 Technology in focusA round-up of some of the latest new products on the market

54 Risk in actionSuccessful security and fire case studies revealed

59 Time for listeningThe ‘Fire Minister’ throws down challenges but will he listen tothe answers?! asks Graham Ellicott of the FIA

60 Tenant protectionAndrew Bennett of Eversheds looks at the fire risks in multi-occupancy buildings

63 IT NewsNews stories from the IT and data security sectors

65-82 The IT Security Section This month we have contributions on IT and business securityissues from Optimal Risk, Iron Mountain, Nice Systems, Grid-Tools, Safetica, Technocover, Sword Active Risk, Assa Abloy, NewNet Technologies, Manigent and CrowdControlHQ.

83 The Risk UK Directory

March 2014

3www.risk-uk.com

ISSN 1740-3480

Risk UK is published 12 times a year and is aimed at riskmanagement, loss prevention and business continuityprofessionals within the UK’s largest commercialorganisations.

© Pro-Activ Publications Ltd, 2014All rights reserved. No part of this publication may bereproduced or transmitted in any form or by any means,electronic or mechanical, including photocopy, recording, orany information storage and retrieval system, without thewritten permission of the publisher.

The views expressed in Risk UK are not necessarily those ofthe publishers.

Risk UK is currently available for an annualsubscription rate of £78.00 (UK only)

RISK UKPO Box 332,Dartford DA1 9FF

Managing Editor Andy Clutton Tel: 0208 295 8308E-mail: [email protected]

Contributing Editor Geny Caloisi E-mail: [email protected]

Design & Production Matt JarvisTel: 0208 295 8310 Fax: 0870 4292015E-mail: [email protected]

Advertisement Director Paul AmuraTel: 0208 295 8307 Fax: 0208 295 1919E-mail: [email protected]

Administration Tracey BealeTel: 0208 295 8306 Fax: 0208 295 1919E-mail: [email protected]

Managing Director Mark Quittenton

Chairman Larry O’Leary

Editorial: 0208 295 8308Advertising: 0208 295 8307

6 NewsNews stories for security and fire professionals

11 AppointmentsSome of this month’s movers and shakers

13 Utilities - protecting supplies Geny Caloisi looks at how society keeps ticking when its utilitiesare safe and secure

16 Ensuring IP availabilityEnsuring maximum availability of HD IP video, as well as costeffective deployment and running costs, are critical today

19 Watching over us in 2014BSIA CCTV section chairman Simon Adcock looks at how qualityCCTV application will remain high on the agenda in 2014

21 Counter-Terror Expo 2014 previewAn overview of some of the attractions at this year’s event

25 A blaze of good newsFire safety is improving significantly, helped by measuresincluding fire risk assessments, says Keith Strugnell of SSAIB

27 Achieving key security successWhy best practices provide best value when implementing keycontrol and asset management systems

32 Setting the standardA warning about the false sense of security CE marks provide

34 Integrating benefitsAdam Bernstein looks at access control and integration in thesecurity sector

38 Security blind spotsCritical infrastructure advice from Ian Graham of Verint Systems

40 Intelligent integrationHugh Hamill of Boston Networks looks at the shift towardsintegration and intelligent building systems over IP

70 - Predicting the unpredictable

EDIT contents_riskuk_Dec12 06/03/2014 12:52

Evacuate Everyone

Signalling Solutions

Machine Room

Hotel RoomFactory

Gymnasium

Even something as innocuous

evacuation systems.

EDIT comment mar14_riskuk_mar14 06/03/2014 13:34 Page 1

5December 2012

www.risk-uk.com

Comment

Don’t cut security spend based on statistics..

In February the security company Farsight released its call-outstatistics from the last three years and reiterated the importanceof an effective security system regardless of the economic

climate. The Office for National Statistics released its latestemployment figures this month. The statistics show a decrease inunemployment of 1.2% - representing a continued decline sincehitting the17-year peak at the end of 2011.

Unemployment and less disposable income are traditionallylinked to crime rates, but Farsight’s police call-out stats for the lastthree years contradict this theory. Average number of police call-outs, per site, has consistently remained between one and twoevery year during the three-year period 2011-2013, says thecompany.

And ironically, in the month when lower unemployment figureswere released, Farsight had one of its busiest months with threearrests made in the first three weeks of the month. That is almostdouble their average arrest rate from the past three years.

Malcolm O’Shea-Barnes, Farsight’s Senior Operations Manager,said: “It’s dangerous to assume that lowering unemploymentmeans lower crime rates. There’s no real synergy between the two,as our call out statistics for the past three years reflect.”

“Security monitoring systems are often regarded as a grudgepurchase but we see time and time again how our monitoring cansave companies a small fortune through crime prevention. Threepotential crimes have been averted this month and arrests made.This is proof, if it was needed, that security systems are asessential now as ever and they do pay themselves many timeduring the course of their lifetime.”

And the report is also proof that anyone looking for the slightestreason to cut spending on any areas of security is playing a riskygame. Yes there might be fewer people out of work at the momentbut the population is higher than it ever was, so you’ll probablyfind that it is not the criminals that are suddenly finding gainfulemployment, but it’s the latest batch of school/university leaversand those who need to find a new job following redundancy or aspell of child rearing etc getting jobs. We still have plenty of careercriminals rather than criminals with new careers.

So often when budgets are tight the first things to fall under themicroscope are the ‘non-productive’ elements of a business, i.e.marketing and security. Unfortunately cutting one leaves your newcustomers unaware who you are and the other gives the criminalswho do know you, an easier way in.

Security is like insurance – it’s a bit of a grudge purchase formost of us but you never know when you will rely on it and ifyou’re living without it, you’re essentially gambling. Don’t justthink of the security risks involved think of the after-effects too.More often than not, these after-effects are the real crippler forcontinuing in business.

Therefore the warning is: if you do decide to look again at yoursecurity spend to try and find areas that can be cut or reduced youmight be putting yourself, and your staff, at risk of becoming oneof the people on next year’s unemployed statistics. And thecompetition for those in that situation is tougher than ever,despite any government spin. Andy Clutton - Managing Editor

Cutting risks

Tel: +44 (0)1706 233879

Signalling Solutions

• EN54-23 compliant beacon technology

•

•

•

•

Sonos Pulse Wall

Sonos Pulse CeilingEN54-23 Coverage: C-3-15

EN54-23 Coverage: W-3.1-11.3

FEATURING:

EDIT comment mar14_riskuk_mar14 06/03/2014 13:34 Page 2

News

6www.risk-uk.com

Sprinkler study shows potential savingsOne in five warehouses in England,approximately 621 premises, will have a firerequiring the attendance of fire fighters eachyear. The total annual cost to the UK economy offires in English warehouses without firesprinklers is £232 million.

The main finding from a three-year studyconducted independently by BRE Global andcommissioned by the Business Sprinkler Alliance(BSA) has shown that sprinklers are, on average,a cost effective investment for warehouses with afloor area above 2,000 sq/m, with the greatestbenefit arising from the reduction in direct firelosses.

The study looked at the whole-life cost benefitanalysis for fire sprinkler installation in threeranges of warehouse sizes.

Key findings from the BRE study include:• The whole life costs for warehouse buildings

larger than 2,000 sq/m (around half a footballpitch in size) with fire sprinklers are on average3.7 times lower than ones without them

• Fire sprinklers were, on average, not cost-effective in warehouses with an area below2,000sq/m

• Environmental benefits from sprinklersinclude a reduction in CO2 emissions from fire,reduced size of fire and reduced quantities ofwater used to fight fire

• Only 20% of warehouses between 2,000 and10,000sq/m are fitted with fire sprinklers. Forwarehouses above 10,000sq/m, the estimatedfraction with fire sprinklers is 67%

• If all warehouses above 2,000sq/m werefitted with sprinklers, the annual saving tobusinesses in England could be up to £210m.

Dr Debbie Smith, Director of Fire Science andBuilding Products at the BRE, said: “Despite ayear-on-year decrease in the number ofcommercial fires, the estimated annual cost ofthese fires is rising along with related societaland environmental impacts. This project hasbroken new ground in terms of evaluating thesebroader sustainability impacts of fire inwarehouses and demonstrating that, on average,sprinklers can be shown to deliver a net benefit.”

Iain Cox, BSA Chairman and former Chief FireOfficer of Royal Berkshire Fire and RescueService, said: “The findings of this study scratchthe surface in terms of the return fire sprinklersbring to business. In the future the BSA intendsto look at the cost effectiveness fire sprinklershave on other sectors, such as manufacturing.What is clear from the current research is thatinsurance alone is not enough to fully protectcompanies from the long-term impacts of fire. Weurge the Government to do more to encouragethe installation of fire sprinklers in commercialpremises and promote a better understanding ofthe positive impacts of physical resilience.”

News

Euralarm presents PEARS conceptEuralarm recently participated in theArchimedes Round Table discussion on CrisisManagement and Civil Protection. Theassociation of European manufacturers,installers and service providers of theelectronic fire safety and security industrypresented its PEARS project and the way theproject supports in sharing data in theemergency management process.

The focus topic of the recent Archimedesround table (Warsaw) was to identify gaps forefficient and effective operations of crisismanagement and civil protection. Beside severalproject reports, the experiences from asimulation game were used to stimulate anintensive discussions between the R&Dcommunity (e.g. Industrial Research Institute forAutomation and Measurement, UniversitéCatholique de Louvain, Scientific and ResearchCenter for Fire Protection) and end users (e.g.firefighters Dortmund, Spanish National Police,crisis information centre).

These discussions showed that sharingdata/information in the emergency managementprocess is of vital importance for efficientoperations. This is in line with the results of the

PEARS project and the first ideas about a“European Emergency Communication” from thefire section of Euralarm.

Thorsten Ziercke, Euralarm’s project leaderPEARS took the opportunity to present thePEARS-Alert4All concept. The project haslearned that fire and security products not onlycan but also should be integrated into publicalert systems. The extensive installed basecould be easily upgraded to receive alert signalswhich could be utilised to activate audibleand/or visual warnings. More sophisticatedsystems can convert public alert messages intointelligible voice messages or display the samemessage on PCs. Integrating existing safety andsecurity systems into a public alert scenariocould be a cost effective and rapid alternative toreach large parts of the population.

Since the first presentation of the concept inOctober 2013 the PEARS-Alert4All conceptreceived positive feedback. End users such asfirefighters, police organisations and crisisinformation centres were invited by the Euralarmproject leader to contribute to thestandardisation groups CEN TC 391 and ISO TC223 that are looking for experts from civilprotection to make their standards even better.

EDIT news mar14_riskuk_mar14 06/03/2014 13:36 Page 2

Sophistication is not about size The Integriti Security Management System is an IP connected access control

and intruder security system that offers sophisticated centralised management

for both small systems on a single site, or large systems distributed across the

country or across the globe.

With a growing list of new installations take a moment to think of what you’re missing! The Integriti system offers an

advanced suite of software,

hardware and integrated

solutions to deliver complete

management of your entire

integrated system.

Have you tried Integriti yet?

+44 (0) 845 470 5000Inner Range Europe LimitedUnits 10-11 Theale Lakes Business Park

Moulden Way, Sulhampstead

Reading, Berkshire RG74GB UNITED KINGDOM

[email protected]

a4 integriti 0ne page UK.indd 1 4/12/2013 8:40 am


8www.risk-uk.com

ANPR growth affecting barrier salesThe growing adoption of automatic numberplate recognition (ANPR) technology is havingan adverse impact on the vehicle entrancecontrol industry, specifically the vehicle barrierand off-street parking systems markets.According to IHS, the presence of ANPRtechnology is increasing the most for toll waysand off-street parking garages, which isnegatively impacting the growth of vehiclebarriers. In ANPR mature markets such as theAmericas where the adoption of the technologyis prevalent, highway/toll barrier revenues areprojected to decline by 16.1% from 2013 to 2017.

ANPR systems work by using cameras withoptical recognition capabilities to identifyvehicles and grant access while minimizingcongestion. Less congestion allows systems tooperate at a higher profitability thus increasingthe system’s ROI in comparison to traditionalbarrier solutions.

The most popular use of ANPR systems is intolling which allows cars to pass freely whilepenalising unpermitted vehicles through theirlicense plate registration. IHS estimated theglobal tolling industry to be worth $3 billion in2013 and projects tolling to be the fastestgrowing ANPR application in the world. Thegrowing trend of privatisation within the tollingsector, along with the lack of governmenthighway financing in mature markets such as

Western Europe and the United States, hasincreased the popularity of ANPR technology inorder to optimise profitability.

A less developed trend is the use of ANPRtechnology in off-street parking systems. ANPRallows for ticketless off-street parking systemsthat can offer subscription or long-term parkingoptions. These cameras can not only increase theeffectiveness of parking revenue by reducingfraud and allowing for faster ticketless entry, butthe cameras can also be integrated into 24-hoursecurity systems which increases their value. IHSprojects parking to be the third fastest growingapplication for ANPR from 2012 to 2017 with acompound annual growth rate (CAGR) of 9.4%.

The main barrier for the ANPR technology isthe price. The image quality of ANPR cameras iscrucial for vehicle entrance control revenuesystems because any motion blur could result inrevenue loss. This requires investment in bothANPR hardware and software which can becostly. IHS predicts the highway/toll barriermarket to be the most significantly impacted bythe increasing adoption of ANPR technology inthe vehicle entrance control market. The impacton the off-street parking sector is currentlyminimal; however as more parking garages lookto adopt ANPR this will ultimately result in lessrequirements for traditional parking hardware.This could be problematic for suppliers that donot invest in ANPR technology.

Gate Safe gets design backingSecured by Design, the official UK Policeinitiative supporting ‘designing out crime,’ isbacking up ‘Gate Safe’, a charity thatcampaigns to improve standards of safety forautomated gates.

References to Gate Safe will feature on theSecured by Design Guides for Homes, Schoolsand Commercial premises.

Established in 1989, Secured by Design isowned by the Association of Chief PoliceOfficers (ACPO) and focuses on the design andsecurity for new and refurbished homes,commercial premises and car parks, as well asacknowledging quality security products andcrime prevention projects.

Publisher extends riskmanagement contractImmediate Media has extended its riskmanagement contract with PilgrimsGroup. Pilgrims was initially awarded atwelve month contract in 2012 toprovide front of house security withcustomer facing officers. There wasalso a need for security personnel tobe flexible and able to adapt tochanges in the usual officeenvironment, as Immediate Media’soffice has a bar and recreation areawhich are used for events.

The newly awarded contract marks acontinuation of this service and willsee Pilgrims provide manned guarding, front of house, customer services,access and egress as well as ad hoc services for open days, events andconferences. Pilgrims MD, Bill Freear, says, “Having this contract extended byImmediate Media demonstrates our client’s satisfaction with the service thatwe’ve provided. Once again, it shows that the quality of the people we provideis our success story.”

Edel Ryan, Facilities Manager at Immediate Media, says, “We awardedPilgrims the contract after they stepped in to help with a temporary task duringthe refurbishment of the company’s new office in Hammersmith. Once again,they have faultlessly created an impression of a friendly and safe environment.”


9www.risk-uk.com

News

Mitie bags £15m contract withLondon BoroughMitie has been awarded a seven-year contractin excess of £15m with the London Borough ofSutton. The company will deliver a range offacilities management services includingmechanical and electrical maintenance, buildingfabric repairs, security, front of house, wasteand care-taking services across the Borough’sstock of 190 buildings and schools.

Mitie was chosen for its solution which willdeliver value for money, robust contractmanagement, and engagement with the widercommunity including apprenticeshipopportunities.

12% growth for CCTV market predicted The worldwide market for videosurveillance equipment is expected toexpand by more than 12 percent this year,according to a white paper from IHSTechnology entitled “Trends for 2014 -Video Surveillance Trends for the YearAhead.” Revenue in 2014 is expected to riseto $15.9 billion, up from $14.1 billion in2013, as presented in the attached figure.

“During the past decade the videosurveillance equipment market has grownquickly, expanding at a double-digit rate inmost years,” said Niall Jenkins, researchmanager, video surveillance and securityservices for IHS. “This year will be noexception, with growthled by strong demandfor fixed-dome and180/360-degreenetwork cameraproducts. As for verticalmarkets, the citysurveillance andutility/energy sectorswill drive the biggestincreases in sales.”

Southeastern upgrades securityThe operation centre forSoutheastern Trains, inRamsgate, serves over 170stations throughout Kent, EastSussex and London andemploys over 3,800 people.Over the past year,Southeastern Trains hasupgraded security at itsRamsgate Engineering Depot,where its trains aremaintained, cleaned andserviced. Ramsgate is also animportant location for thecomings and goings of many of thecompany’s staff. The initial requirement forthe project was to increase security atbarriers in and out of the site, ensuringaccess was strictly monitored.

The installer, ICL, approached Castelbecause its Softphone Intercom productfitted the client’s requirements. The CAP IPV1B (single-button video) intercom has nowbeen installed at the depot’s gates andbarriers. The system calls back to operators

who use Castel’s Xellip Media Softphone ontheir PCs to answer calls and view images.Calls are diverted out of hours to theSoutheastern Trains control room, which is ata different location.

Thanks to the ease of installation of theequipment and the way in which theintercoms can be integrated intoSoutheastern’s expanding system, furtheraccess control solutions at the site have beenearmarked for development throughout 2014.


Hazardous area andequipment guidepublishedE2S Warning Signals haspublished a new ‘Guide forHazardous areas’ which isavailable as a free downloadfrom their website. The guidehas been put together withspecifiers and hazardous areaengineers in mind with matrixtables that enable fast cross-referencing of informationbetween the main certificationsystems: ATEX, IECEx, NorthAmerican and Canadianstandards. Protection conceptsare listed along with applicablezone, class or division andtypical equipment protection

level in an easy to read format. In addition, the guide contains ample

reference information related to gas and dustatmospheres and potentially explosiveenvironments, such as:

• Gas and dust groups and typicalsubstances according to the main certificationsystems

• Maximum surface temperature ofequipment, temperature classifications andignition temperature limits of gas / dust

• Apparatus groups and typical ignitiontemperatures for common gases, vapours anddust

• Type of protection and basic concepts ofprotection listed by zone according to ATEX &IECEx and class and division according to USand Canadian standards

• IP ratings and NEMA enclosure types • Typical equipment markings of hazardous

area signalling products from the E2S portfolio.

News

10www.risk-uk.com

Security improved following theftGreen Gate Access Systems has created ‘peaceof mind’ for customers and employees at RatesFord, Essex, following the theft of a clients’ carfrom the speed fit bay during a service. Theinstallation consisting of five additionalbollards, one barrier and swipe card entrysystem across the entire site – was in directresponse to the loss of the vehicle.

Having put the finishing touches to a fullsecurity installation on-site, the new safetymeasures will eliminate a reoccurrence of theftin the future.

A total of fifteen high visibility, crashresistant Easy700 bollards in four strategiclocations, provide full perimeter security forthe garage and ensure that no vehicle can bedriven from the showroom, forecourts orworkshop areas whilst the bollards areenabled. Operated by secure swipe cards orwall mounted code panels, the bollardsprovide peace of mind to the garage owner aswell as improving insurance premiums andsecurity guard costs.

“High impact resistant rising bollards arebecoming an increasingly popular choice overmore conventional swing gates and barriersthat often take out a large area of ground thatcannot be used, or block off valuable parkingspaces.” explains Managing Director of theGreen Gate brand, Neil Sampson. “With a riseand fall time of around six seconds, bollardsprovide a quick and secure solution.”

Corps Security teams up with ACP SolutionsCorps Security has formed an exclusive strategic partnership with ACP Solutions. The agreement will see the two companiescombine their respective areas of expertise to deploy security solutions for some UK events.

ACP Solutions configures temporary Wi-Fi network connectivity that enables communications at events that present securitychallenges – eg where there is a large acreage to be secured. Its area of speciality is equine events, having completed projects forthe nearby Badminton Horse Trials, as well as the Burghley Horse Trials in Lincolnshire.

With the growth in mobile devices such as tablets and smartphones, Wi-Fi is now seen as a vital on-site service for staff, tradersand visitors. In addition, and as part of a communications infrastructure, event organisers are increasingly looking to utilise high-level surveillance technology that can be operated over Wi-Fi.

ACP Solutions’ director, Phil Platts explains, “Security is a major issue for organisers who have to protect staff, visitors andproperty, and ensure the smooth running of their events. We are increasingly involved with the specification of IP based CCTV andby working closely with Corps Security we are now able to provide our customers with a range of technology to suit a diverse rangeof applications and the personnel to operate it.”

According to Jason Taylor, Corps Security’s event sales and marketing manager, there is a perfect synergy between the twocompanies. He says, “We have very similar target markets and we are both determined to extend our activity within the sports,leisure and agricultural event sectors.”

Today’s deployable CCTV systems can transmit live or recorded images directly to a control centre via GPRS, 3G, broadband orwireless LAN. Products can simply be screwed to a wall or fixed to a mast, plugged into an appropriate power source and activateda process that can take as little as 90 seconds to complete.


Dan EnglandTDSi has appointedDan England as its newnational accountmanager for UK sales.Dan’s role involves thecontinueddevelopment ofrelationships withexisting key Platinumand Gold Partners whilst at the same timetaking the lead in working with major bluechip end users and their agents to ensurethat the TDSi product range is specified forprojects in the future.

TDSi’s Managing Director, John Davies,commented, “We are delighted to welcomeDan England to the TDSi team. Whilst 40%of our turnover is overseas, the UK is stillour primary market and Dan’s role is pivotalin maintaining our sales growth movingforward.”

With a varied CV of experience, Dan’sskills range from planning and design,through to installation, commissioning andon-going maintenance. Prior to joining TDSi,Dan was national accounts manager forKings Security Systems and held projectmanagement roles at UK Security Projectsand Securitel Services.

Appointments

11www.risk-uk.com

Kirsty ElkinKirsty Elkin has joined the professional securitydivision of Samsung Techwin Europe as ITChannel Manager for UK & Ireland. Kirsty, whowas previously Distribution Channel AccountManager for D-Link (Europe), will beresponsible for developing relationships withkey market influencers operating within the ITchannel in order to identify new salesopportunities for Samsung Techwin’s range ofIP network based video surveillance solutions.

“The IT channel is a key part of SamsungTechwin’s growth strategy and Kirsty’sappointment to this newly created role reflectsour commitment to offer outstanding pre aswell as post-sales support to customers whooperate in this important market sector,” saidSimon Shawley, Director UK and Ireland forSamsung Techwin Europe. “I am confident thatKirsty’s extensive knowledge of the IT channelwill enable her to make a significantcontribution to our ongoing success in thegrowth of the sales of our IP and network basedsecurity solutions.”

Robert TruesdaleSecuri-Guard has appointed Robert Truesdale asFire and Security Systems Manager. Plymouth-born Bob, who has worked in the securitybusiness for the past 22 years, will oversee boththe technical side, in terms of the installation andmaintenance teams, as well as sales activities, inthe fire and security division of the company. Hewill also be responsible for client liaison,ensuring customer expectations are met at alltimes, as well as monitoring the latesttechnological developments in the securityindustry for the company.

Bob started out in the security industry as anAlarm Service Engineer. Since then he hasacquired experience at senior level havingworked in both operational and salesmanagement, as well as in customer support.He also has a wide knowledge of electronic fireand security systems and considerable projectmanagement expertise too.

Steve NormanIP CCTV distributorezCCTV.com hasannounced a new FieldSales Manager joiningthe team. SteveNorman will beresponsible forexpanding newbusiness opportunitiesand projects in the Midlands and North.

Ilona Porter, Managing Director ofezCCTV.com said: “Continuing with ourstrong growth, Steve will help to furtherexpand our current customer base. Hebrings a wealth of experience having workedin the industry for many years at companiesincluding Chubb and Vicon. In the nexttwelve months, we look forward to workingcloser with our customers, helping them towin more projects with our expanding fieldsales and support team.”

Commenting on his new role Steve said: “Iam very happy to be joining ezCCTV at whatis a very exciting time for the company. Ilook forward to helping the company achieveand exceed its growth plans.”

Matt DaleyMatt Daley has been appointed Business Development and Sales Engineer atfire safety equipment and systems manufacturer Patol.

Matt’s career started in Australia where he gained experience in the electricalindustry. After completing his electrical apprenticeship, Matt then spent twoyears with an electrical contractor before moving into a technical position withan Australian switchgear manufacturer and supplier. In the nine years there,Matt was able to work his way through the company, finishing as Office Co-Ordinator. Matt then moved into Project Management for an electricalswitchboard manufacturing company and was there for four years beforerelocating to the UK in 2010. After arriving in the UK, Matt secured employmentwith Kidde Fire Protection as a Sales Engineer before taking up this newposition with Patol.

EDIT people mar14_riskuk_mar14 06/03/2014 13:37 Page 3

Appointments

12www.risk-uk.com

Gareth Bond Videx Security hasappointed Gareth Bondas South West SalesManager. He bringstwenty years ofexperience in thesecurity industry to hisnew role. In his newposition, Gareth willbuild upon thecompany’s existing relationships with securitydistributors, wholesalers, installers and endusers such as local authorities where he hassignificant experience. Amongst his duties,Gareth will undertake customer site surveysand will introduce new Videx door entry andaccess control products to customers.

Neil Thomas, Videx Security’s National SalesManager, comments: “Gareth’s experience andcustomer support will be of great benefit to ourcustomers in the South West.” For his part,Gareth is excited about the opportunity to workon projects for Videx Security - both on largerprojects for private and social residentialhousing as well as commercial installations.

Thomas LaustenMilestone Systems has a new Vice Presidentof Sales for EMEA in Thomas Lausten. He isalso a new member of the ExtendedLeadership Team (ELT) in Milestone Systems.With proven competency as a professionalmanager, he will contribute to the stronggrowth curve that Milestone has attainedsince its founding in 1998.

Lausten brings solid expertise from thesecurity industry in Europe, as well as broadcultural insight into the differences across theregion. Throughout his career he hasconsistently performed, growing with hispositions and responsibilities at SiemensBuilding Technology - Security Products, ADIGlobal Distribution, Bewator and Antech.

“We are eager to tap into Thomas Lausten’sknowledge about today’s security distributorsand how run-rate business is built andmanaged in two-tier channels. I look forward toincluding Thomas in the Milestone managementteam and changing our DNA to cater to the workat hand in our ambitious strategic goals,” saysEric Fullerton, Chief Sales and Marketing Officerat Milestone Systems.

Philip LongleyMAD CCTV has announced the appointment of Philip Longley to the company.Philip will be replacing Stuart Reynolds, who is retiring from the role ofInternational Sales Director, after fourteen years with the company.

Picking up the reigns from Stuart, Philip plans to expand the MAD offeringeven further and says: “Building on Stuart’s great work, I’ll be looking to expandthe company’s reach, with the development of a broader range of productsolutions. I’ll also be adding to the established UK and worldwide customerbase, with the development and expansion of MAD into new markets.”

Philip joins MAD from Synectics, where as one of the original foundingfathers of the company, he held the roles of Managing Director and latterly VicePresident (Middle East).

Orlaith PalmerEaton’s securitybusiness hasannounced itsintention to developboth itsspecification andspecialistdistributionchannels bypromoting OrlaithPalmer to the role of sales and marketingmanager.

Bringing a wealth of channel marketingexperience to the position, Orlaith hasworked for a number of organisations,including Toshiba TEC UK Imaging Systemsand Ricoh, where she devised andimplemented a series of successful channelmanagement based initiatives that drove upsales and increased market penetrationacross Europe. She joined Cooper Security inearly 2013 as its marketing manager and hasplayed an instrumental role in integrating itinto the Eaton organisation.

Paul DawsonESP has appointed PaulDawson as its newManaging Director.Paul takes up his newposition after spendingthree years ascommercial director atScolmore.

Having started out asan apprentice

electrician in Leeds 26 years ago, Pauldeveloped a passion for the business and hascarved out a successful career ever since.Moving into sales at the age of 21, he joinedScolmore in 2007 as regional sales manager forthe north before taking up the role ofcommercial manager in 2008 and commercial

director in 2010. Commenting on his new appointment Paul

said: “I am thrilled to be taking on the role ofmanaging director at such an exciting time inESP’s development.”

EDIT people mar14_riskuk_mar14 06/03/2014 13:37 Page 4

Securing utilities

Utility companies have the very importanttask of generating, transmitting, anddistributing, electricity, natural gas and

water and dealing with the sewage. The goodfunctioning of modern society is dependentupon these ‘critical national infrastructures’(CNI) delivering their services flawlessly.

Utility companies can be easy targets forterrorist attacks, either physically or online. Ifenemy forces take control of utilities during awar, it can be catastrophic.

During World War II, Battersea Power Stationallocated misleading labels to its switches sothat if the power station fell in to enemy hands,it would have been very difficult for them tofind the right switch to leave key governmentbuildings in the dark. Today, there moresophisticated resources available.

Chris Plimley, Sales Manager at Zaun pointsout: “The threat of terrorism, organised crime,civil unrest, sabotage, protest and simplemindless vandalism is ever-present in thisindustry. Imagine the shocking publicity coup ifinternational terrorists managed to poison themains water supply or the chaos if the power toa major city were cut. We’ve even seen pressuregroups mobilise swiftly to threaten operationsthey disagree with, such as the anti-frackingprotests against the likes of Cuadrilla.”

Zaun, a manufacturer and installer of steelfencing, which works with EDF, E-on, NationalGrid and Thames Water has seen perimetersystems develop significantly over the last 20years. The need for fit-for-purpose andaesthetically appropriate solutions are now topof the agenda for security and safety consciousbusinesses, according to the company.

Honeywell Security’s Douglas Gray, ACS SalesManager says: “Each utility sector has specificareas for concern when it comes to risk andsecurity that need to be taken on a case-by-casebasis. For water companies there is the need toensure contamination of their supplies does notoccur. For an electricity company it may beensuring staff are working in a safe environment. Security needs to be of the highest standardwhen working with utility companies. Productssuch as Honeywell’s Galaxy Dimension, havebeen deployed in these environments providinga fully integrated intrusion and door controlsecurity solution, helping to minimise onesource of potential risk.”

Catering for multi-site operationsUtility companies are usually located in large

buildings and many have headquarters andsubstations, which might not be geographicallyclose to each other. For practical and cost-effective reasons, staff will not always beallocated at every substation. However, a soundsecurity layout will keep HQ updated on who iswhere to avoid unauthorised personnel orintruders accessing restricted areas, and to actquickly when needed.

The main security objective is not just tokeep assets safe but also to reduce the risk ofincidents that can disrupt normal operations. Tomaintain productivity across all sites safetysolutions, such as remote monitoring, can helpon making intelligent decisions and takingaction fast.

TAG Guard Systems (TAG), a securitycompany that provides integrated wirelesssecurity, fire and safety services, has a 24/7,365 days-a-year control room in Lincolnshire,from where it serves its clients.

Nigel Walker, TAG Operations Directorexplains: “Our products can be installedanywhere as they are not dependant on anyinternet connection or power cables. This isideal for multi-site companies and it can bescaled up or down when needed. Our systemworks wirelessly over 3G networks and it canalso use satellite transmission for hard to coverareas. All information received from oursecurity devices needs to be monitored; this is

Protecting the supply

13www.risk-uk.com

How society keepsticking when its utilitiesare safe by Geny Caloisi

“There is no template security measure that you can putin place into high risk sites such as utility companies”

EDIT article 16 mar14_riskuk_mar14 06/03/2014 13:11 Page 1

Securing utilities

why at the core of thewireless systems is ourown central monitoringfacility: TAG Alarm. Atany one time we have atleast three trained staffin our Lincolnshirecontrol room. Whetheran intruder activates analarm, is seen oncamera or is picked upby a movement

detector, our wireless security products send asignal via the mobile networks alerting ourcontrol room.”

TAG watches over 200 sites with its motiondetectors, CCTV and tagging system.Depending on the client, any alarm raised isimmediately dealt with either contacting aguarding company on site, the utility company’skey holder or directly calling the police. Voicealarms warning intruders can also be activatedremotely. TAG products create a virtual fence onsites, but you also need physical security.

“Most appropriate physical security solutionwill be site specific,” emphasises Zaun'sPlimley, “It will depend on factors such as itslocation; the geography of the site, whether it’son uneven or sloping ground or hard standingthat doesn’t allow for below ground foundation;and the need to resist mob or vehicle attack.

“The solution most often used by ourcustomers in the utilities sector is ArmaWeave,because of its premium security rating, easeand flexibility of install and overall value formoney. Because ArmaWeave is woven and hasno welds, it can be made from high tensile steelgiving it substantial resistance to cuttingattacks with hand, powered and non-contacttools. The tight mesh pattern provides no

climbing aids, againlimiting the potentialfor intrusion.”

Zaun also suppliesMultiFence wherefoundations aren’tpossible. The companycreated a systemspecifically to providemaximum security intemporary installationsfor the London 2012Olympics.

Safety at workThe possibility of an external attack orintrusion is only one side of the coin onmanaging utility company's risk. Workingwith energy generating products can behazardous. A major threat when working withhighly flammable elements, such as oil andgas, is fire.

An early warning smoke detection systemcan be instrumental in buying time to respondto the fire threat and minimise losses. Xtralis'VESDA detectors, for example, use an Air-sampling Smoke Detector (ASD) and offersmultiple configurations of alarms and a widesensitivity range. The detectors can bepositioned in easy to access and maintainareas but, at the same time, sampling pipescan be inserted into hard to reach or closedareas, such as electrical equipment enclosures.

“An integrated approach is ideal and it iswhat we always encourage our customers toadopt,” says Plimley and adds, “This is equallytrue for safety and security. If an accidentoccurs or there are fatalities, it is essential thecompany knows how many and who was onsite through a Persons on Board report. Thiscan be done by taking the data from the accesscontrol system integrated into gates, barriersand turnstiles on the perimeter, providing areport for emergency services to tally against.

“We provide systems that enable thisintegration of high security fencing, hostilevehicle mitigation, cameras, gates, turnstiles,access control, sensors, proportional-integral-derivative controller (PID) and buried fibre; allmonitored, analysed and controlled remotelyfrom one central site.”

As Honeywell’s Gray concludes: “There is notemplate security measure that you can put inplace into high risk sites such as utilitycompanies. Each company and site needs to beassessed on a case-by-case basis to decidewhat security measures are needed. Is itperimeter control to ensure that sites aresecure from the public? Is it access control toensure certain high-risk areas are notaccessible to certain employees? A securitycompany needs to work with the site managerto establish what the key needs of thebusiness are and can then create a tailor madesolution for that particular site.

“However, utility companies need to ensurethat they employ a range of measures toenhance security. Using a combination ofsolutions such as PRO2200 or NetAXS-4 foraccess control or SC100 Seismic Sensor forvibration detection, in conjunction with apowerful CCTV system, can provide a rigoroussecurity set-up and help to mitigate risk.”

14www.risk-uk.com

“Imagine the shocking publicity coup if internationalterrorists managed to poison the mains water supply orthe chaos if the power to a major city were cut…”


Be wise and choose the most light-sensitive HD cameras on the market. The new DINION starlight HD 720P and FLEXIDOME starlight HD 720p RD/VR are the next real breakthrough in HD security. In poor light these amazing HD cameras deliver a clear color image where others show only black and white. And in extreme low-light they deliver a black and white image where

others show no image at all! Add the Bosch Video Security app and overcome the bandwidth barrier so you can view HD images from anywhere. See video security in a new light at www.boschsecurity.com/hdsecurity

Star performers inlow-light conditions

008_Layout 1 29/05/2013 22:38 Page 1

From security systems for public buildingsto motorway traffic monitoring and citysurveillance systems, high definition IP

video surveillance is a rapidly growing market,where the quality of the network determinesthe reliability and quality of video delivery.

Network redundancy is therefore a keyfactor in selecting the most appropriatesolution. Ensuring that high definition IP videoof critical infrastructure is always available,while minimising deployment and runningcosts, are equally important.

SolutionIn order to minimise installation costs, theideal solution is a full Power-over-Ethernet(PoE) deployment at video camera locations,while connecting to a full gigabit multi-ring

topology that is capable of handling networktraffic. At the same time, in the event of anincident, rapid sub-second recovery of thenetwork is required in order to minimisedisruption to operators. The solution shouldalso alert all the required operators as to whathas happened and where in the network theincident occurred, so that any remedial actioncan be taken.

Factors to Consider: PoE/PoE+For network hardware such as Ethernetmanaged switches and end devices (cameras),it is important to consider the IEEE standardsrelating to PoE, as some hardwaremanufacturers provide non-standard versions.The original IEEE standard for PoE devices isdesignated as 802.3af normal PoE maximum15.4Watts per port. However, this power ratingmay not be sufficient for the latest high powercameras, particularly the units that offer PTZ(pan-tilt-zoom) functionality. Many IP camerasnow have integral motors and drives or otherfeatures such as fans or heaters. Fans, forexample, may be required to prevent theinside of the camera dome from becoming‘fogged’ with condensation due totemperature fluctuations. Some switchmanufacturers may only offer units that satisfythe normal PoE power standard (i.e.15.4Watts), which may not be sufficient. Thelatest IEEE standard is designated as 802.3atHigh power (or PoE+) maximum 30Watts perport. PoE+ therefore allows more powerful PTZcameras to be deployed.

In security and surveillance applications, ensuring maximumavailability of high definition IP video, as well as cost effectivedeployment and running costs, are critical factors, says Santos

Muro, business development manager at Korenix UK

Ensuring IP availablility

16www.risk-uk.com

When selecting a suitable switch, vibration is oftenoverlooked. This is particularly important if the switchesare installed close to a motorway or railway line


IP availability

Even if an existing network already has avariety of non-PoE switches installed, the IEEEPOE+ standard specifies that plugging in anon-PoE unit to the network will not harm thisdevice as power is not sent until the switch(Power Sourcing Equipment) and the enddevice (PD powered device) have confirmedvia an ‘automatic system check’ that PoE isactually required by the device.

Another key benefit of deploying PoE/PoE+switches is that these can be installed bynetwork engineers rather than qualifiedelectricians, which reduces deployment costs.Other advantages are that POE switches offera variety of manageable features, including:

Power Device ‘Keep Alive’ Check – amanaged switch periodically communicateswith end devices in order to check they areOK. If it doesn’t respond, the switch waits,then cuts off the power and reboots the enddevice, before flagging this action up to theoperator, who may wish to investigate further.Automatically rebooting a camera can saveconsiderable time and costs by not having tophysically send an engineer to the cameralocation to unplug/plug in the device.

Power Scheduling – the system can be setup to schedule provision of power to enddevices, which can be switched off at certaintimes of the day when they are not needed.For example, a security camera in an office carpark may be switched on only between thehours of 8am and 7pm.

Power Priority – if there is a power drop overthe network or emergency back-up power isrequired, the system can be set up to provide

power to only the most critical end devices inthe network.

Ring RedundancyDemanding new IP video applications requireseamless video throughput. The end customerconsiders any breaks in video feed asunacceptable. This includes not only livemonitoring of video, but also recording ofvideo for later review, as well as live analyticsfor monitoring doors, areas and any otherlocation of interest to security operators. Forthese types of applications, service levelagreements may exist, which will specify thatthe network operator must provide a minimumuptime of, say, 95% or higher. Ringredundancy is therefore a critical factor. Ringrecovery times may need to be down to sub-seconds (e.g. <5ms) for a bespoke ‘all-the-same-switch’ vendor solution, or <50ms foran IEEE standard interoperable system.

Today, network topologies therefore requiremore complex offerings than standard singlering designs. The world is moving towardsmultiple, interconnected ring topologies. Forexample, the new ITU-T8032 ring topologystandard is designed to operate without‘Broadcast Flooding’ to build the ring topologyand which also allows a more unifiedinteroperable approach from different

In order to minimise installation costs, the idealsolution is a full Power-over-Ethernet (PoE)deployment at video camera locations

17www.risk-uk.com


vendors. This standard is designed toeliminate all the network conversationbetween devices to keep the network traffic toan absolute minimum.

Hardware SpecificationsIn security and surveillance applications,typically at least one managed switch in aring is located in the main communicationsroom, with the majority of switches installedat the point of the camera, for example, polemounted at a main gate in a small junctionbox at the side of a railway line or motorway.Here, the main factor to consider is thetemperature rating of the switch. Mostswitches operate between 0°C and +40°C.However, over the past few years,temperatures across Europe and the UK havebeen pushing towards new records, withsummer temperatures in the high 30s andwinter temperatures as low as -20°C, particularly in the more rural locations.In these environments, ruggedised switcheswill need to be deployed. Designed from thecomponent up, these switches typically offeroperating temperatures of -40°C to +75°C,although this will vary from one switchmanufacturer to another. These switches havetypically undergone rigorous specialist

testing to ensure that they can operatereliably at these extreme temperatures.

When selecting a suitable switch, vibrationis often overlooked. This is particularlyimportant if the switches are installed closeto a motorway or railway line. The vibrationfrom HGVs or from trains travelling past 24/7is often sufficient to break any standarddevice within a short period of time. For veryharsh environments such as waste recyclingplants, where highly corrosive gases occur, orfor very high humidity conditions, optionalspecial coatings can be applied to switchcomponents to prevent parts activelycorroding. As well as switches, any SmallForm Pluggables (SFP’s) used in theapplication (e.g. optical transceivers, fibreoptic modules) also need to be industrial-grade rather than office-grade devices,otherwise they are likely to fail.

SoftwareAll managed switches typically have a fullsoftware suite that allows for completeconfiguration into any network topology. Aswith all software, patches and bug fixes arerequired from time to time. These arestandard across all reputable switchmanufacturer ranges and are typicallyprovided free-of-charge to customers.Allowing software updates also offers theopportunity of providing the customer withnew additional features to an existinghardware platform as these are developedover time.

18www.risk-uk.com

IP availability

Demanding new IP video applications require seamlessvideo throughput. The end customer considers anybreaks in video feed as unacceptable


BSIA comment

The message is one that is hard to argueagainst: when employed effectively, CCTVsystems are a critical crime-solving tool. In

2010, the Met Police stated that 1 in 6 crimes aresolved thanks to these solutions. And with thetechnology improving, expanding and becomingmore accurate through the years, we can expectthese numbers to continue to grow.

The introduction of a code of practice forpublicly-owned CCTV systems last year was agreat step forward for our industry. As a sectionwe welcomed and supported it; although itinitially only covers a tiny proportion of CCTVsystems, it is an important achievement topromote best practice when using thetechnology.

However, we are clear that it is not justgovernment and local authorities that need toknow how to maximise the potential of thesesystems.

Last year, we launched a successful piece ofresearch based on a study of the number ofCCTV cameras currently used in the UK. Theresearch showed that 70% of the approximately5 million cameras in the UK are currentlyprivately-owned. This means that it’s privatecompanies that are funding the majority of thenation’s cameras and providing the majority offootage used by Police. Therefore, a key focusfor our industry in 2014 will be to make guidanceand advice available for this side of the end-userspectrum.

In 2013, we started this work by holding somesuccessful seminars to help CCTV users tonavigate the latest regulatory and technologicaldevelopments in the sector. Events were held inScotland, Leeds and Windsor.

The Scottish event’s speaker line-upincluded Chief Superintendent Grant Manders,Police Scotland Head of Safer Communities,who was very supportive of the initiative andrecognised the need to forge strongerpartnerships between police and privatesector. At the event he said: “CCTV is a pivotalaid to policing in the 21st Century, and is at itsmost successful when developed and operatedin a strong partnership between the industryand operators.” In 2014 we will work to ensurebest practice, advice and product updatescontinue to be made available for ourcustomers in both private and public sector.

Another area that continues to be critical toour work as a section is making sure the industryis responsive to technology developments.Remotely monitored CCTV cameras continue tobe an effective and popular choice to securesites while improving the efficiency of thesecurity operations. Other areas such as IPtechnology, facial-recognition technology and

video analytics also continue to expand.This constantly evolving technological

landscape means the industry needs to remainresponsive while continuing to guarantee thequality of the products it offers.

That’s why our work with the BSIA to be atthe forefront of the development of nationaland international standards, and codes ofpractise is so critical. And this is true not onlyfor the UK market.

In the current economic climate we are seeingmore and more CCTV manufacturers lookingabroad for exporting opportunities. Withdevelopments in IP and wireless technologyset to drive buying behaviour in overseasmarkets in 2014, there is a real opportunityfor responsible UK companies to shine. TheMiddle East in particular has become a keymarket for our industry in 2013, and will nodoubt continue to gather momentum as wemove deeper into 2014. Our sectionmembers will therefore continue to workwith the BSIA’s Export Council to share bestpractice and make sure UK CCTV companiescan make the most of opportunities abroad.

CCTV is one of the most importantsecurity developments of the recent years,but the success of any system requires adiligent approach to planning, design,installation, maintenance and operation, aswell as the use of quality products. TheBSIA is committed to developing andsharing best practice to drive up standardsin our industry. The public is alreadylargely on side, with 62% wanting to seemore cameras in their local area. It isimportant that we retain their trust andconfidence in 2014.

2013 was a critical year for the CCTV industry. Thegovernment’s launch of the CCTV Code of Practicedominated the headlines and once again opened up thedebate around responsible use of the technology. Here,the British Security Industry Association’s CCTV sectionchairman, Simon Adcock, looks at what this has meant forthe industry, and how quality CCTV application willcontinue to be high on the agenda for 2014.

Watching over 2014

19www.risk-uk.com

The introduction of a code of practice for publicly-owned CCTV systems last year was a great stepforward for our industry


Large Format Flexi X-ray Plates

for large area x-ray investigationRugged, weather- resistant flat

panel portable x-ray systems

We’ve updated our Corporate Identity

and Logo to reflect Scanna’s continuing

commitment to High Quality, High

Performance X-ray Products.

Visit us at Counter Terror Expo, Stand

D36, April 29-30 to learn more.


Alford TechnologiesAlford Technologies will be launching a newlightweight disruptor, the 1 Litre Bottler Liteuser-filled explosive disruptor and SquidTape, the underwater non-adhesive fixingtape at the Expo.

Bottler Lite and the standard Bottlerranges are omni-directional explosivedisruptors that come in a range of sizes. TheBottler Lite range already consists of a 0.25litre and 0.5 litre charge and the 1 litre sizeenhances the range by offering a larger,more powerful disruptor.

As with the other Bottler Lite products,the new charge can accommodate one ofthree different explosive loads to deliver thesame omni-directional effect, but with ahigher water to explosive ratio than theoriginal 1 Litre Bottler giving a morecontrolled and precise disruptive effect andless collateral damage. This, says thecompany, makes them ideal for use againstsoft-cased IEDs or in urban or indoorapplications.

Squid Tape is a silicone-based non-adhesive tape which can be used in air andunderwater for joining or tying itemstogether or for fixing charges to targets.While non-sticky to the touch, it is adheredand bonds to itself even when completelysubmerged. Stand F35

ZaunThe smartest Video Content Analysis (VCA)system is the latest addition to the temporaryfencing on show at Counter Terror Expo (CTX).The solutions developed by partners Zaun,Hardstaff Barriers and Highway Care haveintegrated electronics with woven meshArmaWeave fence, and a range of temporarysolutions – Rapid Deployable System (RDS),MultiFence and SecureGuard – PAS 68enhancements, blockers and bollards.

They have incorporated the latest VCAsystem using Pan Tilt and Zoom (PTZ)cameras from EyeLynx into the RDS, whichcan reportedly save up to 90% of police time.After the Labour conference, Inspector SteveWorth of Greater Manchester Police said:“RDS is now firmly the preferred product forthe delivery of security operations for partypolitical conferences we police, fullysupported by The Home Office.”

Cameras record HD 24/7 and wheneverthe perimeter is compromised or a potentialintruder approaches too close to the fence,Pharos will send a snapshot alert to thecontrol centre for visual verification – oreven to assigned personal mobile devices,such as the police chief or nearest constableto the breach. Stand J50

CTX 2014

21www.risk-uk.com

CTX 2014 – an overviewNow in its 6th session, Counter Terror Expo brings buyers and specifiers togetherfrom across the world within government, military, law enforcement, emergencyservices, critical national infrastructure, private sector and the security services.

The show hosts technology, equipment and services alongside a high leveleducation programme designed to protect against the evolving security threat.

9,500 attendees and 400+ exhibitors will participate in a free-to-attendexhibition, multiple show floor workshops, new show feature zones, IEDD demoarea, high level conference streams, behind closed door briefings and networkingevents in one secure environment.

Here we look at just a few of the products and services on show from 29-30thApril at Olympia, London.

FischerTheFischerRuggedFlashDrive is atough memory stick,designed for safe storageand transportation ofsensitive data in harshenvironments. It is suitablefor use with ruggedisedcomputers.

The Fischer circularconnector interface,combined with durableencapsulation technique,guarantees data safety incase of loss or theft.Fischer Rugged Flash Driveis equipped with highspeed flash memory,signalling and protocolcertified, and availablefrom 4 Gb to 256 Gb.Stand F45

EDIT ctx mar14_riskuk_mar14 06/03/2014 13:35 Page 3

22www.risk-uk.com

CTX 2014

CognitecCognitec has introduced a new product thatcombines hardware for image acquisition withsoftware for verification processes.

FaceVACS-Entry is ready for integration intoelectronic gates (eGates) which providetravellers with electronic passports(ePassports) the option to pass throughautomatic passport checks. After a personenters the gate, the system detects the person’sface, adjusts the position of the camerasaccording to the person’s height and thencaptures frontal images. The software instantlyverifies the live images against biometricphotos stored in passports, other ID documentsand/or facial image databases.

Cognitec says it has optimised the system toensure efficiency and ease of use for travellerswhile capturing images that guarantee highverification accuracy, thus fully complying withguidelines set by the European Border Police(Frontex). A proprietary sensor, able todistinguish between human faces and artefactslike printed images and masks, detectspresentation attacks. Stand L70

HealdThis year Heald announced the arrival of theshallow mount Mantis static bollard, anevolution of the shallow mount Raptor series.Reported to offer a rapid, low cost installation,the Mantis is listed as a viable alternative todeep mount static bollards. The Mantis isavailable with a range of stainless steel covers,finished in a variety of colours.

The Mantis offers a static solution with a trueexcavation depth of only 250mm. No pre-casting of the pit is required, nor is anyadditional rebar. Heald recently tested theMantis at MIRA’s testing grounds, where itreceived a rating of PAS68:2013 Fixed BollardV/7500(N2)/64/90:0.0/0.0. This means thatthe Mantis will arrest a 7.5 tonne truck from aspeed of 64kph with zero penetration and zerodispersion. In the impact the structure of thebollard remained intact, ensuring continuedprotection against further attack. Stand B65

Frontier PittsAt the show Frontier Pitts will be showcasingtwo new Shallow Depth HVM Bollardsolutions, including what is reported to bethe world’s first PAS 68 single Terra NeptuneBollard which has been impact tested with7.5t travelling at 40mph (64kph) resulting inzero penetration.

The PAS 68 Anti Terra Range includes theportfolio of PAS 68 HVM (Hostile VehicleMitigation) products; the Terra SlidingCantilevered Gate 7.5t @ 50mph, the TerraUltimate Barrier 7.5t @ 50mph and theCompact Terra Barrier 3.5t @ 30mph. PAS 68Blockers include the Terra Surface MountBlocker 7.5t @ 50mph, Terra Shallow Blocker7.5t @ 50mph and the Terra Blocker 7.5t @50mph, whilst the Terra Bollards portfolioinclude a range of retractable rising andstatic bollards. For the anti-intruderpedestrian market the Terra Diamond

Turnstile has been accreditedwith LPS 1175 Security Rating3 & 4. The company’sproduct range also includesrising/drop arm barriers,sliding security gates,hinged and bi-folding gates,road blockers and risingkerbs, active and staticbollards and pedestriancontrol gates and turnstiles.Stand D65

RicohAt this year’s Counter Terror Expo, Ricoh will beintroducing its long range zoom lens withPAIR01 technology (Pentax AtmosphericInterference Reduction) plus HD resolution overHD-SDI output and an internal electronic imagestabiliser to optimise the video quality.

The H55ZCME-F-HD-PR01 is a ½” C Mount55x Motorised Zoom Lens for identification over650 m distance. The lens zoom range is 12 to66mm, and when the internal 2.5x extender isswitched in, the focal length increases to 30, 5to 1,680mm. With 1,680mm focal length at over650 m distance, the field of view is 2.5m by1.9m. The extremely high magnification incombination with HD resolution means aperson can be identified at distances in excessof 650m. Therefore, this lens is ideal for videosurveillance in sports stadiums, city centres, airports, harbours, as well as border control,intersections and roads. Stand G38

EDIT ctx mar14_riskuk_mar14 06/03/2014 14:23 Page 4

023_Layout 1 06/03/2014 15:20 Page 1

Galaxy Flex can be used by installers as astandard piece of equipment, regardlessof whether it is being integrated into a

commercial or residential building. Thisflexibility provides benefits for both installers,who are able to install the product quickly andeasily without the need to learn howto operate a new system, and forusers who can choose asolution that has bothresidential and commercialbenefits.

The new ‘night set’ modeallows homeowners to createseparate night-time security set-up, providing protection whilethey are asleep. This featureenables users to arm only thesensors needed to protect thehouse perimeter or isolated areasof the house. It also provides asilent mode, removing audibletones during arming and henceallowing users to set the alarmwithout disturbing others in thehouse. This feature allows for easierprogramming for user set-up, which savesinstallers time on the job.

The new firmware also provides a set-upwizard, which simplifies the process of settingup simple alarm signalling to a monitoringstation, with or without a back-up signallingpath over telephone lines, broadband orwireless GSM/GPRS links. This providesbenefits for installers allowing them to takeadvantage of fast, reliable signalling solutionswithout the need for extensive training orprolonged set-up times.

The new compact housing design provides anideal solution for systems that do not require

several additional add-ons to thebasic panel and where space islimited. The new housing provides

benefits to installers for quick andeasy installation in both residentialand commercial settings.

The prevalence of smartphonesand tablets means that mobile

applications are becoming anincreasingly popular way ofproviding services toconsumers. The enhancedGalaxy Flex solution capitalises

on this ongoing trend byallowing users to access the

system remotely – anytime, anywhere –through their own broadband connection byeasy download of the ‘Galaxy Flex RangeMobile App’ from any application store.

Accessing Galaxy Flex via its mobile app allowseasy remote control of the system at the touch ofa button. Features such as status reporting, set

and unset, control of groups, outputs anddetailed log information can all beaccessed on the go.

We caught up with Martin Pacitti,Galaxy product manager EMEA,Honeywell Security Group to find outmore: You’ve added a ‘night set’ mode.

What is the alternative option forsystems without it?With the addition of the ‘night set’mode installers can now offer theGalaxy Flex system for not onlycommercial installations but also forresidential installations, somethingthey haven’t previously been able todo. This provides several benefits to

installers as they do not have to betrained to install it or have to stock

separate residential and commercial products.The new ‘night set’ mode also offers residentialusers the option of several easy to select modesproviding further simplicity and ease of use. Everyone is talking about remote access viaphones and tablets, but are people actuallyusing it?The feedback we are receiving is that peopleare using remote access via their mobiledevices. With the growth of portable devicessuch as smartphones and tablets it makessense for customers to use remote access asthey can control their entire security system onthe move, saving them time and offering addedconvenience. The demand for remote access viamobile devices is something that we are seeinggrow across the industry.Is speeding up the install time the mainbenefit of the new housing design?Every aspect of the new housing was designedto help installers do things faster and moreeasily in comparison to tradition metalenclosures. Everything from the mouldedinserts to accept the optional peripheralboards, to the ABS material to allow wirelessdevices to be clipped into the same box, andthe snap-on hinged lid has been specificallydesigned to speed up install time.www.honeywellgalaxyflex.com

Honeywell hasupgraded its GalaxyFlex integratedintruder and accesscontrol solution with a‘night set’ mode, anew compact housingdesign and a GalaxyRange Mobile App forremote access

Inside story

Three enhancements announced

24www.risk-uk.com


SSAIB comment

Welcome new figures from thegovernment provide good news aboutfire-related deaths and other injuries, as

well as the number of blazes attended by localauthority fire and rescue services – all of whichare down. Fatalities caused by fires in Englanddropped by a third (to 140) in the six monthsApril-September 2013, compared with the sameperiod ten years ago, according to the Dept forCommunities and Local Government.

There were also 94 deaths due to accidentaldwelling fires during April to September. Thistotal was 17 per cent lower than the equivalenttimeframe ten years ago. Meanwhile, 1663hospital non-fatal casualties occurred in firesduring April-September – a 7% reduction overthe same period in 2012 – while fire and rescueservices attended 102,000 fires in Englandbetween April-September 2013. That’s asignificant 55% decrease compared with 2002.

The Fire Industry Association says thisdecreasing trend has been attributed tosuccessful fire safety and prevention activity,such as highlighting smoke alarms and otherbuilding fire safety systems and features,audits and enforcement activity, fire safetycampaigns and education, and other advice.

Commercial buildings, non-domestic andmulti-occupancy premises in England andWales are already required to undertake a‘suitable and sufficient’ fire risk assessmentcarried out under the Regulatory Reform (FireSafety) Order 2005, and equivalent legislationin Scotland and Northern Ireland.

While the overwhelming majority of premisesdo this, if the assessment is thought to havebeen carried out to an insufficient extent, the‘Responsible Person’ or ‘Duty Holder’ can facean unlimited fine or up to two years in prison.

A number of certification bodies now offerschemes accredited under the BAFE SP205 LifeSafety Fire Risk Assessment Scheme, enablinganyone who’s required by law to carry out a firerisk assessment of a premises, and whoemploys a specialist third party company toprovide this, to demonstrate that they’ve takenthe necessary reasonable steps to comply withtheir legal obligations and requirements underfire safety legislation.

The idea of a fire risk assessment is todetermine the appropriate fire precautions. Inpurpose-built blocks of flats there will normallybe no need for a fire alarm system in thecommon parts, but the individual flats shouldhave smoke alarms (not interlinked with otherflats), while smoke detectors are often requiredin the common parts to operate smoke vents(but not raise the alarm). This is because of the‘stay put’ policy whereby, if a fire occurs in one

flat, it should be safe for all other residents toremain within their own flat. The exception iswhere compartmentation and means of escapeare so deficient that a ‘stay put’ policy is notsafe; under these circumstances there is a needfor a common fire alarm system, in which thereare detectors and sounders in every flat.

In the case of buildings converted into flatsthe fire precautions in a modern conversion(particularly carried out after 1992) will beidentical to those in a purpose-built block offlats, so the above principles apply. They mayalso apply to some older conversions,particularly where compartmentation andmeans of escape met the standard of the dayand, under a fire risk assessment, continue tobe regarded as reasonable. However, someolder conversions will need a common firealarm system to evacuate all residents,regardless of where the fire occurs.

Houses in multiple occupation (HMOs) alsoneed a fire risk assessment if there are commonparts, off which there are independent flats orbedsits. In this case the entire building needs tobe treated as a single occupancy with a commonfire alarm system extending throughout thedwelling units, common parts, etc.

The good news story on fire deaths, injuriesand callouts is also something that serviceproviders can build on. SP205 certificationallows them to prove that they carry out duediligence and are up to the mark. It has beencommented, within the fire industry, that alittle, or indeed the wrong knowledge can bedangerous and proponents of the SP205scheme say it provides a benchmark forreassurance.

These are sobering points for businesseschoosing to carry out compulsory fire riskassessments themselves, and clearly moreserious still for those choosing to carry ontrading without arranging one at all. Thelegislation states that the ‘ResponsiblePerson/Duty Holder’ is required to appoint acompetent person to carry out the task –defined as someone with sufficient training andexperience or knowledge and other qualitiesenabling them properly to assist in undertakingthe preventive and protective measures.

Commercial fire risk assessors can use SP205accreditation to market themselves asproviders with the required technical andquality management competency, usingassessors possessing the relevant proficiencyand knowledge.

Fire safety is improvingsignificantly, helped bymeasures including firerisk assessments, saysKeith Strugnell of SSAIB

A blaze of good news

25www.risk-uk.com

Fatalities caused byfires in Englanddropped by a third (to140) in the six monthsApril-September 2013


The cloud-based solutions platform fromLiveGuard enables home securitycompanies to add features such as

smartphone remote control and homeautomation to their existing products.

“Many traditional home security alarmcompanies are starting to see how newpressures are coming from technology changeand new entrants like telcos, ISPs and utilitieswho are starting to move into home security onthe back of their home automation offerings,”said Mark Naldrett, Sales Director ofLiveGuard. “Plugging into our platform willhelp traditional alarm companies to get quicklyup to-date, inject new life into their productranges and help them protect and optimisetheir existing customer base. It will also enablethem to compete effectively for new salesagainst the growing tide of cheaper, lowerspec’d foreign products.”

LiveGuard’s solution enables homeownersto remotely monitor, protect and control theirhomes in real-time. The platform supports IPcameras and a wide range of Z-wave-basedhome automation products offeringfunctionality which includes remote alarmcontrol, live surveillance, zone-based

alarming and sensor-driven callalerting with cloud-served

incident video footage. If there is a problem the

system uses a voice call to getthe homeowner’s attentionbut if the alarm goesunanswered it will thencontact specified friends andfamily in rotation to ensure arapid response to thesituation. Alternatively,integration to Immix CallCentre software means thatalarm calls can be relayeddirect to a third partymonitoring station forprofessional intervention.

Home owners can also usetheir smartphones toremotely control lights, doorlocks, heating and a widerange of other electricaldevices both individually oron a scheduled basis tosimulate occupancy whenaway from home, prepare

their property for their return

home and manage energy more efficiently. We caught up with Mark Naldrett to find out

more about the system:There are a number of systems on the marketthat allow remote alarm monitoring, what’sso special about your solution?This solution goes beyond simply remote alarmmonitoring. Supplied as an integrated add-onto an existing alarm product, users can arm ordisarm their alarm remotely and get a voice callalert with relevant alarm footage. They can dealwith it themselves or one-touch divert thefootage to an ARC, and if they miss the call thesystem rings a list of nominated people inrotation instead. On top of all this they can alsoremotely live view as well as control heating,lights, door locks individually or on a scheduledbasis to simulate occupancy, prepare theirhome for their return and even manage energymore efficiently. How do you think installers could benefitfrom offering the LiveGuard solution to theircustomers?Supplied as an integrated add-on to existingsecurity alarm products means that installerscan sell new product functionalities to theircustomer base as well as to incoming clients.The combination of home security with homeautomation gives them a significant new growthsector to tap into to. And installers do not needto be IT experts either – IP cameras, Z-wavesensors and switches are all wireless so autodetected and configured and you don’t need toopen a port on the router either – because it iseasy to install and use.Are security concerns surrounding the use ofthe cloud now a thing of the past?Our cloud platform actually increases securitybecause our “heartbeat” technology means wedo not have to open a port on the router whichis a major security risk, while smartphones canbe paired to the system based on their internalIMEI numbers. We also serve alarm footage tosmartphones from the cloud servers so it isstill available even if the intruder steals the in-home recording device. Cloud-basedapplications are increasingly commonplace andsecure and the weakest link in cloud securitytends to be people not looking after theirpasswords properly. www.glamex.co.uk

A look at the launchof the real timeremote monitoringplatform, LiveGuard

Inside story

Real-time alarm opportunities

26www.risk-uk.com

The combination of home securitywith home automation givesinstallers a significant new growthsector to tap into to


Security management

Key control and asset managementtechnology is seeing significant growthacross a broad range of applications, and

for good reason. It’s a reliable and cost effectivemethod to improve building security by ensuringthat facility keys are properly managed withregard to access, storage and tracking. Keymanagement systems can reinforce accesscontrol policies that are already in place and canalso help to reduce the costs associated withlost keys or unmanaged access.

The effective implementation of a key controland asset management system can be achievedthrough best practices to realise decreasedoperational and financial risk and provide thebest value from the application. This articlepresents several best practices for deploying keycontrol and asset management solutions,including:• What You Need to Know about the Technology• Getting Started• Designing and Customising the System• System Integration• Software Add Ons• Mobile Applications• Application Examples• Conclusion

What you need to know Key control and management systems aredefined as an orderly and secure solution foraddressing controlled usage and safekeeping ofmechanical keys. The tamper-proof systems aredesigned so that only authorised users – usingpre-programmed PIN codes, access cards orbiometrics – can access keys, while on-boardadvanced technology automatically records allaccess activity.

A basic system typically consists of acomputerised key storage cabinet, a key lockingmechanism and a tracking system. From thisbasic package, several options and designvariations can be added to customise thesolution and help protect the investment asneeds grow and change. For networkedinstallations, management software can also beincluded in the system. Permission levels can beestablished for each user and data can bemonitored from any desktop connected to thenetwork. Additionally, the software can runactivity reports, sort based on different criteriaand view and print reports, among other uses.

Vital documents, cash, employeebadging/access control cards, data drives andeven small electronic gear can also be controlled

and secured using asset management lockers orkeycard modules that can be integrated into akey control system. Asset locker systems areidentical in function to key control systems;users can access items only from thelockers/modules for which they have been pre-authorised and any activity such as removing orreturning items or opening lockers/modules isautomatically recorded in an audit trail.

Today’s key control and management systemshave become a higher level management tool foreffectively addressing the safety and security ofbuilding occupants and the security of thebuilding assets. Knowing the identity ofauthorised key holders, which keys they have intheir possession or have access to and whenthey were used are all essential pieces ofinformation needed to help ensure a safe andsecure environment. Further, technologicaldevelopments and open protocols have made itpossible to integrate key control with accesscontrol and other security systems as part of afacility’s networked security system. Now, a userwho has taken a specific key can be deniedegress from the facility until the key is returned –and selected management can be alerted via

Fernando Pires, VP,Sales and Marketing atMorse Watchmanslooks at why bestpractices provide bestvalue whenimplementing keycontrol and assetmanagement systems

Achieving security success

27www.risk-uk.com

A basic system typically consists of acomputerised key storage cabinet, a keylocking mechanism and a tracking system


email if a key has not been returned on time.Key management systems have become an

operational necessity in environments such ascorrectional institutions, hospitals, cardealerships, property management, casinos andeducational facilities, to name just a fewexamples. Key management is also a criticalfunction for anyone overseeing security atconference centres, government agencies,control rooms, automotive businesses andcorporate buildings. However, key control canand should also be applied to businesses of allsizes because of the measurable benefits ofenhanced security and convenience, as well asincreased staff productivity and accountability.

Getting startedImplementing a key control and managementsystem is a straightforward process that involvesa few basic steps: take inventory of the facility toidentify all access points and installed locks;ascertain the operational needs of employees aswell as of others who may need access to thefacility (e.g., service repair or cleaning crew); andestablish a policy with easy to follow proceduresfor effective key control and management.

The first step is to catalogue every accesspoint and every piece of door hardware. Thisprocess is followed by management assessingwhich individuals have keys, which keys theyhave and which doors they access. Without thispreliminary audit, it’s almost impossible to knowwhat size and type of key cabinets will best fityour needs and where the key control systemsshould be located.

System growth should also be factored in atthis stage of planning. What may seem adequatetoday may become insufficient in a year or two.The ability to add on the exact components youneed, or change modules where and when youneed, helps protect your investment. This wayyou will avoid having to rip and replace an entirekey control and asset management systembecause the current system cannotaccommodate lockers for securing cell phones orother valuable items, or does not integrate witha new access control system.

Next, review operational needs to understandhow the facility works on a day-to-day basis, sothat use of a key control and managementsystem is efficiently optimised and dailyoperations are disrupted as little as possible.Whether the facility is a hospital, dormitory,

hotel or an office building, having acomprehensive grasp of daily activity will help inimplementing a key control system and will alsohelp in minimising the trade-off between securityand convenience.

If a networked key control system is planned,a review of the network topology will reveal anyconfiguration and performance alterations thatmay need to be applied. Compatibility with othersecurity systems should also be reviewed tomaximise interoperability for morecomprehensive integrated operations.

A simple but strong set of guidelines foradministration and use of the key control systemwill help to define areas of responsibility andenable better control of the keys.

Designing and customising the systemConfiguring a key control solution is as easy asidentifying needs and then building the systemwith modular components that meet thoseneeds. Users select a cabinet size, and if morethan one cabinet is required, the arrangementcan be linear (side by side) or stacked. Cabinetdoors may be solid steel or they may be see-through polycarbonate designs.

Choices for modules to fill the cabinets mayinclude a selection of key storage modules,credit card modules or simply blank modules (tobe filled at a later time). The combination ofmodules is entirely up to the user, providing theability to customise and also change the systemto meet growth or other specific needs.

Custom modules and lockers that canaccommodate plastic card keys or other valuableitems may also be included in the system.Lockers, available in various configurations, canbe used for storing credit cards, small firearms,cell phones, 2-way radios, laptop computers,tablets, cash trays and so on, and can bemanaged as efficiently as keys in key controlsystems. Items can be returned to any openlocker for convenience, and systems can be setup as personal storage spaces for one ormultiple users.

Key control and asset management systemscan also be configured with additional securityfeatures to help enhance the integrity of thesystem. For example, where protection of assetlockers itself is mission-critical, installation of aremote access device provides an additionallayer of protection by enabling the locker systemto be placed in a secure room. A secondindividual’s PIN input and verification are thenrequired in order for an authorised employee toaccess the contents of a locker.

Access to the key and asset cabinets can alsobe customised, with options including a built-inkeypad, biometrics such as a fingerprint reader

28www.risk-uk.com

Mobile applications are quickly becoming a preferredplatform for security managers accessing key control data

and even to perform transactions


Security management

29www.risk-uk.com

and a magnetic or proximity card reader.Systems that integrate card readers for accesscan often utilise the access control cards thatare already in use throughout the organisation,making the system implementation easier andmore convenient. Changes to an individual’saccess authorisation can be made instantly byprogram administrators. The optional userinterfaces can be integrated directly into thecabinet for easy accessibility or they may beseparate. In either design, users can access onlythe stored items that they have been authorisedto remove or return.

System integrationA key control and asset management solutioncan usually be integrated with the existingphysical security system without costlyupgrades or overhauls. For example, assetcontrol systems featuring alarm and relayinputs/outputs can be integrated with existingvideo surveillance systems for additionalsecurity. Ethernet and USB capability help toensure system compatibility and integration. Keymanagement systems can also integrate with afacility’s existing identification cards.

The compatibility with other security systemsand network access offer an added richness andusability and integration with existing databases saves time and money. Ethernet or TCP/IPcommunications ports allow ease of use fordirect connectivity to printers or other devices,or networked connectivity via Ethernet.

Software add onsOne of the enabling factors for successful keycontrol implementation is the ability to manageall programming, remote functions and reportsfor the system with a software-driven solution.Similar in concept to popular access controlsystems, the PC-based package of keymanagement software helps make day-to-dayoperations and activities easier and more fluid.Users can be added from a global list and allspecific settings (added or modified) will beautomatically synchronised across the system.Profiles can be assigned for improved usercontrol, and administrative access levels havevarious options to be tailored to specific needssuch as reports only or alarms only.

Built-in schedulers can be programmed toautomatically download all data to a secure PCas required by the user. With this capability,management can better sort and analyseinformation to maintain maximum control ofaccess and security issues.

Scheduled email reports, detailing what keysare in or out and who has/had them, keepssecurity management informed and up to date. If

an incident occurs, management can query thesystem for specific details, such as a listing of alltransactions between certain times; and whendoing a follow up investigation, managementcan request a report for the hour preceding theincident. Or, immediately following an incident, areport can be generated showing which keys areback in the system and which keys are still outand who last accessed them. Together with theaudit data from an access control system, a keycontrol system’s reporting system provides astrong evidence trail.

Mobile applicationsAdvanced communication capabilities alsoenable key control systems to be monitored andadministered remotely from PDAs orsmartphones as well as from the desktop. Appsfor automated key control systems enable usersto maintain control of keys no matter theirlocation. At any time, an authorised user can seereal time transactions and information aboutkeys that are in use and any keys that areoverdue, as well as about where and whenalarms may have been triggered or overallsystem status. For investigative purposes,managers can even review key usage todetermine who may have last accessed a key fora vehicle that was found to be damaged. Havingthis information available on a mobile device islike having a remote office.

Notifications and events are automaticallysent to authorised personnel, allowing themcomplete control of the system. They can cancelan alarm and even, if necessary, remotelydisable user privileges. These features, alongwith multiple others, provide the mobile userwith a greater level of convenience and control


30www.risk-uk.com

Security management

when it comes to key control management.Mobile applications are quickly becoming a

preferred platform for security managersaccessing key control data and even to performtransactions. The result is improved safety andintegrity of the facility.

Application examplesEducational facilities - a robust key control andmanagement system can provide an additionallayer of security and information for firstresponders in an educational environment. Forexample, badges can be pre-configured anddistributed to designated first responders and,in the event of an incident, when they reach thescene they simply scan the badge into thesystem and the critical emergency keys will bereleased. It’s also important to remember that inaddition to traditional first responders such asfire, law enforcement and EMS (emergencymedical services) personnel, there is a widercircle of school staff and departments that playan integral role in emergency situations. Keycontrol systems that are strategically located,networked and easy to use/manage add to anindividual’s ability to efficiently cope with anemergency.

Many schools (both public and private) todayat all levels are battling budget cuts to theiroperational expenditures, and key controlsystems may help reduce costs. For example,services by janitorial or maintenance staff can beshared among several schools in a district ratherthan be dedicated to a single school, orteaching/support staff may be assigned to morethan one school.

In these instances, instead of issuingduplicate sets of keys to several employees (andpotentially creating a security vulnerability), asingle set of keys can be stored in a key controlsystem that is located in the building for whichthe keys are used. Using their pre-authorisedPIN codes, visiting staff can quickly and easilyaccess needed keys without having to golooking for them or interrupt another individualto dispense the needed key. All access activity isrecorded and any changes to authorisations canbe made quickly and easily by the systemadministrator.

Casinos - To effectively manage casino assets,key control systems store, control and track keysthat are used for access to all the most sensitiveand highly secured areas of the casino wheremoney and chips are held, including the slotdepartment and cages. Customised features andadvanced technology in key control systems alsomake it easier for casinos to comply with gamingcommission regulations pertaining to keycontrol and management. For example, to meet

gaming regulations that require the three manrule to access sensitive or restricted key sets,the key control system can be programmed torecognise these keys or key sets and only openthe cabinet door and release them once thethree required logins are completed and thecredentials verified. These measures ensure thatno one person acting alone can access asensitive or restricted key and that these keysnever leave the property.

Gaming requirements do vary from state tostate, as well as from tribe to tribe. The keycontrol and management system chosen fordeployment in a casino environment should beflexible, so that it can accommodate any of theabove regulations and much more. It should alsobe modular and scalable, so the number of keysand the scope of features can change and growalong with the business. Finally, it should beeasy to use, as training time can be costly andmany employees will need to be able to accessthe system.

Fleet Management / Car Dealerships - Thebenefits of adding a key bank system to adealership operation are many. Managementcontrols who accesses vehicle keys, who entersthe system, who takes a key and why it isremoved and how long the key is out. No moremissing keys. No more mystery damage ormileage.

In applications for automated key control andmanagement systems used in fleet operations ordealerships, software is available to track keyusage so that management knows at any giventime who has accessed keys and when.Dealerships that network their key controlsystems can experience additional benefits inmanaging vehicle usage. For example,scheduling can be used to ensure that driverscan’t simply grab the newest car on the lot whileolder cars sit unused. Additionally, networkedsystems allow keys to be returned to any fleetkey cabinet in the system. This makes it easierto track a vehicle that has been returned to alocation different from where it was picked up.The system software will record the location andtime so anyone looking for that vehicle will knowwhere it – and its keys – is currently located.This benefit allows vehicles to be moved aroundand located as needed.

ConclusionBy following these best practices for key controland asset management systems, users mayexperience decreased operational and financialrisk and achieve best value from the application.The guesswork is removed and the technologycan be implemented with measurably higherlevels of success.

The benefits ofadding a key bank

system to adealership

operation are many


Last year saw mandatory CE marking for allconstruction products in the EU added tothe Construction Products Directive. Now,

under the Construction Products Regulation(CPR), it is a legal requirement for UKmanufacturers of construction products toapply CE marking to any of their products,which are covered by Harmonised EuropeanStandards (hENs).

CE marking is an indication of a product’scompliance with EU legislation, enabling themto be traded within the European market.However, a common misconception is that a CEmark guarantees that a product is of a very highquality.

Quality control If a product features a CE mark, it means it hasmet the minimum standards required, but thatdoes not guarantee it will perform to thehighest standard. For example, a lock CEmarked to EN12209 only has to achieve theminimum performance levels of between twoand four on the 11-digit classification scale fordurability and fire performance.

For suppliers and manufacturers, the CE markis there to offer protection from prosecutionsbrought against them under health and safetylegislation. If a product is performing correctlyunder its CE mark, then this is a strong defencein any subsequent legal matters.

However, problems can arise when Specifiersand installations opt for cheaper products andassume that because they boast a CE mark theywill be of sound quality. We are now seeing alarge number of counterfeit products featuringCE marks, although they do not meet thenecessary safety requirements.

This means that by opting for cut-pricealternatives, Specifiers and installers couldactually be fitting non-compliant products thatdo not perform properly. In cases such as fire,smoke, and/or escape doors in public places,there is a danger that these substandardinstallations could cost lives.

Anything to declare?CE compliance also requires the manufacturerto prepare a ‘Declaration of Performance’ (DoP)legal document and to supply it to thecustomer. If a DoP has not been drawn up, thena CE mark cannot be affixed. By law, DoPs must

The recent introduction of mandatory CE marking hashelped to ensure all door security products in the EUmeet minimum standards, however specifiers shouldnot rely on the symbol as a sign of quality. Here, JonBurke, Marketing Manager of Abloy UK, warns about

the false sense of security CE marks provide, andadvises specifiers to use only trusted brands to avoid

dangerous and sometimes illegal installations

Setting the standard

32www.risk-uk.com

If a product features a CE mark, it means it has met theminimum standards required, but that does not

guarantee it will perform to the highest standard


Access control

be made available for anyone in the supplychain to view, and for easy accessibility AbloyUK hosts all of its DoPs on its website.

As CE marking is a mandatory requirementfor hardware products that are intended for useof fire, smoke, and/or escape doors, allproducts to be used on these doors mustcomply with standards EN179 for emergencyand EN1125 for panic.

They must also have been successfully 3rdparty type tested against EN1634-1 for fireperformance if the door is fire rated, thisapplies equally to all hardware regardless ofwhether a mechanical operation or an electricaloperation. For products that are used on firerated or escape doors, DoP’s need to beavailable on request, but they don’t have to beprovided alongside the product itself.

Suppliers and manufacturers will need toretain the DoPs of products for a period of 10years after they are placed on the market,ensuring a lengthy space of time in case anylegal cases are drawn involving that product.

Protecting specifiers So, what does this mean for the specifier andinstaller? They are responsible for ensuringthat products - such as fire doors – that they

supply and fit are compliant with the currentbuilding regulations. Harmonised EuropeanStandards (hENs) provide a solid technicalbasis for manufacturers for testing theperformance of their products.

Specifiers are able to use information fromthe hENs to assess the performance criteria of aproduct before installing it. Areas coveredinclude testing, assessment and samplingmethods, and further details of the minimumperformance criteria required to achieve CEmarking and how the product is labeled.

For CE marks to be valid, products can onlybe supplied with the parts that the product wasoriginally tested with. If an installer tamperswith a product or modifies it in any way – evensomething as small as changing the colour ofthe device - then the CE mark will be invalid andno legal protection will be offered.

So, to ensure the utmost safety, specifiersand installers are advised to only use well-know respectable brands that are renowned forquality products. After all, ignorance will notstand up as a defense in court.

For CE marks to be valid, products can only be suppliedwith the parts that the product was originally tested with


As technology has developed to offergreater protection so have the threats andthe individuals and organisations behind

the threats. But it’s not just high securitylocations that need protecting, it can bepremises as mundane as studentaccommodation where what was almostunprotectable 20 years ago can now be secured– barring indifferent human intervention(students pegging doors open) – with minimalfuss.

TrendsPer Bjorkdahl, chairman of ONVIF, a non-profitorganisation that promotes and developsglobal standards for interfaces of IP-basedphysical security products, sees the internetand internet based protocols as the wayforward. He thinks that the use of IP hasenabled a multitude of smart and usefulfeatures in the systems: “IP has really createdopportunities for not only more advancedsecurity features but also for effectivemanagement features that were not possiblepreviously.”

Neil Thomas, national sales manager, atVidex Security is of the same view; he thinksthat the internet (IP) and mobile telephony aretransforming the development and use ofaccess control and door entry systems. Hesays: “With the widespread availability of bothaudio and video codecs, it was an evolutionarystep to include this technology in door entrysystems. Although the technology is fardifferent from the conventional door entrysystem, it offers much more flexibility for theintegrator and system designer. It allowssystems to be created using an existinginfrastructure within a building.”

For Tim Northwood, general manager ofInner Range, the Internet has encouragedmanufacturers to implement features andfunctionality that make life a lot moreconvenient for both integrators and end usersalike. He notes the ability for an end user toconnect remotely from any internet connectionor even 3/4G from almost any device andrespond to system alarms and messages inreal-time and fully interact with the system.

“Providing users and integrators withfunctionality such as software and firmwareupgrades over the internet as well as systemlicence management saves time on site andtherefore money. All this said, where highsecurity is a consideration is has become thenorm for outside connections to the internet tobe restricted and in many cases denied andquite rightly so.”

But Northwood doesn’t really see anyindividual features or functionality movingmajor market trends – “but what we do see isthat end users are a lot smarter nowadays andwant ‘more bang for their buck’”. He considersthat the trend is definitely to integrate andautomate. “They want a system that is simpleto operate yet provides a full feature set fromthe outset. End users are now far more IT savvyso they understand what is possible andexpect their integrated systems solutions tolive up to their expectations.”

The trends in many technology markets haveclearly developed with the introduction ofsmart phones and tablets. According toThomas, users are finding they don’t needdedicated devices such as cameras and alarmclocks, radios and so on - one device whichoffers all (and more) is filtering down intomarket deployment. Thomas thinks that theuse of such devices will continue to grow andwill find new applications over the next fewyears – including the control of door entry andaccess. By way of example, the Wall StreetJournal reported at the end of January thatStarwood Hotels & Resorts is implementing akeyless entry system at two locations in theUS. Hotel guests will be able to download amobile application to their smartphone beforearriving. Rather than visiting the front desk tocheck into their room, the guest simply checksin through the app and can go directly to theirhotel room. The app generates a virtual key forroom entry.

So while door entry systems once had beenstandalone products requiring separate wiringand installation of audio or videophones, withthe introduction of IP based products, usingstandard TCP/IP protocols over local or widearea networks, door entry systems integratemore fully with other devices. Technology isallowing users to answer calls on smartphones and tablet devices and in addition,they are able to deal with visitors moreeffectively as calls can be answered frommultiple devices whether in the home, office oron holiday.

So the smartphone is the way forward: Areport from Ofcom issued in March 2013,Communications Market Report 2013, reckons

Adam Bernstein looksat access control andintegration in thesecurity sector

Integrating benefits

34www.risk-uk.com

With the widespread availability of both audio andvideo codecs, it was an evolutionary step to

include this technology in door entry systems


Access control

35www.risk-uk.com

that 51 per cent of the UK population nowowns a smartphone a number that will surelyrise when the 2014 report comes out.

Whole packageSystem resilience, in any security application,is clearly going to be high on the agenda.Thomas thinks that the need for redundancyfor IP based products is about ensuring usersget stable and dependable use out of thesystems connected to the network. “Systemsshould be capable of dealing with any minorinterruptions to the network. By definition, themore redundancy built into a system, thehigher the cost, so to determine what isrequired users need to discuss the level ofredundancy needed to maintain the requiredlevel of operation.”

But should buyers purchase a wholepackage - access control, CCTV, alarms andremote monitoring - from one company?Thomas believes that buyers should shoparound because it is not always necessary topurchase different products that make up anintegrated system from one company.“Customers need to choose carefully theproducts they think are more suited to theirindividual circumstances and talk to thechosen manufacturers to ensure they can thenbe integrated.” Bjorkdahl confirms this sayingthat firms “should definitely choose thecomponents that provides the best solution tothe specific needs, both technical andcommercial.”

Part of the reason for choosing the best ofbreed from the market, says Thomas, is thatusers wanting to add security systems to theirpremises are faced with a complex range ofoptions and components with many differentfeatures, using different technologies that maynot always be suitable for integration witheach other. But he thinks that by talking tomanufacturers, advice can be given as to howbest to choose from the wide range of optionsavailable.

In contrast, Northwood has a different view.“I certainly think [buyers] should get the heartof the integrated system from onemanufacturer because intruder, access,automation as one hardware and softwarepackage avoids the interoperability betweendifferent manufactures systems issues.”Northwood does, however, make the point thatmost integrated platforms of this nature cantalk to numerous CCTV systems so the end

The buying pattern and the buyers approaching the market placeseem to have evolved recently – and economics is the driving force


user can normally select their favoured CCTVsystem. But he believes that remotemonitoring is a different kettle of fish andwhile the integrated platform will providePSTN/GSM/3-4G/IP signalling, the actual ARCshould be the end users choice.

Thomas does add, though, “whether buyersshould integrate access control, CCTV andintruder protection will depend on individualcircumstances. Integration may provide acomprehensive security system that is simplerto manage and makes investigation ofincidents easier by linking CCTV images withaccess control events.” For him, the questionof whether to integrate will depend on variousfactors including the number of potentialvisitors to a building, the likelihood of crime,vulnerability of users and so on. The chosensystem must also be expandable and futureproofed as far as possible. This may be why

Thomas believes that biometric systems areideal for many applications - experience hasshown him that in areas where devices areprone to vandalism or misuse, proximitysystems may be better suited.

Buying is evolvingThe buying pattern and the buyersapproaching the market place seem to haveevolved recently – and economics is the drivingforce according to Northwood. “We see a lot ofend users who are obviously looking to makesavings in this current financial climate. Thesmart ones tend to look for these notnecessarily in reduction of product orinstallation costs, but rather than in upgradingto an intelligent product that can offer morethan just a security system.”

Of course, it’s possible that those buyers aremore in tune with the idea of an integratedsystem or software package that may be ableto control their existing hardware; or maybethey’re looking to bring a number of disparatesystems under a single point of control ormanagement.

Northwood thinks that the type of buyer is

36www.risk-uk.com

But should buyers purchase a whole package -access control, CCTV, alarms and remote

monitoring - from one company?


Access control

37www.risk-uk.com

changing quickly as individuals with ITexpertise move into decision-making positionswithin the sector. He also considers that theintegrated systems market is still very projectdriven. He cites the example of someone whois looking for a solution that integratesintruder/access/control and other third partyoptions, such as CCTV and buildingmanagement systems into one system, whothen put this under a single maintenancecontract.

Interestingly, it’s not just the type ofpurchase made that’s changing, the method ofpayment is changing too. Bjorkdahl believesthat the market will shift more and moretowards recurring monthly revenue streamsshared over the internet.

Care and standardsWhen it comes to the specification, Northwoodsays that this greatly depends on the size andcomplexity of system required. “A buyer (enduser) has a number of options open to themwhen looking to specify a system. Dependingon the size of their organisation they mayalready have in house expertise such as asecurity or IT manager who knows what theywant and has researched the market for theproduct that best suits them. A buyer mayhave a competent systems integrator theyalready use who can provide advice or theymay use the professional services of any of thenumerous consulting practices.”

But as with any technically based industry,manufacturers are seeing the ever-increasingtrend of end users making direct approachesto seek advice. Inner Range is no different.Says Northwood: “Going directly to amanufacturer for advice has advantages as thebuyer is more likely to get a complete systemoverview and demonstration, hopefully makingsystem choice easier. It’s also a very usefulprocess for us as we get to hear first-handwhat end users want and this can greatlyinfluence our future product development.”

Thomas echoes this: “As door entry andaccess control systems grow in size andcomplexity, it becomes increasingly important[for buyers] to speak to manufacturers foradvice and guidance.” He adds that recently,organisations such as Secured by Design, theofficial UK police initiative supporting theprinciples of designing out crime, haveprovided advice and guidance on selectingsuitable products which have been tested tostand up to attack.

Future proofing and serviceNaturally no one wants to buy a system that is

out of date soon after installation. A classicexample of this from a bygone age are theforts built in the Solent during the 19th centuryto guard against a French invasion that neverhappened. Costing a fortune, they wereredundant before they were finished.

Future proofing is the answer andNorthwood sees this as a way formanufacturers to retain long term customersrather than selling their products in an ever-changing consumer electronics cycle. Heconsiders future proofing an easy option formanufacturers – which more are doing:“Making your new product backwardscompatible with older product is essential.Why should a customer/buyer who hasinvested significantly in a system have to makefurther large product investment just to takeadvantage of a few new features?”

And by extension, a good service agreementis key too, but Bjorkdahl points out that “anyservice agreement must reflect the needs ofthe user organisation - the higher the expectedavailability of the system the higher the needof a service agreement.”

Northwood takes the argument further,“[service] is very important - you’ve investedthe latest state of the art integrated system, sowhy would you not maintain it and be able tocall on expert advice and services 24/7?”Thomas agrees. “Whatever the case, it isimportant that door entry and access controlsystems are regularly maintained and a serviceagreement [is in place to] allow users todetermine the schedule and details ofinspection visits for general cleaning andmaintenance.”

Bjorkdahl sums up the solution to futureproofing: “Make sure the products areconformant to established standards bothmechanically and for interoperability.”

So today integrated systems have large ITcomponents, software and servers and mostend users are going to need support when itcomes to database management, softwareadditions and upgrades. It’s becoming farmore accepted that an end user will have aservice contract with the installer for hardwareand maintenance at the site and with themanufacturer for software support which isoften carried out remotely.

This may well be the way that the industrymoves on.

Naturally no one wants to buya system that is out of datesoon after installation


The nation depends on the proper operationof its critical infrastructure. Airports andseaports, power plants and transportation

networks as well as government and militaryfacilities are all integral to the smooth runningof the country. Multiple security systems andsensors safeguard these entities, includingaccess control, building management, identitymanagement and panic alarms, videosurveillance and analytics. However, theproblem is that these systems often operateindependently, in proprietary environments,and can even be geographically dispersedwhich can lead to a fragmented approach tosecurity. With natural disasters, human errorand terror threats ever present in today’ssociety, it is imperative organisations unify theirsecurity approach to help keep one step aheadof the potential risks at all times.

Critical infrastructure such as power, heat, ourdaily transportation, and communicationstructures are at the heart of our existence,however there are a number of threats tokeeping businesses secure, and this meanssecurity must be watertight. Cybercrime,espionage and terrorism are the top threesecurity threats highlighted by the Centre for theProtection of National Infrastructure (CPNI) andthe latter is of particular concern, with terrorismrelated arrests rising by 60% according to latestfigures from the Home Office. The recent securityscare at Edinburgh Airport, when numerousoutbound flights were cancelled after anunattended bag was found, shows us that thenation is on constant alert, and that there isalways a new threat round the corner.

At this time of year, it’s common to hearabout snow, heavy rain and strong windscausing all sorts of hazards for people andbusinesses around the country, and this winteris no exception. Floods have recently causedmayhem for transportation lines in the SouthEast, meaning that security teams need to beon high alert and have appropriate drills inplace, to monitor for any extra weather inducedrisk, in case of derailment or power failure.

Human error is also a common problem thatneeds to be accounted for. Recently, the LondonUnderground’s Victoria Line was suddenlyclosed after a control room was flooded bycement, resulting in hundreds of passengersbeing evacuated and the damage of criticalsignalling equipment. In this unexpectedscenario, CCTV, alarms and crowd managementplans would have been essential in gettingeveryone quickly and safely out of the station.

Mitigating Risk Through Technology

With the above in mind, what steps should betaken to ensure the highest security levelsacross our critical infrastructure? Firstly,security professionals should rigorously planfor any of these eventualities. Sitting down withteams to run through emergency proceduresshould be a common occurrence to enable youto anticipate problems and have contingency inplace. In terms of technology, organisationsshould optimise the placement of securitydevices, for instance identifying the primelocation for security cameras at recognisedrailway station trouble spots, or biometricscanners at airport check points and customs.Such technology should be implemented toachieve a 360 degree view of any given area.

In a more traditional set up, technology tendsto operate in silos. However systems are nowmore advanced and security professionalsshould be looking to unify processes to create afully integrated security network that centrallymanages all security data. For example, if acamera spots an unusual package at a railwaystation, it will automatically detect and sendthis information back to the relevant securitymanager or the control room. Similar alerts canbe coming in from other various devices andlocations. To help prioritise and actionappropriate responses, a centralised analyticsdashboard can be implemented.

The right technology can also help in thedevelopment of standard operating procedures,the evaluation of contingency plans, and toprovide feedback on access and crisismanagement exercises. Security professionalscan run virtual scenarios based on simulatedfactors, such as an unauthorised individualloitering around a controlled area orenvironmental problems such as gas leaks atpower plants, to better map out escape routesand lock downs.

We can’t predict the future, and naturaldisasters and terrorist attacks are by naturegoing to take us by surprise. However, assecurity professionals within these industries,it’s your responsibility to plan for thesehypothesised events as much as possible. Fromimplementing basic alert systems tooverarching strategy, having the rightcentralised technology in place to manage theentire process will ensure nothing slips throughthe cracks and ultimately, keep criticalinfrastructure and the invaluable services theyprovide, safe and secure.

Critical infrastructureadvice from IanGraham, SVP &General ManagerEMEA, Video &Situation IntelligenceSolutions, VerintSystems

Critical infrastructure

Unifying security blind spots

38www.risk-uk.com

Cybercrime, espionageand terrorism are the

top three securitythreats highlighted by

the CPNI


With IP CCTV forecasted to show continuedgrowth, until at least 2017, it seems thatthe security industry’s focus will shift to

fully integrated IP security systems, incorporatingCCTV, access control, intruder detection andother intelligent building systems.

The increasing number of ‘global’ smart citiesand the adoption of intelligent buildingtechnologies are indeed transforming traditionalcommunication networks and enabling them tobe utilised for much more than just data andvoice, with the inclusion of security and buildingcontrol systems. As technology evolves,intelligent building solutions have proven to easethe facilities burden and pave the way for IT andestates to bridge the gap between departments.

Perhaps then it is no surprise then that Frostand Sullivan recently published a report detailingthe increase in awareness and expected,considerable, growth of the biometrics market aswell as recent news announcements emergingthat key industry manufacturers are set todiversify their portfolios, to provide smartersurveillance and access control technologies.

The last twelve months have seen key trendsappear within the security industry which havepaved the way for the development and furtherintegration of the latest innovations andtechnologies, set to shape the future marketplace such as:

Falling cost of IP technology – IP securitytechnology has seen dramatic reductions in priceover the past few years due to the increasinglevels of competition between manufacturers andthe seemingly boundless progression oftechnologies.

The relationship between access andsurveillance - Integration between previouslyproprietary systems is becoming more and morecommon and is now more often ‘expected tohappen’ rather than asked ‘if feasible’.

Physical Security Information Management(PSIM) – The integration of multiple securityapplications, into a single management system,provides complete visibility of all systems.Benefits include significant cost savings, ease ofinstallation and operation, enhanced usabilityand future proofing.

Business intelligence – The adoption of IPtechnologies, sophisticated Video ManagementSystems (VMS) and PSIM software has grantedsecurity and estates managers a wealth ofbusiness intelligence that can be used not onlyfor security but also payroll, student attendance

records, health and safety requirements and toprovide valuable insight to support marketingand sales.

Video analytics – The capacity to evaluatevideo footage at a granular level, allowsoperators to determine specific information aboutthe content of their video. Intelligent analyticscan provide early alerts to incidents needingattention and can relieve security staff fromhaving to watch monitors for hours on end.

Remote services – The capacity to enable anddisable user’s access to specific areas ofbuildings or entire campuses remotely hasgranted organisations significantly higher levelsof security. Remote services can allow controllersto simply isolate an intruder or restrict access toan entire building.

Mobile access – The unprecedented, globalgrowth of mobile devices and applications hasbeen fully utilised by the security market to offerusers mobile access to analytics and criticalfootage, thus enabling preventative and reactivemeasures to be actionable in real time.

Why IP CCTV?Across varying sectors the shift from analogue toIP CCTV is continuing to accelerate. The benefitsare being driven by both advances in technologyand integration capabilities and they show nosign of slowing. With IP CCTV, long gone are thedays of massive investment with depreciatingassets.

Omnipresent and intelligent surveillance actsas a deterrent to anti-social behaviour and theftand enables swift response to any incidents withhigh quality footage. However CCTV is now usedfor much more than security, for exampleproviding analytics to help the retail marketidentify opportunities and reinforce marketingcampaigns.

IP security products can be graduallyintroduced and added to existing systems tocreate hybrid solutions.

With the use of encoders, an evolutionaryapproach to IP migration negates the high up-front costs associated with analogue systems.Moreover there is no mass ‘rip out and replace’required which is often not a financially viableoption.

Megapixel and HDTV network cameras providehigh quality detailed footage and can employprogressive scan for superior image quality, evenin scenes with a high degree of motion. Inaddition HDTV video can be streamed reliablyover IP and wireless networks. Moreover, in afully IP surveillance system, images from anetwork camera are digitised once and they staydigital with no unnecessary conversions and noimage degradation.

Hugh Hamill,Director of Fire &Security Systems,Boston Networkslooks at the shifttowards integrationand intelligentbuilding systemsover IP

Intelligent integration

40www.risk-uk.com

With the use ofencoders, anevolutionary

approach to IPmigration negates

the high up-frontcosts associated with

analogue systems


Smart security

ANPRANPR differs significantly from CCTV. Data is veryeasy to capture and quick to search and canrapidly identify locations of potential interest. Animportant difference includes the ability for ANPRto be used so that offenders can be immobilisedin real-time.

ANPR systems provide automatic barrieropenings for authorised vehicles, whilst loggingentry and exit times. Non-authorised vehiclescannot gain access until permission is manuallygranted to proceed.

Number plate data, along with other data suchas location, time and read confidence can beseamlessly logged, encrypted and sent via a fixedor wireless network. Additionally, ANPR systemscan be seamlessly integrated in to your mainCCTV control room and PSIM platform.

IP access controlWith the latest access control productscombining IP readers and controllers, intercomfunctionality and remote applications, an entirelymultifaceted access control experience is comingto the fore.

With the utilisation of new technologies andthe increasing capabilities for multiple systemintegrations, common Access Controlcomplexities can be reduced whilst streamliningbusiness processes, providing real time criticaldata and, most importantly, increasing levels ofsecurity.

Wireless and IP ID card functionality canenhance security and pride a highly controlledenvironment. Not only can areas be highlysecure and, if desired, entirely inaccessible, anIP solution can provide seamless access to corefacilities in a highly controlled and managedway.

Entire and multiple buildings can be controlledfrom a central location, providing unrivalled levelsof access control flexibility and greatly simplifiedsecurity management processes. An IP solutioncan be remotely managed offering thefunctionality to access and change profilesrapidly, adding real value.

Intelligent ID card systems can providedetailed audit trails of users, granting completecontrol and granular levels of visibility, enablingthem to track the movement of students, staffand visitors throughout buildings and campusesand can delete users remotely and securely, ifrequired.

Intelligent BuildingsThe integration of security systems, with the ITnetwork, delivers a wealth of benefits and theutilisation of IP and wireless technologies drivescalability and cost effectiveness whilst

delivering increased levels of resiliency andproving simpler to maintain.

Delivering estates and security managersall the critical information they require tomonitor, maintain and protect their assets,employees and data is, in effect, intrinsicallyweaved in to the role of the IT department,which is being more and more widelyrecognised and embraced.

Future trends in intelligent buildingtechnology will be heavily dominated bysecurity, with the Intelligent Building marketpredicted to continue to grow this year, inparticular we will see:

Early adoption - A greater adoption of theintegration of security into IntelligentBuildings at point of construction, allowing forgreater cost savings and acceleratedinteroperability.

Physical Security Information Management(PSIM) An increase in the demand for PSIM tocreate truly unified and centralised systems.

Edge CCTV storage – to record CCTVfootage locally and reduce the transportationof non-critical information when the networkis busy.

Smart IntegrationAs a nation, the UK is perceived as a Big Brothersociety, due to its large volume of CCTV cameras.However with massive amounts of legacyequipment becoming end of life, now is the timeto think smarter and deploy truly intelligent andfit for purpose IP security solutions.

By using intelligent and integrated securitysolutions, the need to have a multiple camerascovering a given area is no longer the best or onlysolution. A far more effective approach is to havea single HD camera that will become active uponspecific movement, or an alert from an IP accesscontrol system.

Moreover the use of ANPR and barrier controltechnology is another example of where yoursecurity estate can work ‘smarter’. With thestrategic placement of entry and exit camerasacross your estate, you can effectively monitorthe entire vehicular activity and reduce therequirement for multiple pan tilt zoom (PTZ)cameras and the hours of footage these wouldgenerate.

Using this level of integration and managingand monitoring entire estates with an intelligentPSIM solution can deliver multiple benefits –company wide. However from a purely securityperspective, streamlined alarm and accesscontrol, pre-defined levels of security, highquality HD footage, smart storage and simplifiedmaintenance is, some say, just the tip of theiceberg.

With massiveamounts of legacyequipmentbecoming end oflife, now is the timeto think smarter anddeploy trulyintelligent and fit forpurpose IP securitysolutions

41www.risk-uk.com


It would probably come as a surprise to thepublic and most law makers to know that thefire integrity of new buildings was generally

diminishing over the years rather thanprogressively increasing, that is, if they hadbeen present at Dr Jim Glockling’s controversialAiS London lecture on the evening of 24thFebruary 2014. This is the inescapableconclusion when the roll call of developmentsover the last few years that negatively impactnew build fire resistance is considered,inferred Jim.

Wouldn’t it strike most people as odd that asone of the most advanced western economiesthe UK has a lamentable national policy on themost cost effective active suppression

technology of all,namely sprinklerprotection? Why isit that the UK andthe burgeoning Fire(Value) Engineeringconsultancy sectorsee a need forsprinklers in only afew mega projectswhen our Europeancompetitors requiresuch protection onbuildings a fractionof the size so thatthe community’sinvestment isprudentlysafeguarded? Asvalues andundividedcompartment sizesinexorably grow,rather than beef upnational practice onsuppression, UK isbusy repealing thefire safetyprovisions of locallegislation whilst atthe same timeintroducingunprecedentedconstraints on theresponse to

automatic detection systems and limitationson fire and rescue services’ budgets. All thismakes for an anxious insurance industrycoming on top of economic restraints,loosened regulation to encourage low costbuilding and the popularity of new buildingsystems using materials that cannot possiblycompare with traditional bricks and mortar.

However Jim is happy to concede that themany construction methods, including ‘modernmethods’, and timber framed now permitted bybuilding regulations, are broadly equivalent interms of life-safety. However this cannot besaid when the survival of the building itselfand its contents are at stake.

The talk looked at how three stakeholdergroups - central government, insurers andsenior management - could influence this stateof affairs. When it comes to the governmentthe fact is that their remit stops at evacuation –there is no further interest in how the building,environment, business, or community suffersbeyond this point. It seems to be thegovernment’s assumption that decent propertyprotection standards are market driven by thesecond group, the insurers. But even if thefierce competition between insurers(encouraged of course by government) allowedit, why should that industry be saddled withthe task of imposing standards that elsewherewould be seen as a matter for which for thenational authorities take responsibility?

When it comes to the last group, theManaging Director level in business, Jimprofessed himself stumped. Time and againexamples are found in industry and commerceof businesses failing to grasp the fundamentaldisciplines of business resiliency vis-a-viscatastrophic perils. Dependencies withoutalternatives or back-ups; multiple productionlines and combustible storage within a singleundivided fire risk; compromises on layout andprotection. How is it that astute businessbrains do not see the exposure to the businessof a single catastrophic event when theyrecognise all manner of other risks that mightnot be immediately obvious to the man in thestreet?

It’s not as though senior managers can claimthey do not understand their responsibilities.They are, after all, familiar with the CompaniesAct that imposes on directors (amongst otherthings) a duty to ‘promote the success of thecompany’ and have regard to ‘the likelyconsequences of any decision in the long termand the impact of the company’s operations onthe community and the environment’.

Even when initial proposals support soundbusiness resilience design, typically these see

Is UK propertyprotection in reversegear? Here we digestthe opinionsexpressed in therecent AiS Londonlecture

Going backwards?

42www.risk-uk.com

When it comes to the government the factis that their remit stops at evacuation


AiS comment

subsequent modifications and compromisesthat look distinctly ill-advised with establishedprotection standards altered “on a whim”.Such observations seemed to chime with therisk advisors in the audience who commentedthat, to their credit, architects are known toprepare robust designs, only to have themoverturned by an unseen hand somewherebetween the drawing board and construction.How are these decisions made? Who isadvising the decision makers? What expertisedo they have? This can be a mysterycommented our speaker.

On a more positive note however it seemsawareness of the importance of continuityplanning is gaining traction in UK businesswith the RISCAuthority ‘ROBUST’ ResilientBusiness Software Toolkit having registered12,000 users at last count.

To Dr Glockling Fire Engineering is a Jekylland Hyde - a toolkit that may be used tobenefit fire protection or undermine it. Whenused effectively it uses novel means to achieveresilience goals, perhaps using advancedmaterials, all appropriate to specific end use.When used poorly, as a vehicle for introductionof poorly performing materials and choicesseemingly driven solely by cost cutting and the

profit motive, property protection (as againstlife safety) is sacrificed. Solutions are oftenover-reliant on ‘human control methods’.

Of the more promising developments on thehorizon Dr Glockling singled out the relativelyrecently created discipline of BuildingInformation Modelling (BIM) with which by2016 all major buildings will be ‘virtually’designed. Through the ‘B4FIRE Project’,RISCAuthority, in collaboration withLoughborough University, will seek to ensureall building elements contain insurancerelevant information such as ignitability,combustibility, combustible content and firerating. The aim is to achieve a simple overallmeasure of ‘Resilience’ and enable designs tobe made to an identified level.

Additionally, RISCAuthority will soon bereleasing a revised version of their ApprovedDocument ‘B’ which incorporates insurerrequirements in Annex J – Fire Engineering.This will be updated to cover timber framedconstruction and will (amongst other things)set a framework for the limitation of firespread, time to recovery, maximum targeted %capability loss as well as actually dealing withmeasures to put the fire out - something somefire engineering schemes seem oblivious to!

On a more positivenote, it seemsawareness of theimportance ofcontinuityplanning isgaining traction inUK business


No one can doubt the efforts made byinsurers to respond quickly topolicyholders whose homes have been

damaged by the recent UK floods. The extent ofthe problem has given rise to a number ofunique challenges which, once the immediateissues have been dealt with, will encourageinsurers to examine the way in which theyhandle similar events in the future.

The concentration of many claims in localisedareas has created resourcing issues for bothinsurers and policyholders who, in many cases,have had to abandon their homes for reasons ofsafety or discomfort. This presents an initialdifficulty in communicating with policyholderswho, typically, will have moved out of theirhomes to temporary accommodation withfriends or family, or to a hotel, before movingon to rented accommodation. During thisperiod there is a need for mobilecommunications, as it may be difficult orimpossible to make contact by post or land line.

To respond effectively, the insurer will needregular, reliable contact with the claimant toconfirm the details of the loss and damage; toarrange protection of the property from furtherloss or damage; to enable access for lossadjusters, claims management and cleaning upservices; and to arrange restoration and repair.

Problems faced by the insurer includeknowing whether the communication has beenreceived by the claimant and obtaining aresponse to this communication. A telephonecall requires someone to answer; a textmessage needs confirmation of receipt. Email isa better medium, now that many people havesmart phones and can access their emailaccounts while on the move. Email is arguablythe best option, as both sender and receiverdeal with the message at a time best suited tothem, without the need to be engaged in aninteractive process.

The problem with standard email is that it isinsecure, with no proof of delivery or of contentdelivered, thus raising the possibility of a legal

dispute between the insurer and claimantregarding these issues.

The solution for the insurer, which alsoprovides certainty for the claimant, is to adopta secure and auditable email service. There areseveral such services available, all withdiffering levels of functionality. So what shouldthe insurer be looking for, in order to be able toprovide the best solution?

Here are a few pointers. Legal proof of delivery. Does the serviceprovide an audit trail that will stand up in court,which will prove sending, delivery, time ofdelivery, content delivered and to whom it wasdelivered? Standard email messages can easilybe edited and filed, leading to difficulties inproving who said what to whom. Proof of emaildelivery is an improvement on postal serviceswhere delivery may be recorded, but proof ofthe contents of the envelope cannot. Legalproof of emailed instructions to loss adjustersand other third parties involved in the solutionwill protect the insurer against allegations ofmishandling the claim.

Proof of time of delivery. The recording of thetime of delivery of an email allows the insurerto prove that they acted in a timely fashion, aswell as providing evidence of the sequence ofevents.

Delivered using a ‘push’ service. When aclaimant is forced out of their home byflooding, they may well have lost, or have noaccess to, their computer. There is no point inasking them to access documents in arepository or web service, as they may not haveaccess to the sign-on credentials andpassword. Also, such processes are dependentupon action by the recipient. By using a ‘push’approach, all the recipient needs is access to anemail service and possibly a web browser. Pushservices also reduce friction in the claimsprocess.

Recording proof of responses. Some servicesprovide the ability for an email recipient torespond securely, and can be used to providelegal evidence of the timing and content of the

Flood claims volumes should prompt review ofinsurance claims operations says Owen Knight,

Senior Business Consultant with RPost UK

Floods make waves

44www.risk-uk.com

To respond effectively, the insurer will need regular,reliable contact with the claimant


Insurance

response.The ability to sign contracts electronically. In

some cases an insurer may not have acontinuous contract with a loss adjuster. Whena disaster occurs, the insurer may ask a lossadjuster to send a team immediately to theaffected area with the intention of ‘sorting outthe contract later’. A secure email service witheSignature and eContracting facilities makes iteasy to negotiate and sign contracts by email,thus providing certainty to the contractingparties and eliminating delay.

Encryption. There may be a requirement tosend encrypted email to safeguard personal,sensitive and confidential data, such as lists ofvaluables, or alarm codes. A secure emailsystem should be able to provide thisfunctionality.

Portability. Insurers and loss adjusters willneed to be able to send secure email frommobile devices in the field, to allow responsivedecision making to be converted into action.

Integration with back office systems. It mustbe simple to integrate the secure email serviceinto existing systems, using APIs provided bythe supplier, or using the standard SMTPprotocol. Some additional work may berequired to accommodate new methods of

handling claims. The potential benefits of a

secure email system indealing with flood claims areclear, streamlining the claimprocess and providing proofof communications that canbe used as legal evidenceshould problems arise.Implementation of secureemail need not beexpensive, nor does itrequire scheduling of amajor IT project. Withadditional demonstrablebenefits in improvedbusiness process,compliance and incountering fraud across allareas of any insuranceprovider, a secure emailsystem can be implementedas part of a ‘business asusual’ budget if properlyplanned – and should payfor itself through savings onpostage and mail handlingcosts.


One of the problems in answering thequestion in this country is the verymeaning of what people understand by

the word justice, or hope that it means. Foranyone facing criminal charges, there hasalways been (and always will be) theparamount principle in law of respecting andprotecting their rights to a fair trial. For victimsof crime however, justice as they experience ittoo often means disappointment andfrustration. Depending on the seriousness ofthe crime, it can quite simply be life changing.

Only last year the government set up a newboard which will attempt to improve a criminaljustice system that it hopes will help tackle arange of problems, not least of which are‘unforgiveable delays’. The only surprise is howlong it has taken for this to happen when halfof all criminal court trials scheduled on a givenday do not go ahead as planned, taking upvaluable court time and contributingsignificantly to the frustrations of victims andtheir witnesses.

As one of many who works when time allowsas a volunteer in the Victim Support WitnessService, I know only too well how such delaysimpact on the way criminal justice works forvictims in our courts.

In the early stages of my past life in CID, arenowned criminal barrister told me not to getdispirited following a crown court acquittal – ‘It’s all in the game’ as he aptly put it.

From my perspective, the ‘game’ continues tobe played out in courts up and down thecountry every day. It is a cornerstone of ourjustice system that a defence lawyer has toensure the evidence is rigorously tested at alltimes , and if that means putting victimsthrough the most challenging experience oftheir lives then so be it. The prize of winningthe case is the only objective and the realitythat many people forget is that the lawyerspractise law, not justice.

Many millions of pounds are spent preparingcases for trial, and defending those chargedwith offences. Victims are not so lucky. Thevarious services which support them relymostly on volunteers and only around 2% ofthe costs of our criminal justice system arespent directly on them.

So why have delays become ‘unforgiveable’ ?Two of the reasons I submit are not historicallyfocused on enough because they areconsidered essential to the rights of alldefendants.

Firstly, whilst there are many who do pleadguilty at the very first court date, those whodecide to plead not guilty kick start a systemwhich gears up for a trial whether to be heldbefore a magistrate or before a jury in thecrown court. The problem is that in literallythousands of those ‘not guilty’ cases, thedefendants change their plea to guilty on thedate of the trial.

The result of this is that many millions ofpounds are wasted in Crown ProsecutionService costs, but what about the impact onvictims? As I have seen all too often, they willbe at court waiting to give evidence andpreparing themselves mentally for what is oftena nerve-wracking experience, only to be toldthey are not needed.

One reason for this is that defendants delaypleading guilty until the day of the trial hopingthat victims and their witnesses will not showup, leading to a collapse of the case. In manycases these defendants are being funded bylegal aid. In my view this amounts to nothingmore than a public funded waiting game, and astraightforward abuse of the system. To put iteven more bluntly, I suggest it qualifies aswitness intimidation.

The average waiting time for crown courttrials, from the time a decision is made tohold a trial to it actually beginning, is sixmonths , though in the London area it is notunusual for a victim to wait a year or longerfor a trial to be held.

Secondly, and considered a right that cannever be jeopardised, is the ‘sacred cow’ in ourcriminal justice system – the right to trial byjury. This cow means that a defendant canchoose trial by jury over small thefts with realexamples such as stealing food items worth afew pounds, stealing from a parking meter, ortheft of an old mobile phone.

To make matters worse, two thirds ofdefendants who choose a crown court trial incases which could be dealt with by magistrates(‘either way’ cases) finish up pleading guiltywhen they get to crown court. Why?

In addition to hoping the victim or witness

Victims of crime – justice where art thou? AsksCrawford Chalmers, ASIS UK Chapter Charity Liaison

Lead and also Deputy Chairman of EPIC

Justice for all?

46www.risk-uk.com

Last year the government set up a new boardwhich will attempt to improve a criminal

justice system that it hopes will help tackle arange of problems


ASIS comment

will not turn up, another answer may be foundas far back as 20 years ago. Lord Runciman whochaired the 1994 Royal Commission on CriminalJustice warned then that one of the three mainobjectives for defendants opting for trial by jurywas simply to put off the trial. There were anumber of “personal” reasons for this, onebeing to enable defendants to have part oftheir sentence counted while on remand in asofter prison regime, which includes being ableto wear their own clothes!

The reality of all the delays is that victimsmay decide to give up on the trial ever takingplace, and may no longer want to give theirevidence. Can they be blamed for being unableto keep their lives on hold indefinitely?

Does the longer the time gap between thecrime and the trial make it possible that thevictim’s evidence is likely to be regarded as lessreliable? Could this be a gamble that somedefendants and their representatives take?

With such a reality, it is obvious how difficultit can be to persuade victims to report crimes inthe first place, and then to be willing to giveevidence.

Some light in the long dark tunnel forwitnesses has been the abolition last year of

committal hearings intended to speed up andimprove efficiency. Pilot schemes have alsobegun in terms of an ‘Early Guilty Plea ‘ system. Amazingly it has taken until very recently forproposals to be put forward for a change in thelaw which would give greater protection in courtfor example for victims of rape and child abuse.

There is much to be done to enhance therights of victims of crime, because after all “Ifwe do not maintain justice, justice will notmaintain us” (Francis Bacon 1561-1626)

Available Now!! SA66 & DA66Two new revolutionary electric locks that solve all the issues with transom fittingand Side loading on both single and double action doors. Issues with shear locks,and solenoid bolts are problems of the past.

• Releases under side loads in excess of 100kg (PRen13637)• Holding force of 1000kg• 10mm thick solid stainless steel bolt• 13mm bolt projection• Pulls door closed if misaligned by up to +/- 8mm• Fail safe/fail secure • Bolt stays retracted until door is closed to eliminate bolt noise • Door and bolt position monitors• Surface housings available for both timber and glass mounting• Fire rated BS.476.Part 22-1987

www.secure-access.co.uk Tel: 0845 1 300 855 [email protected]


48www.risk-uk.com

Technology in FocusCCTV you can do yourself!Hadrian Technology haslaunched what isdescribed as an easy touse and affordable DIYCCTV system, theHadrian DIY kit. GeneralManager of HadrianTechnology, GaryTrotter, hopes the newkit will encourage morehome owners to re-

assess their security measures.Gary said: “CCTV systems are a powerful form

of deterrent from potential thieves and can helphome and business owners relax when they leavetheir premises. The Hadrian DIY kit is a goodvalue option for those operating on a budget. Ournew DIY system is quick and easy to be installedby the home owner. Following installation by thecustomer, they can then call on our team who willvisit their home free of charge if required, to linkto any remote monitoring device they want to usewith the CCTV.”

The kit comes complete with four colour eyeball style cameras suitable for indoor andoutdoor use, built-in infrared, four 20 metrecables, a power supply, and a four channeldigital recorder. Another added bonus is thatthe system comes with a 500 GB hard drive,which will collect a month’s worth of footage oneach camera comfortably. Footage can bestreamed directly to an app on smart phones,laptops and a tablet, which helps users keep ontop of things wherever they are.www.hadriantechnology.co.uk

Aluminium enclosedATEX approvedsounders

E2S has launchedintrinsically safe alarm hornsounders and combination

devices with aluminiumenclosures. The IS-D105sounder and IS-DL105

combination device areapproved to IECEx and ATEX

standards for Zone 0 and the IP66sealed marine grade aluminium

enclosure is phosphated andpowder coated, offering enhanced

protection for on and offshore applications.The alarm horn produces up to 105 dB(A) at 1

metre with a choice of 49 alarm tones and twoadditional, remotely selectable, alarm stages.For specific applications, custom toneconfigurations and frequencies can beengineered. The sounder can be combined withan LED beacon featuring an array of 6 high-intensity LEDs. The alarm sounder and LEDbeacon can be powered through a single Zenerbarrier or galvanic isolator. Alternatively, theaudible and visual elements of the IS-DL105combination model can be controlledindividually. www.e2s.com

Locks allows temporary accessCodelocks has enhanced its KitLock 1000cabinet locks to enable cabinet owners to granttemporary access to their cabinets by usingtime-sensitive access codes.

“Many of our digital locks are used to restrictaccess to equipment locked inside cabinets, forexample, data servers locked inside cabinetracks or machinery within utility cabinets,” saidGrant Macdonald, Managing Director ofCodelocks. “NetCode is a new web-basedapplication that gives managers the ability togrant temporary access codes to a remotelocation, so an authorised engineer or customercan access their equipment unaccompanied.”

The application is particularly useful whereaccess is required for routine servicing or one-off maintenance purposes, for example, whereservice engineers might visit many differentlocations in one day. Using the application, afield service manager (FSM) can generate time-sensitive codes for the engineer to gain accessto the locked cabinets. The code can be sent viaan SMS text message or by email to theengineer’s mobile on the day the access isrequired. Using time-sensitive access codes is amore secure way to grant access, as the codewill not work outside a designated timeslot.

KL1000NC cabinet locks are configured priorto dispatch with a unique matching algorithm,allowing the NetCode software to predict theaccess codes on the lock.www.codelocks.co.uk

EDIT tif mar14_riskuk_mar14 06/03/2014 13:39 Page 2

Technology in Focus

49www.risk-uk.com

Stand-alone door controlKantech has introduced the ioPass SA-550Stand Alone Door Controller for use insmall security applications. Designed as aself-contained, stand-alone unit, the ioPassSA-550 complements Kantech’s existingline of access control solutions, addressingthe need for a simple, effective andintuitive tool that can be deployed bygrowing businesses.

The ioPass SA-550 offers an integrated26-bit Wiegand ioProx proximity cardreader that can store up to 1,000 users. Forease of installation, the unit is programmeddirectly from the keypad, with allcommands displayed on a 16-character, 2-line LCD. The ioPass SA-550 supports up toeight door configurations, with flexibleoptions such as door access schedules andunlock schedules. The configuration data istransferrable to other SA-550 doorcontrollers via a USB key.

Other features of the ioPass SA-550Stand Alone Door Controller include anaudit trail for the last 3,500 transactionswith a time stamp, a six-languageselectable user interface, the ability toprogram 24 recurring holidays and 24 non-recurring holidays per controller, and fourdoor access schedules and one door unlockschedule per controller.www.kantech.com

Tough, water resistantdata displaysData displays are an essentialcomponent of most contemporaryequipment; however, because theymust be visible, they are often themost exposed and the mostvulnerable. They are often difficultto fix securely in place and evenmore difficult to protect.

The Storm 5100 Series features toughened, water resistant, data displayswith integral USB 2.0 interface. These robust, monochrome displays are idealfor use in exposed or industrial environments. Bright white transflective displaytechnology is securely encased within a sealed and impact resistant bezel. Thebezel features a hard coated UV and scratch resistant, polycarbonate window.

Available in either 20 character x 4 line, 20 character x 8 line or 128 x 64 pixelgraphic versions these USB 2.0 display devices can be easily installed into anycontrol panel or equipment enclosure. They require no liquid sealants oradhesives to achieve a toughened, sealed and weather resistant installation.Offered in a range of eight different configurations/specifications, Storm 5100Series Displays offer designers a ‘ready to use’ data display solution for a widerange of indoor and outdoor applications.www.storm-interface.com

Oxygen reduction system to prevent firesNobel Fire Systems in conjunction with Isolcellnow offers the oxygen reduction fire preventionsystem, N2 FireFighter. The methodology of theN2 FireFighter is based on the principle ofkeeping the atmosphere in areas to beprotected low in oxygen, less than normalambient. This will automatically extinguish andinhibit combustion while remaining safe forhumans. The effect of this auto-extinguishingatmosphere on humans is the same as the air at3300m elevation; the partial pressure of oxygenat that height is equal to the partial pressure ofoxygen in the methodology of N2 FireFighter.Therefore N2 FireFighterprevents the start of anycombustion in the protectedareas by monitoring andcontrolling the proportion ofoxygen to nitrogen in theenclosed atmosphere.

The oxygen reduction systemuses machines with specific,automatically regeneratingfilters, which modify airthrough a process withreportedly very low energyconsumption. The proportionof oxygen to nitrogen ischanged without the need ofadditional products orcompounds. www.nobel-fire-systems.com


50www.risk-uk.com

Repeater panel for two-wire fire systemFike Safety Technology (FST) has launched aRepeater Panel as part of its TWINFLEX proSmart 2-Wire Fire Detection System. TheRepeater Panel is a small remote display unitthat can be connected to a 4 or 8 zone version 2TWINFLEX pro panel via an RS485 data link, witha maximum of 8 Repeater Panels connected to asingle control panel. The unit does not itselfconnect to or control any devices; it simplyreports all fire and fault events that occur in thesystem. It can also perform system actions overthe data link (i.e. silence alarms, reset, soundalarms and silence buzzer). The Repeater Panelis intended to provide display capability atsecondary building entrances, nurse’s stationsand at any location where the panel eventinformation is required to be displayed.

The TWINFLEX pro system incorporates theMultipoint combined smoke and heat detectorwith built-in sounder, which allows the wholesystem to be easily installed using only one pairof wires per zone. As Multipoint offers 7different modes of detection, the installation ismade simpler since one device suits allapplications. www.fikesafetytech.co.uk

EN54 compliant fire panel with VdScertification Bosch Security Systems has further developedits Universal Security System with the UGM2040 BMA model, a modular, large-scale unitfor complex fire alarm systems. The centralserver is capable of managing up to 200,000data points, either via serial data paths orEthernet as required. This makes it particularlysuitable for large companies with adecentralised system structure, such asairports, banks, energy supply companies orlarge plants. The new fire panel UGM 2040 hasbeen awarded VdS certification (G 213071) andconforms now also to EN54-standards.

The fire panel is operated centrally via up toten colour touchscreens for each system node.These touchscreens can either be integratedinto a 19-inch system cabinet or positioned on abase for use in different locations. It offersscenario-oriented, intuitive operation includingfull text searching and numerous filterfunctions, providing a clear overview of evencomplex systems and rapid processing of alarmmessages.

The integrated serial interfaces permit theUGM 2040 to connect to existing fire detectorsystems or subsystems and can serve as acentral, cross-system control unit forautomated processes in distributed, connectedsubsystems. In the event of a fire, for example,the system can be used to activate specificapproach routes for the fire brigade from acentral workstation.www.bosch.com

Hazardous area lighting range launchedRaytec has launched Spartan - a range of ATEX/ IECEx LED floodlights that thecompany says will change the way we look at lighting for hazardous areaenvironments. The new range delivers an output of up to 9,000 lumens. Thefloodlights are also reportedly ultra-efficient, using half the number of LEDscompared to traditional solutions and requiring a maximum of only 120W. ItsCoolXtrudeTM thermal management system delivers power whilst ensuring anoperational life of 10 years+, allowing Spartan to be rated for up to T6environments.

Spartan is ATEX and IECEx approved for all Zone 1 and Zone 2 applicationsand is enclosed in a marine grade aluminium housing with toughened frontglass window, using Raytec’s long-life LED technology. The range offers a fullflood light family, available in three sizes, White-Light and Infra-Red andemergency versions. Spartan Linear and Bulkhead products are also availableon request. www.rayteccctv.com


Software upgrade with virtualkeypadEaton’s security business has announced theavailability of the latest software for itsMenvier and Scantronic i-on intruder controlpanels, V4.04, with features that will appealto installers and enhance the end-userexperience. The most notable feature ofV4.04 is the introduction of a virtual keypad–that can be accessed via a web browserinterface. By using a common web browsersuch as Mozilla Firefox, Google Chrome,Apple Safari and Microsoft Internet Explorer,via almost any desktop and mobile device,installers and end users can gain remoteaccess to a control panel from anywhere inthe world by using an on-screen version of aphysical keypad.

V4.04 is free of charge and any installerswho are part of Eaton’s TouchpointMembership Programme are able to updatecontrol panels with the new software. A keyfeature that has been improved is the abilityof the system to transmit a text message toan end user to alert them about an alarm.This used to rely on network operators’ SMSbureaus, which often proved to beunreliable. V4.04 has added ETSI Protocol 1functionality as a way to send a textmessage over PSTN and increase theperformance of this feature.www.eaton.com

51www.risk-uk.com

Technology in Focus

Fisheyecamera forpanoramicviewsAmericanDynamics hasintroduced theIllustra 825 fisheyecamera, a camera thatprovides video qualityand smooth digital pan-tilt-zoom (PTZ) movements forcapturing real-time 180°/360°panoramic views of wide areas.

According to the company, with a single 5megapixel camera, the Illustra 825 Fisheye cando the work of two, three and sometimes fourcameras in many indoor applications. Leveragingthe power of 5 megapixels, this camera canprovide a 360°degree view of a whole lobbyusing a ceiling mount or a 180°degree view of aroom, using a wall mount, or even a 2x2 view of4 simultaneous dewarped streams.

The Illustra 825 Fisheye is reportedly easy toset up, configure, and maintain with its web-based user interface. The Illustra Connecttool provides quick access to firmwareupgrades, IP address assignments,diagnostics and more. ONVIF compliant, theIllustra 825 Fisheye works with a variety ofmounts in the American Dynamics portfolio.www.americandynamics.net

Dome camera with IR LEDsSantec has extended its CCTV camera portfolio with theintroduction of the new dome camera VTC-261IRP featuringday/night switching. The unit has been designed for indoor applications and thecamera is equipped with a manual zoom lens with 2.8-12 mm focal length. Camerasettings can conveniently be made by using the OSD menu (On-Screen-Display).

The camera’s versatility is due to characteristics such as Wide Dynamic Range(WDR), day/night function and integrated IR LEDs. www.santec-video.com

Thermal camera for low-light or zero-light useDVTEL has released ioimage Thermal, a new lineof thermal cameras. Available in fixed and pan-tilt versions, the cameras feature video analyticsto deliver image interpretation andcomprehension for customers requiringdetection in low-light or zero-light environments.

Powered by DRS Technologies the camerascan be integrated with existing surveillancesystems.

The ONVIF Profile-S-compliant ioimageThermal camera is the first product in the line ofedge-based surveillance devices from DVTEL that

are optimised to work in low-light conditions.The infrared detector allows ioimage Thermaldevices to detect the energy (or heat) that allobjects, structures and people emit. Thisapproach, says the company, enables a moreconsistent image than traditional cameras inharsh environments, such as those affected byfog, haze, smog, smoke, rain and extremevariances in temperature.

The new thermal line is compatible with theentire DVTEL IP-based technology portfolio andis scheduled to be available in early 2014through DVTEL’s network of authorised resellers.www.DVTEL.com


Self-Managed Switch with Gbps UplinkComNet Europe has introduced a six-port Self-Managed Ethernet switch, the CNGE2FE4SMS.The switch has four copper TX ports and twoGigabit SFP Ethernet ports. This allows theEthernet data from the four TX ports becombined and uplinked through the Gbps SFPport and multiple CNGE2FE4SMS units to bedaisy-chained together through the gigabitbackbone. It can support a large number of IPcameras depending on the selected camera’sbit rate. The Gigabit uplink capability canhandle a larger number of cameras ascompared to the company’s other SMSproducts. The self-management featurerequires no user intervention and is pre-programmed to avoid flooding the network.

The CNGE2FE4SMS offers managementwithout the cost or user knowledge requiredfor a managed switch. This port-configuredEthernet switch allows the user to create avirtual Local Area Network (VLAN) thatmanages the Ethernet data being transported,thereby preventing network flooding. TheCNGE2FE4SMS is pre-programmed and meetsthe IEEE 802.1x VLAN management standard.The two optical ports are designed to forward

the data from the four electrical ports to thenext switch, to a PC, or another Ethernetconnection. CNGE2FE4SMS is an easy way toadd IP Video to a network and is designed foruse in harsh environmental applications.www.comnet.net

52www.risk-uk.com

Cameras built for the outdoorsAxis has launched three outdoor-ready, marine-

grade stainless steel cameras that enable360° coverage of wide areas in resolutions

up to HDTV 1080p and zoomed-in detailwith up to 36x optical zoom.

Axis Q60-S cameras, with SAE 316Lstainless steel and a nylon clear domecover, can operate in -30°C to 50°C (-22°F to 122°F). They have IP66,IP6K9K, NEMA 4X and MIL-STD-810G 509.5 approvals, ensuringprotection against dust, rain, high

pressure/steam jet cleaning, snow,

ice and salt fog. The cameras come with a multi-connector cable and a media converter switchthat allows for network connection usingstandard network or fibre optic cables. Theswitch also enables the cameras to connect toexternal alarm devices via two configurableinput/output ports and to 12 V power. Stainlesssteel mounting accessories are sold separately.

Axis Q6042-S provides Extended D1resolution and 36x optical zoom. Axis Q6044-Soffers HDTV 720p and 30x optical zoom, whilethe Q6045-S supports HDTV 1080p and 20xoptical zoom.www.axis.com

Transmitter converts devices to wirelessThe LGTX434 wireless transmitter module, fromLuminite, converts third-party active IR beams,door contacts and other alarm devices towireless operation. By removing the need forhard-wiring, the transmitter module makesinstallation quick and simple, with control byLuminite’s Genesis detector system.

“The Transmitter Module simplifies andspeeds up installation times by using wirelesscommunication,” explains Graham Creek,Managing Director of Luminite. “Detectors and

alarm products can be positioned for optimaldetection performance, because they don’trequire civil works for installation. Only 3 volt or12 volt power is needed. 12 volts is for when anexternal power source is used and 3 volts is forwhen batteries are used. Battery life dependson battery capacity, but is often 2 years ormore.”

Up to 64 Transmitter Modules and PIRs canbe used in a single wireless system,communicating with a Masthead receiver up to1Km away. The Masthead is connected byRS232 or Ethernet to a CCTV system.www.luminite.co.uk


53www.risk-uk.com

Technology in Focus

Keep keys safely to handSecurikey’s Self-Retracting Key Reel range nowfeatures a choice of over 30 models includingthe Heavy Duty Key Reels designed for theindustrial and commercial market, with eachmodel capable of carrying up to 284g. Therange includes the Super 48 models, whichfeature a durable yet lightweight case madefrom a polycarbonate material as well as apatented ball-joint feature that secures keysfirmly in place. The Super 48 can be attached tobelts via a metal spring clip that converts to abelt loop, or a leather loop if preferred.

Other models in the Heavy Duty range aremanufactured with either an ABS or stainlesssteel case and offer four methods ofattachment to either belts or clothing to caterfor most requirements. All models, includingthe Super 48, incorporate the recognisedKevlar cord, which is stronger and lighter thansteel on an equal-weight basis and offers asmooth, quiet operation. There is also a choiceof Extra Heavy Duty models, which are capableof carrying weights up to 425g and are ideal forsecuring items such as GPS devices, torchesand larger tools.

Best suited for light commercial anddomestic use, all models in the Standard DutyKey Reel range are housed in either a stainlesssteel or an ABS case and feature 600mm ofstainless steel chain.

Light Duty models are also available and offerattachment options of either a spring clip or ajewellery pin, with 910mm of nylon cord toensure ID or access control cards are kept closeto hand at all times. www.securikey.co.uk

360 degree hemispheric-viewmini dome IP camera Available from the end ofFebruary 2014, the SNC-HM662 from Sony makes itpossible for users to havefive megapixel (MP),high-resolution videoand a 360-degreeview of an area withone camera.

The SNC-HM662features a 360-degree panomorphlens from ImmerVisionwhich provides clarityand resolution towardsthe edge of the lens,whereas, says the company,traditional lens technologyperforms better in the centre. Thecamera is also optimised to maximise thesensor coverage resulting in a higherresolution where necessary. These featurescombined make the camera suitable forpanoramic overviews. The SNC-HM662 alsosupports electronic pan/tilt/zoom (ePTZ)and 11 different viewing modes through theSony Web viewer.

The SNC-HM662 is designed to be usedwith a VMS solution so that ‘de-warping’(correcting image distortion andstraightening the viewed image) can befulfilled on the client side. This feature givesviewers the advantage of always seeing acomplete overview of the recorded videoscene, regardless of the live view beingdigitally cropped and zoomed to an area ofinterest. The SNC-HM662 also supports two-way audio with an optional microphone andspeaker, PoE and edge storage capabilities. www.pro.sony.eu

Card readers offer encryption layerAR10S-MF/AR40S-MF card readers for theSiPass integrated access control system fromSiemens are compatible with Mifare Classic,Mifare Plus and Mifare DESFire EV1 cards.When used in conjunction with Mifare Classicand Mifare DESFire EV1 cards, encryptiontechnology is employed between the card andthe card reader. In addition, all communicationbetween the card reader and the host systemcan be encrypted, delivering a high level ofsecurity. The card readers are also ready fornear field communication (NFC) standardswhich allow for contactless communication.

The basic version is a straight card reader,while other versions incorporate an integratedkeyboard and an easy-to-read OLED displaythat enables system alerts and messages tobe delivered instantly. Both the keypad andthe display are illuminated, and theirbrightness automatically adapts to theambient light conditions. All versions have anLED frame which can be illuminated in red,yellow or green. The card readers are availablefor surface and flush mounting and clipsecurely to a backplate or recessed box thathas been previously installed and can beremoved only using a key. www.nextgenerationcardreaders.com


54www.risk-uk.com

Door entry panels for riverside project One Tower Bridge is a riverside developmentsituated adjacent to Tower Bridge and theTower of London. Urmet was selected to supplythe door-entry panels for this high-endresidential project.

Berkeley Homes needed a full-IP solution forthis development that was both aestheticallypleasing and also reflected the needs andrequirements of the highly discerning individualswho will take up residency at the development.The developers chose 52 Power over Ethernet(PoE) Elekta Glass Panels for all of the entrancesat the eight blocks within the development,which comprises 350 apartments in total.

The buildings all have a dedicated 24-hourconcierge and security managed by HarrodsEstates. With Urmet’s range of IP solutions, theeight residential blocks are interlinked toprovide instant, single-platform control for allaccess and security-related requirements.www.ipervoice.co.uk

Risk in action Water success with CCTV upgrade Twelve months ago, Secure Engineering won thetender to extend the existing camera system atone of the largest water sites in the UK.

The site in question has over 40 analoguecameras in place, and needed nine newcameras to be used primarily for processmonitoring, and also for security. SecureEngineering looked at the site holistically,working out how the camera infrastructurecould be utilised to be IP compatible, with thegreatest opportunities for the other analoguecameras to be updated when budgets allowed.

Water sites can be somewhat harshenvironments, with spray, dust and dirtpotentially risking image quality. Securerecognised that infrared LED cameras withintegrated wiper facilities were needed, tokeep the images clear in all weather andlighting conditions.

The company installed a Dallmeier NVR, andnine new analogue cameras by Redvision, withIP encoders added to each one. The cameraswere linked with an 8-core fibre optic cable,configured in a self-healing ring network thatensures uninterrupted service. This providesthe beginning of a new modular system, whichthe remaining analogue cameras can be addedto over time. This work phase nears completion,and will be completed early this year. www.SecureEng.co.uk

Doors for security and hygieneAssa Abloy Security Doors has suppliedcleanroom doors to an NHS Foundation Trusthospital in Central London.

St Thomas’ Hospital, based on WestminsterBridge Road, London, is a prominentlandmark due to its location opposite theHouses of Parliament on the banks of theRiver Thames. Assa Abloy Security Doorsworked with the hospital to correctly specifydoors, which would contribute significantlytowards hygiene, as well as providingimportant security and access features.Powershield cleanroom steel doorsets werespecified to reduce the development ofsurface bacteria and prevent the spread ofinfections throughout the hospital.

Assa Abloy Security Doors installed thedoors in the new Central Sterile ServicesDepartment in the hospital over a period oftwo weeks and also installed standardhardware and cleanroom glazed screens,with up to 60 minutes fire Integrity.

Aaron Moffett, Quantity Surveyor at ASSAABLOY Security Doors, said: “Cleanlinessand hygiene within a hospital are usuallyonly associated with practices, processesand apparatus, consequently the importanceof doors can be overlooked. However,specifying the right door can be essential inproviding protection against the build-upand transfer of dirt and contaminants.”www.assaabloy.co.uk/securitydoors

EDIT ria mar14_riskuk_mar14 06/03/2014 13:37 Page 2

Risk in Action

55www.risk-uk.com

Danish complex sees drop in incidentsIQinVision has revealed that EllemarkenCondominiums, located in Køge, Denmark, hasdeployed a combined IQinVision and MilestoneIP video surveillance system to improve safetyand reduce vandalism. Smartguard was incharge of project installation.

The Ellemarken complex, situated in Køge,Denmark, 45 miles southwest of Copenhagen,is comprised of more than 1,125 one, two, three,and four bedroom units. The condominium’smanagement sought to improve overall securityat the complex, prevent break-ins and theft,reduce graffiti, and most importantly, preventunauthorised persons from entering buildingsthrough each building’s stairwell entrances.

The housing development has deployed 248IQeye cameras throughout all its buildings,locating them in every stairwell entrance. Themajority of the cameras are IQeye Alliance-mxmodels. Video is recorded at 8 frames persecond and is viewed mainly for post-incidentinvestigation. All camera data is managed byMilestone XProtect Corporate IP videomanagement software (VMS), designed forlarge-scale, high-security deployments.

Since the cameras have been installed,Ellemarken management has noticed a significantreduction in the number of security incidents.Several crimes have already been solved usingvideo evidence and with the large decrease in thenumber of crimes and other expensive incidents,management is confident their expenditure onthe IQeye cameras will achieve a full return oninvestment within two years. www.iqeye.com

Luxury hotel resort completes IPupgrade installationA luxury hotel and resort group hascompleted the first installation of IDISDirectIP full-HD surveillance at its newflagship resort in Phuket, Thailand, as partof a wider programme.

Ahead of opening the Phuket resort, thegroup’s security team needed to implementan HD video surveillance solution thatwould be unobtrusive and match the resortsluxury brand and image. The solutionneeded to ensure the safety and security ofthe resort’s guests and staff, while theimplementation needed to meet extremelytight deadlines ahead of the inauguration inlate 2013.

Integrator Rutledge Integrated Systems(RIS) specified the complete end-to-endDirectIP solution, comprising 45 internaland external dome cameras and two 32-channel network video recorders (NVRs), ismanaged through the simple and intuitiveIDIS Centre video management software(VMS). The IP-enabled and vandal proofrange of one and two megapixel cameras,also feature pan-tilt-zoom, low light andaudio functionality. Eighteen terabytes ofstorage provided by the DirectIP NVRssupport the resort’s requirement to store 31days of footage all in full-HD.

Andy Rutlege, Managing Director at RIS,said, “The luxury resort group are anexisting customer for RIS, and we weredetermined to complete the project aheadof the inauguration. We are currently rollingout two similar DirectIP solutions in theMaldives and Miami with another ninescheduled over the next few months.” www.idisglobal.com


56www.risk-uk.com

Kent school expels false alarmsMilton Court School in Kent is a one-formeducational establishment for children aged 3-11 years old. Over 250 staff and pupils occupy atwo storey Victorian building that hasundergone extensive refurbishment over recentyears to create a stimulating, comfortable andenergy efficient learning environment.

However, after recognising that its firedetection system was nearing the end of its lifeand becoming increasingly unreliable, PaulaCruickshank, office manager at Milton Court,took action. She comments, ‘We wereexperiencing frequent false alarms, which inthis type of environment is extremelydisruptive. In order to have a more reliable lifesafety infrastructure we needed a completelynew solution that could meet our needs bothnow and in the future.’

Obsidian Security was awarded the contractin July 2013. Project manager, Ben Aspland,explains, “Milton Court required a BS 5839compliant category L2 analogue addressablefire detection system. Detection and alarmdevices from Hochiki Europe, controlled by aKentec Syncro AS panel provided an idealpackage to meet the school’s requirements.’”

The fire detection system is based aroundHochiki Europe’s Enhanced Systems Protocol(ESP), a total communications solution forintelligent fire detection. The fact that ESP is anopen protocol system means that detectors,interfaces and control equipment areinterchangeable.

To minimise disruption to Milton Court duringterm time, the work was carried out duringAugust. Describing the scope of the activity, BenAspland says, ‘We needed to keep the existingsystem fully operational to provide completeprotection during the process. We also had toput in place a new wiring infrastructure, as thecable that was already in-situ was very old, didnot meet the current standards and did notextend into some of the areas where newdevices would be sited.’

The system features Hochiki Europe devicesincluding over 60 ALG-EN optical smokedetectors, which feature High PerformanceChamber Technology. This minimises thedifferences in sensitivity experienced in flamingand smouldering fires and helps to reduce thepossibility of unwanted alarms at Milton Court.These are complemented by a number of thecompany’s heat detectors, sounders, sounderbases and interface units.

In addition, ACA-E multi sensors have beensited in the canteen and staff kitchen and werechosen specifically for their ability to alternatebetween day/night detection modes. Thedetectors are programmed to operate as heatsensors during normal school hours and asoptical smoke sensors and heat sensors outsideof these times. This significantly reduces theprobability of false activations caused bynormal cooking smoke or steam in these areas.The times are set via the control panel timeclock and can be reset when necessary toaccount for changes of use or school holidays.www.hochikieurope.com

LHDC fire system for power stationHinkley Point B Nuclear Power Station sitelicensee and operator EDF Energy placed anorder for the supply, installation andcommissioning of a Patol linear heat detectioncable (LHDC) fire detection system in order toprotect cable flats and risers in the powerstation.

Giving early detection of hazards attemperatures well below flame point, the PatolLHDC comprises a coaxial cable inside aprotective sheath. The core of each cable istinned copper coated steel with resistivenegative temperature coefficient polymerinsulation. The insulation is formulated so thatthe polymer starts to conduct as temperaturerises. When this happens, the controllercompares the signal and triggers an alarm.

The technology has been applied at theHinkley B facility to replace an original systeminstalled in the 1990’s which required 140 localzone monitoring units dispersed throughout thecable flats. The new system offers significant

technological advances, employing controlmodules grouped into five distributed swingframe control cabinets with 19 inch rack-mounted LHDC monitoring and actuation controlmodules. This makes identification and locationof a potential incident much easier, with eachcontrol module monitoring the existing zonallength of analogue re-settable LHDC. Themodules feature a two stage alarm output,activated when a short length of the cable iselevated in temperature above the pre-definedtrip points. The alarm signals from the modulesare sent to the site’s fire alarm system and alsoto 600 zonal metron actuated sprinklers locatedthroughout the cable flats. If the second stageof the two stage alarm is reached, the relevantsprinklers are automatically activated to quicklyextinguish the fire in the affected zone.

A further benefit is easy access formaintenance, with the control cabinets locatedoutside the cable flat and riser areas, therebyeliminating the need to work in confined spaces.www.patol.co.uk


57www.risk-uk.com

Risk in Action

Fire safety upgrade forhousing associationTrent & Dove Housing hasrecently completed a smokeand carbon monoxide (CO)alarm installation programmeusing solely Aico mainspowered alarms andaccessories. Aico 160 Seriessmoke alarms were originallyfitted throughout the 5,200properties located across EastStaffordshire by Trent & DoveHousing shortly after theAssociation took over thehousing stock from EastStaffordshire Borough Councilin 2001.

With the alarms approachingtheir ten-year replacement date, Trent &Dove undertook a fire risk assessment anddecided to increase the specification from aBS 5839-6 category LD3 system to the morerobust LD2. This has involved replacing thealarms throughout to the new Aico 160RCseries, upgrading to optical alarms onlandings, installing heat alarms in kitchensand interconnecting all alarms on thesystem, with the addition of a central alarmcontrol switch.

To reduce installation times and costs,Trent & Dove Housing has kept the existingAico 160 series Easi-fit base plates for thealarms fitted upstairs, while installing theground floor alarms on RadioLINK bases.RadioLINK allows Aico alarms andaccessories to be wirelessly interconnectedby Radio Frequency (RF) signals rather thancabling, which saves time and disruptionwhen installing systems in existingproperties.

Martin Veckungs, Project Manager at Trent& Dove Housing, comments on the newalarm specification and the savings made:“Any additional alarms would obviouslyrequire mains wiring into the system,however by using heat / smoke alarms andswitches with RadioLINK interconnection, weachieved a relatively simple installationwithout the need to run interconnect cableback to the closest alarm. In order to linkinto the existing wired alarms we couldsimply exchange one of the existing basesfor a RadioLINK base, keeping disruption anddisturbance to a minimum. This solution wasideally suited to properties having noaccessible ceiling void such as ground floor /intermediate floor flats.”www.aico.co.uk

New hospital protects life and property Apollo Fire Detectors’ Discovery range of fireproducts have been chosen by Static SystemsGroup and Skanska to provide life and propertyprotection at the new premises of The RoyalLondon Hospital.

The Royal London Hospital has been at itscurrent location on the south side ofWhitechapel Road, Whitechapel, since 1757.Phase 1 construction work at The Royal LondonHospital, part of the £1.1billion redevelopmentwhich also includes St Bartholomew’s Hospitalin the City of London, took place over five yearsand opened in January 2012.

The hospital’s new premises consist of threeinterconnecting tower blocks – two of 17 storeysand one 10 storeys. There are 746 bedsarranged over approximately 26 wards and 26operating theatres. At peak times there areapproximately 7,000 occupants within thehospital’s building and grounds, includingpatients, staff and visitors.

Static Systems recommended Apollo as thesolutions provider for the project. In total, morethan 10,000 Discovery units are installedthroughout The Royal London Hospital’s newbuilding, including around 5,000 multisensordetectors, approx 150 heat detectors andaround 1,500 manual call points. The firesystem consists of 37 main fire alarm panelswith over 180 loops, 17 repeater panels and twoMaster Inter-ringing Units (MIUs). These aremonitored and managed by two centralindicating equipment PCs, one in the firecommand centre for occupation and use byattending fire officers and one in the 24/7building management office.

The system, which monitors more than 500zones, also includes around 3,500 input andoutput units. These units interface withautomatic fire dampers, access controlleddoors, sprinkler flow and anti-tamper valves,lifts, Motor Control Centres (MCCs), andinitiates, via firefighter’s control switches,smoke extract and purge fans. As required bythe HTMs, in the case of a fire, the building isevacuated on a phased basis. www.apollo-fire.co.uk


D15xx & D24xx SERIESDIN-rail Mounted 1-3A Power Supplies

Dycon

• No fixing screws required, clips directly onto an NS32 (‘G-Section’) or an N35/7.5 ‘Top Hat-section’ DIN-rail

• Efficiency higher than 90% at full rated output• 230vAC -12vDC, 230vAC–24vDC, 1–3 A output

versions• 110vAC–12vDC version for construction sites• With or without battery backup

POWER SOLUTIONS

dycon ad risk nov13_Layout 1 06/11/2013 14:01 Page 1

FIA comment

At a recent ‘fire event’ in the Palace ofWestminster the opening address was givenby Brandon Lewis, a DCLG Under Secretary

of State (aka the ‘Fire Minister’) withresponsibilities that include fire.

Brandon emphasised that prevention andprotection are now the front line for the Fire &Rescue Services. Indeed over the last ten yearsthere has been a 35% reduction in domesticfatalities so this approach in conjunction withthe efforts from other fire stakeholders is payingdividends. Brandon threw down two challengesto all in the fire sector, namely:

How can we keep up this reduction in firefatalities?

How can competency become the norm for allin the fire sector?

Further speakers warmed to the issueshighlighted by Brandon, for example a senior fireengineer commented that competency isrequired from all involved with fire safetywhether their buildings be ‘code compliant’ orfire engineered. He went on to say that it shouldbe remembered that however good the firedesign of a building it can be ‘undone’ by poorconstruction and maintenance. A discussionensued as to whether all fire engineering is valueengineering as there had been some commentsabout this earlier on, most of it being anecdotalwith no hard evidence.

The competency theme was built upon by arepresentative from a fire research facility whoasked why Building Regulations 7 (Materials andWorkmanship) and 38 (provision of fire safetyinformation to the Responsible Person) aren’tadhered to so that the building is ’safe’ and itssubsequent occupiers are fully informed of itsfire protection systems. To supplement thesecomments it should be appreciated thatApproved Document B (the fire guidancedocument to the Building Regulations) says,“Building Control Bodies may accept thecertification of the installation or maintenance ofproducts, components, materials or structures asevidence of compliance with the relevantstandard. Nonetheless, a Building Control Bodywill wish to establish, in advance of the work,that any such scheme is adequate for thepurposes of the Building Regulations.” In partthis answers Brandon’s competency challenge asif the Materials and initial Workmanship aredealt with by certification schemes and then ifthe appropriate paperwork and associatedinformation are passed on to the ResponsiblePerson then they can ensure that the building iskept ‘fire safe’. However the Brandon could bringinfluence to bear by ensuring that onlycompetent people (those that are members ofsuitable schemes) are used on all buildings or as

a minimum on those that employ the use oftaxpayers’ money.

A National Social Housing Fire Strategy Grouprepresentative echoed the previous speaker’sviews by arguing that there is a real need to sortout Building Regulation 38 and the way that it isimplemented and enforced.

A thoughtful presentation from the FireProtection Association posed the question as towhy the Government won’t legislate to protect:

The most vulnerable in society from fireThose people affected by others over whom

they have no control when it comes to fireVery large premises from the ravages of fire

which can cause loss of life, property damageand reduced levels of employment

In particular the comment concerning the mostvulnerable in society would drive down firedeaths in this demographic group, suchlegislation would include the provision of theappropriate fire protection systems at thechange of a tenancy (fire detection, suppressionetc.). Indeed past Westminster events haveincluded presentations on the level of fire deathsin rental accommodation, and in particular thoseproperties where there is no working smokedetection. A similar piece of legislation applies inScotland under the ‘Repairing Obligations’ soone must ask why English rental property is nottreated in the same way? Hopefully Brandon isnow listening as Government announced on 20November 2013 that it would be carrying out areview as to whether new rules are required forcarbon monoxide and smoke detectors in privateaccommodation.

The Government’s own champion for firesafety in rental accommodation gave apresentation concerning Firemark which is atraining and advice tool for all of those involvedwith fire safety in rental accommodation. Heindicated that when he asked Brandon’spredecessor Bob Neill about the implementationof Firemark he was told, ‘you don’t get it do you?Just get on with it!’

Now that last comment is a pragmatic attitudethat could be applied to all of us in the firesector including the Minister and only time willtell if he heeds the answers to his challengesand gets on with it in the appropriate manner!

The ‘Fire Minister’throws downchallenges but will helisten to the answers?!asks Graham Ellicott,Chairman, Fire IndustryAssociation (FIA)

Time for listening

59www.risk-uk.com

Brandon could bring influence to bear by ensuringthat only competent people (those that are membersof suitable schemes) are used on all buildings


With 8.5 million people in England nowrenting from a private landlord and 17%of UK households living in social

housing, how can landlords and owners ofmulti-occupancy buildings ensure fireprotection, detection and evacuation measuresare all adequate for tenants?

The issues surrounding fire risks in multi-occupancy buildings were brought painfully tolight on 3 July 2009. On that day six peopledied in a fire at a council-owned tower block,Lakanal House, in London. Tragically, the 11week inquest into their deaths (in March 2013)found that the deaths could have beenprevented had opportunities regarding firesafety been taken. The spotlight during theInquest was on Southwark Council, owners ofthe tower block, but clearly the case is also ofrelevance to private landlords or owners ofmulti-occupancy buildings.

The law on fireThe Regulatory Reform (Fire Safety) Order 2005is the primary source of the legal requirementsin this area since this legislation replaced theformer fire certificate regime for commercialpremises under the Fire Precautions Act 1971. Inshort, the 2005 Order seeks to draw parallelswith the Health and Safety at Work Act 1974,and the supplementary health and safetyregulations to this Act, by creating a specificregime of risk assessment and fire riskcompliance regarding the risk of fire. The 2005Order creates responsibilities for specific peoplesuch as the “responsible person” (the personwith control over a building) who has theresponsibility to assess fire risk and implementfire safety procedures that are workable for thebuildings under their control. If they do not havethe expertise to do this, then they must hire a“competent person” to do so. The duty (placedon the responsible person) to do everything“reasonably practicable” to protect people in abuilding or in the vicinity from the specific risksassociated with fire is also now specificallyenshrined in fire safety legislation.

However, this legislation specifically excludesdomestic premises and therefore theimplications of cases such as the New Look firein Oxford Street in 2007 (for which New Lookwere fined £400,000 in 2009) may have beenoverlooked by private landlords and owners ofmulti-occupancy domestic buildings.

The 2005 Order only applies to the commonareas of house in multiple occupation (HMOs),

flats, and other sheltered accommodation.Sitting alongside the 2005 Order, the HousingAct 2004 created a new regime of regulation forfire safety in existing residential premisesthrough the housing health and safety ratingsystem (HHSRS), licensing provisions for HMOsand management regulations for HMOs. TheHHSRS will generally be the principal tool usedto assess and enforce fire safety standards, butHMO licensing conditions will reflect HHSRSassessments. As with the 2005 Order, theresponsible person for the purposes of firesafety provision and maintenance at theresidential accommodation is the personhaving control – usually the landlord, oralternatively in HMOs the manager.

The 2005 Order and the 2004 Act thereforecombine to form a twin set of regulation forHMOs which has the potential for overlap, andfor incidents to slip unnoticed (andinvestigated) between a gap between the twopieces of legislation. The Lakanal House fireand subsequent inquest is therefore cruciallyimportant in closing this potential gap ingeneral awareness and enforcement of firesafety, and also considered who (the council orthe building contractor responsible for theconstruction of a building) should beresponsible for ensuring that a building iscomplaint with building regulations (althoughthe latter topic is out with the scope of thisarticle). Moreover, many of the issues thatcaused the fire at Lakanal House arose becauseof modern refurbishments to the building,highlighting the fact that even recently builtmulti-occupancy buildings may havefundamental flaws with regard to fire safety.

Key recommendations from Lakanal HouseInquest

Coroner Frances Kirkham chose to makeseveral recommendations (via Rule 43 letters)to the council, the Communities and LocalGovernment department, and London FireBrigade. The key recommendations were:

Further guidance should be given to assistHMOs in considering what the extent of fire riskassessments should be. On a general level,evidence demonstrated that many HMOs andsocial landlords have still not conductedsufficient fire risk assessments (or in some cases,any fire risk assessment at all) on their buildings,despite the fact that the legislation has now beenin place for many years. The Lakanal Inquestdemonstrated that HMOs often have some of themost complicated building structures of anybuilding premises, and therefore specialisedHMO fire risk assessors may be necessary.

Buildings should have clear plans of theirlayout and escape routes, which are easily

Andrew Bennettsolicitor in Eversheds’National Health andSafety and EnvironmentTeam looks at fire riskand multi-occupancybuildings

Tenant protection

60www.risk-uk.com


HMO fire safety

accessible to the fire brigade. A massivefrustration for the fire brigade at LakanalHouse was the confusing and complicated flatnumbering system (for the 98 flats) in thebuilding and the fact that they could not easilyidentify the escape routes in the building whenthey attended. Although one of the fire fightershad visited the building only two monthsbefore the incident to familiarise themselveswith the building, another fire fighter had beenso confused by its layout that he had actuallychecked the same flats twice, not realising thatthe 10th floor was actually just the secondfloor of the ninth floor maisonettes that he hadalready checked.

Residents should know what to do in the eventof a fire. There was confusion as the fire serviceattending Lakanal House appeared to give amixed message to residents whether or not theyshould attempt to leave or stay in the building.Evidence from the inquest suggested thatresidents within Lakanal House knew little aboutfire safety within the building. On a nationallevel, the coroner recommended that thegovernment publishes guidance clarifying whentenants should be told to “get out” of blocks andwhen they should be told to “stay put”.

Modern refurbishments can actually weakenthe fire safety of a HMO. Expert evidence at theinquest demonstrated that panels fitted to theoutside of Lakanal, and then causing curtainson other floors to be set alight, during a recentrefurbishment would probably have burnedquicker than the original materials. This causedthe fire to spread quickly on the outside, ratherthan the inside, of the building.

Similarly, “boxing in” under the stairs in theflats significantly failed in less than fiveminutes, causing the fire to spread quicker andthrough unexpected routes.

Any modern refurbishments to a buildingshould be assessed (and brought to theattention of local authority building controldepartments) for their potential impact on firesafety. Expert David Walker suggestedlandlords view a ten per cent sample of flatsinside a block when doing fire riskassessments.

Steps to fire safetyWhilst the Lakanal House Inquest was importantin raising awareness of fire safety issues inHMOs for private landlords and owners, theissues that caused the fire could have beenprevented if the basic concepts of fire riskassessment had been followed. These are:

Step 1: Identify Hazards within the premises.Risk assessing the modern refurbishments atLakanal House would have shown that the

panels on the outside of the building and the“boxing in” would have a significantly negativeimpact on fire safety.

Step 2: Identify people at risk within thepremises. Does the risk assessment identifyhow many people are within the building, howmany flats there are and where they arelocated, and how easily they will be able to usefire safety procedures? This is also aligned toensuring that the people within the premisesare actually aware of the fire risks in a building.Could a fire fighter easily locate people within abuilding in the event of a fire and avoid theconfusion that arose at Lakanal House?

Step 3: Evaluate, remove or reduce risk andprotect against remaining risk. The level of riskmust be evaluated once the key parts of thepremises and hazards are identified. It is a legalrequirement that wherever practicablemeasures must be taken to eliminate orminimise risks. This means measuresproportionate (in terms of time and money) tothe level of risk. The refurbishments to LakanalHouse, and the visit of the fire brigade to thebuilding just weeks before the fire, were themost obvious missed opportunities to properlyimplement step 3. Furthermore, in 2009, a BBCinvestigation found a report into the safety ofSouthwark’s tower blocks that was done on theauthority of a parliamentary committee as earlyas 2000. The report carried out by SouthwarkBuilding Design Service said that LakanalHouse had a “risk of localised fire spreadbetween wall panelled sections”.

Step 4: Record, plan, inform, instruct andtrain. This is linked to Step 2 above, and thefailures in relation to this step were plainlyevident at the Lakanal House Inquest.

ConclusionUltimately, the council, the other public bodies,and the contractors involved in the inquestregarding Lakanal House were not prosecuted.However, there was a full corporatemanslaughter investigation carried out by thepolice, and in another recent case WarwickshireCounty Council were fined £30,000 afterpleading guilty to a health and safety lawcharge relating to the death of four fire fightersin November 2007.

Clearly fire risk assessment is back in thespotlight, and private landlords and ownersface tragic consequences, and the risk of beinginvolved in lengthy investigations,prosecutions, and potentially inquests if theyfail to take risk assess fire safety standards,take advice and implement necessary changesto the way they control fire risks within theirbuildings.

61www.risk-uk.com

The 2005 Order onlyapplies to the commonareas of house inmultiple occupation(HMOs), flats, andother shelteredaccommodation


Counter Terror Expo offers the most comprehensive display of technology, equipment and services alongside a high level education programme designed to protect against the evolving security threat.

9,500 attendees and 400+ exhibitors will participate in a free to attend exhibition, multiple show fl oor workshops, new show feature zones, IEDD demo area, high level conference streams, behind closed door briefi ngs and networking events in one secure environment.

CTX 2014 for Security Professionals

If you or your team are responsible for the protection of companies, assets and personnel within; Anti-Piracy, Aviation, Banking, Communications, Critical National Infrastructure, Energy, Finance, Health, IT, Logistics, Maritime, Nuclear, Oil & Gas, Police, Private Sector, Security Companies, Supply Chain, Transport Security, Utilities and Water or other large scale sensitive sites, then CTX 2014 is your must attend event.

Co-Located with Supported ByIntegrated Security Sponsor

Lead Media Partner

Scanning & Screening Sponsor

29– 30 APRIL 2014 | OLYMPIA, LONDON


IT News

63www.risk-uk.com

Are you opening the gates for morecyber-attacks?The Internet, cloud servers and the easy accessto broadband have given workers theopportunity to perform their duties even whenthey are not at their desks. However, accessinga server remotely means that there is nofirewall to stop potential cybercrimes.According to a survey carried out by TalkTalkBusiness, 82 per cent of small businessemployees use work time for personal matters,over a third of them for more than two hours aday.

TalkTalk Business surveyed 1,000 smallbusiness employees with over 70 per centadmitting taking work home on evenings andweekends, clocking up an average of 1.7 hourseach day. With business commitments creepinginto personal time, the vast majority ofemployees (82 per cent) are redressing thebalance themselves by also catering to personalneeds at work. Given that less than half ofrespondents feel they can spot obvious scams,this blurring of work and personal life has thepotential to cause security headaches.

Modern scams are extremely complex, andmen appear less confident in their ability toidentify them than women: 40 per cent of mensay they’re easily able to recognise threatsonline, compared to 50 per cent of women.Somewhat ironically, employees in IT andtelecoms are the least confident in their abilityto spot risky content. This could be becausethey are often technically-trained andunderstand the complexity of modern viruses,therefore are less likely to underestimate them.

Checking the news, shopping online and ‘lifeadmin’ – tasks like booking travel or onlinebanking – are the most common activities doneon a work computer. While some respondentsacknowledge the threat these actions couldpose, the majority seem unaware: just under athird, 32 per cent, said shopping online while atwork may be risky to the business, and only aquarter believe streaming music or video posesa danger to the company.

“The traditional 9-5 is a fallacy”, says CharlesBligh, Managing Director of TalkTalk Business.“For many people, work no longer ends at theoffice door, it continues on the train home orafter picking up the kids from school.

“That flexibility has to work both ways. Itisn’t surprising to see people catering to theirown personal needs in office hours, but securitysolutions need to evolve to reflect that changeof behaviour. Malicious content is getting moreadvanced and harder to spot – we only need tolook at recent malware targeting the NHS orYahoo! for proof of that.”

IT News

Encrypted data recovery on-the-flySoftware engineers at Kroll Ontrack haveunveiled ‘decryption-on-the-fly,’ technologythat can reduce the amount of time it takesto recover encrypted hard drives with alogical or physical failure – a keydevelopment in light of the growing numberof cyber threats that are driving the adoptionof encrypted drives.

This automated decryption technologyallows engineers to target only areas of thehard drive that have been used while alsoautomating the decryption process –improving the typical industry recovery turntime dramatically.

A typical recovery project involving anencrypted drive can take up to five days tocomplete using traditional solutions. CATechnologies estimates IT downtime costsNorth American companies $26.5 billion peryear, at an average cost of $42,000 per houraccording to Gartner, Inc.

“Simply put, the longer a company iswithout its data, the more money it loses,”says Paul Le Messurier, data recoveryoperations manager, Kroll Ontrack. “Weknow our new ‘decryption-on-the-fly’technology represents a breakthrough forthe data recovery industry because it canmake a significant impact on a company’sability to rebound from an IT outage or otherpotentially catastrophic events with minimaldamage to the business.”

According to a survey carriedout by TalkTalk Business, 82per cent of small businessemployees use work time forpersonal matters, over a thirdof them for more than twohours a day, increasing risk

EDIT it news mar14_riskuk_mar14 06/03/2014 13:35 Page 3

64www.risk-uk.com

IT News

Cyber attackers trying to influence stock tradingProlexic Technologies has said that cyberattackers are using DDoS attacks in anattempt to influence market values andinterfere with exchange platforms. TheProlexic Security and Engineering Team(PLXsert) details the findings in a whitepaper, DDoS Attacks Against GlobalMarkets.

“Typically, DDoS attacks are launched tofuel public discourse, or for revenge, extortionand blackmail – but that is changing,”explains Stuart Scholly, president of Prolexic.“During the past few years in particular, DDoSattack campaigns have posed a significantthreat to the financial services industry, aswell as other publicly traded businesses andtrading platforms. As part of our DDoS attack forensics, we have uncovered adisturbing trend: Many of these malicious attacks appear to be intent onlowering the target’s stock price or currency values, or even temporarilypreventing trades from taking place.”

The public image of a global business or financial service is closelyassociated with its cyber presence. Taking a publicly traded firm or exchangeplatform offline – and spreading rumours that raise questions about its abilityto conduct business online – can create false or misleading appearances. Thisis a hallmark of market manipulation. Overall, PLXsert found a directrelationship between DDoS cyber-attacks and a temporary change in thevaluation of a company.

“A few specific cyber-terrorist groups are responsible for most of theseattacks. So far they have not been successful in bringing down an entire majormarketplace,” says Scholly. “But DDoS attacks keep getting bigger, stronger,longer and more sophisticated, so we cannot be complacent. What’s more, therisk goes beyond the actual outage – social media chatter and media coveragecan amplify the perceived effect, disruption and damage caused by a cyber-attack campaign.”

IT security training for staff neededA survey conducted by One Poll for PhisMe inDecember 2013 revealed that UK office workersdo not understand basic security threats andorganisations are failing to provide adequatetraining to help identify them. A quarter of UKoffice workers do not know what phishing is andalmost a fifth of UK organisations do not providetraining to help staff understand securitythreats.

The survey looked at the attitudes of 1,000 UKoffice workers, revealed that UK organisationsare taking a lackadaisical approach to securitytraining, with 19 per cent not providing any staffsecurity training whatsoever, and 24 per cent notproviding basic security training, includinginduction training, classroom training, employeesecurity policy training or phishing training.

The recent spate of cyberattacks against someof the well-known brands have highlighted thesignificant impact cybercrime can have onorganisations. Businesses cannot afford toignore or short-change the importance of staffsecurity training given the odds of compromise.Failure to do so can result in significant financiallosses to organisations, as well as loss ofintellectual property, confidential customer data,and customer trust.

Commenting on the findings, Rohyt Belani,CEO of PhishMe, says: “Phishing is one of thebiggest security threats to organisations and it iscritical that staff are given continuous training onhow to identify evolving threats. Attackers usetechniques such as spear-phishing where theycreate very credible looking malware-bearingemails and target specific individuals within anorganisation, based on publicly availableinformation. A disengaged employee populationmakes it increasingly difficult for organisationsto defend against advanced cyberattacks.

“Organisations that provide staff withimmersive security training are able to leveragethem as a line of defence and a robust attackdetection mechanism, to better protect theirnetworks. Even if a company has all the latestsecurity technologies in place to protect theirsystems, human susceptibility is still one of theleading causes of a successful breach.”

A new approach to data protectionSophos SafeGuard Encryption 6.1 has been released to enable wide-scaleadoption. Addressing the two biggest issues in encryption - performance andusability - SafeGuard Encryption 6.1 leverages on native operating system(OS) encryption for better performance. It also delivers multi-platformmanagement across all devices and Cloud environments.

“We’re pleased to deliver SafeGuard Encryption 6.1 with a differentapproach that enables people to work the way they want for new levels ofproductivity, without sacrificing time, performance or features,” says DanSchiappa of Sophos. “With it we are enabling organisations to fully embrace adata-centric approach to encryption; to reach compliance standards; and tomaintain credibility and good standing in today’s market.”

With Sophos SafeGuard managing Microsoft BitLocker for Windows or MacFileVault 2, the time required to encrypt a disk and boot up the operatingsystem is greatly reduced, as compared to third party encryption engines.Disk encryption time is up to seven times faster and boot times are up tothree times faster.

Terry Myerson ofMicrosoft, said, “Sophos Safeguard offers the best of bothworlds by taking everything that makes BitLocker great and adding innovativecompliance and enterprise-management capabilities on top of it.”

EDIT it news mar14_riskuk_mar14 06/03/2014 14:24 Page 4

Proactive protection

Information security is proving to be a staticconcept in the way it is being implementedeven as ‘proactive security’. It is evident among

the more prepared companies are makingdangerous risk judgments about where to investin protecting against a breach, and how to investin response and recovery from the loss of criticaldata, and the compromise of systems. Manyfirms are yet to appreciate that a criticalvulnerability is highly likely to cause such asevere impact that the ability to return to normaloperations does not constitute ‘recovery’, and isvery much secondary to the long term loss ordamage to the organisation and its reputation. Tomany firms, the loss of trust among customers,suppliers, or partners will have long termimplications for their ability to generate revenueand profit. So why is this the case?

In most cases, security managers are beingover-faced with technological solutions that claimto be critical elements in providing a securitybarrier to intrusion, and companies are investingin ‘great hopes’. The main hope being thatvarious layered systems are left to run andsuccessfully detect and block attemptedintrusions. This management attitude isessentially reactive and passive.

The shift towards a more proactive approachfirst requires a seismic shift in managementperspective, to view security as an essentialfunction to protect what companies have builtover many years, and ‘prevail’ in the ongoingconfrontation with malicious adversaries. But thereality that all companies face is stark. They areinvariably ‘weaker’ than the opposition,unprepared for the challenge they must meet,and quite unaware of the many manifestations ofthe threat. So it is no surprise that they find itdifficult to grasp what an enduring and relevantsecurity model really looks like, let alone, how toimplement it.

Moreover, the simplistic approach commonlyadopted shows the ‘symptoms of delusion’ thathave plagued security concepts since thebuilding of Hadrian’s Wall to the Maginot Line,and they are perilously under-estimating theiradversary. The reality of current practices is thatthey are failing. Penetration testing is providingno guarantees that vulnerabilities have beenuncovered, and security measures are beingcircumvented every day. In short: static securitypostures are ineffective when faced with an‘advanced’ attacker who has the ability to apply asophisticated approach that corporate securitycan neither anticipate, nor detect in time to

effectively prevent. Proactive security requires a complex, and

integrated or ‘converged’ approach thatincorporates human and physical securityelements as much as IT security to provide‘security of information’. Human failings andlacklustre adherence to good security practicestend to explain many security breaches and theera of employees bringing their own devices intothe work place is exacerbating the risk thatcompanies face. Social engineering, subversion,targeted intrusion, and infiltration can all exposeinformation security technology to threats fromwithin ‘the perimeter’.

For most organisations the human andphysical elements require leadership and culturalchange that prove difficult for them to adopt,because of the intensive program of awarenessthat is required to support more rigid policy andprocedure. In the meantime, firms are investing intechnology but still experiencing unsustainablelosses, and discovering that the technology isbeing persistently undermined by differentmethods.

Cyber threats are now broader and moredangerous, and have proved that static securityconcepts are insufficient in the face of advancedand well-funded attackers. The rise of espionagein the cyber domain has shown that informationis not secure, and e-sabotage is a growing threatto process industries. The issue is much lessabout the nature of the security concept, butmore about the ‘doctrine’ that firms adopt tocombat the threats.

Industry needs to move from ‘security’concepts to ‘defence’ concepts. Defence is a moredynamic concept because itincorporates the assumption thatwe have to react to an attack in realtime, and we require variousoptions with which to respond,depending on the objectives andmethods of the attacker. This isincreasingly the caseas organisations are learning thatthe attack process, [from theattacker perspective] from firstreconnaissance to full assault, canlast for days/weeks/months. In thecase of espionage, and theevidence of malware like ‘flame’ ormost recently ‘the mask’: the endgame is not ‘assault’ but theexfiltration of information that canpersist for years.

The proactive approach

65www.risk-uk.com

Dan Solomon ofOptimal Risk looks atthe shift towardsproactive informationsecurity and why yourprotection choice isvital

In most cases,security managers arebeing over-faced withtechnologicalsolutions that claim tobe critical elements inproviding a securitybarrier to intrusion


Proactive protection

An advanced approach to cyber defence shouldconsider adopting a pre-emptive approach, and amore active defence posture. Both need to beseen as different ‘doctrine-based’ approaches:

A pre-emptive approach assumes that activemeasures will anticipate current threats and areprepared to repel attacks, based on relevantthreat intelligence, preparation, and testing ofresponse measures, and as part of a‘developed’ detection-response doctrine. Thisapproach is built on the principles of pre-emptingpotential failure, by simulating what defenceneeds to achieve, how to achieve it, and underwhich circumstances it will fail. This is thenmapped against the types of threat that theorganisation faces and informs any enhancementof capabilities that is required. It ensures‘readiness’ to deal with what reasonably can beanticipated, and the effectiveness of capabilitiesthat the firm has. To many organisation thisapproach presents great benefits, not least tobuild trust and confidence in the capabilities theyhave in place, and the response they can deployto an attempted intrusion. It also helps toenhance awareness within the organisationaround weaknesses and different attackscenarios by regularly testing security andexercising response.

A pre-emptive approach is effective in themajority of cases where it is implementedcomprehensively, but for some organisations, theintensity required for such a high level ofreadiness and awareness is difficult to maintain.It requires an ongoing program of ‘sensitisation’so that security apparatus and processes arefine-tuned to the impending threats as far as theycan be identified. Furthermore, in more advancedand particularly in converged scenarios, an over-reliance on threat intelligence is ineffective andthe monitoring of system access and data-flowcan be insufficient.

For organisations which have little or no scopefor security failure, a pre-emptive approach stillfalls short of the essential requirements of‘defence’ because it does not offer them enoughopportunity to intercept and defeat attemptedbreaches that have multifaceted characteristics,and have employed complex deception againstthem. They also offer weak a deterrent factor.

An active defence is built on the assumptionthat effective defence requires a pre-prepared,active plan to deter, or ‘counter-act’, or engagethreats as part of an active defence doctrine. Thisis a complex undertaking conceptually becausethe approach and the methods differfundamentally from the conventional securityposture. It requires organisations to prepare thetechnical, architectural and operational‘conditions’ that will allow active methods to

provide advantage, out-manoeuvre adversaries,negate threats, and prevail in any engagement.

The architecture can incorporate files & devices[honeypots], or a network [honeynet] ordesignated ‘zone’ [sandbox] that exists simply todelay, and isolate an attack, and can trigger animmediate response when hacker or malwareconnects to it. This can also incorporate an arrayof specific technical measures including ‘tartraps’ that are concealed in invisible layers ofcode of web-based applications. In this way asuitably configured defence also offers effectiveoptions for intercepting zero-day exploits, andbrand new malware that security systems are yetto identify. For converged threats, advanceddefence offers a mechanism to detect maliciousactivity from insiders, and dealing with the BYODthreat or the compromise of wifi systems, byrouting threats through a ‘zone’ in which they canbe examined and identified before reaching anorganisation’s ‘true’ network.

The ‘smart’ combination of measures canprovide the defender with the means to developa doctrine for identifying attackers behaviour,scripts, tools, and exploitation methodology.This is important because attackers and theirtools are as equally prone to flaws as nearly allother software. So the ‘smart’ defender willhave pre-established a number of different waysin which these measures can be used to outwitthe defender, and to fulfil specific defensiveobjectives. To an expert eye, attackersbehaviour may even be more predictable andtherefore exploitable than a typical defenderbecause they feel protected by their anonymity.So the opportunity to engage, and counter-actagainst attackers, can pose a credible threat ofexposure and represent a real deterrent toattackers. While the expenditure of time andresources are key considerations in theirtargeting options, the risk of identification orcompromise is anathema to attackers.

Hence, a dynamic defence provides sufficientearly warning typically associated with ‘strategicdepth’, and options that can allow the defenderto respond quickly and effectively. If the defenceis suitably complex it can provide ‘conceptualmobility’, which enables the defender to employhis own methods for evasion and surprise as partof a pre-active doctrine. These parametersprescribe the active methods that a dynamicdefence requires, and an agility whereby thosecapabilities can be applied to a range of differentscenarios that may not have been anticipated.

More than anything else, any firm that cannotafford to experience loss of confidential data, orintellectual property to the point of zerotolerance, must embrace greater complexity toachieve greater assurance, and must accept the

66www.risk-uk.com

To many firms, the loss oftrust among customers,

suppliers, or partners willhave long term

implications


Software

Most IT departments are striving to buildmore agile, modern, cost-effectiveenvironments in the bid to accelerate the

delivery of valuable, quality software to thebusiness. However, for banks and financialinstitutions in particular, legacy systems andcontinually tightening external compliancepressures are impeding agility when it comes tothe provision of new software projects.

One of the key ways to speed the delivery ofnew projects is to minimise the risk ofproduction defects. Creating efficiencies in testdata provision mitigates the risk of delays,rework and spiralling costs, which slows timeto market.

Testing accounts for approximately 40% of theaverage software development lifecycle, and asmuch as 50% of development and testing time isspent manipulating, searching for or manuallycreating the right data to meet test caserequirements. In an ideal world, organisationswould standardise and automate the majority ofthese time consuming manual processes. Recentresearch however shows that very fewcompanies achieve significant levels ofautomation and many, especially in the bankingand financial services market, are still heavilyreliant on manual testing.

The question is, why?Where financial institutions are concerned, the

fact that most are dealing with legacy systems,systems that in some cases are over 40 yearsold, is seriously hampering their ability to moveto a more standardised approach. To add to theissue, often the knowledge around thesesystems and various nuances about themremains in the heads of individuals. This makesit increasingly difficult to create standard,repeatable testing processes and is one of thereasons that testing is still incredibly reliant onmanual intervention.

Banks are also under constant pressure tomeet ever growing and tightening complianceand regulatory requirements. Current dataprotection and legislation such as HIPAA, PCIDSS, the EU Data Protection Directive and the UKData Protection Act means that much morevigilant practices around the use of data needsto be adhered to.

Traditionally, most financial institutions usedfull copies of production databases to provisiondata for development and testing. This practicehowever is no longer viable due to growinglegislation requirements, so banks now have touse some form of data masking to solve this

problem. However, for banks that have large andcomplex IT architectures with sensitive datastored across multiple sites and disparate datasources, as well as a lot of manual processes,data masking is very expensive, slow and errorprone. With an increased pressure on costcontrol and cost reduction, banks need to findmore intelligent ways of finding the right testdata as well as provisioning and creating testdata marts.

Implementing an end-to-end Test DataManagement (TDM) solution offers total controlover data throughout the software developmentlifecycle (SDLC). Building clear, unambiguousrequirements from the outset helps to ensurequality in testing, whilst shortening test cyclesby more than 30%. It also cuts defects creationby up to 95%, reducing costly rework. Clarity inrequirements also allows testing teams to betterunderstand what needs to be tested. This allowsthem to design the perfect, minimum set of teststo cover all of the required functionality.

No bank can afford the time, the cost or therisk of employing an army of manual testersanymore. Whether building or testing newsoftware, re-engineering systems or migratingapplications, banks and financial servicescompanies need to be able to respond tochanging requirements by provisioning fit forpurpose test data to the right place at the righttime to accelerate and improve test cycles.

Moving to an end-to-end Test DataManagement system will deliver significant testprocess improvements that will enhance theperformance and effectiveness of testing,ultimately speeding the delivery of better qualitysoftware to the business and at less cost.

Huw Price, ManagingDirector at Grid-Tools,explains how you canaccelerate softwaredelivery at less costwith end-to-end testdata management

Speeding up software delivery

67www.risk-uk.com

One of the key ways tospeed the delivery ofnew projects is tominimise the risk ofproduction defects


Semi-free Wi-Fi is where a company givesalmost free Wi-Fi access to its employees –along with a few monitoring safeguards

over what employees can download, access,and upload with their smartphones. It is aboutproviding a nice perk for employees withouthanding them the keys to the company. And itis much more complicated to set up then justplugging a standard router into the networkcable.

Providing a semi-free Wi-Fi is based on threemajor points: technical, legal, and social. Eachone of these three points has to be consideredfor a successful implementation.

Driving at work on the internet highwayInternet in the workplace is no new phenomena– even in an industrial setting. For example, amajor automobile factory had free-standinginternet terminals in its break area withassembly line workers able to do some surfingduring their coffee breaks. Given the hi-techsetup of this factory, these workers had a muchfaster internet connection on the assembly linethan they did at home.

This level of access was even more amazingwhen one considers the automotive sector’sincredibly secretive culture over new modelsand trade secrets. But, this was before thecurrent wave of smartphones and free Wi-Fi.Given that a company already provided internetaccess for fixed computers – what should theydo now to bring this policy into the Free Wi-Fiera – and keep a minimum level of controls ontheir employee’s activities?

It’s time to be semi-free with your Wi-Fi

Semi-free Wi-Fi should provideemployees with a workplacebenefit of easy internet accesstogether with the assurancefor their employers that thecompany is not creatingproblems for itself. There arelegitimate reasons – liability,competitive secrecy, to name afew – for a company to limitinternet access. Keepingemployees from downloadingunwanted content or

uploading photos of unreleased future productsis just good business sense. But implementinga semi-free WiFi is no simple step for acompany, especially when it is connected withdata control and potentially monitoringemployee actions.

1. Technical securityWi-Fi networks bring a range of security issues– both internal and external – to companies.These issues can be summarised as whoconnects and what are they connecting to.

From the external (who connects)perspective, Wi-Fi networks are often weakspots in a company’s security. At a very basiclevel, companies need to monitor the Wi-Fisignal for control over the people actuallyconnecting, have a firewall installed, and usestrong authentication processes (WPA2 withAES encryption, strong passwords).

Then there is the internal (what are theydoing) perspective where Data Loss Preventionor monitoring software come into play. Theseoffer companies the intriguing possibility tocontrol and monitor data use. Issues toconsider here are how deep management wantsthis software to go into daily employee internetuse, installation complexity, and the timeburden required for its day-to-dayadministration. In short, there are variousoptions, but there are no easy answers.

2. Legal – company policy and thecollision with employee privacyThe technical ability to monitor puts companieson a potential collision course with employeeprivacy rights. One of the major no-no activitiesis reading employee emails – except under veryspecific conditions. But since rules overindividual privacy and employer’s ability toprotect their confidential data vary by regionand country, companies need to take a closelook at the rules covering the legal use ofsoftware such as Safetica.

3. Social – creating a positive social environmentWithin the European Union, employers musthave written consent from each employee forany policy that involves monitoring. But asigned piece of paper is really the start.Communicating the need for monitoringtogether with benefits from the Wi-Fi access isnot just a technical or legal check-off point, itreally is a long-term HR issue for the wholeorganisation.

According to Safetica,while Free Wi-Fi maybe the buzzword, it’ssemi-free Wi-Fi thatcompanies really wantto provide for theiremployees

Internet safety

Hazards of workplace Wi-Fi

68www.risk-uk.com

Wi-Fi networks bring a range of security issues – bothinternal and external – to companies


Bringing together the entire security

buying chain

WWW.IFSEC.CO.UK 17-19 JUNE 2014 ExCeL LONDON

In 2014 IFSEC International, the largest and longest running security event moves to a truly international venue.With more than 40 years at the heart of the security industry, re ecting inno ati e industry trends and ro iding insight into the atest techno ogy to ee usinesses and go ernments secure

Put the date in your diary now! www.ifsec.co.uk/add2014

PROTECTION & MANAGEMENT Week

IFSEC International

is art of


Several weeks ago I was participating inlocal 10k run made even more challengingby the wind howling off of the Solent! Much

of the talk amongst the crowd and runnersafterwards was of the storm that was forecastfor later in the evening. Sure enough the windsgathered strength and the next morning therewas the obligatory news item on fallen trees.

Weather predictions have come on leaps andbounds since the infamous forecast by MichaelFish way back in 1987. Meteorologists nowhave access to more data, have become betterat interpreting it and in turn are able to give usmore accurate forecasts, which in turn enableus to plan our day better. Today, the securityindustry is going through a similar cycle.

In recent years I have been extolling the virtuesof PSIM (Physical Security InformationManagement) technology, explaining how itenables the control room to integrate theirexisting and new on-site safety and securitysystems, and better respond to incidents inaccordance to best practise and regulation.However, the missing piece of the puzzle is howto get better at ‘forecasting’ potential incidents.This is where the emergence of a new areaknown as Web Intelligence (also known as OpenSource Intelligence) is starting to have an impact.

Security professionals tend to have very goodinstincts and judgements, enabling them toobserve even the slightest differences thatmost other people would ignore. This is whypeople are still such a vital link in the securityprocess. They are also adept at using theirexperience to make assumptions about what islikely to happen. Of course, you know that if afootball match is happening at 3pm on aSaturday afternoon, or a protest march throughcentral London is planned, there is a likelihoodthat some form of incident will occur. But, thinkabout a terrorist attack such as the BostonMarathon bombing, or the siege in Kenya latelast year. It is unlikely that the security team atthe shopping centre ever expected, or wereprepared for such an event.

Yes, it may sound like something out of anepisode of 24 or Homeland but Web Intelligenceis no longer the preserve of the secret servicesand it is accessible for security professionals in

the control room, whether in a power station,airport, railways, docks, or even urban areas.Put simply this technology enables you to takewhat is referred to as Big Data (unstructureddata that is available in open sources across theweb, such as websites, online newspapers,social networks, forums, chat rooms, blogs andvirtual databases) and monitor and analyse the‘chatter’ in order to gather intelligence and inturn identify a specific threat, target, ortrend. Using this insight you can then put inplace the necessary preventative and/or countermeasures to mitigate or eliminate the risk.

Of course, many people are still getting togrips with the potential of the PSIM solutionsthat they have invested in, but by adding WebIntelligence it really does provide thatcontinuous closed circuit (a phrase we rarelyhear these days) of incident detection andmanagement, post event reporting, scenarioreconstruction and process improvement.

There are many adages such as ‘fail toprepare, then prepare to fail’, or ‘to beforewarned is to be forearmed’, but the simpletruth is if you know something is going tohappen, then you have a far greater chance ofmanaging the situation more effectively,migrating its impact, or even preventing it.

Sadly, though we still can’t prevent theweather!

To be forewarned is tobe forearmed! JamieWilson, SecurityMarketing ManagerEMEA at NICE Systemslooks at the rise ofWeb Intelligence

Predicting the unpredictable

70www.risk-uk.com

Security professionals tend to have very good instincts andjudgements, enabling them to observe even the slightest

differences that most other people would ignore

Risk management


Security solutions for today’s challenging times

Global economic pressuresare forcing organisations toreview expenditure acrossthe board. But, the securityissues remain the same. So, do you cut your security?

Pilgrims offers a complete andcomplementary range of security,communications and support services,backed by an unmatched commitment to the highest level of quality, efficiency and client care, to reduce costs not cover.

Our expertise and global experience allowus to deliver robust, practical solutions fortoday’s challenging financial climate.

For more than ten years, Pilgrims has beensupporting clients across the globe, protectingand enabling their businesses to continue inspite of threats from terrorism, seriousorganised crime and natural disasters.

Our personnel are handpicked for theirexperience, skills, training and personality to match the requirements of our clients.This, combined with our continual exposureto the world’s hot spots and difficultregions, makes Pilgrims the ideal choice foradvice and support.

Pilgrims provides a global service, with localknowledge through our employment oflocal personnel, quality control, continualongoing training and our relationships withspecialists and local partners.

ConsultancyOperational ConsultancyManned GuardingTrainingInformation and IntelligenceCommunications SupportTechnical SystemsEquipment

We can help you find the right solution.Call Pilgrims on: +44 (0)1483 228 786

www.pilgrimsgroup.com


Sabotage, terrorism and infiltration aregrowing threats for critical nationalinfrastructure, while theft, extortion and

vandalism are risk factors of concern to allbusinesses.

Identifying these security risks is one thing.Implementing appropriate upgrades ofoperational assets and buildings to mitigatethem is even more of a challenge, especially inthe current economic climate.

Nevertheless, asset and security managers areunder pressure to harden vulnerable areas oftheir operation against physical breaches andunauthorised entry. Greenpeace’s infiltration ofTricastin nuclear plant in France last year was atimely reminder of this.

In the UK, the government has long picked upthe baton on asset protection in the utilities. Thewater industry works to a legislated standard ofsecurity, while telecoms, energy and transporthave mandates on security, too.

This is driving the adoption within thesesectors of third party certified securityequipment – primarily CPNI or LPCB approved -for the protection of access points, processequipment, production storage and operationalbuildings. We are referring here to physicalsecurity products such as doors, locks, accesscovers, kiosks, escape hatches, window bars,louvres, cages, and associated ‘built-in’deterrents to unauthorised entry.

CPNI and LPCB approval regimes test and ratethe resistance of products for differentcategories of physical attack corresponding todifferent levels of risk, broadly from low toterrorist. In other words, they provide a testedmeasure of the product’s capability to defend theasset and resist entry, giving time for responseby police or security personnel.

Assurance of performanceThis assurance of performance becomesextremely important when, for example, a dooror access cover stands as the last line of defencebetween the assailant and process or assetunder threat. Measures such as videosurveillance, access control, biometrics andremote management provide important layers ofsecurity to intercept and identify unauthorisedpersonnel. But ultimately, they are not designedto provide physical defence against adetermined gang with heavy duty tools.

Strange to say, but history’s depiction of thefinal assault on a castle with a battering ram hasresonance for today’s security management. Inmany instances, asset integrity often comesdown to how long an engineered ‘barrier’ willprevent infiltration of the ‘stronghold’.

Strategically, much is at stake if today’sstrongholds of water, gas, electricity andtelecommunications are breached.

It could be the doors and emergency exit to abuilding with strategic IT, production or sitemanagement facilities. It could be a cabinet withvital electronic controls, switch gear or watersampling outlets. It might be a kiosk housinghazardous chemicals or cables that could betargeted for their metal content. It may be anaccess cover to underground power distribution,telecommunications or water installations whichmust also foil attempts at other forms ofsabotage such as chemical contamination not tomention theft.

Third party certification is as close as you canget to a guarantee of the physical integrity ofthese critical points and assets against anassessed level of risk. This can have far-reachingimpacts on a business, from enhancedprotection of supply infrastructure for businesscontinuity and more favourable risk assessmentfor insurance purposes. Effectively, when youbuild in third party approved equipment to thefabric of your operation, you are also building ingreater business resilience and a greaterinsurance of the bottom line.

Risk strategiesIncreasingly, asset managers across criticalinfrastructure and commerce are looking to the

The last line of defence

72www.risk-uk.com

Asset and security managers are under pressure to hardenvulnerable areas of their operation against physical

breaches and unauthorised entry

There are fewguarantees when itcomes to managingrisk and improving

business resilience.But when solutionsdo come with some

assurance, theywarrant closer

examination.Michael Miles,

managing directorof Technocover

discusses


Risk management

benefits of certified security for their riskstrategies and business cost base.

Certainly, demand in the utilities hasgenerated greater choice, sophistication andvolume of third party approved products.Alongside CPNI approval which has grown out ofgovernment testing, LPCB third partycertification is widely accepted as an alternativein the infrastructure, commercial and publicsectors.

Under LPCB approval, façade elements mustmeet a robust dedicated standard, LPS 1175(Specification for testing and classifying theburglary resistance of building components,strong-points and security enclosures).

Products are tested and awarded an LPCBsecurity rating – SR 1 to 8, where 8 is the highest– according to the duration of attack and type oftools they are able to withstand. The securityrating (SR) classes product performanceaccording to a proven hierarchy of assessed riskof attack that is updated in response to HomeOffice guidance. LPCB also assesses theresilience of the product to possible ‘intellectual’strategies to assail its defences.

Significantly, LPCB approval is not based onone product test. Through regular audits, LPCBcertification ensures that the product continuesto comply with the prevailing standards and theirrevisions. The LPCB auditing process ensuresand helps to confirm that the product on themarket offers the same security performance asthe product which was originally tested.

Although a type test indicates the test samplemeets a particular performance standard, thetest results do not guarantee future products willprovide equivalent performance. In addition,LPCB approval can only be awarded tocompanies already assured by ISO9001 qualitysystems for design and manufacture.

InvestmentThird party certification represents a verysignificant investment by the manufacturer indesign and production quality, and, in the caseof LPCB, the on-going assessment of products.Better marques of security are not easily gained;almost 95% of products submitted to LPCB failfirst time.

Inevitably, equipment certified to approvalsystems like LPCB may come with a perceivedhigher price tag. But this comparatively smallextra investment buys not only a substantialelement of engineering certainty, but cansafeguard against potential business disruptionor even catastrophic event that could costmillions of pounds.

Manufacturers signed up to certification likeLPCB are invariably quality and innovation

driven, and will consider otherfunctionality in their designs. Forexample, assisted lifting on accesscovers, removable roofs to kiosks andaccess control on doors, enhancesboth operational efficiency and healthand safety. The quality of productprotection against corrosion, such assteel galvanising and paint finishes,will have a bearing on equipmentdurability and maintenance – alsoimportant in maximising return onsecurity investment.

While CCTV, intruder alarms andother surveillance systems play animportant role in asset protection,physical security as the last line ofdefence is especially critical forinsurers.

An insurance company will have aperception of the level of securityappropriate for a specific type of built asset andwill require the customer to meet thatexpectation. If not, the insurer may be unable toinsure at normal terms, may need to apply ahigher excess or higher premium, or may evendecide it does not want to take on the risk.

Certified security products will positively affectinsurance assessment and premiums, especiallyover time when their effectiveness isdemonstrated in reduced claims.

An insurer may recommend or even stipulate areliable security standard including LPCBapproved products and LPS 1175. Notably,businesses that self-insure often specifyproducts to LPS 1175.

According to a recent study, huge growth ispredicted in the global market for physicalsecurity – from $55.59 billion in 2013 to $85.51billion in 2018. But businesses need to lookcarefully at the credentials of the securityproducts competing for a slice of thisburgeoning market.

With much of the UK’s critical nationalinfrastructure in its hands, the private sectorfaces tough challenges in protecting criticalassets to required standards under thecompetitive pressures of a commercial market.

Robust physical security protects more thanjust bricks and mortar and operationalinfrastructure. It pays off in other areas of riskmanagement, including health and safety,operational efficiency and insurance liability, aswell as underpinning business resilience andcontinuity of service.

For all types of business, inside or outside ofcritical infrastructure, security products withreputable third party approval could be the bestroute to maximising all of these returns.

According to arecent study, hugegrowth is predictedin the globalmarket for physicalsecurity – from$55.59 billion in2013 to $85.51billion in 2018

73www.risk-uk.com


Spreadsheets are universally loved. Why,because they give everyone their ownversion of the truth, with complete

autonomy to update and amend them as oftenas they like, without interference from anyoneelse. However, while spreadsheets might begreat tool at an individual level they arecompletely un-scalable, and therefore totallyunsuitable for compiling and analysinginformation enterprise-wide, or even forindividual projects.

When applied to a risk management scenario,the potential horrors magnify. Who knows whatrisks are lurking in a spreadsheet so farundiscovered, with all around thinking that theyhave ‘ticked the box’ and that risk is managed.Using spreadsheets and emails to manage risk,is a very risky approach.

Here are the main reasons that thespreadsheet approach doesn’t work:Lack of Integrity – Spreadsheets are easilymanipulated. Anyone could make changes todata to help present a better picture. This couldbe to cover up a situation, to help move blameor mitigate responsibility, or to present asituation or opportunity in a better light.No audit trail – you can’t easily check whochanged what when. You have no guarantee ofthe provenance of data supplied, and you can’tsee how it may have changed over time. Deadlines missed – Spreadsheets don’t haveany workflows or processes built into them sothere is no mechanism to highlight misseddeadlines. No consistency – With no formal structure, eachtime a new spreadsheet is set up the formattingwill be different. Difficult to compile information – Riskmanagement information could be held withinhundreds of spreadsheets across theorganisation. Compiling them is a very longand arduous task.

Risk management is too important toleave to a spreadsheetIt is well documented that a mature approach toenterprise and project risk management paysdividends. Whether it’s increased profitability, on-time delivery, more accurate forecasting or betterstrategic planning, effective risk management

provides a competitive differentiator and drivestop and bottom line results.

Increasingly risk management is no longer astandalone function. Taking a proactive approachto risk management is becoming ever morecritical to success and can deliver major benefitsincluding: • Improved EBITDA – up to three times,

according to the Ernst & Young study in 2012• Improved Visibility - Enhanced visibility and

accountability to build confidence i• Actionable information – supports more

effective planning and decision making• Better resource allocation - across the

enterprise leads to better asset utilisation• Achieve Goals - Deliver projects on time • Better relationships with insurance providers,

regulators and stakeholders• Comparing Spreadsheets with Enterprise Risk

Management SoftwareModern risk management for both project and

the enterprise has evolved way beyond whatspreadsheets and emails are capable ofhandling. Organisations need access to risk dataseven days a week, 24 hours a day. Informationmust be easily accessible, understandable andactionable. Risk management necessarilyinvolves every department and asset within thebusiness, which amounts to a lot of data thatneeds to be collected with an easy to use tool.The software can then calculate the risks, thelikely impacts on the business and communicatethat information to those that need to know.

With the sheer scale of the data involved, thegeographic spread of many organisations, riskmanagement can only by managed effectivelyusing purpose built software. Unlikespreadsheets enterprise and project riskmanagement solutions can bring the riskmanagement process to life. They can help toidentify emerging risks that may otherwise gounnoticed, enable best practice for mitigatingrisk, and highlight opportunities that can helporganisations to reach goals, win more businessand increase revenue/profitability.

Making a difference to the bottom line Manual methods and spreadsheet solutionshave become the high-risk option for managingrisks and are no longer up to the job. Only a trueenterprise risk management solution will captureconsistent data, provide a single version of thetruth, allow access to real-time, trustworthyinformation and provide the reports required toproactively manage risk and opportunities. ERMcan move risk management from a cost to thebusiness to a value-adding process which canmake a difference to the bottom line of anyorganisation or project.

Spreadsheets shouldbe banned from theRisk Managementprocess – KeithRicketts, MarketingDirector at SwordActive Risk explainswhy

Risk management

Spreading the risk!

74www.risk-uk.com

Modern risk management for both project and theenterprise has evolved way beyond what spreadsheetsand emails are capable of handling


Serviced sites

The serviced office sector has undeniablyevolved into one of the fastest growingsectors in the global commercial property

market, providing innovative flexible propertysolutions as an alternative to traditional longlease terms.

The decision for a business to establish atemporary office, or a new office, for small or alarge team, can be a very expensive affair. Thereare numerous costs to consider including ITinfrastructure, office furniture, equipment etc.All are prime concerns that take can take thoseresponsible away from the primary aim ofrunning a successful business.

Within a serviced office environment, theseburdens are taken care of with assurances offurniture, facilities and security, freeingbusinesses up to continue in their ambitions tomake an impact.

There are many ways to choose between thevast number of serviced office providers.Location is key to be close to consumers, clientsand reduce travelling expenses. Location canalso have a significant impact on your staffmorale to influence productivity and making it amore positive environment.

Even when the perfect location is sourced,business managers often have to decipherbetween the finer details such as cost andresource to reach a final decision. And here, aserviced office provider’s reputation can makean impact. “Functional” factors can alsoinclude the physical security structure of thepremises and all that is contained therein andpertinent to the property.

At a time when the serviced office sectorcontinues to see impressive growth inestablished markets including the UK, badreviews from tenants who have not experienceda secure environment can quickly impact onprofits and revenues.

Most importantly, in a digital and social agewhere reviews on any sector play an increasinglysignificant role in decision-making process forpotential tenants, an event against just oneserviced office operator of any size couldinstantly send catastrophic ripple effects throughan entire industry.

This is especially true with the growing use ofLinkedIn as the professional networking site,with tenants and providers engaging on a muchmore direct and public level.

A sense of security and peace of mindthroughout a stay, for tenants and theirbusiness operations, could make the difference

between an individual or continuing theme ingood and bad reviews.

There is a secondary impact on poor securitymanagement on site. Whilst security is integralto protect tenants and business possessionsfrom crime, another function is to create anefficient running serviced office operator.

An efficient running serviced office facilityensures keys are always in the right place towelcome and check in new tenant, security orfacility managers and cleaners have access to alloffices necessary to carry out their duties withno disruption to daily operators.

At the same time, if serviced operators haverefurbished and upgraded security to rely onaccess control cards, an efficient running servicewould depend on easy to use and proventechnology, especially to ensure tenantchangeover is as much an operation as possibleto save valuable time and resource.

The key to success is ensuring securitymeasures are integrated successfully into theeveryday operations of facility managers andfully understood by all business tenants on site.

Why struggle?The decision to upgrade security is inevitablycompeting with other priorities, and manyserviced office owners and operators stillbelieve security specification is akin to aPandora’s box – once it’s opened all theproblems will be released.

The issue is compelled with rapid advances insecurity technology, from access control tobiometrics and the rapidly growing trend ofelectro mechanical, which means there is aplethora of potential solutions for each securityand access challenge.

But the fact the choice is so wide is, in itself, aproblem for time constrained facility and securitymanagers.

For many who have invested in office locationsto create an inspirational working environment,the importance of smart design for any security

Servicing sites securely

75www.risk-uk.com

Damian Marsh,Managing Director UK,Assa Abloy AccessControl discussesmeeting the securitychallenge for servicedoffice providers


Serviced sites

upgrade is equalled to the fear of integratingsecurity systems and associated wiring andcabling affecting the overall aesthetics.

This is especially true in commercial buildingswhere there is a mixture of door types with thepotential to make any cabling to introduce newaccess control or security systems.

For serviced office owners, there is theadditional challenge of ensuring systems areintegrated with many modern providerspromoting the notions of intelligent and livebuildings as being the future working landscape.

Associations such as the BCA offer advice, andeasy access to a wide range of industry suppliers,to assist in security specifications and the day today running of a serviced office operation.

What can providers do?Appropriate security measures can only be put inplace if a serviced office provider has a goodunderstanding of the security risks.

It is essential for operators to undertake acomprehensive security risk assessment, whichidentifies potential risks in all interior andexterior areas, together with measures toremove or reduce the risk.

A security risk assessment must also assessboth the risks to office tenants and anypermanent staff on site and include the risks ofinternal business crime that is currently at itshighest rate since prior to the recessionary period.

Business espionage is highlighted by theFederal Bureau of Investigation (FBI) withsignificant impacts on the global and UKeconomy, at a time when it is only just showingsensitive signs of recovery

A security risk assessment can be undertakenas a stand-alone exercise or as part of a moregeneral risk assessment of operations, and mayinclude, but is not restricted to:• ensuring that security equipment is checked

and maintained;• ensuring that security procedures are followed

by employees and all tenants• outlining security procedures to new tenants

on arrival, through notices or informationsheets, or by other appropriate means;

• encouraging tenants to practice ‘tidy deskpolicies’ and consider their own securityarrangements, especially to protect data andexpensive computer, tablet or mobileequipment.

• supervising contractors and other visitors;• providing security training for employees and

tenants, as appropriate;• identifying new risks and taking appropriate

action;• looking for methods of reducing risk and

improving security on a continuing basis;

• investing in additional security measures.Risk assessments should always be

undertaken by a competent person or anexternal resource such as a local professionalaccess control specialist or installer who wouldbe able to offer advice on the different upgradeopportunities, in accordance with budget andresource.

Risk assessments should also be updated on aregular basis or if there are significant changesat the establishment such as a refurbishment orexpansion works. The findings of a security riskassessment should be recorded in writing.

From such findings, as well as havingappropriate security equipment, policies andprocedures, it is essential for tenants to work toreduce security risks.

By working through these procedures to reacha conclusion on how to progress securityarrangements, service office providers canpromote their commitment to a duty of care totenants and an ability to offer the very latestinspirational technology and security services onsite at all times.

SummaryThere are a host of different reasons whycorporate occupiers choose serviced offices aspart of their overall strategy and providers mustcontinue with the significant opportunity toconsider their entire offering to their targetaudience.

Whilst creating a welcoming environment is anecessity, there is clear evidence to suggest areal requirement for a secure office space, toprotect from both external criminal activity andthe opportunist (or desperate) internal threats.

There are many solutions available forserviced office providers looking for state of theart technology to raise the security levels of theirpremises and complement existing accesscontrol systems, without the need to modify thedoor or the aesthetics of the environment.

Choosing the right system requires carefulanalysis of the purpose and bespokerequirements of individual office buildings.

With many security and facility teamsstruggling to deal with the sheer volume ofsolutions available, it is worth coordinating witha security specification team to understand theoptions available in accordance with budget andresource.

In doing so, and building a picture of thesecurity specification required, any decision toupgrade security on site can result in an instantability to improve the controllability and accesscontrol level throughout the premises for thebenefit of the serviced office provider and itstenants.

76www.risk-uk.com

Action Point:Is security a top priority foryou as a serviced officeprovider, or are there otherreasons why this is not afocus? Are you struggling todeal with the issue orlooking to find ways toimprove security? To addyour voice to the debate visitwww.facebook.com/assaabloyuk


The power of paper

Afew years ago, Qinetiq, a leading defencecompany, built a small unmanned aircraftto take pictures of its hot air balloon

record attempt. The engineer responsible forthe airbag that would cushion the miniatureaircraft on landing was so thrilled with hisrevolutionary design that he decided to submitit for patenting. All went well until a routinereview of the company’s paper archivesrevealed that a near identical design had beencreated in the 1950s by the engineer’sgrandfather.

In a seminal 2001 research paper, industryanalyst IDC said that knowledge workers canspend up to 90 per cent of their time recreatinginformation that already exists in theirorganisation (The high cost of not findinginformation, IDC, 2001).

Indexing securely stored paper archives orscanning paper documents for easy search,retrieval and analysis can help companies minetheir legacy information for knowledge andinsight. Digitised documents can be subjectedto modern data analysis techniques, orinvestigated alongside digital records, revealingthings that could have taken years to discoveranother way.

Businesses need to make that they take careof their paper documents, know where to findthem when they need them and understand howto extract the value from the information. Formany firms this can seem easier said than done.

The reality with paper on site is that overtimes it is inclined to get lost, damaged ordestroyed. Job changes, mergers andacquisitions, company restructurings and officemoves can mean that vast volumes ofinformation disappear or end up archived awayand forgotten. Fragmented supply chains canmean that information ends up spread acrosscompanies and individuals.

The Saturn V rocket that launched the Apollospace missions in the 1960s and 70s wasdesigned and built in great haste by a widerange of suppliers and engineers. Millions ofdocuments were created including blueprints,designs, descriptions and test results. No-oneever pulled these all together into a singledocument repository for which one company orindividual was responsible. Today, onlyfragments of the information can still be found.Many of those involved in its creation or use arelong gone. If mankind wishes to return anastronaut to the moon, much of the knowledgewould be have to be recreated.

Most companies don’t have to deal withquite such a dramatic scenario. But, faced withan ageing workforce, a younger generation ofemployees who change jobs with greater

frequency, rapid product life-cycles and fluidsupply chains; protecting information so itsvalue is not lost is becoming a major challenge.

Where should you start? First and foremost,you need to introduce a robust, centralisedinformation management policy that canaccommodate information in all its formats andstructures, and accept that this is not justsomething to put on the shoulders of the ITdepartment. You need to know what you know,where it is and who is responsible for it. Makeyour data future-friendly. Establish an approachfor converting the most valuable paperinformation into digital formats that can beread ten or 20 years from now, and securelyarchive the rest offsite. Accept that you will notbe able to keep everything – and probably havea legal obligation to delete certain types ofinformation after an agreed length of time. Forthe information you choose to keep, it isimportant to introduce easy-to-use search andretrieval processes, and to know how to extractthe value of all your information.

The best innovations can come from lookingat old data in a new way, so make sure yours iscaptured and safe. Your successors and theirsuccessors in turn will thank you for it.

Phil Greenwood,Director, InformationManagement andBusiness Outsourcingat Iron Mountainconsiders the powerof paper in an age ofbig data

Paper in the IT age

77www.risk-uk.com

Businesses need to make that they take care of their paperdocuments, know where to find them when they need them andunderstand how to extract the value from the information


Few experts would argue against theimportance of real-time file integritymonitoring (FIM) in an era of fast changing

and sophisticated security threats. It is literallyimpossible to second guess the method of abreach and therefore the ‘last line of defence’detection offered by FIM has never been morecritical. The worldwide coverage of the recentbreach at Target shows how vital cybersecurity is,and how high the stakes are if your defences arebreached. Little wonder that leaders in securitybest practices such as NIST, the PCI SecurityStandards Council and the SANS organisation alladvocate FIM as an essential security defence.

That said, many would also challenge theactual value and quality of some FIMdeployments over the past decade. From thehighly complex, $multimillion softwareinvestments all the way down to freeware, far toomany deployments are actually increasing, ratherthan reducing, business risk by creating a delugeof unmanaged and unmanageable alerts. Putsimply - too much information and not enoughcontext to provide an effective solution.

But write off FIM at your peril. Not only doesFIM play a key role in compliance, but usedcorrectly, it is also a proven and robust way toprotect against evolving security threats,including zero hour malware and the APT. Thereis now a vitally important middle option availablethat exists between the complex and expensivelegacy products and freeware: the latestgeneration of NNT solutions is easy to deploy, afraction of the price and, critically, simple to use.When an entire system can be deployed for thecost of a typical consultancy exercise from thelegacy vendors, isn’t it time to reconsider yourtake on FIM?

Changing security threatOrganisations recognise that traditional securitytools such as Antivirus and Firewalls alone are nolonger adequate to fully protect against theinexorably expanding range and variety ofthreats. Real-time file integrity monitoring helps

to improve external and internal threat defencesby reporting on all irregular file and configurationchanges. Tracking change and flagging up theunauthorised, unexpected and out of contextchange is a key security best practise that willidentify serious, business compromising securitybreaches that would otherwise have beenundetected for weeks, months, even years.

For all these reasons - File Integrity Monitoring(FIM) has been used by many organisations formany years – yet it is possibly only recently thatit could be considered both affordable and simpleenough to use effectively.

Despite the compelling, indeed essential, valueFIM can offer, large numbers of organisations arestill dissuaded from investing due to theperceived cost and complexity of the technology,a perception set by the early pioneer products inthe FIM market.

For good reasons: the traditional FIM solutionis complex. It requires dedicated personnel tomanage and configure. And it is expensive –really expensive. Just the cost of getting startedcan be a surprise – and bear little relation to theinitial quote. By the time the business hasconsidered the options, from the devices to bemonitored, agent versus agentless deployment,database system or simple file detection, securitypolicy compliance auditing as well as simple dailyFIM reports, the bill is enough to make your eyeswater.

Sadly the up-front expense is just thebeginning of the problem with the legacy FIMproduct; it is down the line that the issues – andthe costs – really become untenable. Unless thebusiness has one – or more - dedicatedindividuals with the time and skills to managetasks, adjust actions, modify rules and edit policyto deliver the fine grain monitoring that complexFIM solutions require, the whole thing becomesunmanageable.

The alternative is to call in costly consultancyresources to make the changes every single timethe business wants to add devices or adjustpolicy. It is no surprise that such additional costscannot be justified. The result is too many alerts,and no focus. Alert overload inevitably leads tothe system being ignored and a genuine securityincident could be missed. The situation is almostworse than not having a solution at all.

So what is the option? Leave the systemunmonitored? Not the best idea. Freeware?Possible – there are a number of solutions. Butthat, too, is fraught with danger. While freewarecan enable organisations to tick the compliancebox, its value is questionable. The biggestproblem is the lack of context provided to changeinformation: every single Windows update or filechanges will create an alert. There is no way of

Change detection technology has changed - for thebetter says Mark Kedgley, CTO, New Net Technologies

Changing for the better

78www.risk-uk.com

The worldwide coverage of the recent breach at Targetshows how vital cybersecurity is, and how high the

stakes are if your defences are breached


Change detection

differentiating between good and bad changes –and that is really dangerous. As most securityauditors now concede, organisations that havegone down the freeware route are nowoverwhelmed by unmanageable and unmanagedchange information that is leaving them wideopen to breach and abuse.

Middle waySo freeware is really not viable. But does thealternative really have to be so expensive? Is thehighly complex, ‘reassuringly expensive’ tag asop to the CTO’s ego or the painful reality ofdated design and behemoth of a business modelthat is predicated on consultancy, upgrade andsupport fees?

The truth is that the latest generation of FIMsolutions are far less complex. They can bedeployed remotely; and are highly intuitive,hence avoiding the need for expensiveconsultancy. Critically they are usable: ratherthan creating the extensive and unmanageablelog file of ignored events, by minimisingcomplexity newer solutions are easily adjusted toensure only the relevant changes – thosetherefore requiring investigation – cause alerts.

Rather than getting swamped withunmanageable volumes of unnecessary and

unhelpful alerts, the business gets a few criticalissues to investigate, making the process ofspotting a zero hour attack much more likely.

ConclusionFIM is a fundamental factor in the overall fabric ofsecurity. That said, there is no doubt that the‘reassuringly expensive’ solutions in the markethave undermined the perception of FIM’s value.Having a poorly configured and misused FIMsolution is more dangerous than not having oneat all. The sad reality is that many organisationsare simply flushing away the $multi-millioninvestment – and at the same time putting datasecurity and system compromise at risk. If FIM isto work for the business, individuals need tounderstand and trust the output. And that meansit has to be quick to deploy, easy to use andsimple to update. With the right approach, FIMadds value and truly safeguards the business –without adding unjustifiable cost.

For those organisations using FIM, it is time forhonesty and to determine whether the currentdeployment is a friend or foe. For the rest, stopassuming FIM is too complex and expensive:times have changed. Not only is FIMapproachable and attainable – but it has alsonever been more important.

Despite thecompelling, indeedessential, value FIMcan offer, largenumbers oforganisations arestill dissuaded frominvesting due to theperceived cost andcomplexity

Telephone : 0191 296 3242 www.ssaib.org

Appointed Security Industry Authority (SIA) Approved Contractor Scheme (ACS) Assessing Body. ISO 9001and Product Certification for Key Holding and Response Services, Door Supervisors, Static Site Guardingand Mobile Patrol Services, Event Stewarding, Crowd Safety, Security Wardens, Cash and Valuablesin Transit, Close Protection Services and Security Dogs. Contact us for a free no obligation quote.

The leading certification body for Guarding Services.

CERTIFYING SECURITY

SSAIB


In the wake of the financial crisis of2008/2009, the risk management agendawithin the financial services industry has

been dominated by increasingly complexregulatory demands. This focus on compliancehas distracted firms from other significantoperational threats to their business. Inparticular, financial services firms now need toact fast to address the growing cyber threatfrom business, cultural and technologicalperspectives.

One inevitable consequence of the financialcrisis has been a slew of directives coming notonly from national regulators (such as the PRAand FCA) but also transnational regulators suchas the European Banking Authority and G20.

Whilst there was undoubtedly a need toimprove the regulatory frameworks withinwhich the financial services industry operates,this has led firms to concentrate on regulatoryrisk at the expense of genuine business risks,such as those driven by the cyber threat.

Cyber-driven risk has emerged as probablythe key operational risk faced by financialservices firms (and many other non-financialservices firms) over the last few years as theimportance of the digital economy and itssupporting infrastructure has increased.

The vulnerability of firmsFinancial services firms are particularlyvulnerable because these businesses relyheavily on digital technologies and the flow ofinformation they facilitate to power theiroperations. Yet very few manage these criticalenabling assets through a ‘business lens’ tomaximise their value and mitigate the risks. Thegrowing number of cyber-threat andinformation-driven incidents evidences this.

Throughout the information lifecycle, weinduce risk into the IT-enabled system. What ifwe lose it or someone steals it? What if itbecomes unavailable so we can’t use it? What ifit loses its integrity – that is we aren’t using themost current or accurate information? Theanswers can range from nothing to a majorcompany catastrophe with significant financialand reputational damage.

Within the financial services world, the FCA’s

‘Risk Outlook 2013’ identified ‘Increasingreliance on technology without fullyunderstanding the consequent risks anddependencies’ as a major market risk.

In terms of a cyber-attack, it stated that‘there is an increasing threat of outside (cyber)attacks, which pose operational risks to firmsand threaten market integrity through servicedisruption, breach or theft of personalinformation, or network intrusions causing lossof control of critical infrastructure and paymentsystems’.

Measuring the risks Measuring the risk is not an exact science withstudies and surveys putting the global impact ofcyber incidents anything up to $1trillion, but alsoas low as $300bn (The Economic Impact of CyberCrime and Cyber Espionage, McAfee, 2013).

Kasperky Labs’ Global Corporate IT SecurityRisks Survey, 2013, states that on average, aserious incident can cost a large company$649,000, and small and medium-sizedcompanies $50,000. A direct attack on a largecompany can cost it $2.4m in direct financiallosses and additional costs (The PwC GlobalState of IT Security Survey). For a small andmedium-sized enterprise, such an attack givesan average $92,000 loss.

The Global findings from the PonemonInstitute’s Cost of Cyber Crime Study, 2013,found that ‘organisations in defence, financialservices, and energy and utilities experiencesubstantially higher cyber-crime costs thanorganizations in retail, media and consumerproducts’.

The many ‘vectors’ of a cyber-attackIn terms of attack ‘vector’, Ponemon researchshowed that the most costly cyber-crimes arethose caused by malicious insiders, distributeddenial of service (DDoS) and web-basedattacks. Additionally a large part of the costslye in slow detection. ‘The average time toresolve a cyber-attack was 27 days, with anaverage cost to participating organizations of$509,665 during this 27-day period. Thisrepresents a 39 per cent increase from last

Cyber is the numberone operational risk tobig business writesColin Lobley, Directorat Manigent

Top of the threats!

80www.risk-uk.com

Financial services firms are particularly vulnerable becausethese businesses rely heavily on digital technologies and the

flow of information they facilitate to power their operations


year’s estimated average cost of $354,757.Results show that malicious insider attacks cantake 53 days on average to contain’.

What we can say with certainty is that allorganisations have, or will, suffer a cyber-incident and a number of recent incidents bringto light the severity of the cyber threat.

Examples of cyber-crime Individual companies have suffered hundredsof millions of pounds worth of losses, and thisisn’t taking into account the longer-termimpacts of reputational damage or lost IPR onthe sales pipeline. Below are listed someincidents that due to the magnitude of the loss,or the size of organisation, are among the mostsignificant. All are directly or indirectly relatedto the financial services industry:

Heartland Payment Systems, 2008, $140mtotal cost - criminals using spyware stole over100million individual card numbers.

Citigroup, 2011, $2.7m - theft of customerfunds following 200,000 customer names,contacts details and account numbers havingbeen stolen. Incident cost will have beensignificant higher than this direct theft.

Barclays, 2013, £1.3 million - bank heistcarried out with a remote-control deviceplugged into a Barclays branch computer.

De Vere Group, 2013 – had their companyidentity cloned twice, with the criminalimpersonators profiting from unsuspectinginvestors.

The NASDAQ trading market was shut downfollowing a significant disruption in August2013, following on from a software glitch in Maythat disrupted Facebook’s IPO, for which theywere fined $10m.

The list of incidents and fines issued that canbe attributed to cyber-attacks and inadequateinformation management in financial services isexceptionally long. And whilst all sectors are atrisk, often financial information is the targetand this will ultimately impact financialinstitutions through customers reclaimingstolen funds and making insurance claims.

ConclusionThe threat is already significant and it is clearlyescalating. Last year also saw what has beendescribed as the largest ever cyber-attack. TheDDoS Spamhaus attack had enough force tocause worldwide disruption of the internet.

The high likelihood of cyber-attacks,combined with the severity of their impacts onthe whole business, make it the number oneoperational risk to a major business and inneed of serious management attention.

Cyber threats


Social media is here to stay with someanalysts predicting that by 2016 as many as40% of enterprises will utilise social media

as a customer service channel. So why shouldthis worry risk managers? Surely social media isthe responsibility of the marketing departmentand aren’t there policies and procedures in placeto prevent anything from going wrong? Thinkagain.

An organisation’s reputation can quickly bedamaged through the instant spread of badnews or a negative incident via social media.Gone are the days when public affairsdepartments had time to consider statements tobe released to the press, traditional media andcustomers in the event of a crisis happening. Infact a crisis can even begin on social media. Itonly takes one disgruntled customer to take toTwitter, You Tube or Facebook and the results canbe costly. Even worse damage can be done by adisgruntled employee with access to corporatesocial media accounts and a determination todiscredit the company.

Regular risk rules applyIn common with any risky situation normal riskassessment rules apply to managing social media– identify, record and mitigate risk. But how canthis be achieved with an inherently disparate andvery individual communication channel.

Step one: identification The first step is to identify potential risks, in thecase of social media these include:• Employees sharing confidential information • Loss of control or ownership of the

organisation’s social media accounts• Careless posting by employees – accidental or

deliberate• Employees defaming their employer on

personal profiles• Failing to respond to negative posts or

responding in an inappropriate manner• Failing to listen to the social web or the right

conversations• Not sharing best practice • Being unaware of who is listening to which

conversations and responding on behalf of theorganisation

A lack of attention to detail in terms ofknowing how usernames and passwords arebeing shared means that in the event ofsomething going wrong no-one is accountable ortraceable for posting the offending content. Thelack of an audit trail makes it difficult to identifywho and why a damaging internal post hasappeared. Likewise, is it clear who isresponsible for replying to external negativecomments and in what tone? Adding fuel to theflames can make matters worse but if the sourceof that fuel cannot be identified steps to call ahalt and correct the situation will take precioustime.

Step two: record and manageTo record and manage potential social mediarisks the second step is to implement anenterprise control platform that worksseamlessly across the entire organisation, frommarketing to customer service and operations. Asingle dashboard provides controlled access toan organisation’s social media profilesmonitoring who is authorised to make posts andthe content of those posts. Individual loginsonly known by administrators will maintainsecurity while greater control of abusivecomments including keyword alerts (such asswear words) means content can be quickly andautomatically removed.

Including a wiki area in the enterprise controlplatform means there is an easily accessiblestore for training materials, policies, guidelinesand procedures. These documents can be madeavailable to all users or specific user groups andworkspaces in the event of either an internal orexternal risk being identified to allow a fastresponse.

Step three: mitigation Mitigation is the third step when it comes to thecontrol of social media risk. Nothing should bedone in haste. In the event of the worsthappening social media channels should be keptopen and readers kept informed as to what isbeing done to remedy the situation. Opennessand clarity are essential. In the event of the crisishaving been created internally, audit trails andvalidation will soon identify the source and allowthe necessary actions to be taken. If the crisiswas as a result of an external source, the rightpeople required to respond will be alerted andthe appropriate reaction documented.

So while there is no doubt that social mediawill continue to move up the risk register, byimplementing sound processes and proceduressupported by an enterprise control platform riskmanagers should still be able to sleep soundlyat night.

Why social media ismoving up the riskregister and why riskmanagers should beworried by JamesLeavesley, ChiefExecutive Officer atCrowdControlHQ

Social media

Social problems?

82www.risk-uk.com

An organisation’s reputation can quickly be damagedthrough the instant spread of bad news or a negativeincident via social media


ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERSHEALD LTDHVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface MountSolutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards,Security Barriers, Traffic Flow Management, Access Control SystemsTel: 01964 535858 Email: [email protected]: www.heald.uk.com

AUTOMATIC VEHICLE IDENTIFICATIONNEDAP AVIPO Box 103, 7140 AC Groenlo, The NetherlandsTel: +31 544 471 666Fax: +31 544 464 255E-mail: [email protected]

ACCESS CONTROLKERI SYSTEMS UK LTDTel: + 44 (0) 1763 273 243Fax: + 44 (0) 1763 274 106Email: [email protected]

ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERSFRONTIER PITTSCrompton House, Crompton Way, Manor Royal Industrial Estate,Crawley, West Sussex RH10 9QZTel: 01293 548301 Fax: 01293 560650Email: [email protected]: www.frontierpitts.com

ACCESS CONTROL

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILESUKB INTERNATIONAL LTDPlanet Place, Newcastle upon TyneTyne and Wear NE12 6RDTel: 0845 643 2122Email: [email protected] Web: www.ukbinternational.com

ACCESS CONTROL MANUFACTURERNORTECH CONTROL SYSTEMS LTD.Nortech House, William Brown CloseLlantarnam Park, Cwmbran NP44 3ABTel: 01633 485533Email: [email protected]

ACCESS CONTROLAPT SECURITY SYSTEMSThe Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NYTel: 020 8421 2411Email: [email protected]

B a r r i e r s , B l o c k e r s , B o l l a r d s , P A S 6 8

ACCESS CONTROLACTUnit c1 South city Business centreTallaght D.24 Irelandwww.accesscontrol.ietel: 00 353 1 466 2570 UK Lo Call Number: 0845 300 5204

ACCESS CONTROL & DOOR HARDWAREALPRO ARCHITECTURAL HARDWAREProducts include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101E: [email protected] Web: www.alpro.co.uk

ACCESS CONTROLSECURE ACCESS TECHNOLOGY LIMITED

Authorised Dealer

Tel: 0845 1 300 855 Fax: 0845 1 300 866Email: [email protected]: www.secure-access.co.uk

ACCESS CONTROLCOVA SECURITY GATES LTDBi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & BollardsConsultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68Tel: 01293 553888 Fax: 01293 611007Email: [email protected]: www.covasecuritygates.com

...andlots

more

ComputerSecurity

Anti-Climb Paints& Barriers

Metal Detectors(inc. Walkthru)

Security, Search& Safety Mirrors

Security Screws &Fastenings

Key ControlProducts

Empty Property &Lone Worker Alarms

Traffic Flow &Management

see ourwebsite

Best Value Security Products from Insight Securitywww.insight-security.com Tel: +44 (0)1273 475500

www.insight-security.com Tel: +44 (0)1273 475500

ACCESS CONTROL – BARRIERS, GATES, CCTV ABSOLUTE ACCESSAberford Road, Leeds, LS15 4EFTel: 01132 813511E: richard.samwell@absoluteaccess.co.ukwww.absoluteaccess.co.ukAccess Control, Automatic Gates, Barriers, Blockers, CCTV

ACCESS CONTROL – MANUFACTURERROSSLARE SECURITY PRODUCTS Rosslare Security Products manufactures the Security Industry’s largest and most versatile range of Proximity and Smart Card readers.Bletchley Park, Milton Keynes, MK3 6EBTel: 01908-363467 Email: [email protected] ISO 9001 and ISO 14001 Certification

ACCESS CONTROL – SPEED GATES, BI-FOLD GATESHTC PARKING AND SECURITY LIMITED4th Floor, 33 Cavendish Square, London, W1G 0PWT: 0845 8622 080 M: 07969 650 394F: 0845 8622 090info@htcparkingandsecurity.co.ukwww.htcparkingandsecurity.co.uk

ACCESS CONTROLINTEGRATED DESIGN LIMITEDIntegrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQTel: +44 (0) 208 890 5550 [email protected]

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 1

BUSINESS CONTINUITY MANAGEMENTCONTINUITY FORUMCreating Continuity ....... Building ResilienceA not-for-profit organisation providing help and supportTel: +44(0)208 993 1599 Fax: +44(0)1886 833845Email: [email protected]: www.continuityforum.org

BUSINESS CONTINUITY

PHYSICAL IT SECURITYRITTAL LTD

Tel: 020 8344 4716Email: [email protected]

CCTV

BUSINESS CONTINUITY SOFTWARE & CONSULTANCYCONTINUITY2E232 Edinburgh House Righead Gate Glasgow G74 1LSTel: +44 (0) 845 09 444 02 Fax : +44 (0) 845 09 444 [email protected]

CCTV & IP SECURITY SOLUTIONS PANASONIC SYSTEM NETWORKS EUROPEPanasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: [email protected] Web: www.panasonic.co.uk/cctv

END TO END CCTV SOLUTIONS/RECORDERS, CAMERAS, NETWORK PRODUCTS

DEDICATED MICROS1200 Daresbury Park, Daresbury, Warrington, WA4 4HS, UKTel: +44 (0) 845 600 9500Fax: +44 (0) 845 600 9504Email: [email protected]

CCTVPECAN Stortech Elec, Unit 2 spire green CentrePinnacles West, Harlow, Essex CM19 5TSTel 01279 419913 Fx 01279 419925www.pecancctv.co.ukemail [email protected]

CCTVG-TECGtec House, 35-37 Whitton DeneHounslow, Middlesex TW3 2JNTel: 0208 898 [email protected]

DIGITAL IP CAMERASSESYS LTDSupplying digital IP camera for rapid deployment, remote sitemonitoring, fixed and short term installations. High resolutionimages available over mobile and wireless networks to any standard web browser.1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QGTel +44 (0) 1730 230530 Fax +44 (0) 1730 262333Email: [email protected] www.sesys.co.uk

COMMUNICATIONS & TRANSMISSION EQUIPMENTKBC NETWORKS LTD. Barham Court, Teston, Maidstone, Kent ME18 5BZwww.kbcnetworks.com Phone: 01622 618787Fax: 020 7100 8147Email: [email protected]

CCTV/IP SOLUTIONSDALLMEIER UK LTD3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QHTel: +44 (0) 117 303 9 303Fax: +44 (0) 117 303 9 302Email: [email protected]

MANUFACTURERS OF A COMPLETE RANGE OF INNOVATIVE INFRA RED AND WHITE LIGHT LED LIGHT-ING PRODUCTS FOR PROFESSIONAL APPLICATIONS INCLUDING CCTV SCENE ILLUMINATION, ARCHITECTURAL UP-LIGHTING AND COVERT SECURITY.

ADVANCED LED TECHNOLOGY LTDSales: +44 (0) 1706 363 998Technical: +44 (0) 191 270 5148Email: [email protected]

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTSALTRON COMMUNICATIONS EQUIPMENT LTDTower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJTel: +44 (0) 1269 831431Email: [email protected]: www.altron.co.uk

SURVEILLANCE / CCTVIDIS EUROPE1000 Great West Road, Brentford, LONDON TW8 9HH Tel : +44 (0)203 657 5678Fax : +44 (0)203 697 [email protected]

BUSINESS CONTINUITY 4 Scotia Close Brackmills Northampton NN4 7HR01604 769222www.bcontinuity.com

MANUFACTURE STANDALONE ACCESS CONTROL PRODUCTSPSU’S, KEYPADS, ELECTRIC LOCKS, BREAKGLASS, EXIT BUTTONSRGL ELECTRONICS LTD“Products to Trust – Power to Help”Pelham Works, Pelham Street, Wolverhampton WV3 0BJSales: +44 (0) 1902 656667 Fax: +44 (0) 1902 427394Email: [email protected] www.rgl.co



CONTROL ROOM & MONITORING SERVICES

DISTRIBUTORS

INFRA-RED, WHITE-LIGHT AND NETWORK CCTV LIGHTING RAYTECUnit 3 Wansbeck Business Park, Rotary Parkway,Ashington, Northumberland. NE638QWTel: 01670 520 055Email: [email protected] Web: www.rayteccctv.com

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESSCONTROL AND INTRUDER DETECTION SOLUTIONSNORBAIN SD LTD210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TPTel: 0118 912 5000 Fax: 0118 912 5001www.norbain.comEmail: [email protected]

ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PROD-UCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.ADI GLOBAL DISTRIBUTIONChatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RNTel: 0161 767 2900 Fax: 0161 767 2909Email: [email protected]

TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR

COP SECURITYLeading European Supplier of CCTV equipment all backed up by an industry leading service and supportpackage called Advantage Plus. COP Security, a division of Weststone Ltd, has been designing, manufac-turing and distributing CCTV products for over 17 years. COP Security is the sole UK distributor for IRLAB products and the highly successful Inspire DVR range.More than just a distributor.

COP Security, Delph New Road, Dobcross, OL3 5BGTel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 [email protected] www.cop-eu.com

CCTV SPECIALISTSPLETTAC SECURITY LTDUnit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XHTel: 0844 800 1725 Fax: 01788 544 549 Email: [email protected] www.plettac.co.uk

ADVANCED MONITORING SERVICES EUROTECH MONITORING SERVICES LTD.Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring• Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm ResponseTel: 0208 889 0475 Fax: 0208 889 6679E-MAIL [email protected]: www.eurotechmonitoring.com

CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOSFRAUD DETECTIONAMERICAN VIDEO EQUIPMENTEndeavour House, Coopers End Road, Stansted, Essex CM24 1SJTel : +44 (0)845 600 9323Fax : +44 (0)845 600 9363E-mail: [email protected]

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS,PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.MAYFLEXExcel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJTel: 0800 881 5199Email: [email protected]: www.mayflex.com

EMPLOYEE SCREENING SERVICESTHE SECURITY WATCHDOGCross and Pillory House, Cross and Pillory Lane, Alton,Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.ukTelephone: 01420593830

sales@onlinesecurityproducts.co.ukwww.onlinesecurityproducts.co.uk

EMPLOYMENT

IDENTIFICATION

EMPLOYMENT

URGENTLY NEEDED…National Franchise Opportunities with an established Security Companywith over 4000 installs specialising in Audio Monitoring.Try before you buy scheme. Contact Graham for full [email protected] TEL: 01274 631001



SECURITY PRODUCTS AND INTEGRATED SOLUTIONSHONEYWELL SECURITY GROUPHoneywell Security Group provides innovative intrusion detection, videosurveillance and access control products and solutions that monitor andprotect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology withtraditional analogue components enabling users to better controloperational costs and maximise existing investments in security andsurveillance equipment. Honeywell – your partner of choice in security.Tel: +44 (0) 844 8000 235E-mail: [email protected] Web: www.honeywell.com/security/uk

INTEGRATED SECURITY SOLUTIONS

THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRYSSAIB7-11 Earsdon Road, West MonkseatonWhitley Bay, Tyne & WearNE25 9SXTel: 0191 2963242Web: www.ssaib.org

INDUSTRY ORGANISATIONSPLANNED PREVENTATIVE MAINTENANCE

TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRYBRITISH SECURITY INDUSTRY ASSOCIATIONTel: 0845 389 3889Email: [email protected]: www.bsia.co.uk

INTEGRATED SECURITY SOLUTIONSINNER RANGE EUROPE LTDUnits 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,Reading, Berkshire RG74GB, United KingdomTel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001Email: [email protected]

PERIMETER PROTECTIONGPS PERIMETER SYSTEMS LTD14 Low Farm Place, Moulton ParkNorthampton, NN3 6HY UKTel: +44(0)1604 648344 Fax: +44(0)1604 646097E-mail: [email protected] site: www.gpsperimeter.co.uk

SECURITY MAINTENANCE CONSULTANTS• Planned Preventative Maintenance (PPM) Specialists • Price Comparison Service (achieving 20-70% savings)• FM Support / Instant Reporting / Remedial Work• System Take-Overs / Upgrades / Additions• Access, CCTV, Fire & Intruder, BMS, Networks & Automation• Free independent, impartial advice Tel: +44 (0)20 7097 8568 [email protected]

UPS - UNINTERRUPTIBLE POWER SUPPLIESADEPT POWER SOLUTIONS LTDAdept House, 65 South Way, Walworth Business ParkAndover, Hants SP10 5AFTel: 01264 351415 Fax: 01264 351217Web: www.adeptpower.co.ukE-mail: [email protected]

POWER SUPPLIES – DC SWITCH MODE AND ACDYCON LTDCwm Cynon Business Park, Mountain Ash, CF45 4ERTel: 01443 471 060 Fax: 01443 479 374Email: [email protected]

The Power to Control; the Power to Communicate

POWER

PERIMETER PROTECTION

STANDBY POWERUPS SYSTEMS PLCHerongate, Hungerford, Berkshire RG17 0YUTel: 01488 680500 [email protected]

INFRARED DETECTIONGJD MANUFACTURING LTDUnit 2 Birch Industrial Estate, Whittle Lane, Heywood, Lancashire, OL10 2SXTel: + 44 (0) 1706 363998Fax: + 44 (0) 1706 363991Email: [email protected]

UPS - UNINTERRUPTIBLE POWER SUPPLIESUNINTERRUPTIBLE POWER SUPPLIES LTDWoodgate, Bartley Wood Business ParkHook, Hampshire RG27 9XATel: 01256 386700 5152 e-mail:[email protected]

COMPLETE SOLUTIONS FOR IDENTIFICATIONDATABAC GROUP LIMITED1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HHTel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 [email protected]

STANDBY POWER SPECIALISTS; UPS, GENERATORS, SERVICE & MAINTENANCE

DALE POWER SOLUTIONS LTDSalter Road, Eastfield Industrial Estate, Scarborough, North Yorkshire YO113DU United KingdomPhone: +44 1723 583511 Fax: +44 1723 581231www.dalepowersolutions.com

SECURITY PRODUCTS AND INTEGRATED SOLUTIONSTYCO SECURITY PRODUCTSHeathrow Boulevard 3, 282 Bath Road, Sipson, West Drayton. UB7 0DQ / UKTel: +44 (0)20 8750 5660 www.tycosecurityproducts.com



SECURITY

CASH MANAGEMENT SOLUTIONS LOOMIS UK LIMITED 1 Alder Court, Rennie Hogg Road, Nottingham, NG2 1RX T - 0845 309 6419 E - [email protected] W - www.loomis.co.uk

CASH & VALUABLES IN TRANSITCONTRACT SECURITY SERVICES LTDChallenger House, 125 Gunnersbury Lane, London W3 8LHTel: 020 8752 0160 Fax: 020 8992 9536E: [email protected]: [email protected]: www.contractsecurity.co.uk

CCTVINSIGHT SECURITYUnit 2, Cliffe Industrial EstateLewes, East Sussex BN8 6JLTel: 01273 475500Email:[email protected]

FENCING SPECIALISTSJ B CORRIE & CO LTDFrenchmans RoadPetersfield, Hampshire GU32 3APTel: 01730 237100Fax: 01730 264915email: [email protected]

INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTDRedwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibreoptic perimeter security solutions are owned by Optex. Platinum House, Unit 32BClivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZTel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311Email: [email protected] www.optex-europe.com

V

INTRUDER AND FIRE PRODUCTSCQR SECURITY125 Pasture road, Moreton, Wirral UK CH46 4 THTel: 0151 606 1000Fax: 0151 606 1122Email: [email protected]

INTRUDER ALARMS – DUAL SIGNALLINGCSL DUALCOM LTDSalamander Quay West, Park LaneHarefield , Middlesex UB9 6NZT: +44 (0)1895 474 474F: +44 (0)1895 474 440www.csldual.com

INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONSRISCO GROUPCommerce House, Whitbrook Way, Stakehill Distribution Park, Middleton,Manchester, M24 2SSTel: 0161 655 5500 Fax: 0161 655 5501Email: [email protected]: www.riscogroup.com/uk

ONLINE SECURITY SUPERMARKET EBUYELECTRICAL.COMLincoln House,Malcolm StreetDerby DE23 8LTTel: 0871 208 1187www.ebuyelectrical.com

LIFE SAFETY EQUIPMENTC-TECChallenge Way, Martland Park, Wigan WN5 OLD United KingdomTel: +44 (0) 1942 322744Fax: +44 (0) 1942 829867Website: http://www.c-tec.co.uk

PERIMETER SECURITYTAKEX EUROPE LTDAviary Court, Wade Road, BasingstokeHampshire RG24 8PETel: +44 (0) 1256 475555Fax: +44 (0) 1256 466268Email: [email protected]: www.takexeurope.com

SECURITY EQUIPMENTPYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronixwww.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMSBOSCH SECURITY SYSTEMS LTDPO Box 750, Uxbridge, Middlesex UB9 5ZJTel: 01895 878088Fax: 01895 878089E-mail: [email protected]: www.boschsecurity.co.uk

VICON INDUSTRIES LTD. Brunel Way Fareham Hampshire, PO15 5TX United Kingdomwww.vicon.com

SECURITY EQUIPMENTCASTLESecure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QYTEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042www.facebook.com/castlesecurity www.linkedin.com/company/castlesecuritywww.twitter.com/castlesecurity

INTRUDER ALARMS – DUAL SIGNALLINGWEBWAYONE LTD11 Kingfisher Court, Hambridge Road, NewburyBerkshire, RG14 5SJTel: 01635 231500Email: [email protected] www.webwayone.co.ukwww.twitter.com/webwayoneltd www.linkedin.com/company/webwayone



Risk UK March 2014

Documents

Transcript of Risk UK March 2014