Risk UK May 2014 by Western Business Media Limited

Cover may14_001 06/05/2014 11:19 Page 1

May 2014

Security and Fire Management

Mail screening and staff protection Power over Ethernet benefits The cost of not cutting carbon IFSEC and Firex previews (part one)

Project1_Layout 1 05/02/2014 17:39 Page 1

Have you tried Integriti yet?

Sophistication is not about size The Integriti Security Management System is an IP connected access control and intruder security system that oﬀers sophisticated centralised management for both small systems on a single site, or large systems distributed across the country or across the globe.

With a growing list of new installations take a moment to think of what you’re missing! The Integriti system oﬀers an advanced suite of software, hardware and integrated solutions to deliver complete management of your entire integrated system.

Inner Range Europe Limited Units 10-11 Theale Lakes Business Park Moulden Way, Sulhampstead Reading, Berkshire RG74GB UNITED KINGDOM

integriti@innerrange.co.uk

a4 integriti 0ne page UK.indd 1

+44 (0) 845 470 5000 www.innerrange.com 4/12/2013 8:40 am

EDIT contents_riskuk_may14 06/05/2014 16:59 Page 3

May 2014

44 - How good is your bouncebackability?

Contents 37 Detecting discrepancies Recruitment advice from Traci Canning of First Advantage

39 The incidentals of incident handling By Udi Segall of NICE Systems

41 Zero hour contracts Peter Webster, CEO of Corps Security, discusses the benefit of zero hour contracts in the private security sector

42 Public notice 6 News

Here we look at PEARS, smart solutions for Europe-wide Public Alert System

News stories for security and fire professionals

44 Business resilience 101

11 Appointments

Teon Rosandic, VP EMEA, xMatters looks at measures for building business resilience

Some of this month’s movers and shakers

13 First class protection Adam Bernstein looks at modern mail screening solutions and the protection they provide

19 Five to watch in access control Mike Sussman, Chairman of the Access Control section for the BSIA, discusses how 2014 looks set to be a year of evolution

46 Technology in Focus & Risk in Action A round-up of some of the latest new products and case studies

56 Preventing heart attacks Seth Berman, executive managing director and UK head of Stroz Friedberg looks at the Heartbleed threat

58 Authentification - an update

Geny Caloisi looks at transport security

Ian Kilpatrick, chairman Wick Hill Group, looks at the current state of authentication

23 From planes to trains

60 Ahead in the Cloud

What can our railways learn from airport security? asks Daniel Wan, marketing leader UK, Honeywell Security Group

When is it worth moving to the cloud? asks Roger Keenan is the managing director of City Lifeline

25 Energy efficiency for good health

66 Two years to prepare...

The CRC Energy Efficiency Scheme is designed to improve energy efficiency and cut emissions and it could result in fines for organisations that don’t change their ways

Why businesses must act now to prepare for EU data protection reforms by Christian Toon of Iron Mountain

20 Crossing the line

67 The Risk UK Directory 27 London awaits... IFSEC International moves to ExCeL London this year. We look at event and what the show has to offer from 17-19th June

31 New venue, new attractions The IFSEC and Firex events are at a new venue for 2014, but this will not be the only new aspect of the three days

33 UK security on the world stage The BSIA’s Amanda Caton explains the value of overseas events in boosting the UK security sector’s profile

ISSN 1740-3480 Risk UK is published 12 times a year and is aimed at risk management, loss prevention and business continuity professionals within the UK’s largest commercial organisations. © Pro-Activ Publications Ltd, 2014 All rights reserved. No part of this publication may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopy, recording, or any information storage and retrieval system, without the written permission of the publisher. The views expressed in Risk UK are not necessarily those of the publishers.

Risk UK is currently available for an annual subscription rate of £78.00 (UK only)

Managing Editor Andy Clutton Tel: 0208 295 8308 E-mail: andy.clutton@risk-uk.com Contributing Editor Geny Caloisi E-mail: geny.riskuk@gmail.com Design & Production Matt Jarvis Tel: 0208 295 8310 Fax: 0870 4292015 E-mail: matt.jarvis@proactivpubs.co.uk Advertisement Director Paul Amura Tel: 0208 295 8307 Fax: 01322 292295 E-mail: paul.amura@proactivpubs.co.uk Administration Tracey Beale Tel: 0208 295 8306 Fax: 01322 292295 E-mail: tracey.beale@proactivpubs.co.uk Managing Director Mark Quittenton

35 The CCTV power play Power over Ethernet in security, by Chris Hay, Allied Telesis

RISK UK PO Box 332, Dartford DA1 9FF

Chairman Larry O’Leary

Editorial: 0208 295 8308 Advertising: 0208 295 8307

3 www.risk-uk.com

EDIT comment may14_riskuk_may14 06/05/2014 17:03 Page 1

Evacuate everyone Avaiila ab ble to ord der now!!

Sonos Pulse EN54-23 Fire Beacons ,Q D Ã&#x20AC;UH HYHU\RQH PDWWHUV 6RQRV 3XOVH Ã&#x20AC;UH EHDFRQV DQG VRXQGHU EHDFRQV HQVXUH WKDW DOO SHUVRQQHO DUH QRWLÃ&#x20AC;HG RI Ã&#x20AC;UH HPHUJHQFLHV :LWK 3XOVH $OHUW 7HFKQRORJ\ EXLOGLQJV DUH HYDFXDWHG TXLFNHU HYDFXDWLRQ UHTXLUHPHQWV DUH XQDPELJXRXV DQG HYHU\RQH LV PDGH WR IHHO VDIH DQG VHFXUH &RPH DQG YLVLW XV DW ),5(; ,QWHUQDWLRQDO Stand P200

Signalling Solutions

EDIT comment may14_riskuk_may14 12/05/2014 11:04 Page 2

Comment Signalling Solutions

Sonos Pulse Ceiling EN54-23 Coverage: C-3-15

Special measures At the time of going to press, UK media outlets were reporting on the shocking story of a school teacher being stabbed during lessons in Leeds. This fatal attack has led to calls for more serious security measures in public areas, but how can it be managed? ollowing the news coverage of serious attacks there are often calls to step up security in various public areas. In 1995 when the school headmaster Philip Lawrence was stabbed there was a lot of support for ‘airport-style’ x-ray machines to be put into schools. In the wake of the Ann Maguire murder in April, the first to take place in a UK classroom, the same opinions are being put forward. There was also much talk of these scanners being installed in train stations after the 7/7 bombings in which the terrorists used public transport as a means of carrying their explosive devices around London. While the sentiment behind these calls for scanners is understandable, and widely agreed with, the application and management of more heightened security measures is always a tricky one for authorities. We all understood the need for raising the checks at airports following 9/11 but on joining the queues it was not long before it became common to hear complaints about the time being taken for travellers to get through the checks. The public is quick to condemn and quick to forget and it is not long before the reasons why the queues are happening soon turns to it all being a fuss and too much of a hassle. The sheer numbers of people involved in public area security, be it at an airport, school or train station provides the security industry with a real challenge. How can you apply high levels of security without hindering people going about their daily lives; once they’ve forgotten all about their initial demands for the checks in the first place. The aviation industry would be the first to admit that after 9/11 and subsequent incidents such as the ‘shoe-bomber’ the security at airports was a little confused as to what was required of it, but it has evolved over the years and the technology being used has also helped speed up the process. The public will never be 100% safe in any environment and authorities can only do what security managers across the world do; compare the risk to the inconvenience and the cost. If all schools are to bring in x-ray scanners for pupils at the start of every day then initially I’m sure parents and teachers would welcome it. Give it a few weeks however and the need for kids to leave the house ten minutes earlier than in the past due to the queues and then the subsequent rise in council tax to pay for the scanners might change the feelings of support for the installations. This is a very tricky balancing act surrounding a delicate subject. At the moment the threat to teachers and pupils is fortunately very low, although further news announcements will add to the widespread call for raising security levels. If schools do go down the route of scanners then the experiences of the airport sector will be invaluable and may help provide solutions that can take the potential bottlenecks out of the measures. Andy Clutton – Editor

F Sonos Pulse Wall EN54-23 Coverage: W-3.1-11.3

)($785,1*

• (1 FRPSOLDQW EHDFRQ WHFKQRORJ\ • :DOO DQG FHLOLQJ PRXQW OLJKW RULHQWDWLRQV • :LGH FRYHUDJH SDWWHUQ RQH GHYLFH FDQ SURWHFW PRVW URRPV • P$ EHDFRQ FXUUHQW # +] ÁDVK UDWH

Tel: +44 (0)1706 233879 ZZZ NOD[RQVLJQDOV FRP ÀUH

December 2012

www.risk-uk.com

EDIT news may14_riskuk_may14 06/05/2014 23:44 Page 2

News

6 www.risk-uk.com

Mechanical locks still functional Despite the growing popularity of access control systems driving the adoption of electronic locking devices, mechanical locks are not projected to falter any time soon. Mechanical locks, which are still used to override electrical ones in the case of a power failure or system error, are forecast to have a positive compound annual growth rate (CAGR) of 3.8 per cent from 2013 to 2017 according to IHS. Adi Pavlovic, analyst for Security & Building Technologies at IHS comments, “Access control is driving the penetration of electronic locking devices such as electromagnetic locks, electric strikes, and electronic locks. But this trend will only limit the growth of mechanical locks in the medium-term; it does not necessarily replace them.” For many end-users, having an online electronic access control solution remains cost prohibitive, so they must continue to rely on mechanical solutions. Pavlovic adds, “Despite the cost, more endusers are seeing the value of being able to control access rights securely and efficiently, monitor door status in real time, create audit trails and the ability to lockdown all doors immediately in the case of an emergency. As a result, electronic access control solutions are still forecast to have stronger growth rates than mechanical globally from 2013 to 2017 both in terms of revenues and units. The mechanical lock industry itself is experiencing an increased penetration of Chinese suppliers into the international markets. These lower cost suppliers are increasing their market share in EMEA and the Americas which is influencing the average sales price (ASP) of mechanical locks downward regardless of rising material costs. Chinese suppliers are more prevalent in price sensitive regions such as Eastern Europe and Latin America, but are increasing their partnerships with ‘sister’ companies in the US and Western Europe. The ASP for mechanical locks globally is anticipated to decline 0.6 per cent from 2013 to 2017 as a result. Overall, the mechanical locks market is slated for positive growth in the mediumterm, with strong construction activity in emerging markets and the BRIC countries continuing to drive demand for mechanical locking solutions. However, more mature market such as the US and Europe, will see more of an impact by electronic access control systems, but cannibalisation should be minimal in the medium term.

Vicon and IQinVision to merge Vicon Industries and IQinVision have announced that they have entered into a definitive merger agreement to create a global provider of integrated solutions to the video security market. The merger has been approved by the boards of directors of both companies and is subject to shareholder approval, and other customary closing conditions. The transaction is expected to close in Vicon’s September quarter. Under the terms of the merger agreement, Vicon will issue shares of Vicon common stock to IQinVision shareholders in an all-stock merger whereby IQinVision shareholders will own approximately 50% of the outstanding common stock of the combined company. After the merger, Vicon will have approximately 9,000,000 shares outstanding. “Vicon is thrilled to join forces with IQinVision,” said Ken Darby, Vicon Chairman and CEO. “The Vicon/IQinVision combination will yield meaningful operational benefits, together with significant market and technological synergies. It’s a logical first step to strategic growth for both companies.”

Norbain acquires Detection Supplies Norbain has announced that it has acquired Detection Supplies, a supplier of fire alarm and ancillary equipment to the UK fire installation market. Detection Supplies will continue to operate as a standalone business under the Norbain SD umbrella. All sales enquiries will be handled directly at the Detection Supplies offices, based in Fordingbridge, Hampshire. Trevor Saunders, MD and Owner of Detection Supplies, comments: “I’m extremely pleased to have found such a safe home for the business and the staff. This move provides Detection Supplies with a very firm foundation to continue to serve its customers and pursue its expansion in the market.

Project1_Layout 1 06/05/2014 17:05 Page 1

Store, manage and control keys, cards and small assets more securely and efficiently with KeyWatcher® Touch. Access is limited to authorized users, and all transactions are recorded with detailed reports available. The system will even automatically email transactional information to any user – at any time. And KeyWatcher’s convenient touchscreen makes removing and returning keys easier than ever. With our modular design and full scalability, it’s easy to see how we keep making key management better. That’s Morse Watchmans’ outside the box thinking – right inside the box.

morsewatchmans.com • 0115-967-1567

EDIT news may14_riskuk_may14 06/05/2014 23:44 Page 4

News

Controlling rumours is crucial to business A new report advises that authorities around the world should set up emergency communication teams to manage the amount of misinformation circulating on social media during disasters, terrorist attacks and other social crises. A study on the use of social media in three major incidents, including the 2008 Mumbai terrorist attack, by Dr Onook Oh, of Warwick Business School, Manish Agrawal, of the University of South Florida, and Raghav Rao, of the State University of New York at Buffalo, revealed that Twitter is emerging as the dominant social reporting tool to report eye-witness accounts and share information on disasters, terrorist attacks and social crises as a collective effort to make sense of what is happening. But when it is the online community who are creating and exchanging the news rather than official news channels, this can not only exaggerate the unfolding situation, but also unintentionally turn it into misinformation, diverting attention from the real problems. Dr Oh believes authorities or organisations involved in a disaster or terrorist attack need to set up an emergency communication centre to provide speedy, relevant information on the unfolding crisis and to confirm or dispel misinformation circulating on social media. The study, which is the first application of rumour theory to social media and community intelligence, analyses three large Twitter data sets: the 2008 Mumbai terrorist attacks, where a group of gunmen killed 165 and injured 304 people, the May 2012 shooting of five people by a gunman in Seattle and the recall of four million cars by Toyota in 2009 and 2010 because of a faulty accelerator pedal. Within minutes of the initial terrorist attack in Mumbai, a local resident posted a stream of pictures on photo sharing website Flickr. Almost concurrently, a group of people voluntarily formed a Twitter page with a link to the Flickr site and spread eyewitness accounts of the terrorist attacks with texts, photos, and links to other sources. While the flurry of social media activity had many positive outcomes, enabling people to contact family members, encouraging blood donations and providing eyewitness accounts, it also caused many rumours to circulate. Dr Oh said: “Natural disasters and crises such as terrorist attacks provide the optimum conditions for rumours to spread which can

8 www.risk-uk.com

Three new distributors for Paxton Paxton has announced the addition of three new distribution partners in the UK with the news that the company’s product range is now available through distributors Enterprise Security, Alarm Supplies and Oprema. Enterprise Security is an independent single source security distributor providing CCTV, access control, intruder and fire products throughout the UK. Alarm Supplies is an independent distribution company with 21 years’ experience in security solutions. They work closely with suppliers to offer quality products to customers located in Scotland, England and Northern Ireland. Oprema is a multi-brand security distributor of IP solutions, CCTV, fire and access control, based in Cardiff with a network of trade clients across the UK, Ireland, Europe, Africa and the Middle East. Gareth Johnson, UK Sales Manager at Paxton said: “We look forward to expanding our already excellent distribution base through our collaboration with Enterprise Security, Alarm Supplies and Oprema and making our products even more accessible.”

exacerbate the situation for emergency response operations and cause panic amongst the public. For example, during the Mumbai terrorist attacks, the police control room was flooded with incorrect reports of explosions at leading hotels. Misinformation on the internet was also influencing what was being reported on official news channels. In fact, the BBC was forced to admit they had made a mistake after using Twitter coverage of the Mumbai terror attacks as a source of their official news. “Given that the motivation of rumouring is fundamentally to make sense of uncertain situations such that people can deal with a possible threat, the provision of timely and certain information may lead to successful crisis management in partnership with voluntary online citizens.”

Project1_Layout 1 06/05/2014 17:07 Page 1

www.chubb.co.uk

UNITED PERFORMANCE.

FOR BEST-IN-CLASS FIRE AND SECURITY SERVICES

Chubb Fire & Security is united in delivering exceptional service to its customers, providing greater access to a wealth of expertise. Chubb Fire & Security has merged its separately branded businesses in the UK and Ireland to deliver a richer and more streamlined experience for its customers nationwide. www.chubb.co.uk ÂŠ Chubb Fire & Security Limited

EDIT news may14_riskuk_may14 06/05/2014 23:45 Page 6

News

Acquisitions can suffer higher security risks than mergers Company acquisitions can have a devastating impact on information security and management. According to a new study by European research company Iron Mountain, employees of acquired firms are more preoccupied with the potential impact on their role than with the need to effectively integrate the information of both companies. Iron Mountain, a specialist on storage and information management, says that the lack of focus during an acquisition could leave information at increased risk of loss or exposure. The picture is different when companies merge, and employees stay focused on integration and ensuring company information remains well managed. The top two information concerns of employees at acquired firms are: confusion

An alliance to deter, detect and illuminate Three UK companies have joined forces to form the GJD Alliance. GJD Manufacturing, Harper Chalice Group and Advanced LED Technology (ALT) announced a new strategic alliance where their respective strengths and product ranges have been combined to create a one-stop-shop for professional external intrusion detection. The new Group, GJD Alliance offers a total external and perimeter security solution with Harper Chalice’s (FenceSecure and WallSecure) systems, GJD ‘s range of external PIR volumetric detectors and active IR beams together with ALT’s illuminators to provide a complete external deterrent, detection and illumination solution. Mark Tibbenham, Managing Director of GJD said: “I am excited about the Alliance and the real benefits that we bring to our customers. Our combined and integrated products seamlessly combine to provide the first and second lines of defence and so create a total perimeter solution and a deterrent to would-be intruders.”

www.risk-uk.com

around responsibilities for managing the information (34 per cent) and the prospect of change to their information management systems (33 per cent). Just over a quarter of employees (27 per cent) at acquired firms worry about consolidating different sets of customer or company records, and less than one in five (17 per cent) worry about how to deal with data discrepancies, duplication and overlap. This contrasts sharply with the concerns of staff at the acquiring firm, where 41 per cent worry about integrating the two data sets and 34 per cent are concerned about the quality of the data. Furthermore, one in three employees of acquired firms say there are no policies for integrating records or protecting customer data compared to just 19 per cent of those at the acquiring firm. Paper records are a serious concern, with 44 per cent of newly acquired firms saying there is no process for integrating paper into new digital systems, and 31 per cent saying the same for the storage of the paper archive. Charlotte Marshall, MD of Iron Mountain in the UK, Ireland and Norway says, “Information management is often an afterthought when companies merge. However, given the value of information and the desire of merging firms to rationalise cost structures, it should be a priority. Joining forces with or acquiring another organisation provides an opportunity for firms to re-evaluate their information management programmes and make the changes required to drive consistency, increase security and improve access to information.” The picture for company mergers is very different, with employees at both firms focused equally on addressing the main aspects of information management. Nearly three quarters (71 per cent) of employees feel supported in record integration during a merger, and nearly two thirds (62 per cent) feel the same about the protection of customer data. Marshall adds, “Our study shows that the emotional impact of acquisitions can cause employees to lose focus on how information is managed. Information on paper is particularly vulnerable, with many firms having no effective storage or integration plans in place, thereby leaving potentially valuable data at increased risk of loss or exposure. Because employees can feel insecure and unsupported during times of change, communication is key. Consistent and clear instruction on how to deal with the information challenges ahead will help employees to understand how information should be managed going forward, where the key responsibilities lie, and what advantages new information management processes can bring.”

EDIT people may14_riskuk_may14 06/05/2014 23:25 Page 3

People

William Mawer

Anthony Carney

The Board of Image Scan has announced that William Mawer has been appointed as Chairman and Chief Executive Officer. William has been working as a consultant to the Company for four months and the Board is confident that his appointment will significantly strengthen the Company at this time. William brings considerable experience of the x-ray industry having worked for 13 years with Smiths Group plc. For most of that time he held senior executive positions in Smiths Detection and more recently he has acted in a consultancy capacity for a number of other technology companies, providing input on strategy and business development. William has key strengths in product development and strategic planning. His experience in the x-ray security sector will be instrumental in supporting the development plans and driving forward the sales and marketing strategy. The newly appointed Chairman and Chief Executive Officer, said: “I am delighted to be joining the Board of Image Scan at such a pivotal time in its PLC history.”

Secura Management has promoted Anthony Carney to Group Head of Research and Development. Anthony, who was previous the firm’s Head of Engineering, has worked for Secura Management for almost ten years, helping the company develop new alarm systems under its two brand names Securahomes and Pro-tect. Martin Mann, Managing Director of Secura Management states: “Anthony has been key in the company’s growth. His invaluable experience and knowledge has allowed us to develop new cutting edge wireless alarm systems and increase our overall share of the UK’s domestic alarm market. Anthony’s promotion from Head of Engineering to Group Head of Research and Development will enable him to continue producing cutting-edge systems.”

Trevor Turner Lodge Service has appointed Trevor Turner as Director of Operations. He has almost 35 years’ experience working with both security technology and guarding services across retail and distribution sectors as well as the financial services market. Trevor began his security career with Group 4 Total Security before becoming Head of Profit Protection for Comet where he remained for almost 15 years. He has more recently been working within the manned guarding industry where he has held positions of Director of Commercial and Director of Operations. Simon Chapman, managing director of Lodge Service says: “Trevor joins the company at an exciting time and will be responsible for strategically managing the operational businesses in order to position us for continued growth - with a focus directly on customer service whilst still seeking out new innovative ways of delivering an integrated security solution to our customers and prospects.”

People

Ali Aleali FireVu is further strengthening its business development team with the appointment of Ali Aleali who moves from parent company AD Group where he was a training and communications specialist. In his new position as business development manager Ali will concentrate on the petrochemical, chemicals, food and drink processing industries. Pauline Norstrom, Chief Operating Officer of AD Group, comments: “Ali possesses extensive business development experience in the chemicals, food and drinks industries as well as strong academic credentials, including lecturing up to degree level, in industrial chemicals and food production applications. VDS is a proven technology with great potential and Ali’s appointment will further help FireVu realise ambitious goals for 2014 and beyond.”

Carl Martin & Rod Butler Ward Security has announced two appointments to expand its South West and London operations. The company has recruited Carl Martin who joins the company with over twentyfive years’ experience in security management as the new Associate Director for the South West region and Rod Butler (Pictured) who after a career spanning more than ten years brings in-depth industry knowledge to the London team. David Ward, Managing Director of Ward Security said: “Both Associate Directors bring a wealth of experience and industry knowledge to the company, which will undoubtedly make them key additions to the team. They are both very passionate about growing our client portfolio as well as ensuring our high standards in security delivery are maintained.”

11 www.risk-uk.com

EDIT people may14_riskuk_may14 06/05/2014 23:25 Page 4

People

Guy Other

Kitty Van Der Sluis

SitexOrbis has appointed Guy Other as its new Chief Executive. With over 20 years’ experience on the b2b market in a broad range of commercial sectors, Guy most recently served as Chief Operating Officer at Stalbridge Linen Services and a main Board Director at Johnsons Apparelmaster. “We are delighted that Guy has joined SitexOrbis. We were impressed by his clear strategic vision and commercial expertise which he has used to shape, direct and turnaround the operational performance, market share and profitability of several blue chip companies,” said Layton Tamberlin, SitexOrbis’s acting MD and part-owner. “I am very pleased to be joining SitexOrbis at such a crucial time for the business,” added Guy. “The situation is similar to when I joined Johnsons and I look forward to working with our committed investors and the fantastic people within the business to deliver great service to our customers and some significant growth over the coming years.”

Milestone Systems has been evolving its partner initiatives over the years, including more resources being allocated to enhance collaborations with distributors. To help lead these activities in Europe, the Middle East and Africa, Kitty Van Der Sluis is the new Director of Sales Distribution in EMEA. “I am looking forward to continue strengthening the relationships with our partners, making use of my previous experience from the IT and security business. I am familiar with many of the challenges our distribution partners face in driving growth, and Milestone has the right components to address these,” says Kitty. Thomas Lausten, VP of Sales in EMEA, said: “Kitty has gained valuable experience in supporting and improving sales and distribution channels in Europe, the Middle East and Africa in her previous positions at the international corporations Anixter and Tyco. Moreover, Kitty has comprehensive knowledge about the IP video surveillance business from an earlier position at Genetec.”

John Downie Visual Management Systems has announced the appointment of John Downie as its new Sales Director, a move that follows on from company growth in recent years and strategic plans for the future in the UK and overseas. John will be responsible for developing sales strategies and expanding the sales of the open platform IP CCTV “Titan Vision” product range. And his appointment coincides with the launch of the new Abacus retail business intelligence system. John has a wealth of experience in the IP video and PSIM market. Prior to his appointment he was Commercial Director at Codestuff and before this National Sales and Marketing manager at CBC Europe. Jay Shields, Managing Director of VMS, said, “John is a seasoned professional and a great addition; his expertise and professionalism will strengthen our existing management team. John’s experience will be invaluable as we expand our market sectors and grow our sales.”

Keith Newton SilverNet has announced an expansion of its sales team with the appointment of Keith Newton as Business Development Manager. Keith will be working with consultants, installers, system integrators and distributors to identify new opportunities for SilverNet’s range of wireless networking solutions. Keith, who immediately prior to joining SilverNet was Sales Engagement Manager for Ericsson, was previously a sales engineer for six years for BelAir Networks. Managing Director Chris Ballard said: “Keith’s extensive knowledge of transmission issues will be of immense value to us as we look to provide project support to installers who are competing for new business, as well as providing their existing clients with a cost-effective alternative to the traditional cabling methods or the use of leased lines.”

www.risk-uk.com

Richard Moore Essentra Security has appointed Richard Moore as its UK Director of Sales. In addition to managing the day-to-day activities of the company’s internal and field based sales personnel, Richard will be working with key customers to help identify and generate new business opportunities Reporting to Simon Jones, General Manager of Essentra Security, Richard is no stranger to the Essentra Group, having for the last nine years held the position of General Manager of the Group’s component distribution division. “I am excited about having the opportunity to lead and develop a highly talented sales team who share my passion for providing the highest levels of pre- and post-sales support,” said Richard. “Our key objective is to encourage our customers and business partners to take advantage of the market knowledge and expertise that we have acquired over the last 20 years to help them gain maximum advantage from the latest ID technologies and products.”

EDIT article 1 may14_riskuk_may14 06/05/2014 17:31 Page 1

Screening

t does seem peculiar that in our hyperconnected world that we still rely so heavily on the movement of physical packages. Yet this reliance is so under appreciated. With perpetual warnings about online security – the most recent headline grabber being the Heartbleed virus that effectively opened a back door to passwords for hackers and which, allegedly, the USA’s National Security Agency was itself exploiting – the mailroom and security of inbound items seems to have taken a backseat. Although we live in an era of relative peace – in the West at least – firms do need to remember that if (say) a terrorist wants to cause disruption to an organisation all he has to do is put in the post a bomb or hazardous item such as anthrax and let the postman do the job for them; maximum effect with minimum risk to the sender.

Mail screening has an important role

Griffiths, business development director, UK & Ireland, Pitney Bowes Global Mailing Solutions, picks up on this and talks about a human aspect of concern: “Companies are obliged to ensure the health and safety of their employees under the Health and Safety at Work Act 1974, and mail screening forms an extremely important part of guaranteeing this safety.” As is often the case though, many firms only implement a mail screening system after an incident - “it’s rare that these procedures are implemented before an organisation has witnessed an incident, and by this time it can be too late,” says Griffiths.

The threats have evolved

Adam Bernstein looks at modern mail screening solutions and the protection they provide

Of course the threats caused by inbound mail vary according to the recipient organisation and naturally some organisations will be more prone to mail threats than others. Griffiths notes that scientific research companies, government agencies and banks are all major targets because there are large numbers of people who may disagree with their work, and for these people, mail threats are a simple form of protest. It is because of this danger that every Foreign & Commonwealth Office around the world scans its mail. For many – in living memory – the threat and bulk of mail incidents were in the form of letter bombs, but, reckons Griffiths, nowadays powder hoaxes tend to be used far more widely: “Putting a harmless powder - such as All pics courtesy of Todd Research

“The mail route,” says Richard Sheil, sales director at Todd Research, “into any organisation is destined to remain the preferred method for anonymously targeting a person or individual associated with a particular company or facility.” Whether a live or hoax device, by definition items sent this way require little resource. This is why, Sheil says, these attacks historically have been the territory of organisations such as animal rights groups targeting pharmaceutical and medical research organisations. It’s worth noting that the risk from dissident terrorist organisations has not gone away as was recently demonstrated by the series of crude bombs sent to army recruiting offices. Sheil points out that the devices sent bore a Republic of Ireland postmark and were subsequently confirmed to be the work of the republican terror alliance known as the New IRA. But Antony Paul, marketing manager at Neopost , says the need to screen inbound mail and packages goes beyond terrorist threats and can include “disgruntled former employees or customers.” Moving into the realms of internal security, firms also need to be alive to what their own staff are doing. With the growth of the web and online shopping, firms need to assess their mail screening function to cover what staff are having delivered to the workplace. Clearly it’s more convenient for staff to have online orders delivered to the workplace than to home. But it’s the fact that by virtue of mail being enclosed in some form of a wrapper that the true contents of an item are unknown until it’s open or has been scanned. James

First-class protection

Explosives in a package

“The mail route into any organisation is destined to remain the preferred method for anonymously targeting a person” 13

www.risk-uk.com

EDIT article 1 may14_riskuk_may14 06/05/2014 17:32 Page 2

Screening

baking soda - in a package, in the hope that the receiver will fear it’s ricin or anthrax, can be extremely effective, without actually inflicting any physical harm.” The power of a “hoax device” is important to appreciate. Letter bombs, for example, are not only a threat to the receiver – the sender is also putting him or herself at risk by creating the bomb itself. This is why firms must not be complacent about hoaxes as they’re a safer and cheaper alternative for someone looking to cause disruption. But says Griffiths: “If you consider that a powder hoax incident could result in the evacuation of a building, it quickly becomes clear how financially damaging these incidents can be. If inflicted on the London Metal Exchange for example, it could cost multiple firms millions of pounds worth of losses.” This is why powder hoaxes cause maximum impact with minimum cost, and no physical harm. Even so, firms can still be on the receiving end of other low-level threats such as razor blades, broken glass and basic explosives. Ultimately, employers need to evaluate such risks using two key categories says Paul. “Firstly there is a duty of care to protect employees and secondly [firms must consider] the cost associated with potential building damage or evacuation.” Every organisation needs to detail a system for handling mail, but what that will be will depend on the organisation, the threat and the volume of inbound mail to be screened. According to Sheil, evaluation of this is the important first step before the right screening equipment can be specified. Next comes staff training.

Training Best practice means that all inbound mail should be screened using X-ray equipment operated by trained staff – note the emphasis on the word “trained”. Particular attention

should be given to parcels arriving from random sources such as couriers “and those wishing to leave mail for individuals at reception that may result in items circumnavigating the screening process,” says Sheil. The key though is not the blind use of technology without good training for staff. As Griffiths puts it, “without properly trained personnel operating the technology it quickly becomes redundant as the technology can’t work itself.” Sheil echoes this: “Any equipment deployed is of course only as good as the staff operating it.” He notes that a solid understanding of the operational capabilities of the equipment coupled with regular training in understanding the characteristics of possible threat items is essential. Misidentification can lead to unnecessary and highly expensive evacuations. By the same token, mistakes can let threats through. It’s also important that staff from the mailroom, security team and anyone involved in the process understands the nature of threats that can be encountered, how to deal with them and the actions needed to mitigate false alarms. Training isn’t a one-time deal. In many firms staff turnover is a problem and this includes those operating mail-screening technology. Griffiths believes it to be “absolutely vital that all new staff are completely up to speed on their training before they operate these machines.” He adds that his firm’s portfolio of mail screening products features built-in training mechanisms that will test operators periodically. But what makes a suspicious package? Well that, according to Paul, is down to definitions which firms should refine so that suspicious packages can be reported to the appropriate authorities. Another key part of the process is to ensure that all staff attend a “safe or suspect” course so that they can identify the tell-tale signs of suspicious packages even before they place it

“Companies are obliged to ensure the health and safety of their employees under the Health and Safety at Work Act 1974, and mail screening forms an extremely important part of guaranteeing this safety” 14

www.risk-uk.com

Project2_Layout 1 06/03/2014 12:58 Page 1

Weâ&#x20AC;&#x2122;ve updated our Corporate Identity and Logo to reflect Scannaâ&#x20AC;&#x2122;s continuing commitment to High Quality, High Performance X-ray Products. Visit us at Counter Terror Expo, Stand D36, April 29-30 to learn more.

Rugged, weather- resistant flat panel portable x-ray systems

Large Format Flexi X-ray Plates for large area x-ray investigation

EDIT article 1 may14_riskuk_may14 06/05/2014 17:32 Page 4

Screening

inside an X-ray machine; regular refresher courses are crucial. Because mail screening goes beyond the mailroom, says Griffiths, firms should ensure that everyone inside an organisation can spot a suspicious package. Any guidance offered should follow a programme that involves training and certification in line with PAS97:2012. Importantly, where the alarm is raised over a suspicious package, staff should not panic but instead, think rationally and follow procedures that they’ve been taught in line with PAS97:2012.

Processes Aside from training, mail-handling processes should be set up so that firms have a logical workflow based on PAS97:2012. For example, inbound mail should be scanned first, then sorted and then distributed. Paul recommends that all items are delivered initially to a central point and then passed through a dedicated screening device at this central location. Another step, and one that Griffiths recommends for those that need added security, is to also consider having the mailroom offsite. Firms that do this (and those that don’t should consider it) need to use some form of delivery management software that will log and track deliveries and provide digital audit trails to refer back to. It is worth noting however, that every building and situation is different, so it’s vital that site-specific processes are written and followed. Separate actions for finding powders, explosives, sharps etc. should also be included in these processes, and the procedures should be reviewed periodically to ensure that they are still appropriate. Griffiths says that firm’s mail screening supplier should be able to offer reviews of procedures. Those needing further guidance on setting up processes can turn to the Centre for the Protection of National Infrastructure (CPNI) as well as counter terror security advisors in organisations such as the City of London police. But there is another aspect to health and safety obligations owed to staff, and that is

In many firms staff turnover is a problem and this includes those operating mail-screening technology 16

www.risk-uk.com

A bomb in a postal tube

that organisations should be aware of the legal requirements to operate X-ray equipment. Sheil says that good suppliers should be able to assist with this including with the provision of radiation protection training and compliance with IRR1999 (Ionising Radiation Regulation 1999). Griffiths adds that regular servicing of Xray machines will aid compliance with IRR1999. The Health Protection Agency can also offer guidance.

Technologies can combat the threats A number of technologies exist to assist mail screening and, says Paul, in its simplest form devices are available that exclusively identify metal within letters and parcels. But for the best protection against malicious items, he says that “an organisation really should invest in X-ray based technology and depending on the sizes of and volume of mail an organisation receives, there is the choice of cabinet or conveyor based technologies.” It should be obvious to most that cabinets are more cost effective, simpler to operate and require a much smaller footprint than conveyors. Conveyors, by definition, are much more suitable for large sized items or high mail volumes. Many cabinet X-ray scanners are equipped with enhanced powder detection software that can identify harmful powders like ricin or anthrax. Todd Research calls their version “Enhanced Powder Detection” and it gives a user greater ability to see items containing powder which Sheil sees is a rising risk in the US. Paul too considers that being able to detect powders is very important to security. But, says Griffiths, customers with a greater volume of post may need a conveyor X-ray

TODD_Layout 1 06/05/2014 17:23 Page 1

Are you effectively screening your mail for threats? Talk to us today and understand why, for over 50 years, we have partnered with companies to minimise the impact of dangerous devices to business continuity.

• Hoaxes or live devices can cripple an organisation • Avoid expensive evacuations • Reputational & brand damage • Negative impact to employee morale • Disruption to customers

EDIT article 1 may14_riskuk_may14 06/05/2014 17:32 Page 6

Screening

machine (akin to those used at airports) while those in high-risk premises should consider using a trace detection system where a swab can be taken from the package and analysed in seconds to see if there are any explosives present. Additionally, software can be used with conveyors to aid the detection of liquid explosives. For Sheil it was the height of IRA activity in the 70s and the need for government of the day to deploy equipment to combat the postal threat that helped his company develop a range of cabinet scanners capable of examining a single item or mail bag that helps a user to confirm mail as “safe or suspect”.

Supplier relationships As can be imagined, when it comes to choosing a supplier to help manage a mailroom, there is no one-size fits all solution – every company, site and requirement is different. Griffiths recommends that firms must “pick a supplier wisely and should buy from a distributer that has a direct relationship with the manufacturer and a proven track-record in the sector.” For him, buying into products and service is not simply a matter of cost as there are other factors such as response times for breakdowns, experience and customer base – “research is paramount to ensuring that you chose a secure company.” Allied to this is how

Leasing a screening device over a period of time can massively help in spreading the cost into an affordable payment cycle 18

www.risk-uk.com

the supplier consults with client over the service needs before implementation – “if a potential partner does not offer this then it should set alarm bells ringing,” Griffiths says. Sheil agrees but takes the point further. He says that when choosing a supplier firms should not only look at their history, but also whether they have experience of dealing with similar organisation in the sector, whether they offer a complete solution (from assessment of risk, capability of supplying the correct configuration of scanner, training), and the ability to support the equipment over its life. He puts this last point at the top of the list as ongoing support involves a critical piece of an organisation’s security infrastructure. Support from the right supplier should also include additional advice around image analysis, as well as some of the typical signs associated with a potentially hazardous device. Of course technologies do have to be paid for and the cost of deployment for a given screening solution needs to be evaluated “in the context of major business disruption, or more importantly, the potential risks to employees and visitors,” says Paul. He suggests that suppliers should be able to offer financial options in the form of outright purchases, leasing or rentals. Leasing a screening device over a period of time can massively help in spreading the cost into an affordable payment cycle. Sheil concludes with a lesson that he’s learned over years - that it is worth talking to other organisations that have had to deal with mailroom security to learn what they have implemented and how well it works for them.

EDIT article 15 may14_riskuk_may14 06/05/2014 23:06 Page 1

BSIA comment

Access control – five to watch ast year saw a big rise in integrated systems in the security sector and 2014 looks set to follow this pattern with a number of technologies and trends coming to the fore so what does the future hold for access control?

Near Field Communications (NFC) A technology that has been promising to do big things for some time is Near Field Communications (NFC). Whilst the technology for it has been available for some time, NFC’s success will be determined by the tipping point from the number of enabled mobile devices and the public’s willingness to use them to gain secure access to secure doorways. However the use of NFC has also been spurred on by a number of new compatible stand-alone locks which are especially well suited to access control using a smart device. At the moment NFC is more popular in the consumer market. For example, landlords can send a key to the smartphone of a tenant which can then be activated or revoked as necessary. NFC offers exciting possibilities for securing access and the signs are that the market is poised to increase adoption very soon.

Cloud-based security The adoption of cloud-based security is another area that has gained enormous ground in recent years and looks set to continue vehemently in 2014. It’s fair to say there were concerns over the security of using the cloud voiced by some commentators and potential users when cloudbased access control was first muted. However, these were largely quashed by a wider acceptance of online use of services such as banking or retail, which have demonstrated that using IP needn’t compromise vital security. As well as ease of use and installation, cloudbased services also rapidly roll out updates (which is particularly useful in an emergency situation) and there is no need to store large servers onsite (which could be attacked or hacked directly) – freeing space and resources.

Security integration The momentum of security integration is unlikely to slow in 2014 – in fact it will continue to be a key market driver moving forward. The benefits are unquestionable, with the drive for efficiency savings being the core proposition. It enhances security reaction times – for instance if a door is forced the combined system will sound an alarm, lock-down key areas and direct the security team

to the location of the potential incursion. Integration makes installation and upgrades easier and more cost-effective and it makes full use of legacy and existing systems. There is a massive growth in the use of BACnet protocols as well, which are adding a new level of software integration which is helping to move away from the remaining proprietary software that was once commonplace in the security industry. There has been some debate within the security industry lately about the effectiveness and convenience of using passwords (both for physical to premises and logical access to IT systems). Integrated security systems allow authorised users to minimise the security details they have to memorise and are likely to gain further interest this year because of this advantage. The ability of integrated systems to intelligently provide access also means that workforce management is much easier using integrated security. From managing working hours to activating buildings services only when they are needed (and thus saving energy and resources), integration is providing intelligent solutions that will save real money in 2014.

Biometrics

Mike Sussman, Chairman of the Access Control section for the British Security Industry Association, discusses how 2014 looks set to be a year of evolution rather than revolution

Experience shows that consumer adoption helps to facilitate business use so I would expect biometrics to find even greater popularity in 2014. The quality and accuracy of biometrics have rapidly improved in recent years, moving on from fingerprint readers and now readily incorporating facial recognition (which is very well suited to ‘clean’ areas) and moving towards previously niche and more complicated systems such as palm vein and heartbeat recognition readers.

Security legislation As well as the technology, legislation is moving forward to meet the demands of the security industry. In 2014 we will see the publication of IEC 60839, entitled, ‘Alarm and electronic security systems Electronic access control systems. System and components requirements’ – which aims to update the standard to take into account the latest integrated systems. It is being published at the IEC level (World standard) and also published by BSI as a EN (European) standard. As with all new standards, IEC 60839 will have a profound impact on the security industry in 2014 – pushing providers further towards modern integrated systems and ensuring that they adhere to the developing needs of all customers that rely upon them.

NFC offers exciting possibilities for securing access and the signs are that the market is poised to increase adoption very soon 19

www.risk-uk.com

EDIT article 14 may14_riskuk_may14 06/05/2014 23:05 Page 2

Crossing the line Geny Caloisi looks at security across the transport sector

ecurity at airports, seaports and borders is getting more sophisticated. Providing up to the minute information can greatly improve response times and the functioning of these busy public areas. However, when we hear that a 16-year-old boy managed to scrambled over an airport fence and spent six hours undetected at San Jose airport in the USA, to then stowaway on a flight that took him to Hawaii, we know there is a need for more. All international borders across the globe have to be watchful of the same threats: terrorist attacks, hijacking, the smuggling of prohibited goods between countries and the general safety and security of passengers, staff and luggage or cargo. In fact risks in this area are hardly a new phenomenon. The first recorded sky hijacking was in 1930, by Peruvian activists who commandeered an F-7 airplane and used it to drop propaganda booklets over their country. This might seem gentle when compared to Lockerby or 9/11, but it highlights the need to keep tight security measures. Although airports make the headlines more often, protecting borders and seaports is also important. The threats though are different. Jared Bickenback, a market analyst at HIS, specialised in weapons and contraband detection explains: “For aviation, security personnel are focused on preventing an attack, so passengers and employees are screened for explosives, knives, and guns. For borders and seaports, smuggling is the main focus. This can include explosives but primarily includes contraband, drugs, and tariffed items. Items that have a tariff are routinely smuggled so port companies will use detection equipment to check against a container’s manifest.”

The soft and the hard approach

Peruvian activists who commandeered an F-7 airplane and used it to drop propaganda booklets over their country 20

www.risk-uk.com

A good combination of software and hardware is needed to achieve maximum coverage and best performance. On the soft side, companies like CNL Software, which develops Physical Security Information Management (PSIM) software, are able to provide integrated situation management solution. CNL’s IPSecurityCenter PSIM technology provides a platform to integrate multiple unconnected security applications, systems and devices, controlling them through one comprehensive user interface. It collects and correlates events from existing disparate security devices and

information systems such as CCTV surveillance of crowded passenger areas, access control at storage yards, offshore radar systems, sensors, analytics, and networks, building systems to empower personnel to identify and proactively resolve situations. The way that security operates within a port, and the processes that are put in place are not uniform. Bosch business development manager Thomas Söderlund recalls a special project: “One request we occasionally have is to have different operator levels. If a higher level operator calls for a particular camera, all other operators in lower levels might not be able to view that camera or the associated recording automatically. However, operators can request permission to view the camera. The software solution we provided consists of an extensive user rights management with internal camera switching, and storage mapping.” Danny Peleg, Director of Transportation for Genetec agrees that integrated solutions, such as Genetec Omnicast, not only allows companies to take a holistic approach to their safety and security measures, but it also saves them money. “When you have a security breach in an airport, you have a major problem,” says Peleg. “You have to find the person and fast. Every minute of downtime at an airport in the US costs US$ 25K. The time to recovery is essential. Without an efficient resource mechanism, with an automation process that will lead to the best approach you’ll be in real trouble.” Genetec Omnicast integrates access controls solutions, video analytics, perimeter intrusion and licence plate recognition (LPR) in a unified platform called Security Centre. LPR is a preventative method. The number plates of wanted individuals can be integrated into the system and cars can be screened on the approach to the airport. Peleg adds, “We installed AutoVu LPR at an airport in Florida and within two weeks they were able to intercept a potentially risky vehicle, that was heading to the airport.”

Full stop Preventative measures might not be enough to stop a vehicle that is charging towards a port. Bearing in mind that these vehicles will not necessarily be a small car, you will need an effective barrier solution. Neil Sampson, Green Gate Access Systems MD points out, “The new PAS68 standard, which is an impact test specifications for vehicle security barriers, reflects the growing concern that a terrorist attack is a serious threat and, should it ever occur, it may well be from a large

EDIT article 14 may14_riskuk_may14 06/05/2014 23:05 Page 3

Transport security

vehicle travelling at speed. The attempted impacts at Glasgow airport were a poignant reminder that can happen anywhere.” Sampson also says that the new trend in this area is to move away from the traditional one pump unit per bollard install, to instead having individually controlled units. This provides the benefit that should one unit in a row of security fail, the others are still able to give protection.

Scan and go Whilst an airport is mainly focussed on securing the staff and passengers that walk through the doors and screening baggage, a Seaport or Border Control area is focussed on screening vehicles and associated cargo. In these cases, proximity scanners and detectors are used. Flir Systems’ Andrew Saxton, director of marketing surveillance, believes that thermal imaging is a game-changer technology because of its capacity to deliver accurate threat information any time of day or night. Another specialist in security inspection solutions utilising X-ray and gamma-ray imaging is Rapiscan. The company’s products are sold into four market segments: baggage and parcel inspection, cargo and vehicle Inspection, hold baggage screening and people screening. The buzzword in this area is ‘Real Time Tomography’ (RTT). Traditionally an X-ray scan and low speed Computed Tomography (CT) screening solutions were sufficient. Today, with larger than ever numbers of travellers, speed is essential. Frederic Brouiller, Vice President Sales EMEA, Rapiscan Systems comments: “As the threats have developed so has the technology and airports are now looking to the next generation of screening.” For airports looking to screen handheld baggage and meet the latest requirements for the restriction of ‘Liquids, Aerosols and Gels’ (LAGs) ECAC Rapiscan, has certified a number of technologies. “In the cargo and border security market the need for advanced radiation and nuclear detection capabilities is gaining momentum,” says Brouiller. “With currently less than 50 ports using Rad-Nuke technology, it is down to some of the larger economies such as the UK, US, Brazil and Australia, for example, to lead the way in securing their international ports. There is also a demand from authorities to have the equipment in a ‘Security Screening as a Service’ business model.”

Law down Regulations for international transportation are being reviewed as we speak. Initiatives such as

the US “Beyond the Border” program for perimeter security between the US and Canada are designed to support agencies with the complex task of securing national perimeters. Europe is also uniting in matters of security. Brouiller comments: “As of the 1st July 2014, the EU requires by law that all air cargo or mail carriers operating into the Union from any third country airport (ACC3s) ensure that an EU aviation security validation of its cargo and mail operations has been carried out by an approved EU aviation security validator. “Also from 1 July 2014, air cargo security screening needs to take place using equipment that meets EU standards. All necessary validations, including on-site visits, need to be completed before 1 July 2014 in order for air carriers to obtain the ACC3 status and carry cargo or mail into the EU. Further regulations include a change to the European regulations for hold baggage screening as of September 2014, when all European airports will need to have Standard 3 certified equipment if they want to install a new Hold Baggage Screening (HBS) system.” A global approach, including international agreements about how to deal with security issues, is fundamental to the good functioning of tourism travel and general business. But government funding is needed. IHS’ latest report on the explosives, weapons and contraband detection equipment market, says that sales of explosives detection equipment are projected to decline by 10.6 per cent in North America and 13 per cent in Europe, resulting in governments focusing on risk based security measures instead of taking a holistic approach. According to our experts, security solutions should be proactive instead of reactive.

As the threats have developed so has the technology and airports are now looking to the next generation of screening

www.risk-uk.com

Project2_Layout 1 22/03/2014 11:46 Page 1

touchpoint just got a lot more rewarding

Eatonâ&#x20AC;&#x2122;s industry leading touchpoint membership programme is now bigger and better. Whether youâ&#x20AC;&#x2122;re an existing touchpoint member or want to join, find out more. Get more than just intruder detection, expect more with touchpoint. Get unrivalled technical support, online materials and rewards.

www.touchpoint-online.com

EDIT article 4 may14_riskuk_may14 06/05/2014 17:36 Page 1

Transport security

ecent statistics from the Home Office revealed that between January 2012 and June 2013, four of the top 10 UK crime hot spots were major railway stations; Manchester Piccadilly (1,508 incidents), London Victoria (1,483), Kings Cross (1,322) and Euston (1,283). Set alongside a close-to-10 per cent increase in rail passenger theft between April 2012 and March 2013, the figures suggest the UK’s railway stations remain a top target for thieves. So where can security managers on the UK’s rail network turn to for inspiration to combat the ever-present threat of crime? The answer is airports. International airports have invested heavily in solutions and strategies designed to better protect their passengers, assets and cargo. What is more, there are strong parallels between airports and railway stations beyond the fact that both serve as transport hubs. In this article, we will explore some of those parallels and examine the best practice – systems, processes and approaches - that can be leveraged by UK railways for the safety of all of us. Both airports and railway stations are some of the world’s busiest and most congested spaces. Picture the departure lounge at international airports during the summer holiday season with thousands of people and their luggage in one, relatively small space. Equally, walk through major railway stations on a Friday night in rush hour and the sheer number of people is overwhelming. Airports approach this in an innovative way, deliberately adopting a strategy that enables security managers to prevent scenarios from turning into incidents rather than just reacting to events after the fact. Imagine that a passenger leaves a bag in one of the terminals and walks off; technologies such as video analytics help security staff to spot the suspicious behaviour in a busy crowd and pre-empt a potential problem. In addition, by integrating cameras together into a single unified view – using a video management system – it’s much easier to spot a person behaving in an unusual way and quickly guide the security personnel to the source of the trouble. This proactive approach to managing situations should serve as an inspiration to railways. Another commonality is that both transport networks never stop their operations and therefore, their security systems must perform to the highest standard both day and night. Continuing to operate without interruption, whatever the circumstances are and even following an incident, is key. Take for example when an airport suffers a power outage affecting the operational

From planes to trains systems at the terminal. This failure can cause major flight delays and chaos at the terminal, with big crowds moving around the building, demanding information about their flights. In this type of scenario, security is more important than ever. So how do airports ensure they deliver a 24/7/365 security solution that runs smoothly even in extreme circumstances? The answer is integrated security systems that are designed with automatic fail-over to backup systems so that in the event of a power failure or a security risk, site security is immediately picked up and controlled by a secondary security site. Like airports, railway stations can also be affected by adverse conditions outside of their control – severe weather, flooding or fire – that disrupt critical operational systems and put thousands of passengers at risk. Investing in back-up security solutions – like those used in the airport sector – will give security managers at railways stations the peace of mind that comes from knowing their system can stand up to the toughest conditions and ensure security is maintained on site. Airports and railway stations both have different contractors – cleaners, maintenance, shop staff, engineers, train operators – with access to sensitive areas of the facilities. Airports are managing their staff with state-ofthe-art access control functionality and integration with HR and building management systems ensuring that no unauthorised personnel can access restricted areas. These systems are linked to payroll and as soon as a member of staff leaves or a contractor stops working for the organisation, their physical access credentials are updated simultaneously ensuring access rights are accurate at all times. Additionally, full integration between the HR and security departments makes staff registration seamless, saves time for both security operators and HR staff, while eliminating administrative errors. This ability to integrate both systems will help railway networks to manage their budgets, usually smaller than in airports, more effectively and to spread security more widely and wisely across their estate.

What can our railways learn from airport security? asks Daniel Wan, marketing leader UK, Honeywell Security Group

Outside the terminal The value of assets in vehicle parks and storage yards in both airports and rail stations has increased substantially over the last few years, especially as metal prices have soared. These

www.risk-uk.com

EDIT article 4 may14_riskuk_may14 06/05/2014 17:36 Page 2

Transport security

sites can often be remote, with large perimeters, and even temporary sites, making them very vulnerable to theft. Security officials at airports around the world need to deliver powerful intrusion detection systems that secure their site perimeters and provide electronic access control, and supply integrated video assessment solutions for unmatched site protection. Security manufacturers like Honeywell Security can provide solutions, incorporating radar and video analytics to protect large perimeters and are also able to provide solutions that can be used to remotely monitor and manage sites that are either permanent or temporary. In addition, where the welfare of lone workers is a concern, new security solutions can integrate with third party systems to monitor their activity and flag a problem if a worker presses the emergency alert. Not only are airports dedicated to transporting people and cargo around the world, they are morphing into highly sophisticated retail outlets in their own right. Many high end retailers boast a presence in major airport terminals. This has encouraged retail security managers to invest in a range of new technologies designed to reduce theft and shrinkage such as video analytics, point-of-sale alerts and other integrated security

solutions. Similarly, large rail stations have â&#x20AC;&#x201C; particularly in the last decade â&#x20AC;&#x201C; started to grow as commercial centres in addition to transport hubs. Although the profile of the retailer is slightly different, with high end retailers replaced by chain shops and restaurants, the same challenges still exist. How can railway security staff help to protect against theft in order to attract more retail partners and boost investment? Again, borrowing strategies from the airports will help here too, specifically investing in video and access solutions optimised for a retail customer.

Conclusion An effective transport security system needs to embrace flexibility, risk management and preemptive deterrence. Some of the sophisticated systems mentioned above can be perceived as premium technology and security managers at other transport sectors might face challenges in justifying the investment. However, prevention is almost always cheaper than cure. By taking a hands-on approach to understanding the needs of each facility, managers can provide quick returns by avoiding loss and damage. Airports are an excellent model to follow.

EDIT article 12 may14_riskuk_may14 06/05/2014 23:04 Page 1

Energy costs

Energy efficiency for good health odern organisations have many considerations and responsibilities to their customers, government and law but in recent times the implementation of ‘green’ policies has taken a new turn. In the past, companies were not restricted by environmental issues, nor were they compulsory requirements and, as a result, some organisations used being environmentally-friendly as a marketing message. Today however, with the widespread concerns regarding climate change, governments around the world have deemed it necessary to include regulations and legislation as to the performance of business in terms of their environmental impact, which is now often referred to as the carbon footprint. Since the first G8 Climate Change Roundtable in 2005 when former PM Tony Blair led a discussion regarding a global plan of action the group has grown to include companies such as Ford, British Airways, HSBC, EDF and BP. Now, the Roundtable has a membership of 150 businesses spread across the globe which, according to Reuters, Friends of the Earth feels represents a major shift by the business community towards efforts to mitigate climate change. So with the seeming keenness of the business community to do something about its carbon footprint and the promises made by governments to reduce carbon emissions ( the UK government introduced carbon budgets as part of the Climate Change Act 2008 to help the UK reduce greenhouse gas emissions by at least 80% by 2050) legislation has become necessary.

The CRC The UK carbon budget places a restriction on the total amount of greenhouse gases the UK can emit over a five-year period. Under a system of carbon budgets, every tonne of greenhouse gases emitted between now and 2050 will count. Where emissions rise in one sector, the UK will have to achieve corresponding falls in another. The CRC affects large public and private sector organisations across the UK, together responsible for around 10% of the UK’s greenhouse gas emissions. Participants include supermarkets, water companies, banks, local authorities and all central government departments. The scheme is designed to target emissions not already covered by Climate Change Agreements (CCAs) and the EU Emissions Trading System (EU ETS) and features a range of drivers to encourage organisations to develop energy management strategies that promote a better

understanding of energy usage. Organisations that meet the qualification criteria are required to participate, and must buy allowances for every tonne of carbon they emit. Qualification for the scheme is based on electricity usage. For Phase 2, organisations will qualify if, during the qualification year, they consumed over 6,000 megawatt-hours (MWh) of qualifying electricity through settled half-hourly meters. Qualifying organisations have to comply legally with the scheme or face financial and other penalties. Organisations which participate within the CRC are required to monitor their energy use, and report their energy supplies annually. The Environment Agency’s reporting system applies emissions factors to calculate participants’ carbon dioxide (CO2) emissions on the basis of this information. Participants must purchase and surrender allowances to offset their emissions. Allowances can either be bought at annual fixedprice sales, or traded on the secondary market. One allowance must be surrendered for each tonne of CO2 emitted. The allowance price in Phase 1 has been set at £12 per tonne of CO2. Fines for failing to report on annual emissions could increase. Currently organisations are fined a one-off payment of £5,000; paying a further £500 for each subsequent day reports are delayed, up to a maximum of 40 working days or £20,000 so there is quite a financial motive for compliance as well as the environmental factor.

The CRC Energy Efficiency Scheme (or CRC Scheme) is designed to improve energy efficiency and cut emissions in large public and private sector organisations and it could result in fines for organisations that don’t change their ways

What can you do? So you are in charge of fire and security protection at a large hospital. You have a constant flow of people entering and leaving the site and a host of potential risks to deal with. How can you possibly begin to consider the hospital’s carbon footprint? And how much will it cost to follow the legislation? A report by CMR Consultants recommends developing a carbon management strategy, budget for the energy consumption allowances fees, and investigate the most effective ways of introducing energy-saving measures. You might think that energy-saving measures are not possible for 24/7 fire and security systems, however there are simple alternatives that you could specify that will help you avoid CRC fines. In such cases it would certainly prove prudent to look at alternative forms of power supply such as switched mode technology, already providing savings for various sectors of the market. The CRC is all about savings, however not meeting its targets will end up losing you money.

For further reading visit: www.gov.uk/government/policies

www.risk-uk.com

EDIT dycon may14_riskuk_may14 06/05/2014 23:24 Page 2

Power supply

Advertisement feature

Saving with switch mode While most security equipment can boast low consumption figures, the sheer number of devices in systems particularly those in large premises such as hospitals means that a lot of power can be wasted. Here we talk about energy efficient PSUs and how they can save money and reduce a carbon footprint he recently introduced CRC Energy Efficiency Scheme from the UK Government has seen the profile of the green debate raised significantly especially in the industrial, commercial and healthcare sectors. These business sectors know the problems associated with high power costs but also the requirement for 24/7 security and the stresses of working with stretched budgets. A hospital for example has its patients, doctors, nurses, suppliers and visitors to take care of, all in the face of NHS cuts, plus has the need for constant protection. Throwing environmental performance into the mix could be another headache. The result of the CRC has been an increased emphasis on a reduced carbon footprint, and one area that many business and individuals are keen to see addressed is that of energy wastage, especially in the face of potential fines for not meeting the required targets. Traditionally, energy wastage from low consumption devices such as security equipment has not been high on the agenda. Many will look at the figures for individual devices and consider the meagre savings as not being too important. However, that attitude is changing as businesses look to each and every aspect of their operations to make a contribution. Whilst many low power security devices might have low levels of wastage, typical systems include dozens -maybe hundreds of such devices. Considered as a whole, the energy wastage from electronic security systems is something that end users are now taking very seriously. Indeed, many businesses have increased their budgets to achieve energy reduction targets, and so can usually make

Tel 01443 471060 www.dyconsecurity.com

“Switch mode units are generally considered to be up to 90 per cent efficient, whilst linear supplies can be as little as 25 per cent efficient” 26

www.risk-uk.com

more funding available if a specific solution reduces the company’s overall carbon footprint. Increasingly, security/fire installers are aware of switch mode power supplies. Across a wide range of industries, these devices are gaining popularity, and in the near future many expect to see traditional linear power supplies disappear altogether. Manufacturers of power supplies are shifting to the improved technology and the main driver for this is customer demand! Switch mode power supplies work by utilising a switching regulator to convert power. A switch mode supply switches between ‘on’ and ‘off’ states, and the output voltage is regulated by the frequency of the ‘on’ and ‘off’ periods. This is why switch mode units have superior efficiency performance. The more traditional linear power supplies regulate voltage output by dissipating energy, typically as heat. Not only is this inefficient, but in certain circumstances can also demand additional power for the overall system as cooling may be required. According to Tony Allen of Dycon: “Switch mode units are generally considered to be up to 90 per cent efficient, whilst linear supplies can be as little as 25 per cent efficient- dependent upon the voltage regulation.” While the higher efficiency performance is the most often quoted advantage of switch mode power supplies, there are also other benefits. Because of the reduced heat dissipation, there is no need for heat sinks, so switch mode units are often smaller and lighter than equivalent linear options. “Switch mode units are also able to better cope with input variances and thus provide a more consistent output,” says Tony. “This can have the additional benefit of prolonging equipment life in the field as well as making batteries more efficient in terms of performance and longevity.” So for the healthcare operator that has to weigh up not only the cost vs risk scenario when it comes to purchasing new equipment, there is obviously the thought of how much more are these PSUs going to cost to have fitted compared to the potential problems you could have from not meeting CRC targets. The good news is that a professional grade switch mode power supply costs roughly the same as a less efficient linear mode unit, thus allaying any concerns about budgets and expense. Whether you have intruder alarm, fire detection, CCTV, access control or peripheral electronic solutions at your premises, it’s time that you switched to switch mode power supplies to help meet CRC requirements; it could make all the difference in efficiency and costs.

EDIT article 11 and 18 may14_riskuk_may14 06/05/2014 23:30 Page 1

IFSEC/Firex

IFSEC International moves to ExCeL London this year. In this first part of our preview we look at event and a flavour of what the show has to offer from 17–19th June ith the show taking place at its new home in London in 2014, IFSEC International’s organisers are hoping that the event will be bigger and better than ever before. The show relocation has received a £1million investment dedicated to ensuring that visitors experience an interactive and spectacular show. With more than 94 per cent of the floor plan reportedly already sold for the 2014 show indicate the demand from exhibitors to showcase technology at the event. In addition to 500 returning exhibitors, more than 93 businesses have signed up to IFSEC International based on the event relocating to London after previously being absent from the 2013 show. Exhibitors returning exclusively for the London move include: Pyronix, March Networks, SimonsVoss, UniView, CCTV Direct, Security Dynamics, EVVA, Tecnoalarm, HKC and Blok n Mesh. We will look at some of the new product launches and service offerings in next month’s edition of PSI. Confirming support for IFSEC International 2014 moving to London, Julie Kenny CBE DL, Chairman and CEO, Pyronix said: “This is the first time we have exhibited at IFSEC International in five years and the exhibition’s move to London is a key reason for returning. We’re using this as a big platform to launch a range of new products to the market and we’re really looking forward to it. London will also give us the opportunity to see more end-users and specifiers at the show and we’re looking forward to welcoming those visitors too.” James Kelly, Chief Executive, BSIA commented: “The BSIA is a long term and proud supporter of IFSEC International. We recognise this as the focal point for the industry to gather and learn about the latest developments. Now the show is taking place in London, this will present a new opportunity for the security industry and we expect to see an even broader audience attending which will help to promote best practice within the industry. We are hugely excited for the event in June, BSIA members identify IFSEC International as the leading event in the security calendar and we’re looking forward to seeing the industry coming together.” In addition to the exhibition itself there will be dedicated theatres for end-user and trade

London awaits...

education plus, case studies and nine dedicated product areas. Brand new for 2014, Security & Fire Installer Live will be a dedicated installer offering catering for security and fire installation companies; this will be the destination to source the latest tools, products and experience insightful training sessions.

Security and Fire Installer Live There is a new feature launching in 2014, Security and Fire Installer Live, a dedicated event held within IFSEC International that has been designed to suit the business needs of installers. As Charlie Cracknell, Event Director IFSEC International, explains: “Over 70 per cent of IFSEC and FIREX’s annual audience is made up of installers and integrators, totalling thousands of active and engaged of security and fire professionals within a community. As a vital link in the security buying chain, the IFSEC & FIREX International teams continuously engage with the market and leading industry partners building an in-depth understanding of what installers and integrators really want and need to help run their business. The Security & Fire Installer Live programme will build upon all these elements from across our 40 year heritage and deliver effective solutions that the market needs.” The “Meet The Buyer” programme will connect installers with active buyers and

In addition to 500 returning exhibitors, more than 93 businesses have signed up to IFSEC International based on the event relocating to London 27

www.risk-uk.com

EDIT article 11 and 18 may14_riskuk_may14 06/05/2014 23:30 Page 2

IFSEC/Firex

The event education offering has been developed to ensure it has the speakers, the content and the expertise that is really needed by the industry professionals with tenders and live projects and the Live Party – is set to be an event for networking and connections with 1,500 of peers and suppliers. And there is also The Networking Bar where installers can network, take a break and catch-up with work and colleagues. THERE WILL ALSO BE A DEDICATED EDUCATION PROGRAMME FOR INSTALLERS OFFERING: • End User market buying trends, including updates on client demands, needs and price points • Live product demos from the leading industry providers • The plug and play zone giving the opportunity to test and touch the latest kit live at the events • Thinking IP and Fire, starting out or growing? Installers can connect with information from the leading trainers, specialists and to help future proof and build business • Access to manufacturer technical product specialists • Regulation, legislation and insurance One of the most popular areas is bound to be the ‘Garage & Tool Shed’ with big brand giveaways and access the latest fleet vehicles, financing, tools and kit.

Show areas The UK apprentice and young engineers challenge 2014, titled ‘Engineers of Tomorrow’, provides installers and young engineers with a stage to compete with their peers and represent their company

www.risk-uk.com

As any visitor to a previous IFSEC will tell you, there is a lot to see at the event so the show has been divided up into nine specific areas, these are: Safe Cities - Discovering how to protect vital international cities and hubs from attack, with a

key focus on business continuity and resilience, this area will showcase companies and industry pioneers who have the expertise, experience and knowledge to guide governments and industry to plan for the protection of their cities. Intelligent Buildings - This area will create a combined fire and security area for both events, focusing on the common area of systems integration and convergence. Unlike other features, it is not a showcase of new products, it’s about holistic solutions. In a nutshell, Intelligent Buildings – Fire & Security opens up opportunities for inter-operability and information sharing between fire, security, IT, data and building management systems. IT & Cyber Security - Threats from cyber and IT crime are increasingly important for businesses. When companies, governments and individuals rely on the internet for their day-to-day business, it’s key to protect businesses and assets. With dedicated providers helping businesses and governments to build their IT and cyber security strategy with the latest solutions and technology, and with dedicated education session, visitors will find everything they need to know about IT and cyber security here. Video Surveillance & Intruder Alarms Covering all aspects of video surveillance and intruder alarms, this dedicated product area will feature the latest products and services in the industry, including video surveillance, central control rooms, and the innovations with high definition technology. Other products on display include ANPR, IP cameras, remote surveillance, thermal imaging, video analytics, intruder alarm systems, detectors, keypads and control panels to protect perimeters from outside threats. Integrated Security - To have an efficient and effective security system, it is essential to ensure that systems are integrated. At IFSEC there will be a focus on how to ensure systems are integrated, so that each product doesn’t work in isolation. This purpose built area will provide access to providers whose job it is to ensure that each area of security is integrated and managed effectively. Access Control - Securing assets is a major focus for international businesses and collaborative efforts between security and IT managers are more and more commonplace when it comes to protecting both buildings and the equipment within them. Key to this is access control. Driven by rising concerns over public and private sector safety, the access control market is set to be worth $8.6 billion by 2018. Perimeter Protection & Physical Security Due to the heightened threat in today’s world,

Project1_Layout 1 28/04/2014 11:58 Page 1

Our focus is taking HD quality to the extremes.

Curious? How to get the highest quality of IP video surveillance images everywhere, especially in areas with excessive moisture and dust? Our focus is surveillance under extreme weather conditions (-60ยบC to +60ยบC). To enhance safety and security in these challenging environments, Bosch now offers new ruggedized pan-tilt-zoom cameras. To find out more, visit us at IFSEC, Stand F700, 17-19 June, ExCel, London.

EDIT article 11 and 18 may14_riskuk_may14 06/05/2014 23:31 Page 4

the importance of protecting property and assets is paramount to all security strategies. The Physical Security area allows visitors to see a range of products in physical security, such as perimeter protection, locking systems, safes and more. With increased security threats from terrorism, the need to protect business from external threats has never been greater.

IFSEC Academy The event education offering has been developed to ensure it has the speakers, the content and the expertise that is really needed by the industry. The IFSEC Academy offers access to the best free education from webinars to white papers, seminars to keynotes. There will be a range of theatres covering issues such as counter terror, applications of technology across integrated security, IP security, intelligent buildings, access control and biometrics, video surveillance and physical security plus sessions tailored specially for security professionals within different sectors and global regions. Working closely with the Security Institute and ASIS, CPD and CPE points will be available for attending IFSEC Academy sessions! THEATRES INCLUDE: • ipAssured Education Zone - specialist IP training and education, in association with Anixter and aimed at both trade visitors and security professionals • Smart Buildings Theatre - taking a holistic approach to security, fire, IT, data management and business solutions • Convergence Solutions Theatre - showcasing the latest technologies and solutions available for applications today across a variety of disciplines and covering three core themes: safe cities, protecting transport & critical infrastructure, and future control room technologies • Tavcom Training Theatre - bespoke training from training provider Tavcom, on CCTV, IP, access control and more • IFSEC Global.com Centre Stage - looking at the key issues and trends defining the future of security • Risk and Security Management Theatre - real case studies, panel debates, interactive Q&As and more. Security professionals can earn CPD and CPE points while learning from industry experts and their peers in themed sessions

• Safe Cities - The need for global city hubs (London being the major contributor to UK plc) to future proof, upgrade and plan has never been greater with collaboration from global business leaders, mayor’s office, first responders and local and central government. Safe Cities utilise a multi-agency approach, led by the government to protect the population, the infrastructure and a city’s economy against the threat of terrorism, criminal activity and natural disasters.

Engineers of Tomorrow The UK apprentice and young engineers challenge 2014, titled ‘Engineers of Tomorrow’, celebrates its 14th year at IFSEC International this year. The competition, with a first prize of £1000, provides installers and young engineers with a stage to compete with their peers and represent their company. The Engineers of Tomorrow is sponsored by CSL Dualcom and supported by associations Skills for Security, NSI and the SSAIB with equipment supplied by Texecom and RISCO. The competition offers young engineers the exclusive opportunity to show the industry what they’re made of. Competitors undertake a 90-minute assessment, assessing a previously installed intruder alarm system, identify the faults, recommission the system and finish with any additional security and safety measures. Each entrant is assessed by a panel of judges from the security inspectorates, training and commercial organisations, and points are allocated based on performance in the various disciplines.

The UK apprentice and young engineers challenge 2014, titled ‘Engineers of Tomorrow’, celebrates its 14th year at IFSEC International this year 30

www.risk-uk.com

EDIT article 11 and 18 may14_riskuk_may14 06/05/2014 23:31 Page 5

IFSEC/Firex

New venue, new attractions Bosch Security Systems

IDIS IDIS has announced plans to introduce an array of new products to its DirectIP solution suite at this year’s event. The proposition encompasses a range of Ultra-High Definition (UHD) and fullHD monitors, designed and manufactured specifically for security applications to extend the IDIS single source offering, while new 4k cameras will expand the signature highperformance of the DirectIP line up. With four times the resolution and pixels of full-HD, visitors to IFSEC will experience unsurpassed picture quality in 4K resolution and the one-stop-shop surveillance solution. Presented across dynamic solution zones, the IDIS team will take visitors through each zone, demonstrating how DirectIP delivers benefits across the security buying chain, from distributors, installers, and integrators through to end user customers. The DirectIP zones will encompass a range of applications for commercial buildings, retail, finance, gaming, and logistics sectors.

Visitors to the Bosch stand will be taken on a technology “journey” through the lens showing what is new in the world of video technology such as the Bosch 4K ultra HD camera for enhanced safety and security. Users will benefit from superior identification capabilities during live viewing and in retrospective analysis, even when moving objects and challenging lighting pervade the scene. The DINION IP ultra 8000 MP from Bosch makes 4K ultra HD relevant for video surveillance, displaying every detail while reducing bit rates, network strain and storage costs. Bosch will also exhibit Dynamic Transcoding technology for smooth live video streaming and HD image playback within limited network connections. By simply adding a transcoder or storage solution from Bosch, integrators can give customers the ability to view HD images on iOS mobile devices or remote PCs with outstanding image quality. Combined with the Bosch Video Security app, users have a solution for full access and control of their HD cameras from anywhere at any time.

As we’ve already reported in this edition, the IFSEC and Firex events are at a new venue for 2014, but this will not be the only new aspect of the three days. Here we highlight just a few of the new products and services that will be exhibited from 17-19th June. More next month…

IFSEC Stand F700

IFSEC Stand G700

Hochiki Europe At Firex, Hochiki will be demonstrating a working preview of its FIREscape+ emergency lighting system which integrates addressable fire detection and emergency lighting technology to provide an intelligent wayfinding solution that represents a step-change in how people safely evacuate buildings. A traditional emergency lighting system does not allow signs to be ‘shut off’, which can direct people into the path of danger. FIREscape+ addresses this by identifying where in the building the fire is taking place and communicates the safest route. Visitors to the Hochiki stand will also see working examples of both EN and UL approved fire control panels that make up the HFP fire detection system offering. HFP utilises

Hochiki’s Enhanced Systems Protocol (ESP), a communication language which is practically noise-immune, negating false alarms and reportedly providing one of the most robust systems available. The HFP range includes Hochiki’s latest generation of smoke sensors which feature the company’s High Performance Chamber Technology. The design of the optical chamber in these products minimises the differences in sensitivity experienced in flaming and smouldering fires, helping reduce false alarms. Firex Stand Q600

www.risk-uk.com

EDIT article 11 and 18 may14_riskuk_may14 06/05/2014 23:31 Page 6

IFSEC/Firex

Traka

WAGNER Visitors to WAGNER’s stand at this year’s Firex International will be able to experience at first hand fire protection products and solutions designed for the most demanding applications. Protecting high-value assets, ensuring business continuity and enabling zero-downtime are key features of WAGNER’s solutions - OxyReduct fire prevention and the Titanus family of air sampling smoke detection systems. OxyReduct creates an environment where fires cannot start, by continuously reducing the oxygen level in a closed room through adding nitrogen to the air. The oxygen is reduced to a level in which most combustibles do not inflame and an open fire is impossible. Importantly, people can enter and work in the protected area at any time. Unlike traditional fire protection technologies, OxyReduct ensures that valuable assets or equipment will not be damaged by smoke or water/gas from extinguishing systems. Providing very early warning of smoke provides a critical advantage for building users, enabling them to react decisively before a fire takes hold and causes significant damage. The TITANUS range of air sampling smoke detection systems offers features that ensure early detection for the whole spectrum of possible fires. Firex Stand P400

EVVA EVVA will be represented at IFSEC for the first time. Increasing awareness in export markets and the high market potential of the new electronic locking systems by EVVA are reasons for participating at IFSEC. The Xesar and AirKey are the main focus of the stand. Xesar offers companies a host of products and application options as well as timeless design. Xesar scores high with a simple installation, free Xesar software and EVVA KeyCredits. AirKey turns NFC-compatible smartphones as well as identification media into keys. The system does not require its own IT infrastructure. IFSEC Stand D1900

www.risk-uk.com

Traka will be offering visitors an opportunity to preview the Traka21 plug and play unit, which will be ready for serial delivery starting in the fourth quarter this year. Traka21 is a key management solution in a plug and play unit, designed for the needs of small to medium sized businesses. The system allows stand-alone operation, so there is no need to connect to a PC. However, users can still access basic reports on the screen and can set up PIN codes to allow access to designated keys. Jointly available with the release of the Traka21 will be a new single use security seal developed by Traka to be employed without the need for a specialised tool. The unit also enables users to import user access rights and export audit data via USB thumb drive connectivity. Tanveer Choudhry, Global Marketing Manager for Traka, said, “As security solutions grow in sophistication, physical keys are becoming the weak link when it comes to traceability and accountability. Not all businesses will have a need to install one of the larger Traka systems, but they will still require a robust key management solution to ensure that the weak link does not jeopardise the overall security of the operation.” IFSEC Stand D1700

Vimpex The newly developed Vimpex VAD23 range of Visual Alarm Devices combines aesthetics with design. The detector base-mounted three-way platform sounder/beacon offers one point of installation for those requiring an EN 54 Part 23 compliant beacon and unambiguous voice messaging or multi-tone sounder. A wall mounted Banshee Excel sounder/beacon, a wall mounted beacon and a ceiling beacon complete the VAD23 range. The Fire-Cryer range has been further developed to include EN 54 Part 3 compliant products. Also on show will be the Implaser line of photoluminescent life safety signage. Featuring brightness levels reported to be many more times than required by the Standards, the Implaser line is ideal for safety signage in areas such as public buildings, tunnels and escape ways. Visitors can experience the performance of Implaser’s signs by visiting the specially constructed display tunnel on the stand. Firex Stand P850

EDIT article 7 may14_riskuk_may14 06/05/2014 22:57 Page 1

BSIA comment

UK security on the world stage ith the world market for fire protection and security valued at around £176.8bn, raising awareness in overseas markets of the quality of UK products and services is a key function of the British Security Industry Association (BSIA), the trade association representing the UK’s private security industry, and in particular its Export Council, a dedicated forum for BSIA member companies who are focused on extending their local business to overseas markets. In a challenging economic climate, an increasing number of UK companies are turning to export to strengthen revenue, with members of the British Security Industry Association’s Export Council receiving an extra boost through the Association’s organisation of UK pavilions at overseas exhibitions, which play a vital role in forging productive trade links between UK security companies and overseas buyers from around the world. Estimates by the Office of National Statistics indicated that UK exports to non-EU countries increased by £15.7 billion between 2010 and 2011, with the weakening of the pound against other currencies enabling UK products to compete more effectively against their overseas counterparts. Indeed, exporting is often seen as the key to economic recovery, meaning that more and more UK companies, including those operating in the security sector will be looking further afield for business opportunities in the future. Despite all of the potential benefits, however, exporting can be challenging for businesses, both in terms of the initial start-up and in expansion into new markets. Challenges that are often faced by UK companies include overcoming the language barrier, as well as understanding legal and cultural differences between countries. Support from organisations such as UK Trade and Investment (UKTI) and the BSIA can prove to be invaluable in both cases. One of the services currently offered by the BSIA is the organisation of UK Pavilions at overseas events. Here, UK security exporters promote their products and services alongside each other at a reduced cost, enabling them to share expertise while receiving support and guidance from the BSIA. John Davies, whose company, TDSi, regularly attends overseas exhibitions, comments: “Overseas trade shows such as IFSEC’s international counterparts, Security Essen, MIPS Russia and Intersec Dubai are essential in helping BSIA Export Council members forge

links with overseas companies, and BSIA members’ attendance of such events has shown no sign of slowing down.” Tom Sharrard, whose company, IDL, has successfully exhibited at many BSIA overseas pavilions over the years, comments: “I would recommend the BSIA overseas pavilions to any security company that is entering a new overseas market or anyone new to exporting. BSIA takes care of a lot of the organisational aspects, including the shipping, and makes the whole experience far less daunting. Also, there is the support and advice from other UK companies in the Pavilion. Another major advantage is that the BSIA can often secure a better location in the exhibition than individual companies would be able to.” Also playing a major role in facilitating access to overseas events is UKTI’s Tradeshow Access Programme (TAP) scheme, which now offers increased grants of £3,000 per company to support their attendance of overseas events. Last year, TAP funding enabled ten BSIA member companies to attend IFSEC South East Asia and IFSEC Istanbul, which took place in September and October. Mike Parry, International Sales Manager for Security at Remsdaq , and winner of the BSIA Chairman’s Award for Exporting in 2011, adds: “Remsdaq have attended events in USA, Europe, Asia, Africa and the Middle East under the UK banner. The main reason for us attending in this way is the partial funding that’s often available, which makes these events far more attractive in that we can at least do more of them.” Mark Tibbenham, Managing Director of GJD, also a BSIA member, concludes: “I cannot speak highly enough of the professional organisation and the fantastic image the UK Pavilion provided for UK exhibitors. BSIA representatives are always on hand to help with absolutely anything at all. The freight movements in and out are always very well coordinated and organised. “Certainly, there is a real sense of pride when being on a themed pavilion with other UK companies. Above all else, we definitely get value for money!” The overseas pavilions organised by the BSIA are not solely open to BSIA members, but to all security companies keen on gaining a more secure foothold in export markets.

The BSIA’s Amanda Caton explains the value of overseas events in boosting the UK security sector’s profile

Despite all of the potential benefits exporting can be challenging for businesses, both in terms of the initial start-up and in expansion into new markets 33 www.risk-uk.com

Project1_Layout 1 06/05/2014 17:16 Page 1

Upgrade to IP signalling

WebWay unique encryption

*VZ[ LÉ&#x2C6;LJ[P]L solutions

Designed, manufactured and supported in the UK

Intelligent GPRS roaming for a reliable back up

We engineer peace of mind into everything we do Request WebWay from your security provider

01635 231500 sales@webwayone.co.uk

WebWayOne Ltd Trusted Signalling Experts

www.webwayone.co.uk

Reduced keyholder callout

EDIT article 2 may14_riskuk_may14 06/05/2014 17:33 Page 1

Power over Ethernet

recent Home Office report, the Commercial Victimisation Survey (CVS), found that commercial businesses in the UK experienced some 6.8 million thefts in one year alone. The problem is even more pronounced for wholesale and retail, with these sectors the most targeted by thefts; there are around 19,701 security incidents per 1,000 shops, which are primarily shoplifting. With statistics of this kind, it’s no wonder that companies are looking to tighten security. CCTV surveillance becomes a critical element of these strategies, as retailers and other businesses look to protect their stock, staff and customers. Another report published by the British Security Industry Association (BSIA) paints a positive picture in terms of how organisations and retailers are stepping up to this security challenge, estimating there are now between 4 million and 5.9 million CCTV cameras in the UK. This figure is only set to grow, as technology advances and the related costs start to reduce and make these systems more accessible.

Moving from analogue to IP The use of analogue cameras is dwindling and the market is moving towards IP cameras that are capable of sending and receiving data via a computer network. The technology behind CCTV is changing, and this means even independent shops have the opportunity to push towards IPled CCTV systems. It presents a big opportunity for security installers, who will see a shift in emphasis from simple video footage monitoring to providing intelligent systems that offer advanced video analytics that can spot abnormal patterns of behaviour.

Differentiating in an IP-led CCTV world Unlike analogue systems, IP surveillance is focused on the network rather than the camera. The network becomes the heart of the installation, with the cameras and security software an extension of that core. This means that your focus as an installer needs to change, as your primary goal becomes deploying a network that can handle fast data transfer and advanced analytics, rather than a camera and monitor. For the first time, infrastructure is more important than the camera and for many traditional security installers this can be quite daunting. Suddenly there’s a game change in your industry and the IT or network managers can challenge your expertise. By extending your skillset to IP you can

The CCTV evolution

The importance of Power over Ethernet in security, by Chris Hay, Allied Telesis future-proof your business and offer customers solutions that will increase flexibility, resilience and long-term cost savings.

Power-over-Ethernet Network benefits Power-over-Ethernet (PoE) networks are ideally suited to CCTV surveillance and there are a number of benefits to taking this step for security instalments. IP cameras are powered straight from the network switch using a PoE cable, which offers a centralised distribution of power for a company’s whole security system. This versatile approach means that if a power outage takes place then any critical device on the network can be protected by a centralised source for power backup, e.g. uninterruptible power supply (UPS) or even a generator. It is also possible to offer customers a more costeffective approach where they can save money by removing the need for a fixed power supply and local battery at the device. It is also possible to offer remote management so that, if a system does go down, you can also reboot it remotely. This will save your clients money and prevent the need for an offsite visit for you or your engineers. Your client won’t be constrained by either fixed cabling or systems and will be able to place cameras in even the trickiest of locations.

Unlike analogue systems, IP surveillance is focused on the network rather than the camera; the network becomes the heart of the installation 35

www.risk-uk.com

EDIT article 2 may14_riskuk_may14 06/05/2014 17:33 Page 2

Power over Ethernet

Intelligent buildings I highlighted smaller shops as a prospective customer for IP-based CCTV but, on the other end of the scale, larger premises such as shopping centres, offices and warehouses can all benefit from using one network system to become ‘intelligent’. Analogue infrastructure relies on multiple systems (for example a camera system and door access or other systems), which are not always compatible, trying to work together to catch an intruder in the right location. By using an IP system, installers can automate alarms, lighting and a host of other functions that communicate with each other and act accordingly. The benefits of IP systems can also extend far beyond security. In the future installers will be able to design an intelligent network to set lights to come on or even turn the heating on and off as the first person walks through the door or the last person leaves, and also extend these to complete building management.

By using an IP system, installers can automate alarms, lighting and a host of other functions that communicate with each other and act accordingly

CERTIFYING

The potential for business to save energy using these systems is huge and will be a driver in the upsurge of IP switches and opportunities for installers.

Ensuring uptime in surveillance systems The advantages of IP security systems are endless, but the network is a key enabler for this technology. By using IP all your security systems will be converged so they can all work together to tighten the security of your building. As multiple systems start being run on one network, ensuring uptime will be key; if the network goes down, so does everything on it. As a result, high performance and resiliency become critical in the network design for your customers’ IP surveillance systems’. For businesses, margins and profitability are critical so expenditure is a key focus, but it’s important to reinforce to your customers that with IP-based surveillance the network design must receive the budget it deserves. If the building and goods are valuable enough to protect with state-of-the-art security systems, then your clients should not be cutting corners on the infrastructures they run them on.

SECURITY

The leading certification body for Guarding Services. Appointed Security Industry Authority (SIA) Approved Contractor Scheme (ACS) Assessing Body. ISO 9001 and Product Certification for Key Holding and Response Services, Door Supervisors, Static Site Guarding and Mobile Patrol Services, Event Stewarding, Crowd Safety, Security Wardens, Cash and Valuables in Transit, Close Protection Services and Security Dogs. Contact us for a free no obligation quote.

Telephone : 0191 296 3242 www.ssaib.org

SSAIB

EDIT article 17 may14_riskuk_may14 06/05/2014 23:09 Page 1

Pre-employment screening

re-employment screening has become a standard tool in risk mitigation strategies for companies worldwide. Organisations understand the need to mitigate risk, but may face challenges when considering the myriad of competing (and sometimes apparently conflicting) legal, regulatory, organisational and geographic nuances.

Regulatory and audit risk While screening programs are designed to mitigate risk in a gatekeeper capacity, they demonstrate to regulators and auditors that an organisation has taken appropriate measures to ensure compliance and governance. Those hiring in regulated industries are keenly aware of their obligations. For example, one of the requirements of the Financial Conduct Authority (FCA) is for financial services firms to “assess (your) staff’s competence and technical knowledge.” The FCA provides further guidance on how to do this, with its application of the “fit and proper” benchmark: “The most important considerations are the individual’s honesty, integrity and reputation; competence and capability; and financial soundness.” Outside of regulated industries, companies implement screening programs to demonstrate their compliance with fair hiring practices and their own internal mission and vision statements. But regulatory risk is not limited to specific sectors and industries. In the European Union, where privacy is a fundamental human right, data privacy and data protection provide specific protections to individuals. In practice, this means an organisation must balance its business risk with the privacy and personal data protection rights afforded to its candidates. The following points offer guidelines on key areas of focus to achieve this balance: Permissible purpose. For pre-employment or pre-engagement (e.g. contractor and contingent workers) screening, the permissible purpose can be defined as the means of determining suitability for employment or engagement. At the most fundamental level, pre-employment screening is information verification – validating what a candidate has declared as their identity, qualifications and history. Proportionality. The depth and breadth of screening should appropriate to the role. For example, it could be considered proportionate to conduct a credit check for a management accountant’s position, whereas for other positions such a check may be considered disproportionate. Relevance. A companion to proportionality

Detecting discrepancies above, an organisation conducting screening should not request information beyond what is required to execute the particular checks. So, it would not be considered excessive collection to ask a candidate for their mother’s maiden name if a UK Basic Disclosure was being conducted, but it would be irrelevant if only education and employment checks were being done. Transparency. The candidate must provide consent to the preemployment screening. While the following guidelines are not exhaustive, the consent form should outline the purpose of the screening (suitability for employment) and the types of checks likely to be conducted. As a business matter, transparency around the screening process supports a positive candidate experience. Understanding the focus areas becomes important when considering the geographic nuances of screening. As countries around the world consider whether their privacy frameworks should strictly follow EU standards, or be based on regional or hybrid models, varying interpretations of the key concepts arise. As a practical matter, this creates the need for flexibility and understanding of what is possible when deploying programs outside the UK, or when executing programs where UK candidates have international components to their history: Criminal records. Third-party access to criminal records is not permitted in certain European and Asia Pacific jurisdictions Credit checking. In certain European, African and Asia Pacific countries, this check may only be used to determine credit worthiness (not to make a hiring decision). While civil litigation checking may be substituted in those countries, it is worth noting that such substitute checks may not provide verification of address history. Employment verifications. While it would be considered usual to request written verification of employment history (especially regulated references) in the UK, a US employer would be more generally accustomed to verbal verifications. Education verifications. Certain European jurisdictions may require specific additional consent from the candidate. Certain institutions around the world may not accept e-signature as valid.

Traci Canning SVP and Managing Director for EMEA at First Advantage

In the European Union, where privacy is a fundamental human right, data privacy and data protection provide specific protections to individuals 37

www.risk-uk.com

Project1_Layout 1 06/05/2014 17:26 Page 1

OxyReduct® ﬁre ﬁre prevention prevention

REMOVING THE T H R E AT O F F I R E .

The new Library of Birmingham has chosen OxyReduct® to protect its valuable archives, the same as over 700 other businesses and organisations around Europe. No matter how good your fire detection, extinguishing or suppression system is, a fire has to start for it to work – so some damage is inevitable. In mission critical applications where any business interruption is unacceptable or where warehouse stock or archives are invaluable, a different approach to fire prevention is needed. OxyReduct® employs innovative technology that continuously reduces the oxygen level in a room by adding nitrogen to the air. The oxygen is reduced to a level in which combustibles do not inflame and an open fire is impossible. Importantly y, people can e enter the area of risk. Visit our in-house demonstration facility and experience a fire-free environment at first hand.

www.wagner-uk.com www.wagner-uk.com

EDIT article 8 may14_riskuk_may14 06/05/2014 22:58 Page 1

PSIM

The incidentals of incident handling n the railways incidents are a daily occurrence and how they are managed has a huge impact on the network operator, train companies, emergency services, staff and of course passengers. By improving how incidents are handled you can meet your primary objective of ensuring the safety and security of all, but also make a huge contribution to minimising delays and disruption to the timetable, as well as the cost implications or compensation and stiff penalties if the railway does not hit its operational targets. Regardless as to whether it is a minor delay to a passenger train, or an act of terrorism, every incident can be divided in to a lifecycle of three distinct phases – preparation, management and investigation. How successful an incident is handled rests on the quality of the preparation that has been put in place, the speed at which the incident is detected and the ability of those responsible to carry out their duties as quickly and effectively as possible, to prevent unnecessary escalation. Finally, you need to be able to review the incident and learn from it, in order to mitigate the risk of it repeating. Fortunately, serious incidents on the railways are infrequent, but when they do happen the impact is immediate and intense, with huge media attention and scrutiny. However, rail companies are also painfully aware of the cumulative impact of minor incidents which can cost many many millions annually. In fact, it is estimated that cost per minute of a delay is over £70! As a result rail operators have invested heavily in a plethora of safety and security systems such as CCTV upgrades (analogue to IP, as well as a significant increase in the overall number of cameras), advanced video analytics, access control systems, smoke detectors, fire alarms, perimeter alarms, audio communications, help-points, customer information and public address systems etc. The challenge with increasing the number of systems is how the people responsible for monitoring them make sense of the mass of Big Data that is being pushed at them, without suffering from information overload. And, when they are alerted to an incident how do they use all of the tools and systems at their disposal to manage it, in accordance with best practise? Situational awareness, or PSIM (Physical Security Information Management) is an

approach that many rail operators are using to make the whole process simpler, by taking this Big Data and transforming it into operational intelligence. Aeroexpress in Moscow, ProRail in the Netherlands and King’s Cross station in London have all recently announced implementations of PSIM solutions at their operational control centres, to take these siloed gateways, collate them and deliver the operator in the control room with a single, clear, real-time operating picture. Here is a typical example of how the system works… An alarm is received in the control room, where an operator is sat at his station with three large screens in front of him. The alarm comes from a camera in an area defined as restricted for access, registering motion where people are not supposed to be walking freely. On the left screen he sees what’s happening, with video streamed directly from the relevant camera. The video analytics application has identified that it’s a person and then zoomed in to provide a closer look. Meanwhile, the right screen is displaying a GIS map, so he can see exactly where the incident is happening. The operator uses the middle screen as his ‘nerve centre’. All of the feeds from all of the systems and sub-systems are being unified to give him a total awareness of what is going on and where. What is more, as the incident unfolds the operator is given clear and concise instructions directing him what to do and when, in accordance with best practice (predefined by the rail operator using adaptive workflows). The system further supports the operator by automatically completing actions as certain triggers are reached. A PSIM solution comes in to its own when security and maintenance teams on the ground and the third party stake-holders such as train operators, transport police and other emergency services need to be involved. Then the operator is able to share in real-time vital

By Udi Segall, Director of Business Development at NICE Systems

Regardless as to whether it is a minor delay to a passenger train, or an act of terrorism, every incident can be divided in to a lifecycle of three distinct phases 39

www.risk-uk.com

EDIT article 8 may14_riskuk_may14 06/05/2014 23:01 Page 2

PSIM

A PSIM solution comes in to its own when security and maintenance teams on the ground and the third party stake-holders need to be involved

information and co-ordinate the response all from his chair. For example, if there is a fire on a freight train the operator can review the manifest and details of the cargo being transported (e.g. whether it is hazardous) to the fire crew en-route, so they are fully aware and ready to take the necessary action as soon as they arrive. A PSIM solution not only captures all of the data feeds from all of the systems, it is also stores all of the actions that are being taken. So, whether immediately after the event or days, weeks or even years later, the entire incident can be reconstructed, synchronised and replayed in chronological order, whether for training, as part of a continuous cycle of improvement, or for evidence submission. By shortening the lifecycle, incidents are handled faster and investigations can be carried out quicker and in far more detail. Lessons learnt can be fed back in to the system within hours, so if a similar incident occurs the operator will be hand-held through a new improved workflow. In the case of ProRail, the organisation is using its PSIM solution to facilitate the effective management of 45,000 incidents a year, of which

Visit TDSi at IFSEC 2014

17th â&#x20AC;&#x201C; 19th June, ExCel London Stand F1100

45 are crisis incidents on the Dutch rail network. At the heart of PSIM is an understanding that in high pressure situations people are excellent at making the right judgements and decisions based on the information they are presented with. PSIM takes very complex technology systems and presents only the valuable information to the operator in a way that enables them to use their skills. However, as we are all prone to making mistakes, or taking the occasional short-cut, the workflows also provide a vital fail-safe. So, whether you have been working in the control room for two weeks or twenty years, the quality of incident handling will be consistently high. Reducing the probability of an incident happening and lessening the impact of those that will inevitably occur, not only creates a safer and more secure environment for all on the rail network, it also means that the saving made can be redeployed for investment in other areas of the organisation. When we talk about security it is rightly argued that you cannot put a price on a life, however PSIM provides a compelling proposition whereby you can greatly improve safety and save substantial costs at the same time.

TDSi protects people, assets and information by providing high quality, cost effective and well supported integrated security management systems. We specialise in the design, manufacture and support of access control and CCTV solutions and integrate with other electronic security solutions, including: Texecom Intruder Panels Aperio Wireless Locking Q Milestone VMS Q TDSiâ&#x20AC;&#x2122;s VUgarde VMS Q Microsoft Active Directory With customers around the world, millions of people a day rely on TDSi to gain secure access to installations of all sizes and business types. For advice on your next installation, look no further than TDSi.

www.tdsi.co.uk | sales@tdsi.co.uk | +44(0)1202 724 999

EDIT article 16 may14_riskuk_may14 06/05/2014 23:07 Page 1

BSIA comment

The case for zero-hour contracts T

he recent media furore concerning zero hours contracts has been fascinating both in terms of the diverse opinion that it has generated and the level of misinformation surrounding this issue. It’s been particularly interesting to witness so much vitriol being directed at a scheme that, in the right hands, is highly beneficial for employer and employee alike. Exactly how many people are on zero hours contracts is a subject of some conjecture. Figures from the Office for National Statistics (ONS) suggest that 250,000 UK workers – around one per cent of the workforce – are employed on these terms. However, a recent survey of employers by the Chartered Institute of Personnel and Development (CIPD) estimates that the real number is more than one million, with one in five employers having at least one employee on a zero hours contract. This is quite a discrepancy, which doesn’t help when assessing its impact. Put simply, zero hours contracts allow employers to hire staff with no guarantee of work. Employees work as and when they are needed and only get paid for the hours they complete. A number of politicians have voiced their concerns about the growing use of these contracts and Vince Cable, the business secretary, recently stated, ‘There has been anecdotal evidence of abuse by certain employers – including in the public sector – of some vulnerable workers at the margins of the labour market.’ It has been alleged that some employers are using zero hours contracts to create an intolerable situation for their employees. Reports of people being put ‘on call’ 24/7, with the threat that their contract will be terminated if they don’t turn up at short notice, are widespread. While I am against this system being abused and wholeheartedly condemn the exploitation of those who can least afford to lose their jobs, I fervently believe that zero hours contracts, when used correctly, are good for both company and employee. My positive stance on this issue is based on my own experience at Corps Security, where we have used zero hours contracts since 2011. The vast majority of our contracted officers and all of our temporary employees have no or limited guaranteed hours in their contracts, primarily due to the fact that they are required to attend more than one site, and with shift cycles there is rarely a set weekly or monthly working pattern. However, such is the demand for the services of our personnel that in practice

the majority are given at least 40 hours of work each week. Furthermore, we put no barrier in the way of any officers who wish to supplement their income by working elsewhere, provided it does not constitute a conflict of interests. We are certainly not alone and it is very common in the manned guarding sector to use these terms. Flexibility is the key for us and I’m proud that we are able to offer employment to a diverse group of people who otherwise could find it difficult to earn money. For example, we employ numerous retired people who welcome the chance to do ad-hoc work to supplement their pensions, and enjoy being part of an organisation that places value their knowledge and skills. We also take on younger people with families who are able to work around their domestic commitments. We offer shifts to colleagues who are under no obligation to accept them and it does not harm their future prospects if they do refuse them. In a growing number of cases, the traditional 9am-5pm working day is no longer suited to modern lifestyles and flexible contracts accommodate this trend. We appreciate that flexible contracts have to be flexible for both us and our colleagues. It is also worth noting that our zero hours contract colleagues have the same employment benefits as the majority of our other hourly paid colleagues and no-one is disadvantaged because of their employment contract flexibility. Also, because they do not have to commit to providing a specific number of hours employers are more willing to offer these types of opportunities. Part of our corporate ethos involves providing our clients with officers who are equipped to carry out their roles to the highest standards. Our training and skills development programmes are a cost that we bear for all our employees – including those on zero hours contracts. Having made this investment, it is logical for us to utilise these skills as often as we can by offering plenty of work for our flexible workforce. I sincerely hope that the government takes the time to understand the positive aspects of zero hours contracts and avoids making the kind of kneejerk reaction, like it has done with TUPE, which could harm the people it is trying to protect. While any instances of abuse that contravene employment law should obviously be tackled, more should be done to encourage the correct use of zero hours contracts and accentuate the positives of this type of employment.

Recently the debate over zero hour contracts has returned to the media and political spotlight. Peter Webster, CEO of BSIA member company Corps Security, discusses the benefit of these contracts in the private security sector

Reports of people being put ‘on call’ 24/7, with the threat that their contract will be terminated if they don’t turn up at short notice, are widespread 41

www.risk-uk.com

EDIT article 6 may14_riskuk_may14 06/05/2014 17:41 Page 2

Public notification Here we look at PEARS, smart solutions for Europe-wide Public Alert System

Today there is an ever-increasing urban population density, with citizens spending more and more of their time in complex building structures

www.risk-uk.com

uralarm - the association of European manufacturers, installers and service providers of the electronic fire safety and security industry - represents the electronic fire and security industry at European and worldwide levels. The organisation provides technical and market expertise for policy making and standardisation work in the field of security and fire safety. Among the main fields of activity are fire detection and alarms, intrusion detection and alarm systems, access control, video surveillance, alarm transmission and alarm receiving centre. Founded in 1970, Euralarm represents over 2,500 companies having a total turnover of appr. 16.4 billion euro, 70% of the total European fire safety & security market. As a result of the increasing impact of traditional fire and security risks, as well as infrastructure failure, natural disasters and terrorism, Europe requires a ‘future proof’ integrated alert and response system. It calls for the capability to integrate existing and future technologies, human behaviour and solutions currently in place in buildings and transport systems. The management and exchange of knowledge in disaster situations as well as the harmonisation of national solutions in Europe must be reviewed.

Background Today there is an ever-increasing urban population density, with citizens spending more and more of their time in complex building structures such as airports, shopping malls and skyscrapers. The basic need of both individuals and society for protection against events endangering life, limb and property has not changed. However there is a shift in the types of dangers, their complexity and the magnitude of damage. This requires a concept that, if implemented, would warn and inform those exposed to risks or threats regardless of location and language. Achieving this will necessitate the ability to reach those

in danger at any time of the day, be it at home or work, inside buildings, in transport systems or in public spaces. This is made possible by leveraging various alert and communication technologies and infrastructure, such as indoor and/or outdoor sirens/public address systems as well as strobe lights along with personal communication devices. In 2008, it became clear that Europe is lacking such a comprehensive and multinational system to alert the population in a crisis situation. Many systems dating from World War II have been dismantled and the systems, which still exist, do not meet the requirements of a modern, mobile and multilingual population and life style. The European crisis management organisations and the member state are facing a technological challenge and financial risk in providing adequate public alert systems.

European level The EU recognised the lacking of a comprehensive and multinational alert system and made substantial funding in the FP7Programm available, to investigate modern solutions based on smart-phones, tablets and satellite based communication channels. It soon became clear that the European fire safety and security industry represented by Euralarm could play an important role in finding solutions to this complex problem. Euralarm’s members and the members of the national trade associations have an enormous experience in alarming and informing persons in crisis situations in buildings and building complexes. Furthermore the hundreds of thousands of already installed systems could play a role complementing new alerting channels such as Smart-phones.

A complementary channel In August 2012, Euralarm teamed up with the FP7 sponsored Alert4All team to set-up a demonstration scenario that should prove the feasibility to interlink traditional alarm systems to the public alert system designed by Alert4All. A small team of Euralarm specialists implemented the Fire Alarm-, Voice Alarm-, Security Systems and so called “Mass Notification System”, which are able to capture the crisis alert signals emitted by a satellite, transport them into the building/homes they are protecting and alert the occupants. In the fourth quarter of 2013 the Alert4All/Euralarm system was demonstrated successfully on the premises of the German Aerospace Centre (DLR) near Munich. More the 50 participants from all over Europe

EDIT article 6 may14_riskuk_may14 06/05/2014 17:41 Page 3

Public alert systems

representing the research community, civil protection authorities, first responders and industry follows the presentation and the live demonstration.

Using installed base The PEARS project has demonstrated that fire and security products not only can, but also should be integrated into public alert systems. The extensive installed base could be easily upgraded to receive alert signals which could be utilised to activate audible and/or visual warnings. More sophisticated systems, like Mass Notification Systems, can convert public alert messages into intelligible voice messages or display the same message on PCs, LCDscreens, etc. Integrating existing safety and security systems into a public alert scenario could be a cost effective and rapid alternative to reach large parts of the population. Domestic security systems, in many cases connected to alarm receiving and monitoring centres via bidirectional communication lines, can receive alert messages as well as domestic smoke detectors properly equipped with a communication interface can easily integrated in public alert scenarios.

The demonstration enabled Euralarm to explain its solutions and capabilities to a new range of stakeholders in the safety and security world, who did not know about the potential offerings of the fire safety and security industry improving the safety of the European population.

Next steps Euralarm will take the next step and provide policy makers and the industry a view towards increased safety and security by outlining options to close the existing gap between traditional systems in buildings and public alert. Two examples of this are systems for Mass Notification as well as home smoke detectors with enhanced functionality for emergency public alert applications. These solutions contribute to an improved safety of the population in buildings and campuses; not only in situations of major crisis, but also in the traditional fire safety context. With its vast experience in standardisation Euralarm will also support the “public alert community” in defining the right communication interfaces to build up a truly European Public alert system.

The PEARS project has demonstrated that fire and security products not only can, but also should be integrated into public alert systems

Available Now!! SA66 & DA66 Two new revolutionary electric locks that solve all the issues with transom fitting and Side loading on both single and double action doors. Issues with shear locks, and solenoid bolts are problems of the past. • • • • • • • • • •

Releases under side loads in excess of 100kg (PRen13637) Holding force of 1000kg 10mm thick solid stainless steel bolt 13mm bolt projection Pulls door closed if misaligned by up to +/- 8mm Fail safe/fail secure Bolt stays retracted until door is closed to eliminate bolt noise Door and bolt position monitors Surface housings available for both timber and glass mounting Fire rated BS.476.Part 22-1987

www.secure-access.co.uk Tel: 0845 1 300 855 info@secure-access.co.uk

EDIT article 5 may14_riskuk_may14 06/05/2014 17:37 Page 2

Business resiliency 101 C

Teon Rosandic, VP EMEA, xMatters looks at measures for building business resilience

To build a resilient business: risk management, incident management, crisis management and business continuity must be addressed 44 www.risk-uk.com

hanging business requirements and the demands of a global economy have driven the evolution from early technology recovery solutions within timeframes of days to weeks to today’s environment of continuous business operations. Where disaster recovery once gave way to business continuity in the mid 1990s, business continuity is now giving way to business resilience. Availability, recovery, security and compliance techniques have converged and must be managed to create an infrastructure that can sustain true business resiliency. Business resilience protects your business, people and assets from threats that could impact the organisation’s viability. If and when your business is faced with unexpected events, preparation minimises the impact and speed of recovery. The business must be ready and rapidly adapt and respond to opportunities, regulations, risks and threats to maintain reliable, continuous business operations. Business resilience integrates strategic planning, organisational structure, business and IT processes, IT infrastructure, applications and data and facilities. However, it is the practice of planning, coordinating, facilitating and executing activities that ensures enterprise effectiveness in identifying and mitigating operational risks. It includes responding to disruptive events (natural, accidental and intentional) showing command and control, recovering and restoring business operations after a business disruption becomes a disaster and conducting a post-mortem to improve future recovery operations. To build a resilient business: risk management, incident management, crisis management and business continuity must be addressed. Despite being in different divisions – corporate leadership, HR, legal or risk management – the disciplines dovetail to create a set of plans and actions that result in organisational resiliency. During the planning phase strategy, risk and company long range plans are evaluated and documented into incident management, crisis management and business continuity plans. These are living documents annually evaluated for improvement and updated. If an event occurs, the plans are examined post incident and improved to address gaps.

Risk management A risk management organisation identifies, assesses and prioritises different kinds of risk that could affect the business. Once identified, plans are developed with strategies to minimise

or eliminate the impact of negative events. Businesses have six types of risk: operational, financial, organisational, strategic, technology and legal. They are addressed at the enterprise level with strategic and guarded plans as they reveal potential vulnerabilities. Risks are summarised in a “heat map” which illustrates the likelihood and the severity of the consequences that the risks could have. Whilst strategies mitigate or eliminate risk, the process for identifying and managing risk is a risk assessment and consists of: • Identify threats or risks. • Evaluate key assets’ vulnerabilities against identified threats • Determine expected consequences of specific threats to assets • Ways to reduce risks • Prioritise the risk management procedures The plans may focus on keeping the company operational and reducing financial risks or protect employees by addressing response protocols to fires or terrorism, instruct ways to alert customers of potential outages and address communicating to the public about negative events that could impact reputation. It addresses preserving physical facilities, data, records, and physical assets a company owns or uses.

Incident management Wikipedia describes incident management as activities of an organisation to identify, analyse, and correct hazards to prevent reoccurrence. These are dealt with an incident response or an incident management team. They are designated before, or created during the event and placed in control while the incident is dealt with to restore normal functions. An incident is an event that could lead to loss of, or disruption to an organisation’s operations, services or functions. It limits potential disruption, followed by a return to business as usual. Without effective plans, an incident can disrupt business operations, security, IT systems, employees, customers and other business functions, and become a crisis. Most companies have existing incident management or emergency response plans that guide them in managing the incident to closure. If the event can be resolved without escalation or involving organisational areas, the incident is closed and a lessons learned analysis or after action report is published. If the event requires other resources, threatens employee life safety or property, company reputation or viability, it becomes a crisis and needs to be managed. As part of the wider management process, incident management is followed by postincident analysis where it is determined why the incident happened despite precautions and

EDIT article 5 may14_riskuk_may14 06/05/2014 17:38 Page 3

Resilience

controls. This is overseen by the leaders with the view of preventing repetition through precautionary measures and changes in policy. This information is used as feedback to strengthen response plans, further develop corporate policy and implementation.

Crisis management Crisis management is a large scale, incident management response. It is the process by which an organisation deals with major events that threaten to harm an organisation, stakeholders, or the public. Three elements common to most definitions are: a threat to the organisation, the element of surprise and a short timeframe to make critical decisions. Unlike risk management, which assesses potential threats and finds the best approaches to avoid threats, crisis management involves dealing with threats before, during, and after they have occurred. It requires skills and techniques to identify, assess, understand and cope with a disaster, from when it occurs to recovery. It requires the mind-set to think of the worst-case scenario whilst suggesting numerous solutions to respond to it. During a crisis, response teams known as first responders convene in an Emergency Operations Centre or virtually if out of business hours or can’t meet. Response teams use specialised standard protocols to manage the event and communicate called the National Incident Management System and its foundation, the Incident Command System (ICS). Developed by the public sector, these systems are integrated into private sector response procedures so roles and responsibilities are defined and succinct action plans can be shared and understood. Command, control, coordination, collaboration, communication and consistent process are attributes of ICS. To manage unplanned incidents, organisations create crisis management plans that have structured guidelines so responders know how to respond. It contains scenarios to constitute crises and the necessary response mechanisms to address them. The other major component is the communication plan that is in place to inform and mitigate the negative effects the crisis may have to protect a company’s brand or reputation. Most plans focus on internal for employees and external communications to the public, regulators, shareholders, customers and suppliers. The credibility and reputation of organisations is influenced by the perception of responses during crises, which can either save a business or be its end. There must be open and consistent communication throughout the incident for successful crisis communications.

Business continuity management While crisis management focuses on protecting life safety and property, business continuity focuses on planning and management of protecting business operations; the people, core business processes and facilities. It is the proactive effort undertaken in anticipation of significant events, natural and man-made, that may impact a company’s ability to continue business activities. Business continuity planning ensures information is available to make decisions about recovery prioritisation by senior management and procedures in place to maintain uninterrupted operations to sustain business. It is a continuous lifecycle, adapting to meet changing business needs, deliverables and customer commitments and to ensure there are documented plans to respond to significant risks and events that may affect critical business activities. Although risk cannot be eliminated, the likelihood of an event threatening the business can be anticipated and the potential impact lessened by incorporating an awareness of risk issues and measures taken to control them. To be resilient where business operations continue uninterrupted, identification and mitigation of the organisation’s vulnerabilities and risks must be addressed. A completed plan includes data on points of contact, critical facilities and operations, subject matter experts and the key business processes that support critical operations and customer commitments identified in a company’s strategic long range plan. Each critical facility, function, programme or project considers the impact that significant events has on activities and key business processes and develops plans to prevent, protect, and to recover from events. In business continuity, all plans are communicated, exercised, updated and maintained annually and must be readily retrievable. Baseline risks (fire, flood, power outage) and extraordinary risks (terrorism, pandemic flu) can cause business interruptions that paralyse an unprepared business. Business resiliency is the maturation and integration of the individual processes of risk management, incident management, crisis management, and business continuity into one succinct set of processes and capabilities that work collectively, instead of in silos. This unified, all-hazards approach prepares an organisation for minimal disruption in the event of a business-impacting incident that affects the organisation. In an increasingly unstable operating environment, every business, public and private, needs to be prepared for significant unplanned events.

Although risk cannot be eliminated, the likelihood of an event threatening the business can be anticipated and the potential impact lessened

www.risk-uk.com

EDIT tif may14_riskuk_may14 06/05/2014 23:36 Page 2

Technology in Focus

Three control panels offer options Introduced by Bosch Security Systems in 2013, AMAX 4000 is now backed by two new intrusion control panels – AMAX 3000 and AMAX 2100. Together, the three solutions cover a three-step application range: AMAX 2100 is suitable for small applications with a maximum of eight zones, AMAX 3000 is designed for facilities where 32 zones are required, and AMAX 4000 covers larger properties with up to 64 zones, for instance a medical centre with several individual practices in the building. AMAX 3000 and 4000 can additionally be operated in hybrid mode, connecting wired detectors, such as Bosch Blue Line Gen2 Series, as well as wireless peripherals from the new RADION family. The compact AMAX 2100, running wired detectors only, completes the portfolio. The new RADION wireless family includes motion detectors, surface and recessed mount door and window contacts, universal transmitter, keyfobs and smoke detector. This makes it suitable for new installations, as well as for use in existing installations thanks to compatibility with existing “DSRF” wireless systems and legacy control panels from Bosch.

Long range PIR offers 220m curtain for large areas The ADPRO PRO E-400H, the new long range PIR, extends the PRO E portfolio for applications with hundreds of metres of perimeter such as solar parks, gas pipelines, and airports where traditional PIRs with a smaller curtain would be costly from both a hardware and installation perspective. The PRO E-400H SLR reduces the number of poles required for installation, the number of detectors, and cabling resulting in reduced installation time and 65% cost savings. The SLR was designed to deliver accurate zones (up to seven) for visual verification, and when installed pointing at each other offers double-knock protection for 220m. TheADPRO PRO E-PIR series provides maximum tamper protection with 360PROtect to eliminate the creep zone entirely. 360PROtect provides detection for attempted surface mount removal and antimasking and delivers separate alarms to the Central Monitoring Station so operators can respond quickly and accurately. xtralis.com

www.boschsecurity.com

Sounder for hazardous areas Hochiki Europe has announced the latest addition to its range of intrinsically safe compatible devices – the CHQ-ISM sounder module. The intrinsically safe devices are incapable of releasing sufficient electrical or thermal energy to cause the ignition of a specific hazardous atmospheric mixture in its most easily ignitable concentration. This is achieved by limiting the amount of power available to the electrical equipment in the hazardous area to a level below that where ignition is possible. The low power levels also mean that there is no shock hazard due to excess thermal energy and arcing. With a similar look and feel as the standard modules in the range, the CHQ-ISM is designed for use in the ‘safe’ area of a hazardous area fire detection system and, therefore, does not require specialised certification. It allows any third party sounders and beacons installed in the ‘hazardous’ area to be controlled and monitored by an analogue addressable control panel that is configured around Hochiki Europe’s Enhanced Systems Protocol (ESP). The unit is wired either directly to the panel via the conventional sounder circuits – receiving its 24V power supply from the panel – or via a CHQ-DSC sounder controller module connected to the loop, where it requires a separate 24V power supply. www.hochikieurope.com

www.risk-uk.com

Project1_Layout 1 06/08/2013 12:13 Page 1

Security solutions for todayâ&#x20AC;&#x2122;s challenging times

Consultancy Operational Consultancy Manned Guarding Training Information and Intelligence Communications Support Technical Systems Equipment

Global economic pressures are forcing organisations to review expenditure across the board. But, the security issues remain the same. So, do you cut your security? Pilgrims offers a complete and complementary range of security, communications and support services, backed by an unmatched commitment to the highest level of quality, efficiency and client care, to reduce costs not cover. Our expertise and global experience allow us to deliver robust, practical solutions for todayâ&#x20AC;&#x2122;s challenging financial climate.

For more than ten years, Pilgrims has been supporting clients across the globe, protecting and enabling their businesses to continue in spite of threats from terrorism, serious organised crime and natural disasters. Our personnel are handpicked for their experience, skills, training and personality to match the requirements of our clients. This, combined with our continual exposure to the worldâ&#x20AC;&#x2122;s hot spots and difficult regions, makes Pilgrims the ideal choice for advice and support. Pilgrims provides a global service, with local knowledge through our employment of local personnel, quality control, continual ongoing training and our relationships with specialists and local partners.

We can help you find the right solution. Call Pilgrims on: +44 (0)1483 228 786 www.pilgrimsgroup.com

EDIT tif may14_riskuk_may14 06/05/2014 23:36 Page 4

Multi threat fire alarm for complete protection An algorithm within a newly launched fire alarm from Panasonic allows users to detect smoke, heat and carbon monoxide (CO) at the same time. The alarm has been designed to be the solution for applications such as theatres with artificial smoke generators, or factory settings where oil mist may be present. Because it only triggers when smoke, heat and carbon

monoxide are detected, the Panasonic 4402 promises high reliability in fire detection. The chemical CO sensor lasts for up to five years and, says the company, consumes very little power. In the case of contamination to a smoke chamber within the alarm, or a chemical sensor reaching the end its useful life, a service signal will notify the need of a replacement. The alarm detects smoke using an infrared light LED and a photodiode with two lenses, while a thermistor detects heat and the CO sensor is a chemical type. business.panasonic.co.uk

Door entry video kits simplify installation

Software now provides total PSIM solution

Videx Security has introduced a new range of Door Entry Video Kits employing IP technology. The new kit uses the Videx 4000 Series door entry panel which can include up to 64 call buttons and incorporates a colour camera, with IR illumination and a back lit name window. A wide angle (101° vertical, 170° horizontal) camera option is also available. A dedicated button calls the apartment videophone and provides two way full duplex speech and video communication. For flexibility, there are alternative ways to connect the entrance panel and videophones. For a simple one -to-one solution, a power supply can be connected to each device and a single CAT 5 cross over cable can be connected between them. Alternatively an existing LAN or WAN can be used to connect the devices, or a dedicated network can be created using switches and routers. Up to ten devices can be installed in each apartment as a combination of videophones and video monitors, Android tablets and smart phones, as well as a PC app.

Aralia’s latest software suite now provides a complete Physical Security Information Management (PSIM) solution for securing critical infrastructure, urban and transportation systems. The latest version integrates a range of security devices including access control, CBRN detection systems, acoustic devices, intelligent fencing, UAVs and various imaging devices, including FLIR. All sensor data is archived and indexed within a distributed, redundant, industrystandard relational database that can be reconfigured to address specific threats. The secure database has been developed to facilitate rapid and accurate searching of sensor meta-data. Sensor data can be processed, and the threat level assessed, using Aralia’s proprietary software libraries - developed by analysis of operational systems over a period of fifteen years. The library includes target tracking, behavioural analysis and 3D scene reconstruction. Aralia has introduced a revised user interface to make best use of the increased capabilities of the PSIM software. The interface combines geo-referenced displays with conventional mimic diagrams, to ensure efficient presentation of security information.

www.videx-security.com

www.araliasystems.com

www.risk-uk.com

EDIT tif may14_riskuk_may14 06/05/2014 23:37 Page 5

Technology in Focus

Upgraded features for cloud-based VSaaS

On-site Wi-Fi access made easy The capital cost of Wi-Fi controllers is quite often what prohibits retail stores, offices, schools and hospitals from providing free Wi-Fi access for staff, visitors and customers. SilverNet’s recently launched Cloud managed Mesh Wi-Fi solution reportedly overcomes this price barrier by providing a method of configuring, controlling and monitoring Wi-Fi access points without the need for expensive controller hardware. It achieves this by a Cloud-based software management tool called SilverCloud which enables Wi-Fi radios to be collectively managed regardless of their physical location, via a browser on a PC, tablet or smartphone. “For small to medium size applications, the cost of controller hardware can quite often double the price of a Wi-Fi project,” said Keith Newton, SilverNet’s Business Development Manager. “By introducing a Cloud-based solution we are aiming to make it affordable for many businesses and organisations to have on-site Wi-Fi, including education, healthcare, industrial, retail, hospitality and temporary events type applications. The added bonus is that SilverCloud software features an easy to use on-screen dashboard which eliminates the complexity normally associated with the management of Wi-Fi.” www.silvernet.com

An IP platform for an Evergreen control room Frequentis has released its new platform 3020 LifeX, a fully IP-based integration platform for public safety control room ICT solutions together with a supporting evergreen philosophy. It’s designed to ensure that the control room constantly adapts to the many changing factors affecting it to deliver a consistently high service in the most cost effective manner. The new 3020 LifeX IP-based integration

Genetec has announced new features and a reduced pricing plan for Stratocast, its cloudbased video surveillance-as-aservice (VSaaS), powered by the Microsoft Azure cloudcomputing platform. Stratocast is designed to meet the needs of small and midsized businesses that require a reliable and costeffective video surveillance solution without the expenses and complexities typically associated with installing and managing on-premise surveillance systems. The new features and pricing model are expected to be available mid-April 2014, including support for multi-channel encoders, a health-monitoring dashboard, integrator branding options, and geo-redundant storage. New features include: support for Axis multichannel encoders will allow customers to easily migrate their analogue system to Stratocast, while still preserving their investment in existing analogue cameras that continue to be serviceable; a new health monitoring dashboard will provide warnings of system events and information about the client and cameras that are affected, allowing channel partners to monitor and facilitate rapid troubleshooting and remote assistance; geo-redundancy in Stratocast provides a failover mechanism in the unlikely event of a failure at the primary datacentre location. This option provides a greater level of resiliency and redundancy by seamlessly replicating recordings to a secondary datacentre hundreds of miles away from a user’s primary location, while remaining within the same region; finally, in-app branding allows Stratocast Partners to add their logo within the Stratocast client, as well as customise their Stratocast landing page to increase their company’s visibility to end users. www.genetec.com

platform has a suite of easy-in, easy-out applications delivering what the company is describing as a new dimension in user experience and management configuration while supporting now and then functionality from Frequentis or others, which is an essential part of the evergreen philosophy. Various mobile applications including Radio Status Server and Radio Web Dispatcher guarantee emergency personnel consistent quality of access to information and communications, whether in the field or indoors on the intranet. www.frequentis.com

www.risk-uk.com

EDIT tif may14_riskuk_may14 06/05/2014 23:54 Page 2

Long distance 4K transmission chipset L2Tek has announced availability of the new generation of Valens chipsets compliant with the HDBaseT 2.0 specification. Enabling the transmission of 4K video over longer distances, The Valens Colligo family adds support for multiple cable types and interfaces, including USB 2.0, HDMI 2.0 and audio interfaces, as well as infrastructures such as fibre optics which allow transmission over much longer distances. All the new chips feature enhanced performance, improved robustness and noise resistance. The Colligo product family comprises of several new chipsets, with the initial introduction of three chips: VS2000 – 5Play Gen 2.0; VS2310 – 5Play Gen 2.0 Plus; and VS2311 – 5Play Gen 2.0 Fibre. The Colligo chips are described as flexible and designed to address the needs of various markets, particularly Pro-AV, consumer electronics, broadcasting and healthcare. Manufacturers will be able to implement the Colligo chips into new HD projectors, single wire TVs, digital signage displays, multistream video switching / distribution / aggregation, daisy chaining, video extenders over CatX / fibre optics cables, AV matrixes and AV receivers. www.l2tek.co.uk

PC substitute decodes 1080p video Aimetis Corp has announced the launch of its Aimetis A10D Thin Client, a secure PC substitute designed to readily decode1080p Full HD video from over 30 network video camera manufacturers. The A10D is ideal for users who need more functionality than a traditional decoder, but want less complexity and fewer maintenance costs than a PC. The Aimetis A10D supports up to 60 FPS in 1080p, supports video streams in MJPEG, MPEG4, and H.264 and provides a single HDMI output. It is designed to be used in systems with Aimetis Symphony video management software or Aimetis E-Series Physical Security Appliances. Compact design and intuitive user setup make the Aimetis A10D ideal for public view monitors in retail applications and video walls in large-scale deployments. The total cost of ownership, as compared to a PC solution, is reported to be less due to simplified IT management and reduced end user training. www.securitybuyinggroup.co.uk

www.risk-uk.com

Access control over GSM (TIF pic M) Urmet has introduced an access control solution that operates via GSM. The intercom units, which are available with Urmet’s S-Steel panel, use a SIM card for communication and access control. When activated, a call is established to a pre-designated number – either a landline or a mobile telephone – creating a line of communication and giving the user the ability to open up to two access points. The self-contained door unit, consists of a door panel, antenna and PSU and will work with a SIM card from any operator, enabling access points to be controlled using a mobile telephone or landline. Installation is reported to be quick and there is no need for additional cabling to the unit, apart from mains power. With up to 62 programmable button options available, this solution is listed as ideal for both residential and commercial buildings and is predominantly used for gate installation where the distance from the gate to the house or building is very large. In a block of flats, for example, the door panel can call a resident’s landline, or divert to their mobile so that they are aware of who is visiting their home. The resident can then answer accordingly. With the in-built technology, the resident is able to open up to two access points in the building using the telephone keypad. This might be the gate to the property and the front door to the living quarters. Users are also able to dial in and, using a password, open an access point when not at the property. www.urmet.co.uk

EDIT tif may14_riskuk_may14 06/05/2014 23:54 Page 3

Technology in Focus

New CCTV line-up announced Y3K has announced a new line-up of HD CCTV surveillance cameras and complete endto-end solutions. The range now offers customers different levels of image quality and features suitable for applications in businesses from SMEs up to multi-national corporations. The new range of professional CCTV solutions including domes, bullets, PTZs, recorders, monitors and complete systems, will be available in 960p HD and 1080p resolutions – Xvision HD 960H (960p) and Xvision Pro HD (1080p) respectively. The IQCCTV line-up has also been added to and will now feature an HD 960H (960p) and an HD-SDI CCTV range (720p). www.y3k.com

64 channel NVR with four-step set up launched The SRN-4000 NVR from Samsung is able to simultaneously record and multi-stream the transmission of images at a bandwidth speed of 400Mbps. It also offers the potential to record and store, via 12 internal hard drives, video captured by 64 x 2 Megapixel cameras for up to 108 days or up to 43 days for the same number of 5 Megapixel cameras. The 12 internal hot-swappable hard drives support RAID5 and RAID6 recording which provides protection against unrecoverable read errors as well as whole HDD failure. The SRN-400 also features an iSCSI interface giving users access to large storage devices, if required. The SRN-4000’s on-screen user interface ensures that it can be configured in only four steps using the ‘Easy Setup’ wizard, whilst cameras can reportedly be registered without complication via a quick set up process. www.samsungsecurity.com

PTZ for low light surveillance with Full HD performance JVC has launched the VN-H557U Megapixel nonendless PTZ camera with Super LoLux HD technology. The VN-H557U’s 2-megapixel image sensor produces 1920x1080 pixel resolution at 30 fps for full HD imaging performance with H.264 and MJPEG dual streaming. Super LoLux HD technology provides colour sensitivity of only 0.4 lux in full enabling Day/Night operation in colour. Image quality is further enhanced by a high quality 10x optical zoom lens with a focal range of 6.3 to 63.3mm. Total zoom capability is extended to 100x using the camera’s internal 10x digital zoom function. Additional features include PoE, 3D noise reduction, 350° pan/tilt operation, audio communications and on-board SD recording. www.jvc.com/security

4K camera is announced The Axis P1428-E 4K network camera features a resolution four times higher than HDTV 1080p, at 3840 x 2160 pixels at 30 frames per second. The camera is therefore ideal for overlooking large areas like parking lots and public squares while also being able to capture fine details. The P1428-E offers other features such as remote zoom and focus, a built-in slot for micro SD/SDHC/SDXC memory cards and I/O connectors for interfacing with external devices. Initially, it is likely that most customers will be using a standard HDTV monitor. 4K makes it possible to enhance any portion of the screen without losing details. To manage bandwidth consumption, users can view the live video stream in HD 1080p and take advantage of 4K recordings for forensic purposes. The camera is scheduled to be available in Q3 2014 through Axis’ distribution channels. www.axis.com

Two-way wireless pet immune detector extends family The KX10DTP-WE from Pyronix utilises a PIR and microwave module to provide security and the added reliability needed in commercial and more hostile residential environments such as the garage or conservatory, at the same time giving the assurance that a property can be protected, even with a pet inside. The 10m dual technology, pet immune detector is the latest product to join the Enforcer two-way wireless family. Connecting to either the 32 zone Enforcer control panel, or if further flexibility is required, the EURO-ZEM32WE can be utilised to connect to the commercial Castle Euro control panels. www.pyronix.com

www.risk-uk.com

EDIT ria may14_riskuk_may14 06/05/2014 23:37 Page 2

Risk in action Orchard Theatre solves access control issues Green Gate Access Systems has solved the on-going issue of access and security at Dartford’s Orchard Theatre via the use of a computer based access control system. The Paxton Net2 entry control system is connected to the building management network, allowing the use of swipe cards for employees and ‘disposable pin codes’ for known and pre-booked disabled visitors. The new security measures have enabled disabled visitors to request a parking space with a booking and receive a reservation and pin code emailed to them, for use on an allocated date and time slot. Theatre subscribers can also be issued with an annual swipe card. Originally contacted by Orchard Theatre in 2012 to review their parking security, Green Gate Access Systems considered several options for the project, with the consultation process lasting a number of months to ensure the right system was installed. The original hydraulic blockers have been repaired and serviced, warning sirens and red/green traffic lights have been installed and most importantly, the Paxton Net2 entry control system has been introduced. Access control is mounted on an O&O Totum, part of the overall safety package that also includes highways grade waning, no entry signs and underground safety loops with directional logic. Blockers rise swiftly after a vehicle has entered and minimises tail-gating.

www.risk-uk.com

Imperial War Museum gets Traka key defence The Imperial War Museum (IWM) London has enlisted the help of Traka to implement an automated key management system. As part of an ongoing refurbishment project, due to be completed this July, the IWM decided to implement an automated key management system. Previously, the administration of 400 keys across two sites was managed manually, a time-intensive task that created inherent security risks. An automated process was needed to better protect the collections, and also to secure access to other parts of the museum. A 300-key Traka system was installed on the main site and a 100-key system was installed at a neighbouring site. The solution ensures that only authorised staff are allowed access to the key cabinet, and within it they can only access designated keys. The system automatically records who has taken which key and when, meaning there is complete accountability of who is responsible for which key, 24 hours a day. Thanks to the partnership between Traka distributor, Secure Technology Solutions and security integrator, Pointer the system can be used in conjunction with Lenel OnGuard access control, so that staff can access keys through their existing security badges. This creates seamless integration with the existing security management and allows the reporting and subsequent audit trail of who has accessed which key to be fed through to the central database and reports whether the keys have been returned. Tim Strofton from the Imperial War Museum says, “Before the Traka key management system was installed we were accounting for all the keys manually, which was a very time-intensive task. Changing to an automated system improved our operational efficiency significantly and gave us greater peace of mind.”

EDIT ria may14_riskuk_may14 06/05/2014 23:38 Page 3

Risk in action

Peterborough housing association gets IP solution Britannia Fire & Security has secured the headquarters of the Axiom Housing Association in Peterborough using IPaddressable equipment from ACT, including proximity readers, door controllers and ACT’s access control software suite. Axiom operates more than 2,200 homes across Peterborough, Cambridgeshire and Lincolnshire, and provides housing and services to over 5,500 people. Supported services assist vulnerable people, those leaving care, people with learning difficulties or with mental and physical health needs. The access control solution installed at Axiom House uses ACTpro 4200 controllers. These are four-door controllers which can be extend up to 16 doors using ACTpro door stations, and networked together with the ACTpro software suite to control up to 4,000 doors. Bandwidth use of the ACTpro system is minimal, and the ACTpro software suite offers auto-discovery and easy maintenance alongside advanced features such as timed anti-passback and counting areas. Two hundred Axiom staff members have been issued with proximity (125 kHz) ACTProx fobs, giving them easily-controlled privileges in order to open doors around the building. Standard rights access is 7 to 7, five days a week, but senior administrators have yearround access to all areas, including sensitive areas such as alarm systems. Axiom opted for

Security behind steel doors for Griffin Close The safety and security of tenants in Griffin Close, a property located in Willesden and managed by Origin Housing, has been improved following the installation of Delta Security’s Model 9 Steel Doors. This installation extends the relationship that Delta Security has with Origin Housing, as the Model 9 Steel Door has proved to be a successful deterrent to anti-social behaviour (ASB) across other properties in its jurisdiction. Origin Housing is a provider of affordable housing and care and support services in London and Hertfordshire. It owns and manages over 6,000 homes, has a turnover of £45 million and aims to provide great homes and build strong communities in the area. Delta Security has installed approximately 30 doors, replacing all communal front entrances and internal security doors. They have been

new suppliers when moving premises and wanted to balance ease of access and the precise control that an IP-addressable system provides. Joseph Seery of Axiom says, “The ACTpro software is easy to configure and update, and we are able to run reports in common data formats such as CSV which can assist other departments such as human resources. In the event of a fire drill or a fire, we can print a report for mustering purposes. An important feature is that system-users must use their fob to identify themselves to a reader at the main entrance before the fobs will open any internal doors. “Having a flexible access control system helps Axiom in many small ways which can add up to making general facilities management a lot easier. Examples include enrolling staff from our satellite offices who visit regularly onto the system and even issuing fobs to our refuse collectors so that they can access specific areas of the site on a controlled basis during specified time slots on certain days of the week.” At Axiom House, the ACT installation is linked to Galaxy intruder alarms from Honeywell.

installed with a fully isolated, digital door entry and fob system, which allows tenants and caretakers only into the areas of the property that they are permitted. Aaron John, Director of Echelon Consultancy, the procurement and asset management consultancy advising Origin Housing, says that ASB was a significant problem on the estate: “Griffin Close required a high security door that would deter those wanting to vandalise and enter the property illegally and the Delta Model 9 door met our specification exactly,” he explains. “It has a very robust locking mechanism and despite it being extremely secure, it looks good and suits the profile of the building.”

www.risk-uk.com

EDIT ria may14_riskuk_may14 06/05/2014 23:38 Page 4

Hotel upgrades to IP surveillance

Frozen goods protected by RF temperature alert Musgrave Retail Partners, a convenience store franchiser and food wholesaler, has installed SecureTemp, the RF temperature alert solution from SecureSeal Systems. SecureTemp provides Musgrave with a way to protect frozen inventory in transit between temporary cold stores and three distribution centres located across the UK. Technology provides the ability to wirelessly monitor temperatures down to -25C at distances of up to 800 metres. The SecureTemp displayreceiver provides Musgrave’s control rooms with a large display of current and historical temperature and a range of visual and audible alerts should critical temperature thresholds be breached. “Reading sensors over such significant distance without hard-wiring is a technical challenge that our latest 868MHz technology is designed to achieve,” comments Ron Dimelow, SecureSeal Systems Project Manager. “By providing real-time data, graphical history and alerts to the on-site management team, Musgrave can ensure their frozen stores are 100 per cent protected.”

www.risk-uk.com

Country house hotel Down Hall has installed IDIS DirectIP using a phased approach to upgrade from its existing legacy analogue CCTV. On the Hertfordshire and Essex border, Down Hall chose IDIS partner, Rutledge Integrated Systems (RIS), to manage the security upgrade following a refurbishment to include an exclusive gym, sauna and steam room facility. Now complete, the first phase of upgrading 70 cameras across the Down Hall estate includes a full-HD solution comprising a range of DirectIP mega-pixel cameras, network video recorders (NVR), bundled video management software, and network switches. Covering the gym, sauna, steam room, and plant rooms, Down Hall is already realising the benefits of the surveillance through the improvement of staff and guest safety, and the ability to quickly identify any suspicious behaviour, while retrieval of footage has reduced from hours to minutes. Andrew Oxley, General Manager at Down Hall, noted, “The operational benefits in terms of saving time and the ability to quickly detect and respond to crime are immediate while we expect to significantly reduce our maintenance costs compared with the legacy system. The RIS team ensured minimum disruption to staff and guests, making sure our new facilities opened on schedule as we head into our busiest period of the year.” Andy Rutledge, Managing Director, RIS, added, “Our fifth DirectIP project, we knew we could offer a competitive solution combined with a staged roll out, which allowed us to install in hours rather than days. The intuitive interface, very similar to analogue systems, means we then handed over to staff quickly and with minimum fuss.”

EDIT ria may14_riskuk_may14 06/05/2014 23:38 Page 5

Risk in action

Morrisons upgrades security with HD IP video Wm Morrisons Supermarket’s “farm to fork” business strategy is getting extra security over 40 critical sites, after Express Data upgraded its facilities security and management using Mobotix HD IP-video security systems. The UK food retailer has over 500 stores across Britain and subsidiaries including Farmers Boy, a manufacturer and distributor of food products; Woodhead Bros, a meat processing business; FlowerWorld, a wholesale flower business and other business interests including multichannel online retailing. In 2008, Morrison’s Data Centre Services Manager, Darryl Shears, began a program to strengthen the resilience and security around its critical IT infrastructure as part of a wider software migration from legacy systems to a unified Oracle based platform. “We have sites that range from northern Scotland to Bridgwater in the South West and Sittingbourne in the South East. Managing this estate from a centralised team in Bradford is a logistics challenge,” says Shears, “We need to be able to monitor key comms rooms and IT equipment remotely both proactively to stop any issues from escalating and to react quickly to ensure any problems are dealt with efficiently.” To this end, Morrisons decided upon a strategy to upgrade each of these IT and

Addressable detector makes savings in estate Fike Safety Technology has supplied its Quadnet analogue addressable system for a residential building complex in India. The Wembley Estate in the Gurgaon District of Haryana has eight tower blocks with 13 floors in each. The use of Fike’s fire detection technology has reportedly resulted in cost savings for the project, whilst providing fire protection. The initial tender specification required the installation of 575 conventional detectors, 600 manual call points, 120 sounders and eight conventional panels, one for each tower, and one repeater panel for the security control room. The total cabling requirement was in excess of 50,000 m. Spectrum Safety Solutions Pvt proposed a different solution using a single Quadnet panel and Fike’s multi-criteria addressable detector. “It was the use of Fike’s addressable detector that enabled us to completely re-design the solution and offer the client cost savings and the advantages of analogue addressable detection compared to the specified

communications rooms with environmental monitoring, remote surveillance and remote access control technology. Following an evaluation programme and based on a number of reference site examples, the supermarket group selected a solution including Mobotix CCTV cameras, Panduit environmental monitoring and access control technology. “The Mobotix solution, especially the hemispheric technology, allows us to use just one or two cameras to cover single or multiple rooms with the resolution and reliability we required,” explains Shears, “In addition, the built-in flash storage support means that we can still record the site even if we have a network connectivity issue.” The team based in Bradford can use the Mobotix cameras to view anybody requiring access to a safe room and remotely open doors and monitor any activity within the room. The system has the option for fully bi-directional audio and requires only 5W per camera, which aligns with the company’s stated aim to use low energy technologies across its operations. Over the last 24 months, Express Data has worked with Shears and his team to implement upgrades at an additional eleven sites and created a standard blueprint for the resilience and security at each of the critical sites. The build includes power redundancy and best practice access procedures with full visual audit trail. The supermarket has deployed over 140 cameras across its sites. conventional system,” said Vijay Arora, Spectrum Safety Solutions’ General Sales Manager. “The multi-criteria detector offers multiple modes of operation combining smoke and rate of rise heat detection, with a built-in input module, fault isolator and optional integral sounder. This allows the detectors to be matched to the environments in which they are installed and reduces the amount of cable required as no separate sounder circuit is needed.” The final installation consisted of five conventional manual call points on each floor being wired to an input module in an addressable detector. A single four-loop Quadnet panel communicated with all 575 addressable detectors in all eight towers. No additional sounders were required to be installed, as the built-in sounders in the detectors were used where required. The single Quadnet panel replaced the originally specified eight conventional panels, thereby reducing the proposed eight manned stations, one in each tower, to one for the whole complex.

55 www.risk-uk.com

EDIT article 10 may14_riskuk_may14 06/05/2014 23:03 Page 2

Preventing heart attacks Heartbleed reinforces the importance of clear plan of action says Seth Berman, executive managing director and UK head of Stroz Friedberg he revelation in April that a programming error in a commonly used encryption technique may have given hackers access to usernames and passwords for websites has sent shockwaves through the security community. Dubbed Heartbleed, the error is being called one of the broadest security breaches in Internet history. In its wake, the Canadian tax authorities and UK website Mumsnet are just two of a growing number of organisations that have been targeted by hackers. According to some observers, it could take months or even years before all websites have been updated. Though this need not be the case, as the fix is relatively easy for any organisation that is technologically savvy and fast acting. Never before has the importance of having an incident plan been more important. Preparation and incident response are key factors in minimising risk and the longerterm fallout from a newly discovered vulnerability or an attack. However, many organisations are not taking appropriate steps to address such risks. Indeed, research has found that virtually all FTSE 350 companies and eight per cent of organisations in the Forbesâ&#x20AC;&#x2122;s global 2000 are leaking data. In response, the government and GCHQ have urged large businesses to carry out cyber security health checks. A programme of regular cyber security audits, sometimes referred to as a cyber health check, will ultimately allow an organisation to respond appropriately and effectively when faced with a newly discovered vulnerability or a

breach. In common with a financial audit but not necessarily as all-encompassing, the security audit should be supported by external experts with the appropriate level of knowledge and insight, alongside key individuals from within the organisation. The audit will allow a risk-based review of the effectiveness of information systems and suggest remedial steps to improve overall security against a backdrop of rapidly-changing cyber threats. The review must be tailored to the organisation and its risk landscape, with the first step of an audit focusing on reviewing existing controls and procedures. Most organisations already have firewalls, password policies, encrypted data protocols and restricted access controls in place to counter potential cyber threats, alongside policies governing mobile devices, cloud storage and data sharing. But when were these last reviewed, let alone put to the test? Similarly, most organisations aim to be current with security patrols and responses to newly discovered vulnerabilities, but in practice many IT departments are understaffed and unable to keep up with the constantly changing threat and scope. The use of bring-your-own-device (BYOD) and personal online accounts have become increasingly prevalent. This creates additional opportunities for hackers and given the variety of devices on offer, makes the IT departmentâ&#x20AC;&#x2122;s security mission that much harder to accomplish. Any internal review should, therefore, establish everyday working practices, including the use of personal smartphones and data storage for work-related tasks. When assessing such risks, it is important to also review the use of other portable devices, as the accidental loss of an unencrypted laptop or disk drive could have serious financial and reputational impact. In a recent incident, a consultancy advising financial institutions allowed staff to use their own thumb drives to store business information. Months after completing a project with a major international bank, lawyers at the bank were mailed a thumb drive accompanied by a note stating that the device, which clearly contained confidential bank data, had been found on a train. Though confidential information for many bank

Preparation and incident response are key factors in minimising risk and the longer-term fallout from a newly discovered vulnerability 56

www.risk-uk.com

EDIT article 10 may14_riskuk_may14 06/05/2014 23:03 Page 3

Cyber crime

employees and customers had been compromised in the incident â&#x20AC;&#x201C; a loss that was both costly and embarrassing to the bank â&#x20AC;&#x201D; the consultant who lost the data had no idea that the data breach had even occurred, since it made no effort to track or restrict the use of such devices. A security audit must include a focus on the human element. From staff inadvertently activating viruses or malware by clicking on links in emails, to malicious insiders, perhaps motivated by the prospect of financial gain or revenge, firms need a thorough understanding of all such threats and a plan to combat them. As an example, staff must recognise the risk posed by phishing emails and know how to report such incidents. While the vast majority may hit the Delete button upon receiving a suspicious email, only one unwitting member of staff needs to fall for a scam before security has been breached. Such attempts at obtaining information are commonplace and may introduce a virus, activate malware to log keystrokes, copy emails, or even record phone conversations. Processes to report all cyber security incidents to a designated team must be implemented to allow threats to be dealt with immediately.

In addition to taking steps to avoid a breach, companies must also prepare a response plan in case a breach happens In addition to taking steps to avoid a breach, companies must also prepare a response plan in case a breach happens. The plan must include a clear chain of command, a process of escalating news of a potential breach or new vulnerability, and a team including inside and outside experts to respond rapidly in case of an incident. Companies that lack a plan for response waste valuable time figuring out how to respond to vulnerability or a breach â&#x20AC;&#x201C; allowing them to become easy prey for the hackers. Heartbleed is the latest reminder of the financial, reputational and organisational risks facing victims of cyber attacks. However, security cannot be left as an afterthought, with recent incidents again reinforcing the importance and value of regular security audits. The time has now come for organisations to take such risks seriously and develop strategies to minimise the potential long-term impact.

EDIT article 9 may14_riskuk_may14 06/05/2014 23:01 Page 2

Authentication – an update Ian Kilpatrick, chairman Wick Hill Group, looks at the current state of authentication

23456. Amazingly, surveys show that this is the most popular password for authentication. And simple passwords are still the most used authentication method. However, popularity, in this case, just doesn’t equate with success. Security breaches are becoming a daily occurrence and high profile companies such as Yahoo, Target and Tesco are just some of the famous names amongst the victims of password theft. Recently, on a Netherlands server, researchers discovered compromised credentials for more than 93,000 websites, including 318,000 Facebook accounts, 70,000 Gmail, Google+ and YouTube accounts, 60,000 Yahoo accounts, 22,000 Twitter accounts and 8,000 LinkedIn accounts. However, instances like these represent just a fraction of the organisations suffering from password theft. The majority do not publicise the fact, as there is no requirement to notify anyone, nor have they been publicly ‘outed.’ So we have a long established way of doing things that is proven on a daily basis to be inadequate and insecure yet the majority of companies still use it. How long will this state of affairs last? Will we see another decade of consistent, repetitive authentication failures? Probably not, because the Darwin principle applies. Those affected by password theft will either come up to the mark, and improve their authentication, or decline and go out of business. Moreover, strong authentication is on a high growth curve, driven by the multiple waves of change rolling across organisations, both small and large. Recent developments in computing have led to increasingly fractured and distributed networks, which are harder to protect. These developments include the growth of mobile computing, remote access, tablets, smartphones and BYOD, together with the increasing popularity of wireless, the cloud, virtualisation and social networking. Alongside this, there has been a rapid growth of data, meaning there is even more to protect than ever before. Authentication is the most basic step towards protecting networks and while passwords still have a role, that role is increasingly as part of a

multi-factor authentication process. Other forces driving the move towards strong authentication include the increasing pressures on companies to achieve security compliance, with the consequences of failure including hefty ICO fines and possible reputational damage. Greater press coverage of computer security failures, such as the insecurity of mobiles devices and smartphones, has also had an effect, creating more visibility of the problems.

Authentication types Getting the right kind of authentication needs careful thought. A key question is “Is the authentication method something that staff can use relatively easily?” Get something too complicated and you could have problems. Another key issue is using the right level of authentication. Do you need different levels for different staff, for different applications, for different departments? Is your authentication method flexible enough to cope with that? Broadly speaking, users are looking for authentication methods that provide the best combination of ease-of-use, security, and, of course, cost. Currently, the main options are: • weak single-factor authentication (passwords) • strong complex passwords, usually with a minimum of characters, including special characters, and recommended to be regularly changed • strong two-factor authentication (passwords + something else, such as a token) • strong three-factor authentication (passwords + something else, such as a soft token + a mobile phone).

Weak single factor authentication (passwords) This is the use of single static passwords, still the most common form of authentication and used by most organisations. However, companies are increasingly aware that even if they continue with passwords for part of their workforce, there are employee types such as power workers, knowledge workers, mobile workers and remote workers, where proof of identity is important.

Those affected by password theft will either come up to the mark, and improve their authentication, or decline and go out of business 58

www.risk-uk.com

EDIT article 9 may14_riskuk_may14 06/05/2014 23:02 Page 3

Passwords

Any password system not collecting and storing passwords in a secure (encrypted) format is fundamentally vulnerable. Encrypted passwords - While encrypted passwords are more secure than simple passwords, and superficially secure, they are actually at risk of attack by various methods, such as brute force attacks, dictionary attacks and rainbow tables.

Strong complex passwords Thatâ&#x20AC;&#x2122;s what many of us use to access our secure online areas and are used in companies to overcome the disadvantages of weak passwords. They need to be not only strong, and typically including special characters or numbers, but also different for different applications, and changed regularly. Strong complex passwords, when encrypted, are significantly less vulnerable to rainbow tables and similar methods. They are however vulnerable, as many users employ the same passwords for social and online sites as for their business.

Strong authentication Strong authentication involves one of a range of elements such as hardware tokens, soft tokens, fingerprint recognition, swipe cards and phone as a token, or phone as a recipient of a soft token. Most strong authentication deployments are used together with passwords (two-factor authentication). Strong two-factor authentication - Strong two factor authentication is a much more secure means of authenticating users onto networks, as it requires two separate security elements. It comprises something you know (a password) and something you have, e.g. a token, which generates a one-time password (OTP) or a fingerprint. Software and hardware tokens are currently the most popular twofactor solutions, due to their low cost, ease- ofdeployment, ease-of-management and the standard of security they provide. According to Gartner, hardware tokens still have the largest installed base of any method (70%). In the last few years, however, there has been a move towards the deployment of other types of tokens, including mobile phones, and hardware USBs, such as SafeStick or Ironkey. The rapid fall in the price of tokens means they are now available from only a few pounds per user per year. That is less than the cost of ONE password-related helpdesk call, so tokens can represent a major cost-saving, as well as an improvement in security. Strong three factor authentication - This is far superior and involves something you know (e.g.

Smartphones and mobile devices are playing a growing part in the authentication scenario password), something you have (e.g. authentication token) and something you are (e.g. fingerprint, retinal scan, facial recognition). While biometric authentication is obviously more costly and complicated to use, it is appropriate for high security applications/departments such as pharmaceutical R&D, finance, etc.

Trends Contextual authentication - Contextual authentication is growing, but not yet mainstream. It uses contextual information (such as usersâ&#x20AC;&#x2122; behaviour patterns) to decide whether a user is genuine. It can improve on the use of a password, without the need for traditional two factor strong authentication. Mobile devices can play a significant role in contextual authentication. They can capture relevant contextual information such as tapping rhythm, voice recognition, facial contours, and iris details. A strategic view - A growing trend amongst enterprises is to take a more strategic view of authentication. Companies are acknowledging they may need different levels of authentication for different scenarios, different users and different applications. They are looking for one flexible authentication method which can facilitate these different levels. Currently, however, most enterprises and SMEs still tend to use a single authentication method. The Cloud - The popularity of the cloud should be noted, with researchers predicting that by year-end 2016, about 30% of enterprises will choose cloud-based services as their delivery option for new or refreshed user authentication implementations - up from about 10% today. Mobile devices Smartphones and mobile devices are playing a growing part in the authentication scenario. They are already widely used as authentication tokens; they function as fairly powerful computers and are an endpoint in themselves, so need protecting; and they can be used for biometric and contextual authentication.

www.risk-uk.com

EDIT article 13 may14_riskuk_may14 06/05/2014 23:04 Page 2

Migrating to the Cloud

Ahead in the cloud When is it worth moving to the cloud? asks Roger Keenan is the managing director of City Lifeline

loud computing is one of the most significant changes to take place in the computing, data communications and data centre worlds over the last few years. In essence, cloud computing is remote hosting, with a user application running on someone else’s virtualised servers in a remote location within a data centre rather than the user’s own machine on his own premises. While the concept of cloud computing is not new, it is still in its infancy, with many providers offering different and incompatible services in different ways.

Moving to the cloud In general, applications which work well in cloud today are ones where data communications traffic is light and not particularly time critical, where security is important (and it always is) but not critical, where a new application can be written especially for the cloud implementation and where fast scalability gives a worthwhile benefit to the user. Although cloud is continuously evolving, there are some areas which many organisations still steer away from putting there today. The biggest concern for all cloud users was originally security and this remains the case, in spite of strenuous efforts by software vendors. If the organisation’s mission critical computing and corporate intellectual property is on site or in a professionally managed colocation data centre, behind a corporate firewall, with known and trusted staff in control of it, management feels the risk of theft or unauthorised disclosure is less than if it is in another location, under the control of unknown staff who may or may not put the company’s key interests first. If something goes wrong, the company’s own staff will work through the night to put it right, whereas management may not

trust an outside provider to deliver the same commitment. Perhaps those fears are not justified, but research continues to show they remain real. Another area requiring much care is anything involving real time data traffic, such as voice telephony. Whilst it is certainly possible to run voice over the open public internet (Skype does it all the time), running it to a guaranteed and consistent level of quality is quite different. In such cases, users are better avoiding public cloud and sticking with known specialised colocation data centres, and especially the London colocation data centres with a wide range of carrier connections and experience, or going to a specialised provider of hosted communications, who will certainly be located in such a facility. Like the introduction of any new way of working, cloud throws up unexpected problems. But the long term benefits are sufficiently high for both users and providers that, over time, most of the objections and barriers will be overcome.

A future in the cloud Cloud computing in commercial data centres is unquestionably the way computing is going and will continue to go. But some computing, IT and communications applications are more suited to cloud implementation than others. Choosing which to implement first, and which will work well in practice, requires skill and forethought, but will be rewarded with a steady, reliable migration, easier maintenance and lower operating costs. For many organisations, there may never be a full migration, as mission critical and security critical applications remain in house and other run remotely in the facilities of cloud providers. The way in which organisations employ people has changed over the last fifty years. The model of a 1960’s organisation was one where everyone was a full-time employee. Today it is one where the business is run by a small, tight team pulling in self-employed specialists and subcontractors as and when needed. Perhaps the future model for IT is the same – a small core of IT in-house handling the mission-critical operations, guarding critical data and corporate intellectual property and drawing in less critical or specialised services remotely, in real time, from cloud providers located in remote data centres as and when needed.

The biggest concern for all cloud users was originally security and this remains the case, in spite of strenuous efforts by software vendors 60

www.risk-uk.com

Project1_Layout 1 01/08/2013 12:11 Page 1

Bringing together the entire security buying chain In 2014 IFSEC International, the largest and longest running security event moves to a truly international venue. With more than 40 years at the heart of the security industry, reČľecting innoYatiYe industry trends and SroYiding insight into the Oatest technoOogy to NeeS Eusinesses and goYernments secure Put the date in your diary now! www.ifsec.co.uk/add2014

IFSEC International is Sart of

PROTECTION & MANAGEMENT Week

WWW.IFSEC.CO.UK

17-19 JUNE 2014 ExCeL LONDON

EDIT article 19 may14_riskuk_may14 06/05/2014 23:09 Page 2

Seeing is believing! This month we take a look at the next generation of screens, Ultra High Definition or 4K. Will you be upgrading your monitors any time soon?

anufacturers are always looking for ways to improve their products, especially in the field of technology. With display resolutions, cables, discs and 3D technology being revamped and reworked, TV displays are becoming more detailed, lifelike and visually appealing. Ultra HD-4K technology makes use of higher pixel density, larger screens and the human eyes’ visual acuity to create a more detailed, in-depth image on display screens. This article focuses on what Ultra HD-4K technology is in greater detail, examine where the technology is heading. Ultra High Definition (Ultra HD) has four times the resolution of a 1080p display (3840 x 2160) and is equivalent to an 8-megapixel image. What this means for the TV viewer is that the image will be extremely sharp even when one is viewing from a very close distance. On a 1080p display, viewers who sit too close to the screen will see little squares which are actually the spaces between the pixels. On an Ultra HD display, the pixels are so small that it would take a magnifying glass to view the space between them at normal viewing distances. Simply viewing on an Ultra HD display does not automatically guarantee a better image, because there are many other variables, such as transmission quality and the actual content, but it certainly improves the possibilities.

What is Ultra HD? “Full HD” or 1080p are both ways to describe a display consisting of 1,080 lines of vertical resolution and 1,920 of horizontal resolution. 4K is also known by multiple names, such as 2160 and Ultra HD. Ultra HD-4K must be approximately four times the total resolution of 1080p, or at least two times the vertical resolution and two times the horizontal resolution of 1080p. Most Ultra HD-4K should

Ultra High Definition (Ultra HD) has four times the resolution of a 1080p display (3840 x 2160) and is equivalent to an 8-megapixel image 62

www.risk-uk.com

therefore have an approximate aspect ratio of 3840 (1.89:1) or 4096 (1.90:1). The Consumer Electronics Association’s 4K Working Group decided in the fall of 2012 to call the 4K product category Ultra HD in order to minimise consumer confusion and position Ultra HD-4K performance as being beyond current HDTV standards. It is important to be familiar with both the technical terms as well as those terms used to describe Ultra HD-4K in the sales world in order to understand and sell this technology to clients. The increase in pixel density allows for more details and less-visible pixel images, amounting to a clear, vivid image on the screen. Ultra HD4K has the potential to make use of larger screen sizes while providing a better-looking image than Full HD resolutions are capable of; therefore, the industry has deemed it worthy of the classification “ultra-resolution.” With four times as many pixels and less visible space between pixels, Ultra HD-4K displays positioned at the same distance from the viewer as 1080p are able to display a better overall picture. In fact, in his blog post “What is the Point of Diminishing Returns for TV Screen Sizes?”, CEA Chief Economist and Director of Research Shawn Dubravac calculates that if a consumer replaces their 55-inch HD TV with an Ultra HD-4K TV of the same size, they can sit four feet away instead of the average seven. Similarly, the consumer could remain seven feet from the screen and simply upgrade to a 92inch, or even 153-inch, Ultra HD-4K TV for a full immersive experience. This technology presents the first logical opportunity for consumers to buy the big screen they have always wanted without needing to expand their room size or stray from the recommended seating distance.

Ultra HD-4K data The downside to Ultra HD-4K is that since there are more pixels, there is also more data that needs to be transmitted from a source to the display. Luckily, all the players in the industry are currently working to overcome this obstacle. UltraHD-4K is approximately four times the pixel resolution of 1080p, but requires twice to four times the bandwidth through HDMI, depending on frame rate and colour space. In order to understand the specific bandwidth requirements and implications at both hardware and transport layers, it is prudent to explore how this new format is currently defined in the HDMI specification, and the implications therein for system design and implementation. HDMI is the current predominant format in the encrypted HD-AV (with DRM) delivery space for both commercial and consumer electronics.

EDIT article 19 may14_riskuk_may14 06/05/2014 23:10 Page 3

Ultra HD/4K

Ultra HD delivery platforms and distribution Nearly two-dozen Ultra HD-4K compatible televisions and monitors were announced or shown by more than a dozen companies at CES in 2013 and are currently available in the consumer market. In addition to supporting native Ultra HD content, virtually all of these displays can upscale 2D and 3D HD content and support “second screen” features as well as digital streaming services. The most prevailing question today revolves around the timeframe for content availability to consumers at home. There are a variety of options being considered, including: broadcast, cable and satellite; download or streaming over the Internet; and Blu-ray Disc.

Device hardware Fundamental suitability of a device to be able to support Ultra HD-4K is quite simple. In the case of HDMI ports, the HDMI transmitter, repeater (e.g. switch, splitter) or receiver silicon must support at least 297MHz Clock. First-generation HDMI chipsets (circa 2003-2007) were 165MHz/4.95Gbps, to support the 148.5MHz operating Clock of 1080p60. From 2007 an upgrade to 225MHz/6.75Gbps silicon became ubiquitous, offering support for 1080p60 at 10bit Deep Colour (5.56Gbps) and 12-bit Deep Colour (6.68Gbps). At the time this document was developed, most devices still use the 225MHz silicon, which is not enough for the 297MHz required for Ultra HD-4K. New generation silicon released by some leading chipset vendors in 2012 have settled on 300MHz. Unless a device contains this new 300MHz silicon (or higher), it cannot support Ultra HD4K. Application example: many Blu-ray players offered firmware upgrade to support 3D, as no extra bandwidth was required for that. The existing 225MHz HDMI chipsets were sufficient. However to support 2160p a physical change to hardware is required. Furthermore, a couple of years ago the claim of “HDMI v1.4” was sometimes used by CE device manufacturers to promote support for things like 3D and Audio Return Channel. However Ultra HD-4K was just as much a part of the v1.4 spec, but this was not supported by such devices due to hardware limitations. This was just one of several reasons for HDMI Licensing to abolish reference to version numbers, due to their misleading nature.

HDMI cable suitability A good quality, certified “High Speed HDMI Cable” is required to achieve Ultra HD-4K support (to 30fps). The challenge is in finding

an HDMI cable that is labelled High Speed that actually is High Speed. There is a proliferation in the market of mislabelled cables due to the pre2010 legacy of 1080p being the benchmark, and the misunderstanding that “1080p” and “High Speed” meant the same thing. 1080p is transmitted on a 148.5MHz Clock, being 4.455Gbps aggregate data rate. By contrast Ultra HD-4K requires double this at 8.91Gbps, and a genuine High Speed cable should be tested to 10.2Gbps. As “HDMI 2.0” mode arises in coming years, being TMDS character rates from 340 to 600Mcsc, a new “Reference Cable Equaliser” will be enacted to aid an existing High Speed (Category 2) HDMI cable to support the increased data rates. This will however still be expected to draw some length limitations, yet to be determined. Ultra HD-4K formats to be affected by this elevation will be those that combine High Frame Rate (HFR) and Deep Colour; 2160p/50/59.94/60, 10 or 12-bit, 4:2:0 or 4:2:2. There is no defined HFR 4:4:4 mode.

DisplayPort DisplayPort was developed in 2006 by VESA. It utilises four data transmission lanes, compared to HDMI’s three, with each initially supporting fixed data rates of 1.296 or 2.16Gbps. In 2009 the 1.2 specification was released, adding a third, higher data rate level of 4.32Gbps/channel. This amounts to an

The increase in pixel density allows for more details and less-visible pixel images, amounting to a clear, vivid image on the screen 63

www.risk-uk.com

EDIT article 19 may14_riskuk_may14 06/05/2014 23:10 Page 4

Like any new technology entering the marketplace, there are challenges in demonstrating the consumer benefits beyond existing tech aggregate 17.28Gbps, sufficient to support Ultra HD-4K at 10-bit Deep Colour to 60fps. DisplayPort-enabled devices have the same needs as HDMI hardware in providing compatibility at both the silicon and firmware levels. While DisplayPort has yet to be adapted for use in Ultra HD-4K TVs, it is important to be aware that when installers begin designing a DisplayPort system to deliver and display Ultra HD4K content, each device in the system should support Ultra HD-4K at both the physical and firmware layer. A DisplayPort cable with demonstrable support for 10.8Gbps for 2160p30, or 21.6Gbps (highest rating for DP, for 2160p60) is then required for successful hook-up.

CATx cable extension systems As previously mentioned, the data channels in HDMI transmit Ultra HD-4K at 1.485GHz. This is well beyond even the native capability of CAT7a, and around six times the TIA/EIA specified bandwidth of CAT6. Well-designed, purposebuilt electronics and technology like PAM theory can certainly close the gap, but there will always be a limit to how much CATx cable can be used for Ultra HD-4K applications. It is possible, but tough to correctly accomplish. Like with source, repeater, and sink devices, the bandwidth capability of the primary silicon employed inside the transmit (Tx) and receiver (Rx) units of a CATx-based extender system is also key in identifying Ultra HD-4K support. Many such extenders utilise HDMI equaliser chipsets which cap out at 225MHz, and are thus insufficient. Technicians should always avoid general claims like â&#x20AC;&#x153;HDMI v1.4â&#x20AC;? as this is completely non-definitive. Only chipset bandwidth and listing for actual features supported can be deemed relevant in identifying product suitability.

HDBaseT HDBaseT is an exception to the above assertion, as it retimes the signal in a PAM-16 (Pulse Amplitude Modulation) baseband format, essentially changing the rules of native CATx (which, after all, is designed for Ethernet). It has from the outset supported all of the same Ultra HD-4K formats as HDMI, up to and including 30fps iterations. It can also be implemented

www.risk-uk.com

with DisplayPort I/O for support of all formats within the scope of the 5.2 and 8.6Gbps aggregate data rates. It is a 10Gbps format which in application conveys TMDS signalling (as used by both HDMI and DisplayPort). At its heart, the Valens VS-100 chipset specifies support for Ultra HD-4K to 100m over CATx cable, or 40m when using the VS-010 (HDBaseT-Lite) chipset. The HDBaseT Alliance has declared that the technology will be scalable in future to support higher frame rate versions, potentially to 20Gbps for 2160p 48-60 (4K-HFR). However, as retiming of the signal is involved, with silicon being firmware driven in the HDBaseT system, the transmission is not in the native space of the end point devices (assuming HDMI or DisplayPort connections). This provides some extra risk to interoperability success and stability, but this can be managed by using quality, compliant product.

Fibre The issue of running HDMI over long distances, often referred to as long-haul, has been an area of great debate since its inception. With HDMI 2.0 nearly doubling the frequency and bitrate on the cable, long-haul issues may be further compounded. For distributing Ultra HD-4K signals over significant distances, typically over 30 meters, one solution is to add an HDMI-tofibre converter. Since fibre optic utilises light instead of copper to transport data, the signal can cover significantly greater distances before failure. Installing and terminating fibre optic cables requires very specialised tools and training to ensure proper functionality. However, if installed and terminated properly, fibre to HDMI converters will send Ultra HD signals hundreds of feet without any visible or measurable degradation.

Blu-ray While a movie in Ultra HD-4K is within the range of data that a Blu-ray Disc can store, the Blu-ray Disc Association (BDA) recently established a task force to study possible format extensions in order to ensure the most efficient way to transport Ultra HD-4K data on discs. The group will work on investigating both technical feasibility and market demand for Ultra HD-4K and look into aspects such as higher frame rates, enhanced colour, additional audio technologies, etc. in regard to how these aspects play into future Blu-ray Disc developments. In the meantime, companies such as Sony Pictures Home Entertainment work to release remastered Blu-ray movies compatible with existing players and provided their dealers with PC-based servers that feature

EDIT article 19 may14_riskuk_may14 06/05/2014 23:10 Page 5

Ultra HD/4K

a variety of content shot in 4K.

Broadcasting and streaming During CES, LG demonstrated Ultra HD-4K terrestrial broadcasting that is currently being tested in Korea. Netflix also demonstrated a prototype Ultra HD-4K streaming service with Samsung at CES but indicated that more advancements would need to be made before this technology is readily available. Finally, RED is also in the process of developing their RedRay player, which will be capable of streaming Ultra HD-4K content via the Internet and can also play HD and 3D content at either 48 or 60fps. The player is projected to come with an expandable 1 TB internal HDD, and will support multiple HDMI outputs, including one for 7.1 surround. While these advancements are greatly anticipated, they are still in the early stages of development and it will be some time before they are affordable and feasible in the consumer market. In addition to the current advances of Ultra HD-4K displays, many are speculating that future products will enable even more dramatic improvements to colour reproduction and picture quality. The term “Gamut” is used to describe the variety of colours a display or a source signal can reproduce. The specification for the colour gamut of HD displays (HD-REC709) was an improvement over standard definition. Now with the increased attention on Ultra-HD, Sony has announced that their Ultra HD streaming service will feature xvYCC colour, which will be an improvement over HD colour. If Ultra HD-4K eventually realises the colour gamut described by the ITU, the images possible would be radically improved over the current HDTV and xvYCC colour. This would equal, and could exceed, the improvements in picture quality offered through the increased resolution alone. The visually stunning gamut described will be able to show colours so saturated that they could faithfully reproduce carnations, geraniums, marigolds and even sunflowers — all of which have colours that cannot be reproduced with the current HD gamut. That kind of enhanced colour reproduction will not be possible with current television technology, but the ITU offers a glimpse of Ultra HD-4K improvements to come in future generations and gives the industry a hint at future innovations to come to Ultra HD-4K screens.

How will 4K impact my business? Like any new technology entering the marketplace, there are challenges in

demonstrating the consumer benefits beyond existing tech. In the case of Ultra HD-4K, it is still a niche product, squarely focused on affluent early adopters. As prices come down in the next year or so, a broader audience will begin to realise the benefits of incredible depth and clarity, even on the largest displays. Many consumers remain in the honeymoon stage with HD, but larger panel sizes have begun outselling smaller TVs. These larger screen sizes are likely to lead to increased interest in higher resolution. Right now, the target consumer for Ultra HD-4K likely already owns multiple HD sets and is looking for the best big-screen experience in order to achieve the most cinematic experience in the home. However, the primary Ultra HD-4K content available for consumer TVs will initially be from up-scaled sources. The HD vs. Ultra HD-4K debate certainly bridges from manufacturers’ marketing to the retail floor. Dealers are concerned that the price delta may be a major inhibitor to sales. As Ultra HD-4K moves further into the consumer market, manufacturers will likely take similar stances to Sony, who provides their Ultra HD-4K TV consumers with a bundled 4K video player and tablet remote which include a variety of shortform 4K content and full-length feature films. The counter is that buying Ultra HD-4K now helps to future-proof the home theatre. Not only are the TVs feature-rich, with 3D, connected services and high-speed processors, but they can also enhance the content displayed and in the case of HD content, can upscale the content close to Ultra HD-4K resolution. Currently, content is still being remastered to take advantage of the upscaling capabilities, but the future is not that far off, and native Ultra HD-4K video content will soon be widely available.

Conclusion In summary, despite all of these potential Ultra HD-4K content and delivery options under development, most Ultra HD-4K TV viewers will be watching primarily upscaled content until next year. It will be a challenge to educate consumers on the value of Ultra HD-4K, but when specified correctly according to the needs of the individual project, the benefits are evident. The promise of immersive images and enhanced resolution is enough to win over the consumer who is interested in owning the best on the market today.

The full version of this whitepaper was developed with assistance by the following individuals and reviewed by CEDIA’s working group: David Meyer of Kordz, Dan Schinasi from Samsung, Joel Silver of Imaging Science, Marc Finer from DEG: The Digital Entertainment Group and Ray Stanley of Sony. To see the full version visit: www.cediaeducation.com/ resources/whitepapers

The promise of immersive images and enhanced resolution is enough to win over the consumer 65

www.risk-uk.com

EDIT article 3 may14_riskuk_may14 06/05/2014 17:36 Page 2

Data protection

Two years to prepare... Businesses must act now to prepare for EU data protection reforms says Christian Toon, head of information risk, Europe, Iron Mountain

he European Parliament recently voted through amended data protection proposals. These new reforms represent the EUâ&#x20AC;&#x2122;s first major overhaul of data protection legislation since 1995 and will bring with them significant changes to the way personal data can be used. Once approved by the European Council, the 28 member states will have two years to become fully compliant. For many businesses this will seem a long way off. It can be tempting to wait to make any changes until they become a legal requirement, but that would be a mistake. In the wake of the widely-publicised NSA revelations around government snooping, consumers across Europe will welcome the greater personal protection and rights proposed by the new EU reforms as a long-overdue step in the right direction. Many businesses, however, will be challenged by the new obligations that are likely to come their way. The new EU data protection reforms are intended to replace the current patchwork of national laws. Companies would be accountable to a single European supervisory authority, rather than 28, enabling simpler, more costefficient business in the EU, the economic benefits of which are estimated at 2.3 billion per year. The draft requirements directly address issues such as customer consent and the need to notify regulators of a data breach within 24 hours. Many firms currently invest more

The new EU data protection reforms are intended to replace the current patchwork of national laws 66 www.risk-uk.com

resources dealing with the fallout and investigations of data loss, rather than on adequately protecting it in the first place. This needs to change and the reforms are looking to address this. Failure to protect data sufficiently will have serious financial consequences, with the potential for fines in the event of an incident of up to five per cent of a private sector organisationâ&#x20AC;&#x2122;s turnover. However, financial penalties for data breaches have been in place for some time, and have apparently done little to encourage increased responsibility in the management and protection of sensitive information. Businesses would do well to act now to better protect their information, regardless of the threat of incoming legislation. It is up to businesses to scrutinise, mitigate and manage their own information risk supply chain, as part of a Corporate Information Responsibility (CIR) programme. Examples of good practice are already in place. In Germany, for example, organisations are already obliged to make a member of staff responsible for data protection and ensure compliance in line with national laws. The biggest challenge for the EU will be to get all countries to match this standard. Meeting new requirements will involve taking stock of current practice and ensuring processes and policies are up to scratch. Waiting until the legislation is passed could be too late for many. For example, processes for identifying and reporting an incident need to be efficient, with the monitoring of data integrity common practice. This has become more complex with the prevalence of social media and mobile devices. Consequently, there is a greater requirement for firms to understand exactly what information they hold in physical and digital formats and where that information is held. A data breach does not just represent a financial risk, it represents a serious threat to brand reputation and customer loyalty. With social media on the rise, bad news travels faster and further than ever. Even the smallest incident could have serious consequences for the future of an organisation if they are found to be at fault. Every organisation should give serious consideration to its role as the responsible custodian of sensitive information. Businesses across Europe would be advised to consider their exposure to information risk and seize the opportunity of the impending regulatory changes to assess whether they have the right processes and policies in place to minimise that exposure.

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 1

Best Value Security Products from Insight Security www.insight-security.com Tel: +44 (0)1273 475500 ...and lots more Computer Security

Anti-Climb Paints & Barriers

Metal Detectors (inc. Walkthru)

Security, Search & Safety Mirrors

ACCESS CONTROL

Security Screws & Fastenings

Key Control Products

Empty Property & Lone Worker Alarms

Traffic Flow & Management

see our website

ACCESS CONTROL & DOOR HARDWARE

ALPRO ARCHITECTURAL HARDWARE ACCESS CONTROL

ACT Unit c1 South city Business centre Tallaght D.24 Ireland www.accesscontrol.ie tel: 00 353 1 466 2570 UK Lo Call Number: 0845 300 5204

Products include Electric Strikes, Deadlocking Bolts, Compact Shearlocks, Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101 E: info@alpro.co.uk Web: www.alpro.co.uk

ACCESS CONTROL – SPEED GATES, BI-FOLD GATES

ACCESS CONTROL

APT SECURITY SYSTEMS The Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NY Tel: 020 8421 2411 Email: info@aptcontrols.co.uk www.aptcontrols-group.co.uk

HTC PARKING AND SECURITY LIMITED 4th Floor, 33 Cavendish Square, London, W1G 0PW T: 0845 8622 080 M: 07969 650 394 F: 0845 8622 090 info@htcparkingandsecurity.co.uk www.htcparkingandsecurity.co.uk

B a r r i e r s , B l o c k e r s , B o l l a r d s , PA S 6 8

ACCESS CONTROL

KERI SYSTEMS UK LTD Tel: + 44 (0) 1763 273 243 Fax: + 44 (0) 1763 274 106 Email: sales@kerisystems.co.uk www.kerisystems.co.uk

ACCESS CONTROL

INTEGRATED DESIGN LIMITED Integrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQ Tel: +44 (0) 208 890 5550 sales@idl.co.uk www.fastlane-turnstiles.com

ACCESS CONTROL

COVA SECURITY GATES LTD Bi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & Bollards Consultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68

Tel: 01293 553888 Fax: 01293 611007 Email: sales@covasecuritygates.com Web: www.covasecuritygates.com

ACCESS CONTROL MANUFACTURER

NORTECH CONTROL SYSTEMS LTD. Nortech House, William Brown Close Llantarnam Park, Cwmbran NP44 3AB Tel: 01633 485533 Email: sales@nortechcontrol.com www.nortechcontrol.com

ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERS

HEALD LTD HVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface Mount Solutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards, Security Barriers, Traffic Flow Management, Access Control Systems

ACCESS CONTROL

SECURE ACCESS TECHNOLOGY LIMITED Authorised Dealer Tel: 0845 1 300 855 Fax: 0845 1 300 866 Email: info@secure-access.co.uk Website: www.secure-access.co.uk

AUTOMATIC VEHICLE IDENTIFICATION

NEDAP AVI PO Box 103, 7140 AC Groenlo, The Netherlands Tel: +31 544 471 666 Fax: +31 544 464 255 E-mail: info-avi@nedap.com www.nedapavi.com

Tel: 01964 535858 Email: sales@heald.uk.com Web: www.heald.uk.com

ACCESS CONTROL – BARRIERS, GATES, CCTV ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERS

FRONTIER PITTS Crompton House, Crompton Way, Manor Royal Industrial Estate, Crawley, West Sussex RH10 9QZ Tel: 01293 548301 Fax: 01293 560650 Email: sales@frontierpitts.com Web: www.frontierpitts.com

ABSOLUTE ACCESS Aberford Road, Leeds, LS15 4EF Tel: 01132 813511 E: richard.samwell@absoluteaccess.co.uk www.absoluteaccess.co.uk Access Control, Automatic Gates, Barriers, Blockers, CCTV

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILES

ACCESS CONTROL – MANUFACTURER

UKB INTERNATIONAL LTD

ROSSLARE SECURITY PRODUCTS

Planet Place, Newcastle upon Tyne Tyne and Wear NE12 6RD Tel: 0845 643 2122 Email: sales@ukbinternational.com Web: www.ukbinternational.com

Rosslare Security Products manufactures the Security Industry’s largest and most versatile range of Proximity and Smart Card readers.

Bletchley Park, Milton Keynes, MK3 6EB Tel: 01908-363467 Email: sales.uk@rosslaresecurity.com www.rosslaresecurity.com ISO 9001 and ISO 14001 Certification

www.insight-security.com Tel: +44 (0)1273 475500

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 2

MANUFACTURE STANDALONE ACCESS CONTROL PRODUCTS PSU’S, KEYPADS, ELECTRIC LOCKS, BREAKGLASS, EXIT BUTTONS

RGL ELECTRONICS LTD “Products to Trust – Power to Help” Pelham Works, Pelham Street, Wolverhampton WV3 0BJ Sales: +44 (0) 1902 656667 Fax: +44 (0) 1902 427394 Email: info@rgl.co www.rgl.co

BUSINESS CONTINUITY

BUSINESS CONTINUITY SOFTWARE & CONSULTANCY

CONTINUITY2 E232 Edinburgh House Righead Gate Glasgow G74 1LS Tel: +44 (0) 845 09 444 02 Fax : +44 (0) 845 09 444 03 info@continuity2.com

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTS

ALTRON COMMUNICATIONS EQUIPMENT LTD Tower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJ Tel: +44 (0) 1269 831431 Email: comms@altron.co.uk Web: www.altron.co.uk

CCTV

G-TEC Gtec House, 35-37 Whitton Dene Hounslow, Middlesex TW3 2JN Tel: 0208 898 9500 www.gtecsecurity.co.uk sales@gtecsecurity.co.uk

CCTV

PECAN

BUSINESS CONTINUITY MANAGEMENT

CONTINUITY FORUM Creating Continuity ....... Building Resilience A not-for-profit organisation providing help and support Tel: +44(0)208 993 1599 Fax: +44(0)1886 833845 Email: membership@continuityforum.org Web: www.continuityforum.org

Stortech Elec, Unit 2 spire green Centre Pinnacles West, Harlow, Essex CM19 5TS Tel 01279 419913 Fx 01279 419925 www.pecancctv.co.uk email sales@stortech.co.uk

CCTV/IP SOLUTIONS

DALLMEIER UK LTD 3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QH Tel: +44 (0) 117 303 9 303 Fax: +44 (0) 117 303 9 302 Email: dallmeieruk@dallmeier.com

PHYSICAL IT SECURITY

RITTAL LTD Tel: 020 8344 4716 Email: information@rittal.co.uk www.rittal.co.uk

CCTV & IP SECURITY SOLUTIONS

PANASONIC SYSTEM NETWORKS EUROPE Panasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: system.solutions@eu.panasonic.com Web: www.panasonic.co.uk/cctv

BUSINESS CONTINUITY 4 Scotia Close Brackmills Northampton NN4 7HR 01604 769222 www.bcontinuity.com

COMMUNICATIONS & TRANSMISSION EQUIPMENT

KBC NETWORKS LTD.

CCTV

SURVEILLANCE / CCTV

IDIS EUROPE

Barham Court, Teston, Maidstone, Kent ME18 5BZ www.kbcnetworks.com Phone: 01622 618787 Fax: 020 7100 8147 Email: emeasales@kbcnetworks.com

DIGITAL IP CAMERAS

SESYS LTD

1000 Great West Road, Brentford, LONDON TW8 9HH Tel : +44 (0)203 657 5678 Fax : +44 (0)203 697 9360 uksales@idisglobal.com

Supplying digital IP camera for rapid deployment, remote site monitoring, fixed and short term installations. High resolution images available over mobile and wireless networks to any standard web browser.

MANUFACTURERS OF A COMPLETE RANGE OF INNOVATIVE INFRA RED AND WHITE LIGHT LED LIGHTING PRODUCTS FOR PROFESSIONAL APPLICATIONS INCLUDING CCTV SCENE ILLUMINATION, ARCHITECTURAL UP-LIGHTING AND COVERT SECURITY.

END TO END CCTV SOLUTIONS/RECORDERS, CAMERAS, NETWORK PRODUCTS

ADVANCED LED TECHNOLOGY LTD Sales: +44 (0) 1706 363 998 Technical: +44 (0) 191 270 5148 Email: info@advanced-led-technology.com www.advanced-led-technology.com

1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QG Tel +44 (0) 1730 230530 Fax +44 (0) 1730 262333 Email: info@sesys.co.uk www.sesys.co.uk

DEDICATED MICROS 1200 Daresbury Park, Daresbury, Warrington, WA4 4HS, UK Tel: +44 (0) 845 600 9500 Fax: +44 (0) 845 600 9504 Email: customerservices@dmicros.com www.dmicros.com

www.insight-security.com Tel: +44 (0)1273 475500

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 3

INFRA-RED, WHITE-LIGHT AND NETWORK CCTV LIGHTING

RAYTEC Unit 3 Wansbeck Business Park, Rotary Parkway, Ashington, Northumberland. NE638QW Tel: 01670 520 055 Email: sales@rayteccctv.com Web: www.rayteccctv.com

CCTV SPECIALISTS

PLETTAC SECURITY LTD Unit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XH Tel: 0844 800 1725 Fax: 01788 544 549 Email: sales@plettac.co.uk www.plettac.co.uk

TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR

COP SECURITY Leading European Supplier of CCTV equipment all backed up by an industry leading service and support package called Advantage Plus. COP Security, a division of Weststone Ltd, has been designing, manufacturing and distributing CCTV products for over 17 years. COP Security is the sole UK distributor for IRLAB products and the highly successful Inspire DVR range. More than just a distributor.

COP Security, Delph New Road, Dobcross, OL3 5BG Tel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 201 sales@cop-eu.com www.cop-eu.com

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS, PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.

MAYFLEX Excel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJ

Tel: 0800 881 5199 Email: securitysales@mayflex.com Web: www.mayflex.com

CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOS FRAUD DETECTION

AMERICAN VIDEO EQUIPMENT Endeavour House, Coopers End Road, Stansted, Essex CM24 1SJ Tel : +44 (0)845 600 9323 Fax : +44 (0)845 600 9363 E-mail: avesales@ave-uk.com

CONTROL ROOM & MONITORING SERVICES

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESS CONTROL AND INTRUDER DETECTION SOLUTIONS

NORBAIN SD LTD ADVANCED MONITORING SERVICES

210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TP Tel: 0118 912 5000 Fax: 0118 912 5001 www.norbain.com Email: info@norbain.com

EUROTECH MONITORING SERVICES LTD.

Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring • Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm Response Tel: 0208 889 0475 Fax: 0208 889 6679 E-MAIL eurotech@eurotechmonitoring.com Web: www.eurotechmonitoring.com

EMPLOYMENT

EMPLOYEE SCREENING SERVICES

DISTRIBUTORS

THE SECURITY WATCHDOG Cross and Pillory House, Cross and Pillory Lane, Alton, Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.uk Telephone: 01420593830

EMPLOYMENT

URGENTLY NEEDED… National Franchise Opportunities with an established Security Company with over 4000 installs specialising in Audio Monitoring. Try before you buy scheme. Contact Graham for full prospectus graham@securahomes.co.uk TEL: 01274 631001

sales@onlinesecurityproducts.co.uk www.onlinesecurityproducts.co.uk

IDENTIFICATION

ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PRODUCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.

ADI GLOBAL DISTRIBUTION Chatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RN Tel: 0161 767 2900 Fax: 0161 767 2909 Email: info@adiglobal.com

www.insight-security.com Tel: +44 (0)1273 475500

mar14 dir_000_RiskUK_jan14 06/03/2014 14:11 Page 4

COMPLETE SOLUTIONS FOR IDENTIFICATION

PERIMETER PROTECTION

DATABAC GROUP LIMITED

GPS PERIMETER SYSTEMS LTD

1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HH Tel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 1026 enquiries@databac.com

14 Low Farm Place, Moulton Park Northampton, NN3 6HY UK Tel: +44(0)1604 648344 Fax: +44(0)1604 646097 E-mail: info@gpsperimeter.co.uk Web site: www.gpsperimeter.co.uk

INDUSTRY ORGANISATIONS

PLANNED PREVENTATIVE MAINTENANCE

TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRY

BRITISH SECURITY INDUSTRY ASSOCIATION Tel: 0845 389 3889 Email: info@bsia.co.uk Website: www.bsia.co.uk

THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRY

SECURITY MAINTENANCE CONSULTANTS • Planned Preventative Maintenance (PPM) Specialists • Price Comparison Service (achieving 20-70% savings) • FM Support / Instant Reporting / Remedial Work • System Take-Overs / Upgrades / Additions • Access, CCTV, Fire & Intruder, BMS, Networks & Automation • Free independent, impartial advice Tel: +44 (0)20 7097 8568 sales@securitysupportservices.co.uk

SSAIB 7-11 Earsdon Road, West Monkseaton Whitley Bay, Tyne & Wear NE25 9SX Tel: 0191 2963242 Web: www.ssaib.org

INTEGRATED SECURITY SOLUTIONS SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

HONEYWELL SECURITY GROUP Honeywell Security Group provides innovative intrusion detection, video surveillance and access control products and solutions that monitor and protect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology with traditional analogue components enabling users to better control operational costs and maximise existing investments in security and surveillance equipment. Honeywell – your partner of choice in security. Tel: +44 (0) 844 8000 235 E-mail: securitysales@honeywell.com Web: www.honeywell.com/security/uk

POWER

STANDBY POWER SPECIALISTS; UPS, GENERATORS, SERVICE & MAINTENANCE

DALE POWER SOLUTIONS LTD Salter Road, Eastfield Industrial Estate, Scarborough, North Yorkshire YO11 3DU United Kingdom Phone: +44 1723 583511 Fax: +44 1723 581231 www.dalepowersolutions.com

POWER SUPPLIES – DC SWITCH MODE AND AC

DYCON LTD Cwm Cynon Business Park, Mountain Ash, CF45 4ER Tel: 01443 471 060 Fax: 01443 479 374 Email: marketing@dyconsecurity.com www.dyconsecurity.com The Power to Control; the Power to Communicate

INTEGRATED SECURITY SOLUTIONS

INNER RANGE EUROPE LTD Units 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead, Reading, Berkshire RG74GB, United Kingdom Tel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001 Email: ireurope@innerrange.co.uk www.innerrange.com

STANDBY POWER

UPS SYSTEMS PLC Herongate, Hungerford, Berkshire RG17 0YU Tel: 01488 680500 sales@upssystems.co.uk www.upssystems.co.uk

SECURITY PRODUCTS AND INTEGRATED SOLUTIONS

TYCO SECURITY PRODUCTS Heathrow Boulevard 3, 282 Bath Road, Sipson, West Drayton. UB7 0DQ / UK Tel: +44 (0)20 8750 5660 www.tycosecurityproducts.com

UPS - UNINTERRUPTIBLE POWER SUPPLIES

ADEPT POWER SOLUTIONS LTD Adept House, 65 South Way, Walworth Business Park Andover, Hants SP10 5AF Tel: 01264 351415 Fax: 01264 351217 Web: www.adeptpower.co.uk E-mail: sales@adeptpower.co.uk

PERIMETER PROTECTION INFRARED DETECTION

UPS - UNINTERRUPTIBLE POWER SUPPLIES

GJD MANUFACTURING LTD

UNINTERRUPTIBLE POWER SUPPLIES LTD

Unit 2 Birch Industrial Estate, Whittle Lane, Heywood, Lancashire, OL10 2SX Tel: + 44 (0) 1706 363998 Fax: + 44 (0) 1706 363991 Email: info@gjd.co.uk www.gjd.co.uk

Woodgate, Bartley Wood Business Park Hook, Hampshire RG27 9XA Tel: 01256 386700 5152 e-mail: sales@upspower.co.uk www.upspower.co.uk

www.insight-security.com Tel: +44 (0)1273 475500

mar14 dir_000_RiskUK_jan14 28/04/2014 17:50 Page 5

SECURITY

ONLINE SECURITY SUPERMARKET

EBUYELECTRICAL.COM CASH MANAGEMENT SOLUTIONS

LOOMIS UK LIMITED 1 Alder Court, Rennie Hogg Road, Nottingham, NG2 1RX T - 0845 309 6419 E - info@uk.loomis.com W - www.loomis.co.uk

Lincoln House, Malcolm Street Derby DE23 8LT Tel: 0871 208 1187 www.ebuyelectrical.com

INTRUDER ALARMS – DUAL SIGNALLING

WEBWAYONE LTD CASH & VALUABLES IN TRANSIT

CONTRACT SECURITY SERVICES LTD Challenger House, 125 Gunnersbury Lane, London W3 8LH Tel: 020 8752 0160 Fax: 020 8992 9536 E: info@contractsecurity.co.uk E: sales@contractsecurity.co.uk Web: www.contractsecurity.co.uk

11 Kingfisher Court, Hambridge Road, Newbury Berkshire, RG14 5SJ Tel: 01635 231500 Email: sales@webwayone.co.uk www.webwayone.co.uk www.twitter.com/webwayoneltd www.linkedin.com/company/webwayone

LIFE SAFETY EQUIPMENT

C-TEC CCTV

INSIGHT SECURITY Unit 2, Cliffe Industrial Estate Lewes, East Sussex BN8 6JL Tel: 01273 475500 Email:info@insight-security.com www.insight-security.com

Challenge Way, Martland Park, Wigan WN5 OLD United Kingdom Tel: +44 (0) 1942 322744 Fax: +44 (0) 1942 829867 Website: http://www.c-tec.co.uk

PERIMETER SECURITY

TAKEX EUROPE LTD FENCING SPECIALISTS

J B CORRIE & CO LTD Frenchmans Road Petersfield, Hampshire GU32 3AP Tel: 01730 237100 Fax: 01730 264915 email: fencing@jbcorrie.co.uk

Aviary Court, Wade Road, Basingstoke Hampshire RG24 8PE Tel: +44 (0) 1256 475555 Fax: +44 (0) 1256 466268 Email: sales@takexeurope.com Web: www.takexeurope.com

SECURITY EQUIPMENT INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTD Redwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibre optic perimeter security solutions are owned by Optex. Platinum House, Unit 32B Clivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZ Tel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311 Email: sales@optex-europe.com www.optex-europe.com

PYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronix www.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMS INTRUDER AND FIRE PRODUCTS

BOSCH SECURITY SYSTEMS LTD

CQR SECURITY

PO Box 750, Uxbridge, Middlesex UB9 5ZJ Tel: 01895 878088 Fax: 01895 878089 E-mail: uk.securitysystems@bosch.com Web: www.boschsecurity.co.uk

125 Pasture road, Moreton, Wirral UK CH46 4 TH Tel: 0151 606 1000 Fax: 0151 606 1122 Email: andyw@cqr.co.uk www.cqr.co.uk

INTRUDER ALARMS – DUAL SIGNALLING

CSL DUALCOM LTD Salamander Quay West, Park Lane Harefield , Middlesex UB9 6NZ T: +44 (0)1895 474 474 F: +44 (0)1895 474 440 www.csldual.com

INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONS

RISCO GROUP Commerce House, Whitbrook Way, Stakehill Distribution Park, Middleton, Manchester, M24 2SS Tel: 0161 655 5500 Fax: 0161 655 5501 Email: sales@riscogroup.co.uk Web: www.riscogroup.com/uk

SECURITY EQUIPMENT

CASTLE Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY TEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042 www.facebook.com/castlesecurity www.linkedin.com/company/castlesecurity

www.twitter.com/castlesecurity

VICON INDUSTRIES LTD. Brunel Way Fareham Hampshire, PO15 5TX United Kingdom www.vicon.com

www.insight-security.com Tel: +44 (0)1273 475500

Project1_Layout 1 26/04/2014 21:49 Page 1

Putting you in control

DualCom Signalling Keeping up the perfect balance of quality and cost Stand F1300

www.csldual.com

ÂŠCSL DualCom Limited