risk uk november 2014

Security and Fire Management

Investigating Corporate Fraud: SFO’s Role in DetailCounter-Terrorism: Security Officers and The Six C’sLiquid Gold: Protection Regimes for UK Water SuppliesVertical Focus: Risk Mitigation in the Transport Sector

November 2014

Vulnerability ManagementHow to Minimise ‘Attack Surfaces’ on IT Systems

FrontCover November2014_001 07/11/2014 12:48

Sophistication is not about size The Integriti Security Management System is an IP connected access control

and intruder security system that offers sophisticated centralised management

for both small systems on a single site, or large systems distributed across the

country or across the globe.

With a growing list of new installations take a moment to think of what you’re missing! The Integriti system offers an

advanced suite of software,

hardware and integrated

solutions to deliver complete

management of your entire

integrated system.

Have you tried Integriti yet?

+44 (0) 845 470 5000Inner Range Europe LimitedUnits 10-11 Theale Lakes Business Park

Moulden Way, Sulhampstead

Reading, Berkshire RG74GB UNITED KINGDOM

[email protected]

a4 integriti 0ne page UK.indd 1 4/12/2013 8:40 am

Project1_Layout 1 05/02/2014 17:39 Page 1

Contents33 Risk Mitigation in the Transport SectorManaging risk in the Transport Sector is the theme of thismonth’s Risk UK Vertical Focus. Daniel Wan reviews securitysystems Best Practice (p35) while Jamie Wilson assesses Ebolavirus tracking techniques (pp36-37). Intelligent video in airportsis the focus for Denis Castanet (p39) and Danny Williams tracesthe key role of security personnel at transport hubs (p41)

42 The Race for TraceabilityTraceability allows food supply chain specialists to assess theextent of risks facing their business. Duncan Moir investigates

44 Liquid Gold: Safeguarding water suppliesWater sector security solutions delineated by Tony O’Brien

47 Thought showerRobert Moore considers Best Practice for safety shower design

48 The Security Institute’s View

51 In the Spotlight: ASIS International UK Chapter

54 FIA Technical Briefing

56 Security Services: Best Practice CasebookNeill Catton describes the bespoke security servicesarrangements devised for King’s College London

58 When is a vulnerability not a vulnerability?Vulnerability management procedures covered by Mark Kedgley

60 Risk in Action

62 Technology in Focus

65 AppointmentsPeople moves in the security and fire business sectors

67 The Risk UK Directory

November 2014

3www.risk-uk.com

ISSN 1740-3480

Risk UK is published monthly by Pro-Activ PublicationsLtd and specifically aimed at security and riskmanagement, loss prevention, business continuity andfire safety professionals operating within the UK’s largestcommercial organisations

© Pro-Activ Publications Ltd 2014

All rights reserved. No part of this publication may bereproduced or transmitted in any form or by any meanselectronic or mechanical (including photocopying, recordingor any information storage and retrieval system) without theprior written permission of the publisher

The views expressed in Risk UK are not necessarily those ofthe publisher

Risk UK is currently available for an annual subscription rate of£78.00 (UK only)

Risk UKPO Box 332Dartford DA1 9FF

Editor Brian Sims BA (Hons) Hon FSyI Tel: 0208 295 8304 Mob: 07500 606013e-mail: [email protected]

Design and Production Matt JarvisTel: 0208 295 8310 Fax: 0870 429 2015e-mail: [email protected]

Advertisement Director Paul AmuraTel: 0208 295 8307 Fax: 01322 292295 e-mail: [email protected]

Administration Tracey BealeTel: 0208 295 8306 Fax: 01322 292295 e-mail: [email protected]

Managing Director Mark Quittenton

Chairman Larry O’Leary

Editorial: 0208 295 8304Advertising: 0208 295 8307

5 Editorial Comment

6 News UpdateFinancial cost of cyber crime. BSI launches PAS 7000. ICO issuesCCTV warning. BSIA maps out Health and Safety Forum detail

8 News Analysis: Launch of Project FALCON Project FALCON (Fraud and Linked Crime Online) is dedicated toprotecting Londoners from the threat of economic criminality

11 News Special: Transport Security Expo 2014Transport Security Expo runs at London’s Olympia on 2-3December. Brian Sims previews the 2014 show’s vital content

12 Opinion: The Syrian Conflict and UK plcBrett Lovegrove runs the rule over numerous ways in whichevents in Syria are impacting the UK and cannot be ignored

14 Opinion: Training for Counter-TerrorismGiven the recent escalation of the UK’s terrorism threat status to‘Severe’, Charlie Swanson calls for education in The Six C’s

17 BSIA BriefingTrevor Elliott outlines Best Practice in guarding procurement

20 In Defence of the RealmAlun Milford details the work of the Serious Fraud Office for thebenefit of practising security risk management professionals

24 Digital Evidence: Eradicating the pessimismMobile forensics have the potential to transform traditionalmethods of profiling offenders, as Yuval Ben-Moshe explains

26 Leading from the FrontDo security risk professionals actually see themselves asleaders in the Boardroom? Peter French searches for an answer

28 Guarded by GriffinDon Randall looks back on ten years of achievement realised bythe Project Griffin security and counter-terrorism initiative

30 Managing Video as a Digital Asset Thinking of making the switch to an IP-based surveillancesystem for your company? Karl Pardoe has the necessary detail

Fraud Investigations: The SFO in Focus (pp20-23)

Contents November2014_riskuk_Dec12 07/11/2014 12:28

Audible & Visual Signalling

Tel: +44 (0)1706 233879

www.klaxonsignals.com

Klaxon Signals are specialists in the design and manufacture of world-class signalling equipment. Through innovation and technical expertise, Klaxon Signals produce state-of-the-art audible and visual signaling equipment, protecting and informing millions of people around the world.

Klaxon Signal’s audible and visual signalling equipment are primarily used in Fire Evacuation, Industrial

EditorialComment November2014_riskuk_jul14 07/11/2014 12:33

5December 2012

www.risk-uk.com

Editorial Comment

The Security Industry Authority (SIA) recently held its annualStakeholder Conference in central London. In the KeynoteSpeech, Elizabeth France CBE – chairman of the industry’s

regulatory body – mentioned that it’s now exactly four yearssince the Government initiated its Public Bodies Review. A verystrong pronouncement back in 2010 stated the SIA would nolonger be a Non-Departmental Public Body and that a ‘phasedtransition to a new regulatory regime’ was about to commence.

During the intervening period, the Regulator – brilliantly led byCEO Bill Butler – has worked hand-in-glove with companiesacross the private security sector to propel regulation forward.Importantly, that work has included fashioning detail around theaforementioned ‘new regime’ and, specifically, the creation of amodel focused more on security businesses.

The fact that there’s still no concrete timetable for theintroduction of business licensing is – as Elizabeth France rightlystated at conference – both “disappointing and frustrating”.

France continued: “We at the SIA recognise the expenditureand effort the industry has put towards preparing for businesslicensing and, of course, the ongoing costs around thecontinuing uncertainties, but it’s a Government matter.”

The SIA is necessarily a creature of statute. It must align to thelegislative vehicles with which it’s provided by the Home Office.What it cannot do is work without proper legislation or powers.

“We’ve done everything we can to prepare for businesslicensing,” asserted France. “The SIA and the industry remainready for that licensing as and when we have the legislation, butwe cannot stand still and wait. We have to move forward.”

The Regulator has worked with the sector on a sharedframework for business licensing and duly delivered toWestminster a bold statement of intent.

Security businesses presently in a poor shape can expectregulatory and/or legal interventions, the clear use of licenceconditions and restrictions, the threat of removal of their licenceto operate and the deliverance of higher indirect costs.

For aspiring companies, the SIA is adamant that there will bedistinct standards for improvement and, indeed, strategicinterventions designed to support that betterment. As ElizabethFrance explained at conference: “The burden of regulation willbe proportionate. There will be protection from incompetent andcriminal businesses and there will be proportionate costs.”

Importantly, first class security businesses will be recognisedfor doing what they do best – delivering a respected and highlyprofessional service to their end user customers (‘Universitychallenge’, pp56-57). For those same end users, there’s thepromise of “greater engagement” with the Regulator and“clearer information to support informed security purchases”(‘Security Guarding: Sourcing a quality supplier’, pp17-18).

The guarding sector is crucial to the safety of our nation. Itsconstituent members work long and hard – often underextremely difficult circumstances – to protect life, limb, propertyand brand reputation for the clients whom they serve sodiligently on a daily basis. If the Government is truly cognisant ofthat message it must act with legislatory haste. Time is pressing.

Brian Sims BA (Hons) Hon FSyIEditor

On Guard

Visit the Klaxon website:

www.klaxonsignals.com

Fire Evacuation

Industrial Signalling

www.klaxonsignals.com/industrial&WAS

EditorialComment November2014_riskuk_jul14 07/11/2014 13:41

6www.risk-uk.com

BSI launches PAS 7000 global risk management standard for supply chainsBSI, the business standards company, has launched PAS 7000 – a universally applicable supplychain information standard orchestrated specifically for suppliers and buyers operational atorganisations of all sizes around the globe.

‘PAS 7000 Supply Chain Risk Management: Supplier Pre-qualification’ helps answer three keyquestions relating to any organisation’s supply chain partners: Who are they? Where are they? andCan they be relied upon?

The standard exhibits the collective expertise of 240 professionals drawn from global industryassociations and organisations (including Astra Zeneca and the Chartered Institute of Purchasingand Supply) and addresses product, process and behavioural criteria for supplier pre-qualification.

As supply chains increasingly span continents, and brands become more exposed due to thedemand for increased transparency, so the challenge for procurement teams to assess thesuitability of suppliers increases. In the last 12 months alone, 63% of EMEA companies haveexperienced disruption to their value chain due to unpredictable events beyond their control at anaverage cost of £449,525 per episode.

PAS 7000 provides companies with a uniform set of common information requirements thatreduces duplication of effort in completing tender forms and aids procurement in bringingconsistency to the supplier base. It establishes a model of governance, risk and complianceinformation for buyers to pre-qualify suppliers and confirm their intention and ability to adhere tokey compliance requirements. In turn, PAS 7000 helps organisations make an informed decisionabout whether or not to engage with a potential supply chain partner.

Top 10 online-enabled frauds hittingBritish wallets to the tune of £670 million

Organisers of Get Safe Online – the joint public-private sector Internet safety initiative – haverevealed the financial and emotional cost ofcyber crime. In a specially commissioned poll of2,000 people by Vision Critical for Get SafeOnline Week 2014 (which ran from 20-26October), 50% of those who have been a victimof cyber crime (including online fraud or casesresulting in economic loss, ID theft, hacking ordeliberate distribution of viruses and onlineabuse) said they felt either ‘very’ or ‘extremely’violated by their ordeal.

Separate figures prepared by the NationalFraud Intelligence Bureau for Get Safe OnlineWeek offer an indication as to the sheer scale ofonline crime, with over £670 million lostnationwide to the Top 10 Internet-enabledfrauds reported between 1 September 2013 and31 August this year. Given that a significantnumber of Internet-enabled fraud cases stillpass by unreported, the true economic cost tothe UK is likely to be significantly higher.

The Get Safe Online survey also reveals thatover half (53%) of the population now viewsonline crime just as seriously as they do‘physical world’ crimes, destroying the notionthat online crime is ‘faceless’ and lessimportant than other forms of criminality.

As a result, more cyber crime victims (54%)wish to unmask a perpetrator but only 14%have succeeded in doing so.

Around half (47%) of victims did not know towhom they should report an online crime,although this figure is expected to drop due tothe ongoing work of Action Fraud (the UK’snational fraud reporting centre) and theconsiderable Government resources nowdedicated to fighting cyber crime.

On a more positive note, victims in the GetSafe Online poll said that their experienceshave shocked them into changing theirbehaviour for the better, with nearly half (45%)opting for stronger passwords and 42% nowbeing extra vigilant when shopping online. Overa third (37%) always log out of accounts whenthey go offline and nearly a fifth (18%) havechanged their security settings on their socialmedia accounts.

Commenting on the survey results, FrancisMaude (Minister for the Cabinet Office) stated:“The UK cyber market is worth over £80 billiona year and rising. The Internet is undoubtedly aforce for good, but we simply cannot stand stillin the face of these threats which already costour economy billions every year.”

Tony Neate, CEO at Get Safe Online,explained: “We can all take simple steps toprotect ourselves, including the use of strongpasswords on our computers and mobiledevices, never clicking on a link sent by astranger and always logging off from an accountor website when we’re finished.”

Francis Maude MP:Minister for the Cabinet Office

NewsUpdate November2014_riskuk_nov14 07/11/2014 12:56

7www.risk-uk.com

News Update

BSIA set to launch all-new Health and Safety Forum for the security sector

The British Security Industry Association(BSIA) has announced the launch of a newHealth and Safety Forum dedicated to the

sharing of industry Best Practice andpromoting the importance of Health andSafety for security practitioners, companies,their employees and their customers.

Formed in light of the growing importance ofHealth and Safety within the security sector,the Forum has also been created in responseto demand from BSIA members. In a recentsurvey conducted by the Trade Association,93% of respondents expressed a keen interestin participating in such a Forum, which intendsto deal with important issues includingviolence in the workplace, accidents andpreventative measures.

Open to representatives from all BSIAmember companies, the Health and SafetyForum aims to facilitate the sharing ofinformation and Best Practice techniques, inturn galvanising members’ commitment to

Health and Safety into positive action whileinforming them of the latest developmentsacross relevant legislation.

Trevor Elliott, director of manpower andmembership services at the BSIA, commented:“Recently, the Health and Safety of front lineworkers has been at the very forefront ofpublic discussion, with a report from theGreater London Authority Conservativesindicating that no less than 66,000 front lineworkers have either been punched, kicked,spat on or even killed while undertaking work-related duties. Assaults against securityofficers were also highlighted by this report asan ongoing issue.”

The Health and Safety Forum will meet forthe first time at a launch event taking placethis month at Stamford Bridge.

Facilitating the launch briefing is BobbyLogue, managing director of Interconnective.Logue stated: “The main purpose of theinitiative is to understand the related industry-wide issues and collect statistics on all Healthand Safety-focused incidents. This would thenform the basis of an industry strategy aimed atreducing such occurrences.”

ICO warns CCTV operators that useof surveillance cameras must be“necessary and proportionate”The Information Commissioner’s Office (ICO)has warned CCTV operators that surveillancecameras must only be used as a “necessaryand proportionate” response to a real andpressing problem. The warning comes at thesame time the ICO publishes its updated CCTVCode of Practice. The update includes a look atthe data protection requirements placed onthe operators of new and emergingsurveillance technologies such as drones andbody-worn video cameras.

“The UK is one of the leading users of CCTVand other surveillance technologies in theworld,” said Jonathan Bamford, the ICO’s headof strategic liaison (pictured). “Technology isnow able to pick out even more people to berecorded in ever greater detail. This realisesnew opportunities for tackling crime, but alsoposes potential threats to privacy if camerasare just being used for recording innocentmembers of the public without good reason.”

Bamford added: “Surveillance camerasshould not be deployed as a quick fix, butrather as a proportionate response to a realand pressing problem. Installing surveillancecameras or technology like ANPR and body-worn video is often seen as the first option,

but before deploying such systems we need tounderstand the problem and whether that’s aneffective and proportionate solution. Failure toconduct proper privacy impact assessments inadvance has been a common theme in ourenforcement cases.”

The updated Code of Practice explains howCCTV and other forms of camera surveillancecan be used to process people’s information.The guidance details the issues that operatorsshould consider before installing suchsurveillance technology, the measures thatcompanies should have in place to make surean excessive amount of personal informationisn’t being collected and the stepsorganisations ought to take in order to makesure captured information is kept secure anddestroyed once it’s no longer required.

The ICO’s CCTV Code of Practicecomplements the provisions in theSurveillance Camera Code of Practice issuedlast year by the UK Surveillance CameraCommissioner and which applies to policeforces, local authorities and Police and CrimeCommissioners in England and Wales (as perthe Protection of Freedoms Act 2012).

The ICO’s guidance covers a wider area asthe requirements of the Data Protection Actapply to all sectors processing personalinformation across the whole of the UK(including the private sector).

NewsUpdate November2014_riskuk_nov14 07/11/2014 12:56

Metropolitan Police Service CommissionerSir Bernard Hogan-Howe QPM officiallylaunched FALCON – Fraud and Linked

Crime Online – at the QEII Conference Centre inLondon’s Westminster. The new team willconsist of up to 500 officers dedicated totackling cyber crime, acquisitive crime with anonline aspect and also fraud that does not havean online element attached to it.

The overall aim of FALCON is to create a newoperating model for the investigation andprevention of fraud and cyber crime in Londonthat will deliver seven key services. Theseservices are as follows:

Volume and cyber-enabled investigationsA centralised capability that will remove theonus of investigation of fraud and cyber-enabled acquisitive crime from local policing

Boroughs and provide a consistent approachtowards investigations

Complex and proactive fraud investigationsA centralised investigations service thatproactively targets specific criminals andorganised crime groups causing the most harmto individuals and businesses

Pure cyber investigationsAn increased capacity to undertake proactiveand reactive investigations in response tointelligence or referral (from the national body)

Problem solving, prevention, industry liaisonA capacity to work in partnership alongsidebusinesses with a common purpose ofpreventing fraud and cyber-enabled fraud. Thiswill enable the Metropolitan Police Service tolink more regularly and effectively withbusiness forums and, in turn, encourage theincreased reporting of crime

Victim careProvision of a service to ensure that all London-based crime victims are recorded andcontacted. This will enable the gathering ofintelligence to improve future investigativeoutcomes and also identify enablers specificallydesigned to support ongoing prevention andenforcement activities

Performance, training and marketingTo provide accurate performance andinformation to internal and externalstakeholders with data relating to both threatsand trends

IntelligenceThe creation of a dedicated fraud and cybercrime intelligence capability

In summary, then, Project FALCON is beingdeveloped in response to the significant growthin cyber-enabled acquisitive crime. Borough-based police officers will continue to beresponsible for investigating cyber crimesinvolving malicious communications,harassment or cyber stalking.

Speaking at the launch event, MetropolitanPolice Service Commissioner Sir BernardHogan-Howe QPM explained: “FALCON sees amore focused and joined-up approach by theMet, the business sector and other law

FALCON will be “an important addition to thenational economic crime prevention capability”

City of London PoliceCommissioner Adrian Leppard

City of London Police Commissioner Adrian Leppard haswelcomed the Metropolitan Police Service’s announcement

concerning the creation of a new fraud and cyber crime teamdesignated FALCON and dedicated to protecting Londoners

vulnerable to the threat of economic criminality

8www.risk-uk.com

NewsAnalysisProjectFALCON November2014_riskuk_nov14 07/11/2014 12:54

enforcement agencies to ensure that we’reprotecting the public, designing out crime andarresting the culprits. We will be more powerfulif the three of us – the police, the public andbusinesses – can work together.”

Cyber crime challenges in LondonAs the national policing lead for economiccrime with responsibility for the National FraudIntelligence Bureau (NFIB) and Action Fraud,the City of London Police has been an activesupporter of the Met in addressing the fraudand cyber crime challenges faced by Londoners.

Those challenges are evidenced by the highproportion of reported economic crimeassessed by the NFIB that results indisseminations to the Met for consideration ofLondon-based investigations.

City of London Police Commissioner AdrianLeppard said: “I welcome the creation ofFALCON and the priority this type of crime isbeing given by the Metropolitan PoliceCommissioner and the London Mayor’s Office.These London-based teams will be animportant addition to the national capabilitybeing developed by the City of London Police,the National Crime Agency and police forcesacross the rest of the country.”

Karen Bradley, Minister for Modern Slaveryand Organised Crime, added: “The threat fromcyber crime is ranked as ‘Major’ in our NationalSecurity Strategy, and the Government isinvesting £860 million over five years to tacklethis issue. We’re also increasing knowledgethroughout local police forces with specialisttraining. I’m very pleased to see theMetropolitan Police Service’s commitment todealing with fraud and cyber crime, and I lookforward to hearing about the vital contributionFALCON will make to this work.”

Advance of Internet-enabled devicesIn tandem, the latest KPMG survey suggests UKconsumers fear that technology is overtakingtheir lives, with many increasingly concernedabout the pace of change they face. The studyresults also highlight apparent discomfort withthe greater surveillance of everyday life and acynicism about the need for connected devices.

KPMG surveyed over 1,600 consumers acrossthe UK to identify attitudes towards the‘Internet of Things’/‘Internet of Everything’ –the term used to describe devices which ‘speak’to each other over the Internet. The companyaimed to gauge consumers’ views aroundintrusiveness, security and connected devices.

More than half (58%) of the respondentsresent the idea that computers seem to runtheir lives “wherever they go” while 70%

suggest that, with the marketplace ‘flooded’ byinterconnected devices, it’s too easy for thingsto go wrong.

The survey goes on to reveal that UKconsumers are hankering after a return to‘simple’ technology. For example, many of thosewho took part in the study (54% ofrespondents, in fact) mainly want their phoneonly to make calls while 46% of intervieweeswish to use security systems to remotelymonitor their property while they’re away.

Rise of the machineWil Rockall (director at KPMG’s cyber securitypractice) commented: “It’s clear that consumersare struggling with a desire to use connecteddevices as a route towards an easier life andremain wary of the rise of the machine. Theystill support innovation, recognising that in theright environment having the latest technologyis key. Nearly 60% acknowledge thattechnology makes us more effective at our job.”

Asked why they’re cynical about the advanceof the Internet of Things, respondentsquestioned how it’s possible to keep personalinformation private, with 56% of those polledconcerned about a ‘Big Brother’ effect occurringas a result of new products and the pace atwhich they’re being implemented.

In a work environment, more than one-third(36%) of respondents suggested employers aremonitoring their every action.

Mark Thompson, a senior manager in KPMG’scyber security practice, added: “Security andprivacy are high on the list of worries for theconsumer, with 62% of respondents to oursurvey believing that there’s insufficientconcern about it. The fact remains that, whereonce an Englishman’s home was considered tobe his castle, the Internet of Things means thatfortress walls can be breached more easily.”

Thompson added: “There are so manyopportunities for the latest technologies toprovide value and enhance our lives, but we’refailing to take advantage of them. We willcontinue in that vein until consumers can beconvinced that always-connected devices areboth safe and worthwhile.”

News Analysis: Project FALCON – Fraud and Linked Crime Online

Sir Bernard Hogan-Howe QPM:Commissioner of theMetropolitan Police Service

9www.risk-uk.com

NewsAnalysisProjectFALCON November2014_riskuk_nov14 07/11/2014 12:54

With UK Government initiatives designedto share home-grown capabilities andburgeoning interest in security solutions

worldwide, leading aviation, maritime and railindustry event Transport Security Expo(www.transec.com) runs with an exciting rangeof new features in 2014.

The prestigious event is entirely free todelegates, with all conference streams and aworld class array of speakers accessible to allfor the first time in the show’s illustrioushistory. This move by organiser Nineteen Eventswas driven by increasing demand as well assynergies with the UK Government’s efforts topromote expertise and technology on thewidest possible scale.

Across the last decade and more, TransportSecurity Expo has become the global hub fortransport security professionals worldwide whoare looking to meet and learn Best Practicetechniques from each other so as to ensure thesafest possible movement of people and goods.

This time around, Australia’s transportcommissioner Paul Retter is flying to the UKsuch that he can host the event’s VIP AirportProgramme and join 50 officials from the UKDepartment for Transport as well as 30representatives from the British TransportPolice. A further 22 foreign countries are also indiscussion over sending delegations to the2014 event (which runs at the London OlympiaExhibition and Conference Centre’s NationalHall on 2-3 December).

Nineteen Events works diligently alongsidethe Home Office and the UKTI’s DSO to identifypriority opportunity markets and ensure theright industry representatives are visiting theUK to learn about current Best Practice. Anexpanded event this year includes newconferences for the latest areas where the UKhas developed unparalleled understanding –namely major events transport security andsecure transportation.

The Hosted Buyer programme will alsoreturn. This is a ‘speed dating’ service joiningkey industry buyers with relevant exhibitorsshowcasing their wares. Buyers from a widerange of sectors and organisations arerepresented including Bank of America MerrillLynch, Associated British Ports, the HomeOffice and the United Nations Office on Drugsand Crime.

Alongside the event’s enhanced conferenceprogramme, both overseas and domesticvisitors will be able to access an enlarged showwhich now includes a Live Demonstration

Theatre providing real-time examples ofsecurity scenarios and solutions in action. Thisoperates in addition to a Security Vehicle Zoneshowcasing the very latest in armoured vehiclesfor Cash-in-Transit operations.

Advisory Board for 2014A new Advisory Board for Transport SecurityExpo 2014 includes luminaries from UK securitypast and present. All areas from Government toprivate and public security are represented onthe new Board which meets to ensure the eventremains topical and ahead of the game inproviding education and networking for theglobal transport security industry.

The high-level Advisory Board is headed byBritish Naval veteran Admiral Lord West,Stephen Phipson CBE from the Office forSecurity and Counter-Terrorism (OSCT) and RobColeman, director of the Home Office Centre forApplied Science and Technology.

Phipson is a 35-year veteran of the securityindustry and the director for security industryengagement within the OSCT. He’s charged withmanaging the development of the UK securityworld’s key initiatives designed to secure anddevelop export growth.

11www.risk-uk.com

Transport Security Expo: The Global Hub for Best PracticeFor over a decade, Transport Security Expo has remained akey focal point attracting Government regulators andindustry professionals alike. This year’s programme runs atthe Olympia Exhibition and Conference Centre’s National Hallin London on 2-3 December. Brian Sims previews the 2014event for which Risk UK is an Official Media Partner

*Register to attend TransportSecurity Expo 2014 by visiting:www.transec.com or contactNineteen Events on(telephone) 020 8947 9177

**Transport Security Expo issupported by numerousindustry bodies including ASISInternational, the SecurityIndustry Authority, The SecurityInstitute and the ADS Group

News Special: Transport Security Expo 2014

NewsSpecialTransportSecurityExpo2014 November2014_riskuk_nov14 07/11/2014 12:55

Why am I still forming the impression thatthe UK’s focus on the Syrian conflict isbeing kept at arm’s length? In a sense, I

don’t blame us for adopting that attitude. Bigdebates are being had around the corridors ofpower as to whether or not – and how – weshould be deploying our military on the ground.I understand all of that.

The present Government doesn’t want (andcannot afford) to have a debate so close to nextyear’s General Election so a limited force isbeing sent to support our coalition partners. Inparallel, here at home our law enforcementagencies and the Security Services are workinghard to locate and track returning trainedJihadists and gather intelligence from bothopen and closed sources.

Many City Security and Resilience Networks(CSARN) members are also working diligentlyto mitigate threats against their sectors whileat the same time sharing information andintelligence on this subject with those whoneed to know. The voluntary groups operationalon the front line are brilliant, brave and havethe admiration of us all. Furthermore, suchdetermined effort must continue unabated.

There’s an inherent danger in ‘talking up’ thedangers posed to us both here and abroad bythe Syrian situation so let’s not go down that

particular road. Where, though, do we think weare now in the wider global debate and wheredo we think we’re going?

Although using Syria as a reference point,much of what’s about to be said here can applyto any conflict in the present or the future.

Assessing the fall-out to dateAs we know, the present state of affairs isn’tjust about Syria. The situation affects some ofour largest trading partners such as Turkeywhose currency has fluctuated since theconflict began. Asian stock markets have visiblylost financial traction and, to date, continue tostruggle in the battle for stability.

Oil prices in the Middle East rose at theconflict’s outset and the world remainsuncertain about this resource’s pricesustainability. Jordan and the Lebanon are at aconstantly high level of risk as a result of theiraffiliations. The impacts affect us here in theUK. Some louder than others, but they do.

Existing Governmental strategies focus onpreparing businesses for a range of threats andhow to recover when an attack takes place, butnone of them discuss how society should beengaging with itself. For example, how can webuild, share or have a sense of our collectivevalues (on Human Rights, repatriation andmigration away from the battle space, etc) if weas citizens cannot join in that debate or have amechanism to do so? Surely this wide debatealone would give decision-makers an idea as tohow society views the challenges it faces andmight even help find solutions? It’s not asthough we don’t have the technological abilityto do so, so why not take the plunge?

The struggle arises when attempting toexplain what we as a much larger society aredoing to prepare for what we all believe is along game (it’s already been four years, by theway). The questions in my head are many andvaried. Is our overall response to the threat(which is some thousands of miles away)appropriate? What is the UK Government’sstrategy on where its place in the world shouldbe post-2015? What does our current limitedresponse say about us as a United Kingdom?

In addition, if we want to trade with Syriaonce the embargoes are lifted, what plans dowe have in place to do so? How joined-up is thebusiness community in relation to ourGovernment and law enforcement agencies,and is it making best use of this potentialpartnership? Is it enough for businesses just tocreate individual mitigation plans?

12www.risk-uk.com

Joined-up resilience... What will it take?In a thought-provoking discourse, Brett Lovegrove offerssome personal views on how present events in Syria areaffecting UK plc, the apparent lack of joined-up forward

vision around this important issue and the overriding needfor a coherent strategy to be developed by our leaders

OpinionTheSyrianConflictandUKplc November2014_riskuk_nov14 07/11/2014 14:00

Brett Lovegrove MA FRSA FSyIFICPEM: CEO of City Securityand Resilience Networks(CSARN UK and CSARNAustralia) and former Head ofCounter-Terrorism for the City ofLondon Police

What will the Government and society reallydecide to do about those returning British-bornJihadist fighters who seem to have gambledfoolishly with their own right to theirnationality? Why do I feel that we are notworking together as much as we should be?

Let me share something else with you. Icannot help feeling we as UK plc believe thatSyria and its environs are so many miles distantfrom this group of islands that we can turn onand off the flow of information and bad news asand when we wish. We treat this information asinteresting but not compelling enough to dosomething substantial about it.

I’m also not entirely convinced that we as asociety have focused on the needs of oursubstantial Syrian, Turkish, Iraqi, Palestinian orIsraeli communities and supported them whilethey harbour concerns for their families andfriends overseas. In short, we don’t fear theoutcomes of this conflict enough to thinkdifferently. To my mind we should.

Clear and joined-up vision There are many other issues associated withthis current conflict. You’re welcome to fill in allthe blanks, but the point I’m making is that weneed a clear and joined-up vision about whatthe UK’s position really is right now. If wecannot see the whole picture then we’ll neverbe able to respond effectively.

We need to have a clear map of how issuesthat directly affect business, Government andour many communities are interconnected suchthat we’re able to sense how one decision oraction can affect the bigger picture. Only thenmight a coherent and responsive strategy bedeveloped and all stakeholders contribute to it.

If you like, responses can also include criticalintelligence from the aforementionedcommunities themselves who will know a lotabout the activities of individuals still residentin the battle space and those who travel there.It may contain ideas about how we prepare tocontinue to build business relationships withthat part of the Levant for the juncture whenreal trading returns or how we can use thesocial networks to provide a counter narrativeto some of the single source messagesencouraging radicalism.

Without this much wider narrative within anembracing strategy, all we’re doing is activelyexcluding communities and business sectorsthat can help shape a more effective response.

Having raised these issues, what should wedo about them? First, it’s my considered beliefwe must come to terms with the fact that we allhave an active part to play in shaping thecollective future everyone would wish towitness. The UK Government either will not orcannot take the lead in co-ordinating theforward movement required to develop aninteractive, all-encompassing repository ofideas. On that basis, it’s up to us to do sobecause we can often make things happenmore quickly and, indeed, more effectively.We’re not aligned to party rules.

Second, we must agree that unless we thinkdifferently and work together, those individualswho wish to visit great harm upon us willcontinue to have the upper hand in terms ofnarrative. We will always chase their shirt tails.

Third, we need to recruit leaders – and thoseindividuals are among us now – who can beinfluential in drawing together the vital piecesrequired for developing the vision and the all-encompassing strategy that stands alongside.

Platform for discussionThe alternative is to believe that the task beforeus is too difficult, insert ear plugs and keep ondoing what we’re currently doing. That’s not anoption because it simply isn’t working.

CSARN is willing to act as a platform forfurther discussion, but particularly action. Thatdiscussion and action is critical, it’scomplicated and it’s necessary… and there’sabsolutely no time to waste.

Opinion: The Syrian Conflict and UK plc

“As we know, the present state of affairs isn’t just about Syria. The situation affects some of ourlargest trading partners such as Turkey whose currency has fluctuated since the conflict began”

13www.risk-uk.com

OpinionTheSyrianConflictandUKplc November2014_riskuk_nov14 07/11/2014 14:00

The Metropolitan Police Service hassignalled that the threat to the UnitedKingdom posed by the Islamic State will

continue for the foreseeable future. As a result,heightened security measures are now firmly inplace, with the terrorism threat level recentlyraised from ‘Substantial’ to ‘Severe’.

The Met’s Assistant Commissioner MarkRowley – national policing lead for counter-terrorism – has stated that these measures aredesigned to reassure members of the publicwhile at the same time increasing nationalsecurity. Speaking to The Guardian on Tuesday2 September, Rowley – who’s also head ofcounter-terrorism at the Met – explained: “Anenhanced number of officers for high-visibilitypolicing have been deployed across thecountry, and this plan of action will continue.”

Changing forms of attackDuring the 1970s, 1980s and 1990s, of course,the UK was bombarded with attacksperpetrated by the Provisional Irish RepublicanArmy (PIRA), whose favourite choice of weaponwas the Improvised Explosive Device (or IED).This form of attack was delivered successfullyon numerous occasions, killing and maimingthousands of innocent citizens.

The PIRA terrorists would often give priorwarning of their attacks, informing the policeservice by using some form of code, in turn

allowing evacuation of the area or localpremises before any device exploded. For anumber of reasons lives were still lost, but theagreement of warning codes made the situationalmost manageable for the police service.

In today’s world, though, Islamic State in Iraqand the Levant (ISIL) has introduced a new formof terrorism that’s of grave concern. It’sterrorism underpinned by the brutal torture andmurder of dozens of innocent civilians in Syriaand Iraq. The UK has to be ready for thereturning British Jihadists who will attack ournation state – ie the United Kingdom – becauseit’s viewed by the Jihadists as an enemy ofIslam. This time around there will be nogentlemanly code words or veiled threats.

Islamic State is rampant in Syria and Iraq andappears to be gaining momentum on a dailybasis. There’s a substantial percentage ofJihadist ‘volunteers’ from the UK who have notonly been radicalised but also completelyengaged. That’s to say they will follow orderswithout the slightest question of legality ormorality as we in the democratic Western Worldunderstand the two concepts. Jihadists abideby Sharia Law. We don’t, and that makes the UKa prime target in the eyes of these terrorists.

It may be argued that, given the opportunity,ISIL would attack those areas that arepopulated and where the greatest damage canbe achieved in terms of loss of life, destructionof property and severe ruination to thecountry’s economy. They will not simplyproduce a weapons platform – the IED – plant itand simply hope for the best. The Jihadist islikely to carry out a number of reconnaissancemissions and tests before deploying theiroperational units.

Despite the brave statements issued by MarkRowley from what is the police service with thegreatest array of counter-terrorism resources atits disposal, ISIL is aware that police forces inthe UK are stretched almost to breaking point.

The ‘Extended Police Family’Here in the UK there’s a little known group ofpeople referred to as the ‘Extended PoliceFamily’. Its cohort includes Security IndustryAuthority (SIA)-licensed security officers (ofwhom there are around 350,000 currently inoperation). Those officers are now carrying outprogressively more duties that were once thedomain of warrant-carrying police officers,including first response before or during aserious incident. In the main, these securityofficers conduct their duties very well indeed.

14www.risk-uk.com

The Six C’s: Why security officers need to know themTo what levels are private sector security officersinstructed to manage potentially life-threatening

situations? Given the recent escalation of the terrorismthreat status to ‘Severe’ here in the UK, Charlie Swanson

calls for swift and thorough education in The Six C’s

OpinionSecurityOfficerTrainingforCounterTerrorism November2014_riskuk_nov14 07/11/2014 13:55

Charlie Swanson MSc CSyPFSyI SIRM: Security and RiskManagement Consultant

However, during a series of recent securitysurveys in a major UK city, it fell upon me toquestion a number of security officers abouttheir levels of training in relation to therecognition and handling of a suspect IED. Theresults are more than a little concerning.

A number of officers assured me that,because of their personal experiences, theywould be able to handle such a situation. Otherofficers claimed to have received suitableinstruction and education during previousbouts of employment.

Ultimately, they all agreed that the levels oftraining for managing serious incidentsreceived during the course of their presentemployment – or, and which is even moreconcerning, during their SIA-centric training –has been just about non-existent.

The Case of Alfie and BillLet’s visit an imaginary scenario. Picture a busy20-storey office building in the centre of, say,London on a typical Monday morning during thecommuter rush hour. A brown holdall has beendiscovered just inside the reception area on theground floor, but the member of staff who hasspotted it is fully confident ‘The Security Guys’will be able to handle everything because, afterall, that’s their job.

One of the security officers present on site –let’s call him Alfie – has been employed at thebuilding for all of three weeks, and on thatbasis is still learning the ropes. No worries,though, because Alfie’s armed with his SiteAssignment Instructions (AIs) and has a trustedsecurity supervisor (we’ll name him Bill) withwhom he may consult.

The AIs advise Alfie of actions requiredshould a telephone warning be received or –Heaven forbid – a bomb explodes, but not whatto do if he’s unlucky enough to be on shiftwhen a bag is found and there’s no owner forsaid item (that last point should be a bit of agiveaway!). Alfie duly consults Bill.

Bill takes into consideration the fact that thenational terrorist threat level stands at ‘Severe’and has consulted the Google ‘oracle’ tounderstand what that means. Further, Bill isn’table to locate a legitimate owner for the bag,which Alfie tells him wasn’t there 20 minutesago. A 999 call it is, then.

All well and good, but remember it’s 8.30 amon a Monday morning in the centre of one of

the busiest cities in the UK. There’s no way thepolice can be on scene immediately.

Bill duly speaks to the building manager onlyto be told: “You’re the security expert. I’m just afacilities manager. What do I know?”

At this stage in proceedings, both Bill andAlfie should be considering The Six C’s:Confirm, Clear, Cordon, Control, Communicateand Check (for secondary devices).

Let’s review each of them in turn.

The Six C’s: examining the detail(1) ConfirmWhat makes the bag or case, etc suspicious?Tough call, but somebody has to make it!(2) ClearConsider evacuation or invacuation. It isn’t assimple as merely striking the fire alarm button.Rather, there has to be a pre-determinedstrategy in play(3) CordonIsolate the location if possible (200 metres for abag and 400 metres for a vehicle). Whatresources are to hand for delivering the cordon?(4) ControlOnce the cordon’s in place, it remains intactuntil the police arrive. How does a securityofficer deter a member of staff from enteringthe building to retrieve their belongings?(5) CommunicateEnsure that everybody is kept up-to-speed withproceedings at all times. Effectivecommunication at this stage is critical(6) CheckCheck for secondary devices, or what are oftenreferred to as ‘The Come On’. The PIRA and theTaliban have been past masters of this tactic

The police will arrive, take over the scene and– in conjunction with other emergency servicespersonnel and (possibly) the military –professionally manage the whole situation.

One thing is absolutely certain. If the SIA andprivate contract security companies don’t beginto invest in this form of training, the abovefrightening scenario will become a reality.

Key-critical sites will be attacked and theirlocal populations bear the brunt of our shortterm approach to risk, our arrogance and ourincredible stupidity.

Do we really want this scenario to play out?Obviously not, so let’s focus on The Six C’s as amatter of urgency.

Opinion: Security Officer Training for Counter-Terrorism

“It may be argued that, given the opportunity, ISIL would attack those areas that arepopulated and where the greatest damage can be achieved in terms of loss of life, destructionof property and severe ruination to the country’s economy”

15www.risk-uk.com

OpinionSecurityOfficerTrainingforCounterTerrorism November2014_riskuk_nov14 07/11/2014 13:55

Radio Signal Analysers

POWER SOLUTIONS

• Find the optimum antenna/device installation location

• Detect and measure local 3G and GSM base stations

• Lock to any network by inserting their SIM card

• Detect all available networks by not inserting a SIM card

• Detect and notify the operator of the presence of white noisejamming when it occurs (subject to signal strength)

• D2386-r model is a Quad-band GSM analyser, including the EU-wideGSM-r frequency band for railway applications

For more information call:+44 (0) 1443 471 [email protected]

Dycon

Designed andmanufacturedin the UK

D23X6 SERIES

NEW4G Version

NOW Available

dycon psi november_Layout 1 27/10/2014 16:28 Page 1

Realising value for money when purchasinggoods and services is of paramountimportance for today’s business

community. The procurement of securityservices is unique in that business owners areoften unsure which measures are essential asopposed to desirable. Indeed, if businesses failto ‘do their homework’ before commencing theprocurement process, they may be leftvulnerable to either spending too much andimplementing security measures far beyondthose necessary or selecting the cheapestoption, unaware of the compromises somesecurity providers may use to drive down costs.

What, then, are the important questions forpurchasers to ask when comparing potentialsecurity guarding suppliers?

Have all costs been considered?Initial costings should include those costsincurred during every stage in the deliveryprocess. By way of example, a security providermay be able to ‘cut costs’ in the initial stagesthrough various methods which – unbeknownto the service buyer – might causecomplications further down the line.

For instance, if security personnel are notmanaged adequately through regular contact,they may be left struggling to complete simpletasks associated with their role. Such anenvironment would leave a business vulnerableto security breaches and effectively underminesecurity systems that have been put in place.

Therefore, ‘initial cost savings’ – whereincosts have been driven down throughunsatisfactory means – will impact servicelevels and, indeed, may even make it necessaryto begin the cumbersome and costlyprocurement process all over again.

It’s for this very reason that, when it comes tosecurity, the emphasis should always be onquality first and then cost. With such a mindsetin place, businesses will be better equipped toprocure the services of those security guardingcompanies providing true ‘value for money’.

Travel and subsistence schemes What travel and subsistence schemes are inoperation at the guarding company? Anotherway in which employers can reduce costs is notto use the same officers regularly in one place.By adopting this strategy, the company cansave on National Insurance contributions byclaiming back costs for officers’ travel to theirplace of work and also the cost of buying foodwhile they’re on the end user’s premises.

As this only applies to short-term placementsof less than two years, security companiesoften move their staff between sites at regularintervals, meaning that the relationshipbetween officers and the site – and theirknowledge of the site and its specific securitychallenges – is lost. In turn, the relationshipbuilding process must begin all over again withthe replacement officers.

It’s not uncommon for security companies tohave a certain percentage of staff tied to suchschemes. However, the greater the number ofstaff on travel and subsistence schemes, themore likely the service for the host businesswill suffer due to staff moving around on a fairlyfrequent cycle.

Up-to-date insurance certificationInsurance is a ‘must have’ for any reputablesecurity guarding company. All securitycompanies should have liability insurance in

BSIA Briefing

17www.risk-uk.com

Security Guarding: Sourcing a quality supplier

When looking for a quality security guarding supplier, endusers can often be overwhelmed by the sheer volume ofservice providers and frequently don’t know what to look forin ensuring the highest levels of expertise andprofessionalism as well as value for money. Here, TrevorElliott highlights various considerations that should be takeninto account when procuring a security guarding supplier

Trevor Elliott: Director ofManpower and MembershipServices at the BSIA

BSIABriefing November2014_riskuk_nov14 07/11/2014 12:24

18www.risk-uk.com

BSIA Briefing

place covering them forevery eventuality (andspecifically in the areas ofprofessional indemnity andefficacy). Some of the moreunscrupulous securitysuppliers attempt to savemoney by paying the initialmonthly premium but thencancel the direct debit. Thatleaves them with no validliability insurance.

Ultimately, this couldwell render the end user’sown insurance void in thecase of negligence on thepart of a security officer.

That being the case, it’s advisable to checksecurity guarding suppliers have legitimateinsurance in place by contacting their insuranceprovider to ensure all payments are up-to-date.It’s also worth checking to see when thepresent policy is due for renewal.

Uniform replacement policy Uniform costings in tender documents arenearly always an approximate calculation.Further, the length of time the uniform willendure will be impacted by the environment inwhich security officers are deployed (ie whetherthey’re stationed outside or indoors).

Looking specifically at the tendering process,if a company were to provide poor qualityuniforms to officers that are situated outside,then there would be a low initial cost on tenderdocuments. However, if the uniform has to bereplaced more often the eventual cost will bemuch higher than that of a company offering abetter quality, longer lasting uniform (albeit ata higher initial cost).

Therefore, it’s important to consider thesupplier’s uniform replacement policy inrelation to the conditions and location in whichofficers will be working.

Compliance with British Standards Security companies that have made the effortto comply with British Standards demonstrate acommitment to quality which provides addedreassurance to the customer that they’re areputable and reliable organisation.

From the service buyer’s point of view, it’swell worth checking whether the supplier has

been externally assessed to BS 7499, BS 7858and BS 7984. In order to prove this is so, thesecurity company should be able to show theend user certificates of assessment (ideally viaa UKAS-accredited inspectorate).

VAT and PAYE PaymentsSome unscrupulous security companies run fora period of time and then cease making VATand PAYE payments, instead choosing to usethe money for other illegitimate activities (ieensuring that the company goes intoliquidation before re-starting the businessunder a very similar name using the moneyfrom non-payment of legitimate tax to financethe new venture). This could mean that thesecurity officers on site are unpaid and haveoutstanding wages owed to them.

For peace of mind, purchasing companiesmust ask potential guarding suppliers to provethat these payments are up-to-date.

Are premises fit for purpose? A reputable services supplier will welcomepotential clients to visit their premises prior tosigning contracts. The end user should ensurethat the premises are safe and secure, checkingthe Control Room to make certain it’sappropriately equipped with PCs and softwarefor managing, say, lone worker check calls andthat adequate procedures are in place fordealing with occurrences on clients’ sites.

If the security company is going to be holdingkeys for your premises, check its key controlprocedures and where your keys are to be kept.

Choosing a BSIA member companyThe British Security Industry Association (BSIA)is an ideal port of call for any business seekinga security supplier.

BSIA members are subject to rigorous checksbefore they’re admitted into membership,affording end users reassurances that they’reselecting a quality supplier. Key points to noteabout BSIA member companies are as follows:• they are independently inspected to the

quality standard ISO 9001 with a UKAS-accredited inspectorate

• they’re fully compliant with the relevantBritish Standards, European Standards andCodes of Practice

• they are financially sound• staff vetting has been conducted where

necessary• they are technically proficient and committed

to quality training and development for allmembers of staff

• they’re up-to-date with both British andEuropean policies and legislation

“All security companies should have liability insurance inplace covering them for every eventuality (and specificallyin the areas of professional indemnity and efficacy)”

To locate a BSIA membersecurity company near you, orto find out more about theTrade Association, visit:www.bsia.co.uk

BSIABriefing November2014_riskuk_nov14 07/11/2014 12:25

CONTRACT SECURITY SERVICES LIMITEDCASH & VALAUABLES IN TRANSIT (CViT) SERVICE PROVIDER

CASH PROCESSING & BANKING SERVICE(INCLUDING COLLECTION AND PROCESSING FROM CAR PARK MACHINES)

CASH CONSOLIDATION SERVICESECURITY GUARDING AND MOBILE PATROL

HEAD OFFICE:CHALLENGER HOUSE

12 GUNNERSBURY LONDON W3 8LH

T: 020 8752 0160 F: 020 8992 9536E: [email protected]

www.contractsecurity.co.uk

SALES:T: 01622 792639 F: 01622 882084

E: [email protected]

DEPOTS:Brentford, London | Larkfield, Kent | Andover, Hampshire

5 LANE


When the organisation came into being in1987, the Serious Fraud Office (SFO) wasgiven a set of powers unique among the

United Kingdom’s main criminal justiceagencies in that it’s empowered both toinvestigate and prosecute offences. This way ofworking is commonly known as The RoskillModel after the chairman of the committeewhich recommended the SFO’s creation.

So it is that our case teams are made up ofspecialist prosecutors, investigators andforensic accountants. They engage early withcounsel to ensure a consistent strategic visionfor a case, and also with IT professionals tohelp them make the most of the data available.

This is an operating model which wasdesigned to, and which has since been provensuccessful in enabling us to take on even themost challenging of cases. This is also themodel that the SFO’s director, David Green,wanted to make the most of when he took uphis post two years ago.

As such, David immediately re-stated ourpurpose as a body that investigates andprosecutes cases involving serious or complexfraud – a concept that includes bribery andcorruption within its remit.

With that re-statement, the SFO explicitlyrejected any notion that we might take on otherroles not assigned to us by Parliament. We arenot a regulator. That is the role of the FinancialConduct Authority (FCA). We are not aneducator. That – so far as the Bribery Act isconcerned, at least – is the role of BIS. Neitherare we an advisor. That role is for lawyers.

To emphasise this re-statement, David Greenalso reviewed and re-issued our take on criteriain order to ensure that the cases he adopts forcriminal investigation really do concern top-endfraud or corruption. When considering whetherto accept a case for investigation, he will askhimself whether the case demands theparticular expertise, capability, multi-disciplinary approach and legislative powersavailable to the SFO. Factors involved willordinarily include the scale of the lossoccasioned (or threatened), the impact (orpotential impact) upon the UK economy, theeffect of the alleged conduct upon the UK’sreputation as a safe place in which to dobusiness and the degree of factual or legaldifficulty to which the case may give rise.

Major cases since 2012Let’s outline some of the major cases the SFOhas taken on board for the purposes of criminalinvestigation across the last two years.

LiborThis is an ongoing investigation into themanipulation of the London Interbank OfferedRate (a measure used in the setting of interestrates around the world)ForexThis concerns the alleged manipulation of theforeign exchange marketRolls-RoyceConcerns allegations of bribery in the conductof the company’s businessG4S and SercoConcerns allegations of fraudulent claims forpayment under contracts for the provision ofservices to the UK GovernmentThe Sweett GroupConcerns allegations of bribery in the conductof the company’s business

There are several points to note. First, theSFO is using its resources to focus on what itwas established to do. That work – theinvestigation of top tier economic crime and, ifthe test for prosecution is met, the prosecutionof it – is resource-intensive. 70 staff areworking on Libor alone.

While we well understand the financialconstraints within which all in the public sector

20www.risk-uk.com

In Defence of the RealmThe Serious Fraud Office was established in order to

investigate and prosecute crimes involving serious orcomplex fraud, a concept which extends to the offences

of bribery and corruption. Here, Alun Milford expands onthe detail of that remit for the benefit of practising

security and risk management professionals

FraudInvestigationsTheWorkoftheSFO November2014_riskuk_nov14 07/11/2014 12:46

Alun Milford: General Counsel atthe Serious Fraud Office

have to operate, we have had the benefit of a10% increase in our funding during 2014. Ontop of that, we’re able to apply to the Treasuryfor so-called ‘blockbuster’ funding onparticularly resource-intensive cases. The Liborcase is a prime example.

Bribery Act now in forceThe second point is that the SFO isindependent. The decision about whether totake on a case is, by statute, that of our directoralone. While he has the power to delegate thatpower, he has decided not to do so. He toodecides charges and, with the coming into forceof the Bribery Act and the removal of AG’sconsent requirement, will be doing so incorruption cases as well as those of fraud.

In a speech last month, David Greencommented on our independence. What he saidbears repeating. “Many of our cases concernblue chip UK companies. Such companies maybe household names whose performance is ofgreat importance to the UK economy and everycitizen would wish them well. They are thegood guys. SFO investigations involving iconicBritish enterprises do not enhance ourpopularity, and some may feel a certain tensionbetween wanting the law enforced and wishingour companies to prosper.”

He continued: “These corporates have realclout among politicians and in the City. Someuse the media to influence and shape publicopinion. Those facts alone underline the needfor a visibly independent investigator andprosecutor to have conduct of these cases.That’s what the SFO is for. Visible anddemonstrable independence is crucial tojudicial confidence, business confidence and topublic confidence in the investigation andprosecution of major economic crime involvingeven our flagship enterprises.”

Third, the fact that we’re independent doesn’tmean we are isolated. While we’ve investedsignificantly in our own intelligence capability,we plug into the wider network of intelligenceavailable to UK agencies. We work closely withthe police service, particularly the City ofLondon Police, and with the FCA, with HMRCand the National Crime Agency (NCA).

The NCA is a relatively new arrival on the lawenforcement scene, but it’s an important andwelcome one. It’s a national agency with itsown operational capability. Significantly, andfor the first time, we have in the NCA an

organisation with a remit to co-ordinate a lawenforcement response to serious crime. Wewelcome that development, and we’ve alreadyestablished good and effective links with itsEconomic Crime Command.

Overseas, we have access to – and makegood use of – the networks of NCA and HMRCofficers as well as Crown Prosecution Service(CPS) lawyers based in Embassies across theworld. We also have our own contacts withinvestigators and prosecutors overseas. Ourgood relationship with the Department ofJustice in Washington is a case in point.

Fourth, note that all of the investigationspreviously mentioned are criminalinvestigations. There’s no short cut to otherdisposals, such as a civil recovery order. Thisfollows from the director’s withdrawal of apolicy on corporate referrals issued by hispredecessor and implying that, if a corporateentity reported itself to the SFO, then the SFOwould be very likely indeed to resolve thematter by civil settlement and not prosecution.

This policy was specific to the SFO. It had notbeen agreed by – and could not bind –prosecutors in the CPS working on cases withthe police. It created a two-tier response by theState to corporate crime, with corporatesthemselves being able to determine which setof public policies applied to them.

Furthermore, the implied promise containedin the self-referral policy meant cases wereeffectively pre-judged on arrival in the office, asthe question of how properly they should bedisposed of couldn’t be assessed ‘in the round’.That situation could not carry on.

Reasonable lines of enquiryFifth, we go where the evidence takes us andwe include both companies and individuals inthe scope of our investigations. We follow, aswe must, the requirement to pursue allreasonable lines of enquiry whether these pointtowards or away from the suspect. We alsodecide how we will deal with a case – and inparticular whether or not we will prosecute – atthe conclusion of the investigation.

Some background may be helpful here. Thetest a public prosecutor must apply beforeembarking on criminal proceedings is to befound in the Code for Crown Prosecutors, astatement of policy issued as a matter ofstatutory duty by the Director of PublicProsecutions and binding on all public

Fraud Investigations: The Work of the Serious Fraud Office

“The decision about whether to take on a case is, by statute, that of our director David Greenalone. While he has the power to delegate that power, he has decided not to do so”

21www.risk-uk.com


22www.risk-uk.com

Fraud Investigations: The Work of the Serious Fraud Office

prosecutors. That statement makes itclear that a prosecution can only be

commenced where (a) there issufficient evidence to provide a realistic

prospect of conviction (that is to say it’smore likely than not that a jury, properlydirected in accordance with the law, will

convict) and (b) it’s in the publicinterest to prosecute.

The Code also makes clear that ifthe evidential sufficiency test is not

met then that is the end of the matterand there’s no possibility of

considering the public interest. If the evidentialsufficiency test is met, a prosecution willusually take place unless the prosecutor issatisfied that there are public interest factorstending against a prosecution which outweighthose tending in favour. It then provides a non-exhaustive list of public interest factors both forand against a prosecution.

Contents of the Code can be supplementedby more detailed guidance on specific areas ofthe public interest. Thus, the Director of PublicProsecutions and their equivalent in theSerious Fraud Office have together issued andpublished guidance – consistent with the Codefor Crown Prosecutors – on the proper exerciseof discretion in cases involving corporatesuspects and, separately, on the Bribery Act.

Introduction of deferred prosecutionIt’s against this background that, earlier thisyear, deferred prosecution agreements wereintroduced into UK law. Inspired by practice inthe US but adapted to suit our own judicialsystem, these agreements are a way in whichcorporates which have committed certaineconomic crimes can admit their wrongdoingand resolve to make things right by agreeing tocomply with stringent conditions (including thepossible payment of a substantial penalty).

In a process scrutinised by a Crown Courtjudge, criminal proceedings will be commencedagainst the organisation and immediatelysuspended without a conviction being recordedpending the organisation’s compliance with theterms of the agreement.

As stated, conditions may include thepayment of substantial penalties, makingreparation to victims, undertaking reform toprevent such conduct occurring again andsubmitting to regular reviews and monitoring.

The threat of a renewed prosecution willremain hanging over an organisation should itfail to comply fully with the agreement. Ofcourse, the great benefit to the company is thatthe suspension of criminal proceedings meansit avoids a damaging conviction.

Negotiations leading to the deferredprosecution agreement can only be initiated bythe prosecutor. They will take place in private.The initial judicial scrutiny will also be inprivate. This is essential to prevent prejudicialpublicity which could undermine any futurecriminal trial for the same or connectedoffences should the negotiations fail. It’s alsorequired because, as is true with any othernegotiation, a degree of confidentiality isnecessary at an early stage.

Although the negotiations might be privateany agreement will not. To be effective, boththe principle of the agreement and its contentsneed to be approved by the presiding Judge.

What factors do we take into account whendeciding whether to initiate negotiations with aview to entering into a deferred prosecutionagreement? An invitation to embark uponnegotiations around these agreements willdepend upon a number of factors, but thehallmark will be co-operation and the freesupply of relevant information.

Many of our cases emanate from reportspassed on to us by the company concerned. Ofcourse, a genuine self-report is a helpful thing.

Two points arise here. First, in this context,we take reporting to mean telling us somethingthat isn’t already in the public domain andwhich you might assume we do not alreadyknow. It’s not impressive when lawyers ask tosee us about an apparently urgent matter inorder to tell us something their client hasknown about for some time, and which we havejust learned about from the media. It’s evenless impressive if, at the end of that meeting,our sum of knowledge has not increased.

Second, the report has to be adverse to thecompany. That is what’s meant by ‘self-report’.If it’s a report into wrongdoing by others –employees of the company – then, co-operativeas the company has apparently been, there’s noprospect of a deferred prosecution agreementas only corporates can be granted them and thecorporate has no criminal liability to purge.

However, we will not take a report at facevalue and will conduct our own investigationaround the allegation. If, at the end of thatprocess, we conclude that there is after allcriminal liability by the company, then it will bedifficult to have viewed that company as co-operative if the report it submitted to us wasaimed at throwing the SFO off the scent.

“Significantly, and for the first time, we have in the NationalCrime Agency an organisation with a remit to co-ordinate a

law enforcement response to serious crime”


Upon extractingevidence frommobile

devices, the policeservice is now usingtraditionalinvestigativemethods to analysethe data. Datawhich can placepeople at the scene

of a crime and provide – or indeed even breakdown – an alibi.

Some commentators argue that mobilephones have become such personal tools thatthey can offer more detail to investigators thanfingerprint evidence.

DNA was accepted as a formal method ofevidence in the late 1980s and, in 2014, mobileforensics must now be accepted in the sameway. The legal system simply must embrace theevidence that can be provided by such methodsof forensic detection.

Ian Huntley’s conviction in 2002 for themurder of Holly Wells and Jessica Chapman wasthe first high profile case to be based partly onmobile phone evidence. Now, over a decade on,it’s not just calls and text messages that canlink a suspect to a range of different crimes.

GPS tracking, social media applications likeFacebook, Twitter and Instagram, e-mails,online transactions and even mobile bankingcan offer forensic investigators critical evidencethat may well help determine the route acriminal case takes whether it involves pettycrime, such as minor thefts, or more seriousinstances – even terrorist threats.

Social data retrieved from mobile apps is fastbecoming a major source of evidence in notonly building profiles of suspects but alsoestablishing or demolishing a witness’

credibility. Recent research conducted byCellebrite revealed that 77% of its customersbelieve mobile applications are a crucial datasource in criminal investigations.

The value to both prosecuting and defencecounsels in a Court of Law renders the neglectof such data a potentially severe barrier to casesolving. Social data can provide highlyimportant evidence for terrorist investigations.Criminals plotting potential attacks arecontinuing to use sophisticated digital methodsand it’s essential that investigators as well asthe criminal courts are one step ahead.

If plots are not thwarted, courts should havethe tools at their disposal to fully embrace theevidence built up through detailedinvestigations. This evidence may come notonly directly from suspects’ activities but alsofrom witnesses to criminality.

The investigation of the 2013 BostonMarathon bombing episode – in which threepeople were killed and an estimated 264 leftinjured – made use of crowdsourcing to collectphotos and video from mobile phones. The datawas made public within 72 hours and arrestsimplemented less than 30 hours later thanks tothe evidence shared widely by onlookers.

Grasping the implicationsIn today’s world, the technology to extractvaluable and accurate evidence from specificdevices has evolved but legal systems are onlynow starting to grasp the full extent andimplications of that fact.

Around 85% of people in Britain own at leastone mobile phone and, because those phonesreadily fit into a pocket or bag, they’re carriedby users for the majority of their day. Even if thedevice isn’t used or no direct contact is madewith it when committing or planning a crime itstill has the potential to offer vital evidence.

24www.risk-uk.com

Digital Evidence: Eradicating the pessimismMobile forensics have the potential to transformtraditional methods of profiling offenders and build acomprehensive picture of suspects. Yuval Ben-Mosheoutlines the importance of social data and why theevidence it can provide deserves greater tractionamong the legal system it ably serves

“Criminals plotting potential attacks are continuing to use sophisticateddigital methods and it’s essential that investigators as well as thecriminal courts are one step ahead”

Yuval Ben-Moshe: SeniorDirector of ForensicTechnologies at Cellebrite

MobileForensicsintheDigitalEra November2014_riskuk_nov14 07/11/2014 12:52

Location data via GPS tracking can identifyabnormal travel patterns of a suspect, forexample, which may provide importantinsights. It’s now time that such information iswidely used as vital case evidence. Digital datathat shows a defendant or victim was in acertain place at a specific time is harderevidence than having to take a witness’ wordfor it. Both prosecution and defence counselsshould be using this in a similar fashion to thatevidence obtained from CCTV systems.

It’s not just the complex nature of mobiledevices that’s giving the criminal courts a morepessimistic view of digital evidence. Concernsover privacy are heightened by the personalnature of mobile devices.

Data ownership is also a regular barrier. Takedata on a Facebook application, for example.There are always problems over the physicalownership of potential evidence and who mustbe approached to obtain that evidence. Mostlegal systems are yet to be provided with solidanswers or case law to answer these vitallyimportant questions.

Therefore, investigators are having to opt fora traditional approach which is based on thephysical location and then serve a court orderor warrant to Facebook for the data. As youmight well imagine this can be a very drawn outprocess. Traditional systems are connecting thephysical location of the data with its ownershipand control while in the all-connected worldservers may reside anywhere in the world andserve any point on Earth. This is an adjustmentlegal systems absolutely need to make.

Determining Best Practice If well thought out and prepared for in advance,forensic evidence from mobile devices canmake all the difference to cases tried incriminal courts. The technology exists forinvestigators to be partnering with forensicexaminers and prosecutors who, to save timeand improve the cases they build, should beworking together on determining standardoperating procedures and Best Practice aroundobtaining the evidence.

It’s quite alarming that, at a point in timewhere there are 6.8 million mobile phonesworldwide, only in the last few years have somelegal systems started to adapt and placethemselves in a position to accept digitalevidence. When it can build profiles andsupport or refute alibis, it’s imperative that thisform of evidence is taken seriously.

Hopefully, as courts across the world becomemore aware of the latest mobile phonetechnology and its capabilities, advances insocial media and privacy issues, they will then

be better equipped tomake decisions about thelegal ramifications ofsearch and seizure,acquisition and analysis.

Legal systems need toaccept mobile forensicsand embrace and altertheir approach toaccommodate thetechnology that willultimately prove a majorbenefit to criminal cases.

Social media as recruiterEarlier this year, a young British man wasarrested in Bangladesh on suspicion ofrecruiting potential Jihadists to fight for ISIS inSyria. According to police in Bangladesh, thesuspect is reported to have used social mediasites such as Facebook to recruit combatantswishing to fight for ISIS in the Middle East.

Although the suspect has not been charged,this episode showcases the value andimportance of social media data when it comesto investigating, profiling groups andindividuals and breaking down suspectedterrorist activities.

Social media data offers a different yetcomplementary sort of analysis than the moretraditional forms of forensic evidence. In a caseof suspected terrorism, social media platformsand applications may be used for masscommunication. This point highlights andembellishes the importance of digital forensicswhen considering social media data as anevidence source. Again, this truism demands tobe recognised. It’s not just about a potentialconviction. Rather, it’s about preventing andneutralising any threats to either national orinternational security.

For more than a decade now, mobile phonerecords and messages have been central tounlocking evidence in many investigations.They still are to this day, but there has to begreater recognition of that social media dataand what it can be used to achieve in law.

Mobile Forensics in the Digital Era: Evidence and the Law

25www.risk-uk.com

MobileForensicsintheDigitalEra November2014_riskuk_nov14 07/11/2014 12:53

When The Conference Board surveyed itsconstituent CEO members in the Statesaround the question: ‘What keeps you

awake at night?’, the respondents duly listedtheir most pressing business concerns (more ofwhich anon). In assessing the Top 5 concerns,it’s apparent many of them could be mitigatedby – and, in turn, increase the profile of – thesecurity risk professional.

To gain the trust of the Boardroom, thoseprofessionals need to be interwoven with theaims and aspirations of the corporation’sstructure. Any misunderstanding here meansthey will not be viewed as a trusted partner.

So what are CEOs’ foremost concerns? Forone, it appears that many corporations are notfulfilling their talent requirements. This isleading to worries that businesses cannot beinnovative and that key entrepreneurial traitsare perhaps being lost.

Any company’s ‘speed to market’ will bedecidedly impaired if it’s not able to attract toptalent. People within the business remain thegreatest strength – and weakness – of mostcorporations, potentially exposing the companyto inappropriate behaviour at the most seniorlevels or leading to the acceptance of contractsthat hold a high degree of risk.

Changing direction, how might customeractions place the company’s reputation at risk?This is a single point of service delivery thatsecurity risk professionals could impact verysuccessfully and has a dashboard visibility inthe Boardroom. ‘Know Your Customer’ is thecompliance mantra in the financial services

sector, for example, and is now becoming abroader term in the consumer environment.There are examples of customers using productwhich places the life of the end user at risk.When it comes to a branded product, it’s goingto be your reputation that’s at stake.

Can the corporation leverage newtechnologies to improve quality and contain –or otherwise drive down – costs?

One challenge for security risk professionalsacross the next few years will be the control ofIntellectual Property between increasinglydispersed employees and establishing thoseall-important secure environmentsunderpinning technology transfer.

Need for knowledge retention Through the next decade, the members ofGeneration Z and beyond will become lessreliant on the ‘secure job’ as they take up rolesbased on what factors appeal to them. Workerswill enjoy a career lattice, not a career ladder.

Across the USA and the UK, the percentage ofhome workers and the self-employed isgrowing. In tomorrow’s world, workers will betechnically integrated into hubs on a remotebasis, requiring the use of corporate calibratetools such that they can function on the move,when ‘coffee shop hopping’ or wherever theyfeel most comfortable. It does make youwonder what we will use all of these moderncorporate office blocks for in times ahead.

Reputational and regulatory risk is now sucha stark reality that even minor corporationspresently globalising their operations throughthe web should be aware that the Internet sitesthem in many different jurisdictions. The CEOwill increasingly have to think of themselves asthe Chief Risk Officer operating somewherebetween the caution of legal counsel and thedrive of internal business entrepreneurs.

The security risk professional has a big roleto play in offering oversight for a portfolio ofcritical operations that can mitigate risks asthey’re played out. This is possibly a key

component for major corporations thatneed to have transparentoperations by dint offunctioning in riskier but

also more profitable areas ofthe globe. That’s not solely

because of the colossal fineshanded down by regulatory

authorities that most of us havenever heard of, but rather increasing

penetration into countries and regions wherelawful business has collapsed.

For the corporation and its clients, trust isindeed a basic business trait but what keeps

Leading from the FrontIt’s a relatively simple question, but do security risk

professionals actually see themselves as leaders in theBoardroom? Do they have the capabilities and attributes to

hand that would make them the trusted partner for the Boardof Directors? Peter French searches for some answers

26www.risk-uk.com

RiskandSecurityProfessionalsLeadershipintheBoardroom November2014_riskuk_nov14 07/11/2014 14:03

Peter French MBE CPP FSyl:Managing Director of SSRPersonnel

people like Bill Simon – CEO of Wal-Mart – andLarry Page (co-founder of Google) awake atnight? You would be forgiven for thinking theanswer might involve very different factors, butin truth the reality fits neatly within thestandardisation of subjects already outlined.

Shareholder activism and M&AIn terms of shareholder activism and M&A, onecan lead to the other. We’re living in the age ofthe mega deal but, as business historyrecounts, mega mergers don’t always concludewith a successful outcome.

Much has to do with the alter ego of the CEOwanting to leave their mark on the businessworld and wishing to convince themselves – notto mention the rest of the Board – that they will‘get it right’. Rationalisation of overheads neverleads to more employment and, for somecommunities, the effects can be catastrophic.

Set against that landscape, what’s the rightpath for the CEO?

The security risk professional mustinterweave scenarios and benefits around theirprogrammes and gain the trust of theBoardroom such that they become a ‘go to’business manager.

How can professionals in the sector manageand/or learn to manage risk? We educate.Sometimes through risk scenario exercisesplayed out in classroom-style learning formats.There’s also on the job learning, but whoexperiences risk as a reality? Who has beenprivy to the aftermath of flooding, the loss ofcolleagues due to a tsunami, a volcaniceruption or an avalanche?

Given that 55% of those professionalsdealing with security risk at a senior levelemanate from a formal background – ie thepolice service or the Armed Forces – they havea natural prevalence towards erring on the sideof being risk averse. There’s no gain to be madefrom being a risk taker. Organisations are riskaverse through the media and public scrutiny.

Research lead by Raghavendra Rau – SirEvelyn de Rothschild Professor of Finance at theCambridge Judge Business School – suggeststhat experiencing a natural disaster at firsthand during childhood has a profound impacton the strategic and tactical behaviour ofindividuals who become business leaders. Thatsame research also concludes that CEOs who’vebeen ‘desensitised’ to risk underestimate eitherthe probability or costs of a disaster.

The researchteam studied theimpact of naturaldisasters onleading CEOs and,remarkably, foundthat those whoexperienced anumber ofmoderate disastersactually had agreater appetitefor risk-taking thanthose who hadexperienced noneat all. The CEOswere also morelikely to take on more risk in response to adirect threat to the business. Those whoexperienced the most extreme natural disasterswere found to be most risk averse.

In business terms, this manifests itself invarious ways. Using data from over 1,711 CEOs,these individuals were then grouped into threecategories: those exposed to extremelynegative effects of natural disasters duringtheir formative years, those who experiencedonly ‘medium’ effects of such disasters andthose who were not exposed to disasters at all.

The researchers then examined the effect ofCEO risk preferences on financial leverage, cashholdings, stock volatility, acquisitiveness andthe CEOs’ own compensation structures. Theresults are striking.

Major influence on beliefs and traitsFirms run by CEOs from the ‘medium’ groupshow a 3% higher leverage ratio than thosemanaged by CEOs who experienced no fataldisasters. Medium exposure CEOs were also3% more likely to announce a corporateacquisition while at the helm.

Finally, medium exposure CEOs were alsomore likely to accept firm-specific risk withintheir compensation packages.

Of course, most of us accept the fact that thechildhood environment is a major influence onour being, beliefs and character but, looking atrisk make-up, how will the recruiter delve intothat background?

The risk averse security professional whomeets the CEO risk taker will certainly beculturally challenged if certain traits areneurologically ingrained.

Risk and Security Professionals: Leadership in the Boardroom

“The security risk professional must interweave scenarios and benefits around their programmesand gain the trust of the Boardroom such that they become a ‘go to’ business manager”

27www.risk-uk.com

RiskandSecurityProfessionalsLeadershipintheBoardroom November2014_riskuk_nov14 07/11/2014 14:03

The horrific attacks visited uponNew York and Washington on11 September 2001 highlighted

the evolving nature of the terroristthreat that Western countrieswould be facing for over a decadeand are still combating today.

Even before that threatmaterialised on the streets ofLondon on 7 July 2005, securityauthorities expected the UK tofeature high up the list ofappealing targets for Al-Qaeda andits affiliates. As a result, attemptswere made to encourage andpromote greater engagementbetween the public and privatesectors around counter-terrorismissues in the firmly held belief thatnational security was a collectiveresponsibility that could be moreeffectively pursued by proactivelyinvolving a wider range ofstakeholders.

In this vein, Project Griffinrepresented an ambitious initiative aimed atfostering security awareness across thecapital’s business community through effectiveand timely information sharing with lawenforcement. Established in April 2004 as apilot joint venture between the businesscommunity, the City of London Police and theMetropolitan Police Service, the project initiallyinvolved three major City-based financialinstitutions. Since its inception, though, Griffinhas expanded significantly and is now lookedupon as the most effective and successfulexample of a public-private sector partnershipcentred on security issues.

Project Griffin’s stated mission is to ‘engage,encourage and enable members of thecommunity to work in partnership with thepolice in order to deter, detect and counterterrorist activity and crime,’ providing an officialand direct channel through which the policeservice can share valuable information and

provide relevant updates concerning securityand crime prevention matters.

The scheme has been praised for raisingawareness of security and terrorism issuesamong the business community in addition tofacilitating the sharing of valuable intelligencebefore, during and after crisis scenarios.

Griffin’s operational framework includes threemain strands – Awareness Days, ConferenceBridge Calls and Emergency Deployments andCordon Support. Let’s examine each in turn:• Awareness Days: Staged locally by

participating police forces in order tointroduce Project Griffin’s working conceptand help build relationships. Awareness Daysare used to instruct participants on how torecognise, respond to and report suspiciousactivities. A natural development of thisinitiative has been the launch of an onlinerefresher module to help keep participantsinformed and engaged.

• Conference Bridge Calls: Through these calls,participating organisations receive relevantintelligence updates, including informationon crime trends and upcoming events thatmight have implications for public order andsafety. In London, such intelligence input isprovided by (among others) the City ofLondon Police, the Metropolitan PoliceService, the British Transport Police (BPT)and the Counter-Terrorist Squad at NewScotland Yard. Private sector security officersregularly provide law enforcement partnerswith crucial information on suspiciousactivities by way of ‘Lightning Reports’. Onaverage, five such reports are produced eachweek and sent on to law enforcement bodiesfor further investigation.

• Emergency Deployments and CordonSupport: In times of emergency, Griffinsecurity officers can be asked to assist policeforces in activities such as setting up incidentcordons or carrying out high visibilityneighbourhood patrolling. Such deploymentsare voluntary and subject to agreement by allparties engaged in Griffin.

Engagement on a wider scaleAlthough it was originally limited to companieswith their own security staff, Griffin has sincemanaged to engage a wider range ofcommercial businesses across numerous UKtowns and cities and currently benefits from theactive involvement of the City of London Police,the Met and the BTP.

Griffin is now a mandatory response for allpolice forces in England and Wales underguidance of the National Counter-TerrorismSecurity Office (NaCTSO), and has also been

28www.risk-uk.com

Guarded by GriffinProject Griffin was developed by the City of London Police as

a joint venture between the City and Metropolitan PoliceServices in order to advise and familiarise security managers,officers and the employees of large public and private sector

organisations across the capital on security, counter-terrorismand crime prevention issues. Don Randall reviews thescheme’s hugely successful first decade of operation

Counter-TerrorismTenYearsofProjectGriffin November2014_riskuk_nov14 07/11/2014 12:29

adopted by Police Scotland. It’s used acrossboth the Metropolitan Police Service and theBTP to train private security officers.

Indeed, the expertise showcased by privatesecurity officers has proven to be greatlybeneficial on numerous occasions, not leastduring the 7 July 2005 London bombings whenGriffin security officers provided much neededsupport by carrying out external patrols ofpremises and reassuring the local communitiesmost directly impacted by the terrorist attack.

Similarly, private security officers activelyassisted in the evacuation of the West End’sTiger Tiger nightclub when an explosive devicewas found outside the premises in June 2007.

Effective information sharingFurther testament to Griffin’s success as avaluable and effective information-sharingmechanism is the fact that it has now beenexported to several countries, includingSingapore, Australia (Griffin is currently used inSydney, Melbourne and Victoria), Canada(where it was employed during the 2010 WinterOlympics) and the USA. There are currentlyplans afoot for adopting the programme in theNetherlands, France and at Los Angeles Airport.

Speaking of the States, Project Griffin wasincorporated into New York’s existing ProjectShield, an umbrella programme designed to‘co-ordinate the efforts of both public andprivate security activities’ for the purpose ofprotecting the city from terrorist attacks.

Here in the UK, Project Griffin has proven tobe a critical source of inspiration for a widerand more comprehensive information sharingplatform which was launched in time for – andsuccessfully tested during – the London 2012Olympic and Paralympic Games.

Conceived at the time as a uniquepartnership between the London-based policeservices, the Home Office, the Greater LondonAuthority, Transport for London, the LondonResilience Team, London First and 23 keyindustry and business sector groups, the Cross-Sector Safety and Security Communications(CSSC) Project’s mission statement was ‘toprovide and facilitate for all London businessesto be safety and security aware before, duringand after the Games by improvingcommunication between the public and privatesector on security matters, in turn creating alegacy of improved communication andawareness.’ Progression has been impressive.

The CSSC Project’s main strength lies in itstruly cross-sector character – currently a total of31 sector and industry groups are represented –which allows for extensive coverage. Keyinformation is effectively cascaded through

various business links, trade organisations andcontacts to the wider business community.Currently, that cascading mechanism ensuresCSSC messaging reaches up to 8.45 millionindividuals right across the UK.

Notably, until the creation of the CSSC Projectthere had been no other way for the majority ofLondon’s businesses to communicate with lawenforcement, the Home Office, widerGovernment and the London Resilience Team.

The CSSC Project’s other unique feature is itstwo-way information flow which aims to providea real opportunity for organisations to voicetheir priorities in relation to both security andbusiness continuity issues. In order to do this, a‘Hub’ has been created to act as the interfacebetween law enforcement and businesspartners through which real-time informationcan be fed back and forth with a view tosupporting the authorities and helping themoptimise their resources.

The very idea of creating networks ofcommunication that could be co-ordinatedthrough the ‘Hub’ is what allows the messagingto be cascaded to all connected businessesand, potentially, the wider local community.

A decade of achievementApril 2014 marked the 10th Anniversary ofProject Griffin. The occasion was celebrated byway of a special event held at the Vintners’ Halland hosted by the City of London CrimePrevention Association, during which JohnMcClune was presented with the Griffin Personof the Year Award.

Responsible for managing the Griffin bridgecalls since their early stages, John was rightlycommended for his enduring commitment anddedication to the project.

Similarly, on the margins of the CSSC AnnualCharity Celebration Dinner which took place onTuesday 14 October at London’s Grange CityHotel, Gordon Barnes was presented with theGriffin Community Person of the Year Award forhis valuable and extensive contribution to thedevelopment of Project Griffin across the BTP’snational network.

In conclusion, it’s fair to say Project Griffincontinues to add enormous value in supportingthe community by dint of genuine partnershipbetween the public and private sectors. Itsinternational transferability not only identifiesGriffin’s global success but also highlights itscontinuing growth and support.

Counter-Terrorism: Ten Years of Project Griffin

“Griffin is now a mandatory response for all police forcesin England and Wales under guidance of the NationalCounter-Terrorism Security Office”

Don Randall MBE FSyI:Co-Founder and Chairman ofthe National Executive atProject Griffin and ChiefInformation Security Officerfor the Bank of England

29www.risk-uk.com

Counter-TerrorismTenYearsofProjectGriffin November2014_riskuk_nov14 07/11/2014 12:29

Businesses ofall sizes arefast

recognising thewealth of untappeddata beingcollected bysecurity camerasthroughout thecorporate footprint.Sophisticated video

analysis and monitoring systems can detectevents and alert members of staff to potentialthreats without requiring employees to siftthrough hours and hours of video.

While traditionally used for safety andsecurity reasons, video and video analyticsdeployed across an IP network are now beingviewed as corporate digital assets that alsodeliver business intelligence for key functionsincluding operations and customer service.

Video content is regarded as key businesssupport data that integrates with existingsystems at the network, organisation andapplication levels in order to realise increasedbenefits and lower total cost of ownership.

Depending on the size of the organisation,the number of locations and the amount ofrecorders needed, the options for videosurveillance and the choice of solutionsavailable can sometimes be daunting for thepurchasing end user. The good news for thosecompanies switching to an IP-based videosystem is that there are technologies, productsand Best Practices prevalent in the marketplacespecifically designed to help make thistransition on a smooth and cost-effective basis.

Stakeholders throughout the organisation –including physical security, risk management,operations and marketing professionals – needto collaborate on their collective businessrequirements. New applications and uses ofvideo, such as mapping customer or employee

traffic patterns (or measuring audience dwelltime in front of a digital signage display) shouldalways be taken into consideration.

Selecting a business partner with video,security and networking expertise is vitallyimportant to the success of the project. The enduser’s business partner can help to define atechnical solution that meets the organisation’sexact requirements and allows expansion fornew video applications in times ahead.

Most importantly, that partner can develop apractical migration strategy designed toaddress existing and new sites on a separatebasis while at the same time providing a meansof managing both legacy and new equipmentfrom a single management system.

Benefits of network video solutions Businesses face the challenge of protectingtheir investments in legacy infrastructure whilealso taking advantage of the benefits of newertechnology. An incremental investment inHybrid Network Video Recorders (NVRs) canprolong the use of CCTV systems and provideenhanced features for end users.

In essence, Hybrid NVRs are converged videomanagement platforms providing analogue andIP camera support, outstanding videocompression and storage and intelligentsoftware applications for superior surveillanceand operational efficiency. Converged videoplatforms allow organisations to test anddeploy IP cameras selectively alongsideexisting analogue cameras.

NVR technology provides advances in videocompression and storage management whencompared to earlier DVRs. The use of MPEG-4compression optimised to limit video signalnoise renders clearer images while alsoreducing the use of bandwidth and storage.

In parallel, the use of intelligent techniquesfor tagging and retaining important video basedon user-defined criteria – such as motion

30www.risk-uk.com

Managing Video as a Digital AssetFor those companies deliberating over the move toan IP-based video system there are technologies,products and Best Practices prevalent in themarketplace that can assist them in making thistransition on both a smooth and cost-effective basis.Karl Pardoe reviews the available options

“An incremental investment in Hybrid Network Video Recorders can prolongthe use of CCTV systems and provide enhanced features for end users”

CCTVMigratingtoIPVideoSurveillance November2014_riskuk_nov14 07/11/2014 15:56

CCTV: Migrating to IP Video Surveillance

detection or transaction events – will alsoimprove usage and overall cost of videostorage. Untagged video may even be saved ata lower frame rate or discarded sooner thantagged video for further storage optimisation.

NVR products can support enhancedbusiness intelligence capabilities. New self-diagnostics and the ability to alert personnelautomatically to incidents like cameratampering, alarm cuts and hard drive fatiguemake for far less time spent on maintenanceand more on using the system’s capabilities toactively protect both people and assets.

Examination of enterprise solutionsFor larger enterprises, a centralised systemmanagement is particularly advantageousduring the initial installation and configurationof the solution. Instead of spending hoursadding and naming all the cameras, setting upalarms and triggers and configuring thenetwork credentials, the system enables massconfiguration of all devices.

Centralised control of enterprise solutionsalso makes the day-to-day operation andmaintenance of video surveillance much easier.Features like remote health monitoring allowone person to quickly scan the status of alldevices when they log on in the morning andmakes it much faster and easier to identifyproblems. Firmware updates can also be madesimultaneously to all devices. In the long term,these time savings can realise a considerablypositive impact on the host business.

In terms of the benefits of an open, IP-basedvideo solution for security and risk managers,there’s ubiquitous access to video – whetherlocal or remote – from anywhere on the networkwith all the access policy controls of thecompany’s other IT services. Security and riskmanagers may leverage the use of anestablished, highly secure networkinfrastructure, proven network connectivity,health monitoring tools and robust storagesystems to provide a high degree of confidencethat video is available when needed.

More storage may be allocated for video withlonger retention requirements. Potentially, theinvestment in video can be shared with otherdepartments for non-security applications andso deliver an increasing overall ROI.

In an enterprise solution, customisablefeatures allow for fast and easy access to theright information so security staff can focus onmonitoring key areas. Camera views of rearentrances can guard against employee theft. Inthe retail environment, cameras may befocused on high value merchandise. Enterprisesolutions allow these views to be created and

saved such that they maybe easily accessed.

Due to the fact thatenterprise solutions offermulti-level user accessprivileges, security and riskmanagers are able tocontrol access to differentinformation. For example,they can create broad,high-level permissions forsenior managers and morecustomised views for regional managers in theretail world such that they only see the cameraviews applicable to their own group of stores.

These IP video solutions come with built-indeployment and failover functionalities, such asthe ability to run in a virtualised environmentusing VMware. They also support LDAP serviceslike Microsoft Active Directory users and usergroups. In practice, this means the same loginand password information can be used for boththe security system and regular programs whilethe corporate IT Department may deploy itsregular system tool to control end user accessin relation to sensitive information.

Overcoming obstacles to changeWhen it comes to video, the most commonconcerns will focus on bandwidth usage,network reliability and system security.

Standards-based video compression, such asMPEG-4, reduces bandwidth usage on a videostream to between 250 Kbps and 500 Kbps percamera depending on the level of motion – afraction of the bandwidth available on a typical100/1000 Mbps Local Area Network (LAN). Itwould require about 1,600 cameras to consumethe effective bandwidth available on a GigabitEthernet LAN.

It’s useful to use a sophisticated videosearching tool that enables browsing throughvideo footage to isolate a small segmentwithout having to transfer large quantitiesacross the network. When a particular videosegment is downloaded or saved it’s oftensimilar in size to the average businesspresentation. If there are any concerns aboutthe network, cameras also contain flashmemory cards able to cache video during anetwork disruption, in turn boosting reliability.

Given the security tools, techniques and self-defence features attributable to today’snetworks, IT Departments are able to effectivelyblock hackers and viruses from compromisingvideo infrastructure. In addition, access to liveand recorded video may be secured through theuse of standard user rights and policymanagement applications.

Karl Pardoe: Regional SalesManager (UK and Ireland) atMarch Networks

31www.risk-uk.com

CCTVMigratingtoIPVideoSurveillance November2014_riskuk_nov14 07/11/2014 15:56

Available Now!! SA66 & DA66Two new revolutionary electric locks that solve all the issues with transom fittingand Side loading on both single and double action doors. Issues with shear locks,and solenoid bolts are problems of the past.

• Releases under side loads in excess of 100kg (PRen13637)• Holding force of 1000kg• 10mm thick solid stainless steel bolt• 13mm bolt projection• Pulls door closed if misaligned by up to +/- 8mm• Fail safe/fail secure • Bolt stays retracted until door is closed to eliminate bolt noise • Door and bolt position monitors• Surface housings available for both timber and glass mounting• Fire rated BS.476.Part 22-1987

www.secure-access.co.uk Tel: 0845 1 300 855 [email protected]


Security and Fire Management

Best Practice: Security Systems and ProcessesTackling Unconventional Foes: Addressing the Ebola VirusCCTV: Intelligent Video in the Airport EnvironmentA Physical Presence: The Key Role of Security Officers

November 2014

On the Right TrackRisk Management in the Transport Sector

TransportSectorSupplementFrontCover November2014_001 07/11/2014 14:20 Page 1

That’s why our MIC IP 7000 HD ruggedized PTZ cameras feature starlight and wide dynamic range technology to deliver detailed video in low light, harsh light and no light in the toughest locations. Crisp images combined with intelligent Dynamic Noise Reduction saves up to 50% on bitrates and therefore storage requirements, while equally reducing network strain. Integrated intelligence focuses operator attention when pre- defi ned alarm rules are breached and automates tracking of moving objects. Get the highest quality IP video images in the most challenging surveillance conditions.Learn more at .boschsecurity.com

Our focus is taking HD to the extremes

uk


Recent statistics issued by the Home Officerevealed that, between January 2012 andJune 2013, four of the UK’s Top 10 crime

hot spots were major railway stations:Manchester Piccadilly (with 1,508 reportedincidents), London Victoria (1,483), King’s Cross(1,322) and Euston (1,283).

Set alongside a close-to-10% increase in railpassenger theft between April 2012 and March2013, these figures readily suggest the UK’srailway stations remain a prime target forthieves and vandals.

To whom, then, can security managersoperating on the UK’s rail network turn forideas and inspiration that might just combatthe ever-present threat of criminality? Theanswer is: ‘Airports’.

International airports have invested heavilyin solutions and strategies designed to betterprotect their passengers, assets and cargo.What’s more, there are strong parallelsbetween airports and railway stations beyondthe fact that both serve as transport hubs.

Pre-empting security incidentsPicture the departure lounges at internationalairports during the summer holiday seasonwith thousands of people and their luggagepresent in one relatively small space. Equally,walk through major railway stations on a Fridaynight during the commuter rush hour and thesheer number of people is overwhelming.

Airports approach this situation in aninnovative way. Imagine that a passengerleaves a bag in one of the terminals and walksoff. Technologies like video analytics helpsecurity staff to spot suspicious behaviour in acrowd and pre-empt any problems.

In addition, by using a Video ManagementSystem to integrate cameras in a single unifiedview it’s far easier to spot a person behaving inan unusual manner and quickly guide securitypersonnel to the source of the trouble. Thisapproach to managing situations should serveas an inspiration to railway security teams.

Another commonality is that both these typesof transport networks never cease operations.As such, their security systems must perform tothe very highest standards both day and night.Continuing to operate without interruption –whatever the circumstances may be, and evenin the immediate aftermath of an incident – isabsolutely critical.

So how do airports ensure they deliver a24/7/365 security solution that runs smoothly

even in extreme circumstances? The answer liesin integrated security systems designed withautomatic fail-over to back-up systems so that,in the event of a power failure or other riskscenario, site security is immediately picked upand controlled by a secondary security site.

Like airports, railway stations can also beaffected by adverse conditions outside of theircontrol – for instance severe weather, floodingor fire – that disrupt critical operationalsystems and place thousands of passengers atpotential risk. Investing in back-up securitysolutions will afford security managers on therail network peace of mind.

Airports and railway stations play host todifferent contractors – cleaners, maintenanceengineers, shop staff and train operators – whomay have access to sensitive areas on site. Fortheir part, airports are managing staff withstate-of-the-art access control functionality.

Integration with Human Resources andbuilding management systems ensures that nounauthorised personnel can access restrictedareas. These systems are linked to payroll and,as soon as a member of staff leaves or acontractor ceases working for the organisation,their physical access credentials are updatedsimultaneously. In turn, this ensures thataccess rights are accurate at all times.

35www.risk-uk.com

From the skies to the tracksIn order to boost safety levels for members of the public,what elements of airport security Best Practice might beeasily leveraged by risk specialists operating across the UK’srail network? Daniel Wan investigates

Daniel Wan: Marketing Leaderfor the UK at HoneywellSecurity Group

“Technologies like video analytics help security staff to spotsuspicious behaviour in a crowd and pre-empt any problems”

Transport Sector: Security Systems Best Practice

TransportSectorSecuritySystemsBestPractice November2014_riskuk_nov14 07/11/2014 14:19

In recent years, the protection of nationalborders has focused on the threat posed byterrorism. The events of 9/11 in the States,

Richard Reid (Britain’s infamous failed ‘ShoeBomber’ now serving a life sentence in amaximum security Colorado prison) and theGlasgow International Airport attack in 2007placed airport security front and centre in themedia spotlight. Today, many of the securitymeasures implemented in the wake of thoseevents remain in situ.

In the summer, new rules regardingelectronic devices were introduced forpassengers entering and leaving the UKfollowing a statement issued by PatrickMcLoughlin, the Secretary of State forTransport. In that statement, McLoughlin saidthe nation faces “a constantly evolving threatfrom terrorism.” Passengers now need to beable to demonstrate that devices such astablets and smart phones conveyed in theirhand luggage can be powered-up.

Airports have been privy to huge investmentin security technologies and the training ofpersonnel to help detect unusual behaviour interminals or suspicious devices in luggageareas. In the years since 9/11, every aspect ofthose security systems used in and aroundairports has evolved to a great degree. We’vemoved from analogue to IP cameras. Videoanalytics are now highly sophisticated whilesensors and alarms have become moreadvanced and plentiful.

In recent years, we’ve also seen widespreadadoption of Physical Security InformationManagement (PSIM)-based solutions to helpmake the best use of these innovations byanalysing, correlating and co-ordinating theinteractions between people and technology.Locating a microscopic virus like Ebola, though,represents an altogether different challenge.

Tried and tested measures Of course, airports do have tried and testedmeasures in place for disease control, butthose measures are mainly designed to addressthe livestock population. They’re so effectivethey’ve helped to virtually wipe out rabies fromthe UK. The last recorded case of rabies on

home shores occurred in May 2012 when theindividual concerned died after contracting thedisease from a dog bite in India.

Specifically referencing the Ebola virus,placing passengers in some form of ‘TyphoidMary’-style quarantine conditions upon arrivalif they’ve flown from affected regions is neitherpractical nor ethical. Furthermore, a blanketban on flights to and from areas like SierraLeone, Guinea and Liberia where the Ebolavirus is prevalent would be difficult to justify.

Airport staff can be trained to be vigilant andpassengers screened for any obvioussymptoms that may indicate early stages of thedisease. Early indicators of infection range fromheadaches, joint and muscle aches, weaknessand diarrhoea through to vomiting, stomachpain and lack of appetite. However, the fact isthat someone can incubate Ebola for up to 21days before exhibiting any such symptoms, bywhich time they’ll have long since departed theairport and joined forces with local society.

Fully aware of all this, the Center for DiseaseControl in the US recently announced plans totrack passengers arriving from affectedcountries for 21 days, but what happens whensomeone’s actually diagnosed with Ebola?

Clearly, airports cannot deliver accuratescreening for the Ebola virus. However, they canplay a vitally important and time-critical role inthe joined-up efforts to contain it. For example,they can historically trace the movements andinteractions of confirmed victims throughairport buildings and locations.

Once a positive diagnosis has been reached,time is then of the essence to try and locateeveryone with whom the infected individual hascome into direct contact and so try and halt thespread of the disease.

Focus on the flight manifest The obvious first port of call is the flightmanifest. It’s all about knowing with whom theinfected person shared their flight such thatthese individuals may be contacted andquestioned as to whether they’re exhibiting anyof the classic Ebola symptoms.

What about all those who may have comeinto direct contact with the subject after that?What about the security official who greetedthe person at border control, or the on-sitecoffee shop worker who sold the individual anAmericano and a croissant? What about theBureau de Change operator who exchangedcurrency for the individual? Or the driver and 75passengers on the shuttle bus that conveyedthe subject to the airport car park?

Anyone who works in – or knows about –typical Control Room environments will

When security goes viralAirport safety and security has never been more observed

and regulated. To this end, airport security managers are nowbeing called upon to help combat a new threat – that posedby the deadly Ebola virus. How should those managers and

their teams respond? Jamie Wilson confronts the issue

Jamie Wilson: SecurityMarketing Manager (EMEA) atNICE Systems

36www.risk-uk.com

TransportSectorManagingTheEbolaVirus November2014_riskuk_nov14 07/11/2014 15:58

recognise the challenge faced by CCTVoperators when asked to find footagepertaining to a particular person. Evenif there’s a date or time range availableit’s still a manual process that takesmany man hours of laborious trawlingthrough footage.

In an airport environment, the shearfootprint of such vast estates makesthis task immense. All the while, theclock is ticking.

However, new technology thatairports are already assessing to helplocate and track the movements ofsuspects, people of interest andmissing children across the CCTVnetwork may hold the answer. How,then, does this new technologyoperate in the real world?

An imaginary Case StudyImagine a person who has travelled from SierraLeone to the UK presents at hospital and testsconfirm a positive diagnosis of Ebola,immediately triggering a chain reaction ofevents that begins with treatment of the patientbut, in tandem, encourages an investigationdesigned to locate the people that may havecome into close contact with the patient.

In this instance, the investigation reveals thatthe victim arrived in the UK a week earlier on aflight from Freetown to London via a connectingflight from Paris. The team calls the airport andthey co-ordinate with the airlines to request themanifest for the two flights such that allpassengers might be contacted. At the sametime, the airport is sent an electronicphotograph of the patient which is then passedacross to the Control Room operators.

That photo is uploaded to the system andevery second of footage captured by everycamera from the time the plane arrived at thegate is scanned in minutes (not hours). Securityofficers are then presented with a shortlist ofpeople matching the patient’s photo.

The CCTV operator narrows the search byselecting the right person and is automaticallypresented with every instance in which thepatient appears on camera. Those cameraimages are time-stamped on a map of theairport that’s also presented to the operator sothat he or she can see exactly the route theinfected person took and when.

The surveillance operator is then able to drilldown still further, clicking on each image toreplay the footage in order to gain more insight(ie did the person speak or shake hands withanyone, kiss or hug anyone or share a bottle ofwater or a sandwich?). They’re looking for any

detail, in fact, that could give cause for concernaround cross-contamination.

Known members of airport staff that cameinto contact with the patient can be identifiedand communicated with in the appropriate way.Meanwhile, the movement of unknown peoplewho came into close contact with the patientcan be tracked in the same way to help kick-start the identification process.

Tackling unconventional foesObviously, such a solution isn’t going to wipeout the threat from Ebola. However, it’s one wayin which technology investments being madeby airport management teams to enhancesecurity against the ‘familiar’ threats can beleveraged in helping to confront a more‘unconventional’ foe.

Whether we’re fighting the threat of terrorismor disease, the answer lies in being able toglean as much information as possible fordissemination to the right people at the righttime, and having the tools and capabilities tohand such that security can play an effectivepart in the co-ordinated and joined-up effortsdesigned to act around – and react to –changing situations.

The risk posed by Ebola is yet anotherreminder of the important role airportmanagement teams have to play in helping topreserve the safety, security and well-being ofnot only those specific people who work withinand travel through these locations but also thewider population at large.

Transport Sector: Managing the Ebola Virus

“We’ve moved from analogue to IP cameras. Videoanalytics are now highly sophisticated while sensors andalarms have become more advanced and plentiful”

37www.risk-uk.com

TransportSectorManagingTheEbolaVirus November2014_riskuk_nov14 07/11/2014 15:58

The skills of our people, alongside the best in technology produce total integrated solutions that safeguard your business.

0800 716 586www.securitas.com

Securitas, a true focus on Security


Without doubt, video surveillance is one ofthe cornerstones in every airport’ssecurity concept. Given the advent of

intelligent video analysis, management teamsare able to streamline their security operationsand greatly reduce manual labour in the ControlRoom by only transmitting images and alertswhenever pre-defined events occur.

It’s the case that many commentatorsprimarily think of this kind of efficiency gainwhen talking about intelligent video. However,with the Internet of Everything now emergingand an abundance of intelligent sensorslooming large on the horizon, intelligent videowill be able to go much further.

While not necessarily a reality today, you caneasily think of intelligent video being used asan enabler of new services for both passengersand tenants, in turn opening up new businessopportunities for airport operators.

Upfront investment in such services would beminimal as the entire infrastructure – includingthe cameras – is already in place. It’s really thena matter of identifying opportunities,developing the additional services andsubsequently deploying them.

Service delivery managementOne of the main areas in which intelligent videocould potentially offer additional benefits to anairport operator is service deliverymanagement. By way of example, the VideoManagement System can use one or multiplecamera images for crowd density analysis andthus focus on queues at boarding gates,passport control and baggage check areas.

Such an application could offer real-timeinformation about the current situation, butthought processes can also turn towards trendanalyses or a comparison with historical data.Information like this could prove invaluable fortargeted staff assignments in real-time as wellas future personnel planning.

Importance of information What about automatic performancemeasurement at check-in areas and also ofcontracted security companies?

Passenger information is another importantarea. A passenger information systememploying intelligent video will have thepotential to greatly increase the customerexperience with real-time information onwaiting times or even live images from theboarding gate allowing passengers to enjoytheir stay at the airport as much as possiblerather than spending time at the gate.

In such a scenario, real-time images couldeither be displayed on public terminals or even

be sent directly to a known passenger’s mobiledevice once they’ve enrolled for that specificservice. Applications like these will also pleasetenants in the shopping and restaurant areas ofthe terminal building as passengers will havemore time to spend at their outlets.

People counting applicationsUsing metadata from the video surveillancesystem, security risk managers can alsodevelop people counting applications which, inconjunction with flow and crowd densityanalyses, open up additional services to assistshop and restaurant owners in maximisingefficiencies or determining the effects ofspecific offers or activities on site.

One vision here is to empower airportoperators in developing rental charge schemesbased on real and proven traffic. In addition,such data can be used to detect bottlenecks orhotspots and subsequently improve spaceusage within the terminal.

Security is – and will probably remain – thesingle biggest reason to install comprehensivevideo solutions at airports.

That said, thinking beyond ‘just security’ canopen our eyes to a plethora of newopportunities which can even turn surveillancevideo into a money-maker.

Now there’s something to think about.

39www.risk-uk.com

When video makes moneyBoosted by intelligent analysis functions, CCTV cameras canpotentially do much more than solely provide securitysurveillance solutions. As Denis Castanet concludes, theymight even contribute to an operating airport’s bottom line

Denis Castanet: Director ofBusiness Development (EMEA)at Bosch Security Systems

Transport Sector: Intelligent Video in Airports

TransportSectorIntelligentVideoinAirports November2014_riskuk_nov14 07/11/2014 15:57

WIN-PAK Complete Security System

All other company names and products are trade names, trademarks or registered trademarks of their respective companies.

© 2014 Honeywell International Inc. All rights reserved.

Spanning Video, Access, and Intrusion with the ability to seamlessly grow with your business needs.

WIN-PAK now includes: – New functionalities for Access Control – Improved video and Galaxy® Intrusion

integration Key sales opportunities for:

– Previous users of WIN-PAK 3.0 (and below) – Existing users of Galaxy intruder alarm systems – Customers wanting to expand their NetAXS-123 system

Visit stand E43 at Transec2-3 Dec 2014

Spanning Video, Access, and Intrusion with the ability to seamlessly grow with your business needs.

WIN-PAK now includes: – New functionalities for Access Control – Improved video and Galaxy® Intrusion

integration Key sales opportunities for:

– Previous users of WIN-PAK 3.0 (and below) – Existing users of Galaxy intruder alarm systems – Customers wanting to expand their NetAXS-123 system

Visit stand E43 at Transec2-3 Dec 2014


Why are there no physical securitymeasures at bus/coach terminals ortrain stations? When you fly or sail away

on holiday or business, you fully expect to besubject to certain security procedures aimed atkeeping you and your fellow passengers safeand sound. However, we’re not subject to thesame safety measures when boarding a bus,coach or train. The British Transport Police(BTP) has the responsibility for policingbus/coach terminals and train stations, ofcourse, but what actual security procedures arein place to deter a repeat of the terrorist attacksin London back in 2005 and 2007?

Let’s compare the situation with maritimesecurity. All people, cars and light vans, freightunits and deliveries have to go through certainsecurity procedures before entry to any portestate is allowed. Legislation states all theabove must be searched before being allowedto board ferries/ships. However, people whouse buses, trains and the London Undergroundsimply enter the premises and then boardwithout any physical security measures toprevent the conveyance of bombs or weaponsthat could be used to attack.

Within the maritime discipline, port locationsgenerally deal with the transfer of passengersfrom coaches, trains and buses. Thesepassengers will have embarked at any givenlocation along the route their mode of transporthas taken. What’s more, it’s very likely they willhave begun their journey from a location wherethere were no security procedures in place.

Subsequently, it falls upon the port facility toensure these passengers – and their belongings– are subject to search procedures as laid outwithin maritime legislation.

Lack of satisfactory resourcesThere’s no doubt that the BTP and, indeed,individual national police forces have beenaffected by the Government’s austeritymeasures. Unfortunately, this means theysimply do not have the satisfactory resourcesavailable to deal with everyday crime, let alonethe prevention of terrorism on our busytransport networks.

As the 2005 and 2007 London bombingsproved, anyone can walk off the street into atransport terminal and board a train, bus or theLondon Underground with impunity. Most of thetime, there will be absolutely no sign of the BTPor even a local police presence.

The Department for Transport did carry outtrials into the use of mass passenger screeningat five mainline rail and tube stations in Londonin 2006 but the research showed that, whilepeople were largely positive about the need forsuch checks to be carried out, they were notwilling to accept major delays to their journey.

In June 2008, transport ministers ruled outthe use of airport-style screening at rail andunderground hubs, stating the technology thenavailable meant it was not feasible to introduce100% screening of such large passenger flowsat the thousands of entry points present on theUK’s rail and underground networks.

The Department for Transport also carriedout studies into security at public transportlocations and, from the findings, produced aguidance document that covers generic securityprocedures. However, it’s only for guidance. Noactual legislation has been passed to ensurethe procedures outlined are enacted.

Role for private security companiesIs there a role for private security companies inall of this? Uniformed security officers at portsand airports are viewed as one of the maindeterrents to anyone who wants to conduct anunlawful act. They are a deterrent becausesecurity officers represent a visible presenceand one that could greatly reduce the risk ofincidents on other transport modes.

Of course, some locations do already haveprivate security officers in place. The maindifference is that those officers on duty in busand train stations are generally there toconcentrate more on the delivery of customerservice while their counterparts at maritime oraviation locations are, in the main, focused onthe prevention of terrorism.

As risk profiles change and technologydevelops, it’s imperative that security providersengage in deploying the most educatedpersonnel to address all legislativerequirements while executing their daily duties.

41www.risk-uk.com

Covering all basesIn terms of the UK’s bus and coach terminals and trainstations, what security procedures are in place to deter arepeat of the London terrorist attacks during 2005 and 2007?Danny Williams assesses the key role of security personnel

Danny Williams: MaritimeDirector (UK) at SecuritasSecurity Services

“Uniformed security officers at ports and airports are viewed as one ofthe main deterrents to anyone who wants to conduct an unlawful act”

Transport Sector: Security Guarding for Travel Hubs

TransportSectorSecurityGuarding November2014_riskuk_nov14 07/11/2014 14:18

Wherever your company sits in the foodprocess manufacturing supply chain,you’ll understand the importance of

effective traceability to meet European Unionlegislation and myriad regulatory requirements.

Product recalls are pretty much unavoidable,but it’s the way in which they’re handled withinthe industry that needs to improve. Over aperiod of 33 months, the Food StandardsAgency issued no less than 141 food alerts,product withdrawals and recalls affectinghundreds of different items. That situationdemands to be addressed.

In recent years, the public has gained a fargreater understanding of traceability throughhigh profile recalls. While it cannot preventcriminal acts such as livestock passport fraud,traceability’s primary role is to allow the foodsupply chain to assess the extent of a risk andprevent bad ingredients from passing furtherup the chain or – in the worse case scenario –into the hands of consumers.

The challenge for food processors has alwaysbeen to make traceability work efficiently andwith high degrees of accuracy. The number ofentries needed for even a simple operation cansoon spiral out of control. Take a companyproducing a single pie filling that uses 30ingredients – all delivered three times a week –

to produce three batchesgoing to eight distributionpoints. That’s a total of32,400 traceability points in asingle week. Bear in mind thisdoesn’t even include contactwith different machines andstorage locations.

Traceability produces hugeamounts of data but manycompanies still run thismission-critical area as apaper-based process. Whenan issue is identified thatcould spark a store recall orproduction run withdrawal,it’s very much the case thatconfidence, accuracy and

speed become critical factors. Managementshould be able to identify all affected batchesin a matter of minutes.

Recalls can be damaging for a business’reputation. They may lead to fines beingimposed, product removal from shelves at yourcost or the business being overlooked duringrange reviews that could prove an importantsource of new income. This is exactly why it’sso critical to act quickly and with confidence.

Retailers take a hardline approach to enforcegood practice – and no wonder. This is a matterof public health and regulation. Crucially, it’sthe retailer whose name is often rememberedwhen products are recalled and not that of thesupplier. If a retailer harbours any doubts aboutthe robustness of the recall information youprovide on affected batches, all of yourproducts could be removed from the shelves.

Think about that for a moment… Who’s yourlargest customer and what percentage of yourrevenue do they represent? More importantly,can you afford to lose that income stream? Theanswer has to be an emphatic: ‘No’.

Delivering effective traceabilityImplementing traceability correctly within yourorganisation can help meet the regulatorydemands of being a process manufacturer withincreased efficiency and afford peace of mindthat, if you ever need to call on the data, it willbe a swift and pain-free experience.

The goal is to fashion a supply chain in whichtraceability processes and recording are of thehighest possible standard in tandem with rigidenforcement of rules and data quality.Companies that can demonstrate this robustlevel of traceability have a distinct advantageover their competitors.

For traceability to bring the benefits of lowercost, reduced risk and higher revenues, abusiness-wide approach must be adopted forimplementation that encompasses people,process and technology.

The primary goal has to be ensuringtraceability processes take place as close toeach production interaction as possible and atevery step an ingredient (including packaging)is received, released, handled, introduced to amachine, moved or tested. In truth, it ought tobe an automated and embedded process ratherthan an extra step.

There are a number of key areas to beconsidered when making effective traceability areality. Let’s examine them.

Accuracy of informationAs stated, many food processors still usepaper-based solutions for traceability of

The Race for TraceabilityTraceability allows food supply chain managers to assess

the extent of a risk and stop bad ingredients from passingfurther up that chain. The key challenge for food

processors has always been to make this procedure workefficiently and with the highest degree of accuracy.

Duncan Moir outlines Best Practice techniques

42www.risk-uk.com

SecurityintheFoodSupplyChain November2014_riskuk_nov14 07/11/2014 14:09

ingredients and the manufacturing process. Inmany cases, even those that use spreadsheetsor simple databases import information to thesystems using some form of post-processingwhereby an administrator re-keys informationgathered on paper.

Inevitably, errors occur either throughboredom or sheer laziness and, because theprocess is manual, the checks carried outagainst the data are just as likely to fail.

Unfortunately, these errors are usually onlynoticed through an audit or when the need for arecall arises. The latter is the worst possibletime as it leads to delays and erodesconfidence in the results. This can have seriousrepercussions if a retailer is involved and maylead to a much wider range of batches andproducts being recalled as a precautionarymeasure – and all at the processor’s cost.

Validating your dataWhatever process is used for traceability,validating the data that’s collected is absolutelycritical. As data enters an electronic system itshould be checked against other records andrules to ensure that batch numbers, dates,times, location codes, staff IDs and qualitycontrol data are recorded properly and thatthey cross-match. This ensures the integrity ofthe information collected and that it can betrusted when needed at a future point in time.

Traceability at speedTraceability records should make their way intoan electronic system as quickly as possible.That process should be simple, if not instant,and automated.

Speed is at its most critical when a potentialwithdrawal of product needs to take place.Whether the instigator is a retailer, supplier oryour own quality control checks, it should bepossible to narrow down the recall to specificcriteria as quickly as possible. The aim shouldbe five minutes. With the right people,processes and technology in place this canbecome a normal response time.

If data is stored electronically – whether it’san ingredient, machine, manufacturing processor some other factor that’s the cause – it’spossible to instantly query the traceability dataand subsequently identify the batches affected.

Controlling traceabilityPart of making sure the correct systems andprocesses are in place for traceability isensuring that they can be controlled. At everypoint where an ingredient or product changeslocation, is introduced to the manufacturingprocess or completed ready for distribution it’s

the case that a traceabilityrecord is created.

Wherever traceability is aparallel process to existingsystems, a manualprocedure or an additionalstep there’s the chance itmight be overlooked.

Recording traceabilityrecords has to be as easyas possible, not requireadditional steps and be asclose a part of the process– if not an invisible one – that a member of themanufacturing staff would go through at eachstep of production.

Integration with other manufacturing systemsThere are other aspects of manufacturingsystems that play an important role intraceability: distribution, warehousing, machinemaintenance, supply chain data and qualitycontrol. These can all make use of – andsupport – a robust traceability process.

For example, if cross-contamination occursyou could easily identify the machines orstorage locations that have come into contactwith a given product.

By integrating traceability with othermanufacturing systems a fuller picture of theproduction lifecycle is made possible andreadily available at the fingertips of those whoneed to consider a withdrawal of product(s).

If traceability is part of the productionprocess and systems, rather than a raft ofprocesses in its own right, then systems reflectthe real world: all of the information aboutevery ingredient, machine, person, storagelocation and process interaction is logged bytime and individual. This detail can also beelectronically passed up and down the supplychain as and when required.

Fully-ERP integrated traceability addressesthese issues, removing risk and administrationtasks. It also increases confidence and makesyour business more efficient, in turn allowingstaff to focus on creating fantastic products.

As time progresses, the demands of majorfood retailers around traceability are only goingto increase. In the current competitive andsensitive landscape, suppliers who candemonstrate they have traceability embeddedwithin their process manufacturing remit willreap the rewards as others fall by the wayside.

Security in the Food Supply Chain

“Over a period of 33 months, the Food Standards Agencyissued no less than 141 food alerts, product withdrawalsand recalls affecting hundreds of different items”

Duncan Moir: Product Directorfor Process Manufacturing atEpicor UK

43www.risk-uk.com

SecurityintheFoodSupplyChain November2014_riskuk_nov14 07/11/2014 14:10

With the UK currently facing a ‘Severe’threat from international terrorism,damage or destruction to the water

supply and its underlying infrastructure byterrorist and/or extremist groups couldthreaten public health and possibly result inthe loss of life.

Water supplies and their management sitesare vulnerable not only to high risk threats suchas this but also natural and environmentalhazards like droughts and flooding in additionto walk-in crime and vandalism. That being so,the daily protection of personnel, buildings andassets is absolutely vital.

Water infrastructure systems include vastareas of surface and underground set-ups andthousands of miles of pipes. Often, the scaleand remoteness of the sites themselves canrender them vulnerable. They might be linkedwith other infrastructures, notably those forelectrical power and transportation, in turnrendering security a greater issue of concern.

Even low level intrusions might causenuisance, disruption, damage and loss ofassets. At a higher level, meanwhile, there’s therisk of attack which could result in disruption tovital services for extended periods and asubsequent loss of public confidence.

Reservoirs, mains, sewers and treatmentworks represent around three-quarters of allwater industry assets. Less attention may befocused on protecting wastewater treatmentfacilities possibly because their potentialdestruction represents more of anenvironmental threat than a direct one to lifeand public welfare. However, vulnerabilities doexist here. Large underground sewers could beaccessed by terrorist groups and toxicchemicals released into the water supply.

In addition, water and sewerage companiesneed pumps, vehicles, IT solutions, remotemonitoring, control systems and other essentialequipment to be protected at all times.

The water industry faces a broad range ofchallenges in order to secure a viable and long-term competitive future. The key drivers areincreased turnover, reduced costs, improvedoperational efficiencies and the development ofa sustainable sector for the years ahead.

Tackling the operational challenges Each day, the UK’s water industry collects,treats and supplies more than 17 billion litres ofhigh quality water to domestic and commercialcustomers and then collects and treats over 16billion litres of the resulting wastewater,returning it safely to the environment.

Water authorities are required to makeprovision for maintaining water supplies andsewerage services at all times. It follows thatthey need maximum protection for their people,premises and processes to ensure security ofthat supply and the support of specialistsuppliers in order to help them address thesechallenging requirements.

It’s apparent that the water industry facesreal operational challenges, but they can bereduced through the adoption of an integrated,technology-based approach. One that’ssupported through the help of experienced andknowledgeable technology partners who whollyunderstand the specific requirements of what isa complex industry sector.

Key criteria for any security system to meetwould include a 24-hour all-weather capability,detection and verification of all personsattempting to breach the perimeter, detectionof any attempt to defeat the access controlsystems and the effective security managementof all systems.

Large and complex sites may need to meetfurther stringent criteria, among them UKGovernment standards. Some sites might besubject to inclement weather conditions

Liquid Gold: Safeguarding water suppliesPopulation growth, increasing industrial development and

urbanisation has resulted in 50% of the world’s populationliving in cities and consuming 60% of the planet’s drinking

water. Tony O’Brien explains why the provision andprotection of water – an essential service critical to health

and well-being – must be of paramount importance tosecurity and crisis management concepts

44www.risk-uk.com

SecurityandRiskManagementfortheUtilities November2014_riskuk_nov14 07/11/2014 14:07

including high winds and salt in the air whichmay cause equipment deterioration iffunctioning systems are not fully protected.

Installed and commissioned security systemsshould actively deter, detect and denyunauthorised intrusion and communicatethese events while also providing for effectivecontrol of any security incident.

Security risk professionals must seek todeter any attempt at unauthorised intrusion byshowing visible and effective security andsafety measures. They also need to detectunauthorised intrusions on site by individuals,vehicles or water-borne craft through or acrossthe site perimeter safety fence.

Further, they must seek to deny attempts todefeat or bypass access control measures onthe perimeter – or between controlled areasand security zones – and deny access to thesite (within the limits of the capacity ofinstalled fences, gates, barriers and doors).

Last, but not least, security risk professionalsmust look to communicate security events totheir staff and other designated personnel, andalso realise the technical means for effectivecontrol of security incidents. There areconsiderations around providing roll-call andmustering capabilities for site security andsafety incidents and ensuring a continual,effective interface with site safety systems.

Command and control platformsAt the heart of some of today’s safety andsecurity solutions are innovative command andcontrol platforms designed to improveprotection across multiple sites, manage criticalsituations and enhance procedures.

These software-centric solutions willintegrate with existing security investment,adapt to specific corporate security and safetypolicies and incorporate sub-systems such asaccess control, video surveillance, firedetection and extinguishing, emergency callsystems and communications. In turn, thisensures business continuity.

As stated earlier, water infrastructuresystems are particularly vulnerable as theyextend over vast areas and are often found inremote locations. It’s not only difficult andexpensive to safeguard large perimeters andfence lines, but the requirement for costly ductnetworks – together with the associated powersupplies and cabling infrastructure – placessignificant demands on available resources.

One example of how to assist with securingassets across wide area perimeters is theintroduction of solar-powered perimeterprotection. Anglian Water is the first watercompany to benefit from solar-powered

electronic perimeter protection in the form ofthe Si-IR and SiFence. Si-IR is a wirelessnetworked solar-powered active infrared beamdetection system while Si-Fence is a solar-powered, fence-mounted perimeter intrusiondetection system.

Both technologies operate on a light source,not just sunlight, remaining powered for up tothree months – even in total darkness.

In addition to safeguarding assets, thesesolutions are designed to improve greencredentials and assist with carbon reductionprogrammes. In fact, this new solution hassaved Anglian Water valuable construction timeand money as there was no need to installcivils, power and communications.

Importantly, the systems will also provideconsiderable savings on future running costs.

Asset management, the requirement for high-level protection, the strategic investmentopportunities presented by the SEMDProgramme, various programme requirementsas well as necessary compliance with OFWATnational regulations and controls all contributeto the drive towards maximising operationaleffectiveness.

In truth, the answer lies in a systematicapproach. One that should include thedevelopment of a clear technological roadmapconfigured to drive a coherent, joined-up andlong-term investment strategy and one thatincludes safety and security at its very core.

Enhanced asset management From a technology perspective, investments inadvanced and bespoke protection solutionsthat ensure security of supply and have theability to integrate legacy systems while at thesame time assisting with business continuitywill enhance the resilience of the service andimprove asset management.

To further assist the water industry, end-to-end solutions realising technologicalconvergence deliver benefits by way ofimproved costs. In parallel, the use of bespokeframework agreements strengthens theprocurement process.

Adopting new technology – which enablesaccess to (and the interpretation of ) essentialdata – as well as effective risk managementstrategies will be essential elements in thecreation of a sustainable future for the sector.

Security and Risk Management for the Utilities

“Water authorities are required to make provision formaintaining water supplies and sewerage services at alltimes. They need maximum protection for their people,premises and processes to ensure security of that supply”

Tony O’Brien: Head ofEnterprise Solutions atSiemens Building Technologies

45www.risk-uk.com

SecurityandRiskManagementfortheUtilities November2014_riskuk_nov14 07/11/2014 14:07

solutions for a safer world


Manufacturing facilities can be dangerousplaces. Even with the most stringent ofHealth and Safety procedures in place,

accidents can – and occasionally do – happen.The consequences may be extremely serious.

The risk posed by liquid chemicals, forexample, is not so much one of ingestion butrather from spillages and/or the liquid beingaccidentally splashed onto clothing orsomeone’s skin. The most dangerous scenario,of course, is when a chemical finds its way intoan unlucky person’s eyes.

Manufacturers – and their counterparts inlaboratories and pharmaceutical facilities –have long since identified this risk and takensteps to limit potential harm to theiremployees. Wash stations are de rigeur, as aresafety showers in the event that the bodyneeds to be fully immersed.

Standards governing designDespite the essential nature of suchequipment, ensuring a business is ‘compliant’from a Health and Safety perspective issomewhat confusing since there are only a fewrecognised standards specifically governing thedesign and performance of safety showers.

There appears to be no complete EU or UKstandard covering all types of shower for alltypes of installation. The existing EN15154standard has four completed parts that addressplumbed-in showers in laboratories andplumbed-in eye showers for both laboratoriesand industrial/logistics sites as well as tankshowers (non-plumbed) for all sites.

However, there’s no finalised standardcovering plumbed-in showers for industrial(non-lab) sites.

The lack of clear EU standards doesn’t meanthat an employer can install any form of showerand ‘get away with it’. They must abide by clearlegal requirements to provide appropriate FirstAid equipment, but the lack of an agreedstandard does make the definition of‘appropriate’ somewhat difficult to determine.

Perhaps employers could look further afieldfor advice and, more specifically, turn theirattentions Stateside?

America’s ANSI Z358.1-2004/2009 is a moreor less holistic standard covering most types ofshower and eye bath. Its scope is for all typesof working environments. The thoroughness ofthis standard means it has become theessential reference point for those employersseeking Best Practice.

Similarly, the German DIN 12899-3:2009standard covers plumbed and tank bodyshowers for industrial and logistics sites, thusplugging the substantial gap existing in the

current European norm.Indeed, it’s believed thatthe German standard willbe followed when PartFive of the EU legislationis finally completed.

Employers have aresponsibility to ensurethat a shower will workwhen it’s needed. BestPractice would include anaudit of when a showerwas last used. It wouldalso encompass some form of alert mechanismto show when the shower had been activated(and particularly at a time when an individualmay be working alone).

Providing an audit trailTechnology is there to assist. A Limitlesswireless switch, for example, can be easilyinstalled on existing safety shower units andintegrated with local or central alarms, buildingmanagement systems and CCTV, not only toimprove critical first alert response times in theevent of an accident, but also to provide anaudit trail of when each safety shower/eyewash station has been used.

This also supports employers in documentingtheir Health and Safety obligations when itcomes to the law of the land.

Being wireless, it enables any washingfacility – regardless of where it may be locatedon site – to be centrally located and trackedsuch that, if an emergency should occur, help isalways close at hand. The switch can bemanually operated or set to automaticallytrigger an alarm the moment a valve is opened.

The solutions are available in two wirelessprotocols. First, there’s a Limitless point-to-point protocol where switches transmit directlywith a receiver. Here, the protocol allows forlost connectivity and low battery diagnostics.

Second, there’s the ‘OneWireless’ multi-application, multi-standard wireless networkthat can be tailored to offer the networkcoverage needed for large industrialapplications. Field devices mesh, in turnallowing for multiple RF transmission pathways.

47www.risk-uk.com

Thought showerGiven the health risks posed by liquid chemicals in themanufacturing sector, Robert Moore considers whatconstitutes Best Practice when it comes to safety showerdesign within hazardous working environments

Robert Moore: ProductDirector (EMEA) forElectromechanical Switchesand Test and MeasurementProducts at Honeywell Sensingand Control

Safety Showers in the Workplace: Best Practice Design

SafetyShowersintheWorkplace November2014_riskuk_nov14 07/11/2014 14:06

EY’s Global Information Security Survey2012 suggests that only around 5% ofbusinesses employ a Chief Risk Officer. Of

course, smaller organisations may not have adedicated Risk Officer in place for myriadreasons but, generally speaking, for largerconcerns it’s considered good business practiceif there’s a senior person in situ with risk astheir remit and direct area of accountability.

Stepping down a level from overall businessrisk to security risk, the latter isn’t always apart of ‘Boardroom DNA’. This in itself seemslike a risk given the overriding need for goodquality, carefully embedded security in today’sbusinesses. In essence, it makes for goodcorporate governance when security risk is partof the organisational DNA, and yet the same EYresearch highlights the fact that almost half ofthose companies surveyed across the UK in2012 didn’t discuss Information Security at thetop of their organisational structure.

It’s not possible to establish if thoseorganisations responding to EY’s questionsconsider security to be part of the Chief RiskOfficer’s remit. From a security perspective,though, you can begin to see the emergingpicture and the disconnect between the culturesetters: the Boardroom and their businesses.

For some reason, ‘Security’ appears to be in abox all by itself. How many Information Securitypractitioners harbour a risk background or have

undergone proper and robust risktraining? Very frequently, this

function ‘falls out’ of the ITDepartment. While an IT

understanding is veryimportant, it’s also part of

an overall threat surfaceand is by no means theonly area that acomprehensiveInformation Securitystrategy must cover.

Allowing IT to drivethe Information Security

agenda isn’t appropriateand yet around 63% of

businesses apparentlyalign their Information

Security risk to their IT strategy.Security is so vital to any

organisation, but sometimes it seems as if wejust don’t join the dots between overall risk andsecurity as a matter of course.

In summary, then, we’re lacking Chief RiskOfficers. Those Chief Risk Officers in residencemay not be including security in theirassessments and there’s not enough goodquality Board-level representation for securityto advise, plan and help build the disciplineinto all business functions.

Threat, Risk, Strategy, PolicyWhen examining how projects are risk assessedthere will be many elements and processes thatneed to be considered, included or mitigated.

Using the example of a product developmentproject, the financial risk tolerances andappetites will have been assessed and set andthe teams and leaders will know where thethresholds lie and what they need to do inorder to move the project along within thoseguidelines. They’ll also comprehend at whichjuncture they might need to raise the red flag ifit looks like the project is at risk.

However, some of those considerations mayhave been security risks. There may well be aRisk Register in place for the security team thatincludes some elements with which the productdevelopment specialists might be working.

For instance, let’s assume all the talk is ofnew software requirements. These might benecessary in order to expedite the project. Thefinancial tolerances and appetites may havebeen established and observed and the teammay have checked with end user groups and ITto establish the correct software applications tobe considered, but what if the chosen softwareis purchased and installed without it havingpassed through a security risk assessment?

In this instance, for argument’s sake let’s saythat the risk assessment simply missed outsecurity as an indicator. Given that all criteriaare satisfied, the decision is taken to press onand issue the software. The project goes aheadbut then it’s discovered that the new software

Corporate Security Risk: Is it any different from other forms

of risk management?

In today’s world, security is so vitallyimportant for any organisation.However, from a managerialperspective it sometimes appearsthat the dots are not joined betweenoverall risk and security. Surely thereare elements of security that oughtto be considered in various risk areasof an organisation? Mike Gillespiefocuses on this central topic

48www.risk-uk.com

TheSecurityInstitute'sView November2014_riskuk_nov14 07/11/2014 14:14

is, in fact, a platform. The information it readilymakes good use of is Cloud-hosted. The Cloudprovider has suffered a security incident andthe data is now placed at risk.

Security may well have had Cloud-basedapplications on the Risk Register and a veryclose control could have been maintainedaround what applications should be enabled.

However, since in this case the solution wasprocured and installed independently ofsecurity, the element(s) of risk that reallyshould have rested with the security team isnow ownerless and, consequently, the businessentity finds itself under threat.

Separate Risk Registers: a problemSecurity might be disconnected from the mainbusiness and may have a standalone RiskRegister that could include vital pieces ofinformation. These may have been needed bythe project teams in our example, but theconstituents of those teams simply didn’t haveaccess to them. They may be totally unaware ofthe elements that other parts of the businessneed to be including in risk assessmentprocedures or the Risk Register itself.

If there’s no effective communicationmechanism or path from security through to thebusiness as a whole – or, more specifically, theBoardroom – then risk is actually being created.Projected costs and timelines might beinaccurate and, on that basis, projects orprocesses could potentially fail.

That failure is the direct result of a ‘corporatedisconnect’ with security risk. By the time therisk has been discovered, it will have maturedand potentially be able to de-rail or otherwiseseriously delay a given project.

It’s absolutely vital for any business to have arisk management process in place that’s clear,concise, consistent and repeatable (with theemphasis being on repeatable).

To achieve that status quo, a business has toset out how it wishes risk to be managed in a‘top management’ or C-Suite approved policyand then make sure resources are applied toensure that policy is educated and adhered toby all members of staff at all times.

Once again we can see the importance ofgood culture coming from the top of anorganisation and setting the tone for how riskand security will be dealt with throughoutvarious teams and units.

If this doesn’t happen then a business willnot exhibit an effective risk managementprocess and risk will not be managed at thelevel appointed by ‘top management’. Here,risk is not being accepted at appropriate levelsthroughout the organisation and, instead, may

be accepted by people at an entirelyinappropriate level. Alternatively, theunderstanding of risk will be below par and thefollowing scenario may develop:• The risk is accepted at a lower level of

management as it has been incorrectlyassessed as being a low risk and bypassesany strategic management involvement

• The risk isn’t identified as a proper riskmanagement process hasn’t been employed

• The risk is over-assessed which may causedelays on critical business outputs and/oruse up too much resource in mitigation

• Risks may even be created out of thin air

From strategic to tactical levelsRisk management needs to be carried out as anorganisation-wide activity that addresses allforms of risk from the strategic to the tacticallevel. An holistic approach ensures that risk-based decision-making is at the very heart ofthe organisation and drives any resulting policy.

The best Risk Registers include all risks tothe business and are broken down into sections– Information Security Risks, Operational Risks,Corporate Risks and so on. This approachmakes communication and presentation to topmanagement – or the C-Suite – much clearerand really enables strategic risk decisions.

We undoubtedly face a business challengewhen considering risk. Our language, approachand strategy needs to be continually reviewedand there has to be an holistic and business-based approach to integrating security withinour thinking at all levels and across all silos.

The Security Institute’s View

“How many Information Security practitioners harbour a riskbackground or have undergone proper and robust risk training?Very frequently, this function ‘falls out’ of the IT Department”

49www.risk-uk.com

Mike Gillespie MSyI MBCSMInstISP CIRM: Director ofCyber Research and Security atThe Security Institute

TheSecurityInstitute'sView November2014_riskuk_nov14 07/11/2014 14:14

Banks, financial institutions and companies(such as utility providers) managing ourCritical National Infrastructure – including

nuclear power plants and data centres – aremandated to ensure compliance againstGovernment and/or industry regulations forseveral areas of their operation. Importantly,risks associated with any failure around thatcompliance are often related to the financialand/or reputational profile of a givenorganisation and, that being the case, must betaken seriously at all levels.

On that basis, companies will implementrigorous processes and procedures alongsideinternal checks and balances to ensure they’reable to measure the level of their complianceand, in turn, identify any areas of concern.

For its part, physical access governancewithin an organisation relates to:• ensuring that the right individual has

(physical) access to the right places and atthe right times

• making certain that the required vetting andvalidation of any individual provided withsuch access has been carried out inaccordance with the host organisation’ssecurity policy

• the necessary approvals being receivedbefore physical access is provisioned for aparticular area (for instance critical/highsecurity data centres) for a specific individual

• the required training and certification (eg inrelation to Health and Safety) being in placein accordance with the security policygoverning any specific area

• physical access being revoked or suspendedas per the defined and stated security policyIn order to measure and assure compliance

around these various aspects, organisationshave to collect, manage, analyse and report onoften large amounts of data and processesduring the ‘lifecycle’ of any individual who setsfoot on the premises. This necessarily involvescollaboration between several departmentsconcerned with physical security, IT and datasecurity, general business risk and continuity.

However, in the main the ownership of – andliabilities around – such aspects rest with thePhysical Security Department. Hence thereason that, in a 2012 survey conducted jointlyby the CSO magazine and the IDG ResearchServices Group, 63% of serving directorsresponsible for the physical security remit atmedium/large-scale organisations who were

questioned classified compliance aroundaccess governance as either ‘Critical’ or ‘HighPriority’. That figure increases to 92% when allparticipants in the survey are included.

Compliance around physical accessHow, then, do organisations ensure compliancearound physical access in today’s businessenvironment? Further, what challenges confrontthem when attempting to do so?

Until now, there has been heavy reliance onthe use of various solutions/devices such asphysical access control systems to helpmeasure those metrics previously outlined and,in turn, assure compliance. In addition to thecollection of data from such systems,measuring overall compliance involves a gooddeal of administrative effort and cost due to thelack of any easily identifiable audit trail for allprocesses leading to the data generation.

This spend is furtherenhanced when there aredisparate sources ofinformation/systemsdeployed within abusiness. That statementis true for most globalenterprises that havegrown – either organicallyor by dint ofmergers/acquisitions –and inherited a legacyinfrastructure of disparatesystems focused ondifferent areas, sites orindeed regions.

Of late, manyorganisations have spentmillions on standardisingtheir systems – physicalaccess control solutionsamong them – to onemodel or type with theintention of reducing riskand the administrative

51www.risk-uk.com

Physical Access Governance: Assuring Compliance, Reducing Risk, Saving Costs

How might organisations ensure compliance around physicalaccess in today’s business environment? Further, whatchallenges confront them when attempting to do so?Dr Vibhor Gupta examines Physical Identity and AccessManagement solutions and their ability to reduce both riskand operational costs

In the Spotlight: ASIS International UK Chapter

InTheSpotlightASISInternationalUKChapter November2014_riskuk_nov14 07/11/2014 12:50

52www.risk-uk.com

In the Spotlight: ASIS International UK Chapter

spend involved in measuring and ensuringcompliance. In truth, such investments haven’thelped them that significantly.

Introduction of PIAM solutionsIn light of decreasing budgets around physicalsecurity in tandem with increasing operationalcosts, it becomes hugely important to identify away in which all processes and data might becaptured, audited, reported and analysed in themost cost and time-efficient manner. To meetthat desire, a new class of enterprise software –designated Physical Identity and AccessManagement (PIAM) – has been introduced.

A PIAM solution allows physical securityadministrators a single self-service userinterface from which they can view, control,audit and report on data and processes relatingto employees, contractors or visitors and theirphysical access to a building or site.

A key component of PIAM solutions is a rule-based engine which allows the administratorsto define all workflows along with thenecessary checks and balances required whenprovisioning physical access for a givenindividual. This permits physical securityadministrators to automate and audit theimplementation of these processes through onesingle user interface. In turn, that means theelimination of any need to extract, normaliseand stitch together data from multiple sourcesystems. The end result is significant savingson both cost and effort.

The important thing to remember here is thatPIAM solutions are not a replacement forphysical access control systems or, indeed,Physical Security Information Management(PSIM) systems. Rather, they’re intended as acomplementary fit within an organisation’soverall security infrastructure.

PIAM solutions integrate with existingphysical access control solutions tosource/provision required data as per theworkflows defined in their rule engine. Inaddition, PIAM solutions allow physical securityadministrators to schedule and createreports/audits that measure the hostorganisation’s level of compliance.

Examples of some typical end user questionsfor which a PIAM solution will help provide theanswers are as follows:• Are all those individuals with physical access

to a particular area security cleared?

• Are there any people with physical access toa particular area who don’t meet thenecessary training or certificationrequirements that are mandatory for thisarea? If so, has their physical access beenterminated/suspended?

• Have all individuals with access to aparticular area been approved for access bythe respective area owner/authoriser?

• Has an area owner/authoriser validated allindividuals who have access to their area?

• Have the results of any change in securitypolicy or compliance regulations beenimplemented across all concerned areas andfor all concerned individuals (ie employees,contractors or visitors)?

• What’s the actual scale of the impact for anysuch changes (ie how many people and areasare impacted)?

• How compliant is the host organisation inrelation to various parameters defined aspart of industry regulation (such asSarbanes-Oxley, SAS16, Basel III, SAS70,NERC and FERC)?

• Has the organisation taken necessary actionacross areas where it’s currently failing inrelation to compliance? Does this require anyinternal process re-engineering?

Reducing risk, assuring complianceTime and cost savings which may be achievedthrough a PIAM solution are subject to theindustry sector in which the host organisationoperates, compliance mandates, processes andexisting infrastructures.

Various Case Studies and examples haveshown that, on average, such solutions canhelp reduce overall operational costs by asmuch as 60%. Most importantly, the ability toproactively audit and manage processesprovides a great opportunity for any businessto significantly reduce its risks.

A typical return on investment for PIAMsolutions is realised within eight-to-ten monthsfrom the date of implementation. That being so,a PIAM solution can help add value to anexisting security infrastructure by providingopportunities to ensure compliance, reduceoverall risk and render savings on the business’operational costs.

Finally, it’s important to consider the ease ofimplementing a PIAM solution. As stated, theprimary objectives of implementation are toreduce risk and cost while maintaining fullbusiness continuity. It’s highly recommendedthat end users consider a commercial off-the-shelf (or COTS) PIAM solution rather than thosewhich are customised or otherwise bespokeversions of existing solutions.

“A Physical Identity and Access Management solution allowsphysical security administrators a single self-service user

interface from which they can view and report on processes”

Dr Vibhor Gupta BSc (Hons)PhD: Technology Lead for theASIS International UK ChapterCommittee

InTheSpotlightASISInternationalUKChapter November2014_riskuk_nov14 07/11/2014 12:51

ARE YOU ON TRACK?The only manufacturer with a comprehensive range of PADS approved IP and analogue surveillance solutions for the UK rail network. Upgrade or migrate now with confidence.

Continue your journey with the Samsung Group

Open Platformat your service Run multiple third party applications on your camera!

Queue management Facial recognition People counting ANPR Intrusion detection

Keeping you on Trackwww.samsungsecurity.co.uk/PADS


Ian Gurling: Training Manager atthe Fire Industry Association

Anyone managing fire protection oncompany premises will be acutely aware ofthe need to protect people’s lives. The

portable fire extinguisher technician holdsresponsibility for those lives through ensuringthat the right extinguishers are available on siteaccording to the assessed and perceived risks,and that those systems will function correctlywhen required to do so.

Current legislation exists to ensuretechnicians ‘get it right’. That legislationincludes the Regulatory Reform (Fire Safety)Order, technician and Third Party Certificationschemes (such as those provided by BAFE) and,of course, guidance documents like BS 5306.

How does the technician make sure they arelegislation compliant? The answer is: ‘Training’.

Let’s go back to basics for a moment. Whatinstruction will your technician receive on atraining course? In essence, he or she needs toknow and fully understand the physics of fire,from the causes and processes of combustionright through to extinguishing.

They need to understand flammablematerials and extinguishing media as well aswhat happens when any of the wide range ofsuch media are applied to a fire (and how theywill react in relation to those materials withwhich they come into contact).

Technicians must also understand how to‘read’ a risk assessment and estimate thepotential scale of a fire before selecting theextinguisher(s) that will meet the risk.

They must know the construction of portablefire extinguishers. Servicing a stored pressureextinguisher, for example, has obvious andinherent risks to personal safety on systemstripping. If not correctly returned to afunctioning condition, including pressurisation,the extinguisher may fail should it be needed.

Technicians also have to understand theircustomer – the host organisation – and how toensure that customer understands and fulfilstheir own individual requirements.

The key to a good training course is one thatencourages an understanding of the subjectand doesn’t just ‘teach to repeat’ what hasbeen said on the day. If the training providersimply offers the answers to questions posedby the examination paper then the technicianhasn’t developed the understanding necessaryto apply what they’ve learned across varioussituations and scenarios.

This is where respected and establishedtraining providers such as the Fire IndustryAssociation (FIA) come into play. As abenchmark, the FIA’s course on this particularsubject matter provides three days ofcomprehensive learning followed by the BAFEexamination on Day Four.

Over the three days of learning the technicianwill cover the theory and, in terms of thepractical element, carry out stripping,inspecting and reassembly exercises for arange of portable fire extinguishers. Learnersare encouraged to think for themselves and,with daily assessment of progress made, anydifficulties in understanding or interpretation ofthe necessary standards are quickly addressed.This process affords the learner the greatestpossible chance of success in the examination.

As stated, for the FIA course it’s Day Fourwhich is the designated examination day. Asadministrators for the Competent TechniciansScheme, it’s felt that BAFE is best placed toconduct the examination. BAFE harbours acomprehensive understanding of what’srequired for entry to the scheme and, as such,will have a similar comprehension of testingthat knowledge. Examiners from BAFE willattend to invigilate a two-hour paper and alsoconduct practical one-to-one assessments.

BS 5306 recommends refresher training – afact repeated in the requirement for theCompetent Technicians Scheme – and it’sintended that refresher training be completedevery three years. Unfortunately, the transientnature of the portables industry and individualdemands placed on technicians means thatregular refresher training may either not bepossible or simply left for extended periodsbeyond the recommended timescale. If periodsbetween training and refresher courses dobecome too extended then it’s the case that afour-day course may once again be required.

Requiring measures of controlMaking sure that portable extinguishers aremaintained to a consistently high standardrequires measures of control. Given the priormention of Third Party Certification schemes,let’s start there. It’s hard to argue in favour ofThird Party Certification when there’s no

54www.risk-uk.com

Portable Fire Extinguishers: Best Practice training for technicians

Portable fire extinguishers are firmly placed on the frontline of life protection. While there’s a trend in some areas

towards removing them in favour of automatic systems andevacuation, their importance should never be

underestimated. What, though, does Best Practice look likewhen it comes to training for the use of such systems?

Ian Gurling has the answers

FIATechnicalBriefing November2014_riskuk_nov14 07/11/2014 12:38

legislation requiring that certification, but thisleaves businesses and individuals workingcommercially without it subject to criminalprosecution (as is the case for gas engineers).

We also know that, without the cost ofregistering on such a scheme, businesses havethe scope to undercut prices. In an industrywhere margins are already very small theattraction for not holding Third PartyCertification becomes quickly apparent.

Third Party Certification works for both theindividual technician and for the companyemploying them. It provides an easy point ofreference to the end user that the company andindividual they use knows what they’re doing,has the relevant and comprehensive supportsystems in place and the right tools for the job.It ensures that the service provider works to arecognised base standard (most companies willprovide their own levels of added value to thisstandard in order to separate themselves fromtheir competitors) which then ensures the enduser knows what they should expect.

Commercially, it makes sense to hold ThirdParty Certification. It’s easy for any of us tomake a statement that we can do something,but somewhat harder to provide evidenceproving the point. Third Party Certificationprovides that evidence and training forms oneextremely important aspect of Third PartyCertification requirements.

A given company cannot be awardedcertification without competent technicians. Fortheir part, it follows that technicians cannot bedeemed competent without benefit ofrecognised and current training.

Moving on a stage further there’s thelegislative requirements. The aforementionedRegulatory Reform (Fire Safety) Order statesthat there must be a Responsible Person for thefire safety of the premises and, in turn, thatindividual must employ Competent Persons toadvise and carry out work on those fire safetysystems within their area of specialisation.

It’s highly unlikely that a Competent Personwill remain the same individual for all systemswithin the fire safety programme. TheResponsible Person has to be able to confirm aCompetent Person’s claim to be competent. Thebest and easiest way to demonstratecompetence is through Third Party Certification.

To date, the term ‘Competence’ has not beendefined by law. As such, it’s assumed by the fireindustry to be a combination of experience, the

right tools for the job and, of course, training.With all of these elements in place thetechnician will have the confidence to stand upin court and say: “Yes, I am competent”.

Even easier – and backing up that claim –would be to hold a certificate stating that theindividual concerned has been independentlyaudited and certificated by a third party.

Is training really necessary?Do you really need training to service aportable fire extinguisher? Emphatically, theanswer is: ‘Yes, you do!’

As is the case with many apparently simpletasks, the layman or untrained individual maybe tempted to do it themselves. However, therisk here is that key aspects of safety may beinadvertently missed. Elements of fire riskcould be omitted or misinterpreted. As a result,in the event of a fire portable extinguishers mayprove to be insufficient or – worse still –completely wrong for the nature of the fire.

If the extinguisher or its provision should failthen lives are placed at risk and potentiallylost. In the subsequent enquiry and possiblecourt case, inevitably the competence of theservice technician is going to be called intoquestion. The most effective defence in court isThird Party Certification, which is recognised inthe fire industry as the easiest means ofdemonstrating competence.

FIA Technical Briefing: Training on Portable Fire Extinguishers

“If the training provider simply offers the answers to questions posed by the examinationpaper then the technician hasn’t developed the understanding necessary to apply whatthey’ve learned across various situations and scenarios”

55www.risk-uk.com

FIATechnicalBriefing November2014_riskuk_nov14 07/11/2014 12:39

When a security contract is acquired after along period of occupation by a previousincumbent solutions provider, it can

often be the case that the new supplier istasked with raising service levels to a higherstandard. Of course, this doesn’t necessarilymean that the previous supplier’s service levelswere in some way inadequate. Rather, there canbe a number of reasons at play which meanstandards need to be raised, not least the factthat the nature of the tender process in ourbusiness sector can have a tendency to createsomething of a lull at the end of a contract.

For those security staff employed by theincumbent supplier, the transfer period can bea disruptive and uncertain time. While sleeveswill need to be rolled up in order to moderniseand raise service levels – notably in cities suchas London that harbour their own uniquesecurity issues – a balance must always bestruck to ensure security team members arefeeling valued and motivated to redouble theirefforts at the instigation of a new contract.

‘Cradle to grave’ approachThe security services contract for King’s CollegeLondon – one of the world’s leading researchinstitutions and an entity encompassing fivecampuses – was awarded to CIS Security inJanuary this year.

The King’s Strand Campus is based close bythe River Thames and provides a multitude ofservices to students and non-students alike.King’s College’s architecturally stunning suite ofbuildings sit adjacent to – and include part of –the landmark Somerset House. High profilebuildings such as this do present a number ofsecurity challenges.

For its part, King’s College London is one ofthe world’s Top 20 universities, accommodating26,000 students from over 140 countriesworldwide and playing host to more than 7,000members of staff. In addition, this reveredacademic institution hosts different buildings ofvarying ages and a broad cross-section ofdifferent types of end user across its campuses.It’s essential that regular dialogue is maintained

with this cohort. Put simply, security must be avisible and approachable presence on campus.

CIS Security’s Stuart Butcher was selected toserve as operations manager on site in supportof William Lyle (head of security at King’sCollege London) and set about reviewingprocesses and services in a ‘cradle to grave’approach, invoking knowledge gleaned from histime working as security manager for one of theworld’s largest management consulting,technology services and outsourcing firms.

Drawing upon that experience, Butcher hasbeen able to adapt existing technologies tooptimise processes and reporting across King’sCollege’s five campuses, streamlining theservice into one cohesive system and improvingoutcomes across the many familiar and time-consuming scenarios regularly faced withincampus environments.

A tailored approach is essential given theever-changing risk and threat environmentimpacting today’s high level educationalinstitutions. The solution for the end user mustnow extend far beyond simply providing securityguarding services.

Technical awareness and abilityWhile the drive for many security companies isto increase volume of man hours, CIS Security isworking with King’s College on efficiencies,bringing physical and electronic measures intoplay that will provide significant future savingsover the length of the contract. Technicalawareness and ability is a strong part of therecruitment and retention strategy for on-sitemanagement teams, and Stuart Butcher hasplayed a significant part in identifying strategiesto ensure that technology and manpower workefficiently and effectively in tandem.

Given the volumes of footfall experienced,without careful management and clearcommunication strategies it’s fair to state thatcampus environments can be easily disrupted.Continual customer service training, a flexibleapproach as well as thorough observations andunderstanding of end users are ‘essentials’ formaintaining good relations while keeping thecampuses secure.

“On campus,” explained Butcher, “the jobencompasses helping sometimes anxiousstudents striving to fulfil deadlines on whichtheir future career may depend, offeringcustomer care and displaying an ‘Ask me’attitude towards the university’s population.”

Observing student, staff and visitor behaviourand exercising sensitivity in the monitoring of –for instance – learning and teaching roombookings in an environment as diverse as that ofKing’s College requires diplomacy and careful

University challengeWhat are the main issues at play on site when a security

company takes over a contract where the incumbentprovider has been in place for some time, and how

might the new solutions team realise positive change forthe end user? Neill Catton examines CIS Security’s

strategy at King’s College London

Neill Catton: ManagingDirector of CIS Security

56www.risk-uk.com

SecurityServicesBestPracticeCasebook November2014_riskuk_nov14 07/11/2014 14:11

judgement. “We want the campus to bewelcoming and not exhibit a heavy, oppressiveand lockdown-style environment,” assertedButcher. “The latter approach simply doesn’twork in the university setting.”

All members of the senior management teamhave completed Workshop Raising theAwareness to Prevent (WRAP)-style training, theMetropolitan Police Service instructionprogramme aimed at reducing the number ofindividuals who become – or support – violentextremists. To this end, regular diversity-centricrefresher courses equip managers and securityofficers alike with the diplomacy needed toquestion and monitor behaviours that might beconsidered relevant.

Training and development CIS Security actively embraces King’s CollegeLondon’s ‘Fit For King’s’ training anddevelopment programme. This is a modulareducation package tailored specifically to theEstates and Facilities Directorate and whichembodies the previously referenced MissionStatement on customer service. Sinceimplementation, 155 security staff havecompleted the ‘Fit For King’s’ customer servicetraining. 155 appraisals have been completedwhile 78% of the team members have alsoreceived enhanced specialist First Aid training.

As a company, we regularly hold securitysurgeries and security awareness days to helpstudents understand how they can mitigaterisks in their day-to-day student life and avoidbecoming the victim of an incident. Adviceincludes everything from protecting theirbelongings through to awareness aroundalcohol-related incidents.

University communities represent a perfectbreeding ground for the rapid escalation ofscaremongering episodes. Critical incidentexercises with careful attention paid tocommunication strategies during such momentsin time are crucial to protect King’s CollegeLondon from disruption and potential shutdown.

Focus on specific security rolesStuart Butcher and William Lyle manage – andrely upon – a dedicated security teamcomprising a mix of new CIS Security recruitsand TUPE transfers from the previous contract.Part of the strategy for enhancing team moraleand motivation centres on transforming theroles of individuals.

Following a thorough review to identifyindividuals’ strengths, experiences andpassions, management ensure team membersare given responsibilities which play to theirstrengths and harness their experiences of

working at the campus, in turn empoweringthem to succeed and feel that they have a stakein the success of the security service contract.

To lift service levels still higher, enhanced KeyPerformance Indicators (KPIs) have beenintroduced and agreed with King’s CollegeLondon’s management team and now form partof all staff yearly objectives (themselves linkedto appraisals). Security staff are presented witha clear and motivating career path and ablysupported in their roles by senior managementin addition to dedicated training and HumanResources managers who provide onsite andremote assistance to ensure that staff needs aremet on a continual basis.

Security technology also plays a big part inkeeping the operation running smoothly andcreating efficiencies for King’s College. One taskduring implementation was to unify the systemsfor all campuses. Stuart Butcher’s innovativeapproach to security operations managementimports some methods and language from theIT specialism of user experience.

“Communication is hugely important suchthat expectations can be managed andpreparations made at the right time,” explainedButcher. “Departments can be thrown intochaos because of an access point being takenout of commission without warning. That cannotbe allowed to happen.”

New technology employed to monitor accesscontrol at King’s College London includes theuse of Near Field Communication (NFC). Thisallows CIS Security to capture trends, delineatepeak times and overall user trajectories and, inturn, populate forecasts enabling the accurateresourcing of security officers at designatedpoints within the campus.

One example of an outcome following anobservational study within King’s Collegefocused on justifying the move of the SecurityHead Office to the main entrance of the buildingfrom a previous back office location which hadimpaired visibility of front line issues andcreated a ‘disconnect’ between the managementteam and the front line security officers.

In just eight months the ‘face’ of the King’sCollege security team has changed. Judging bysome very positive feedback, a significantlydeveloped operation is now readily apparent.

Alterations and amendments have beenbased on insights derived from team members,end users – via the appropriate platforms – andongoing training and reviews.

Security Services: Best Practice Casebook

“CIS Security is working with King’s College onefficiencies, bringing physical and electronic measuresinto play that will provide significant future savings”

57www.risk-uk.com

SecurityServicesBestPracticeCasebook November2014_riskuk_nov14 07/11/2014 14:11

Information security is an industry full ofbuzzwords, acronyms and clichés. The GRCsector in particular is rife with them (which

succinctly proves my point about acronyms –GRC: Governance, Regulatory and Compliance).

For example, the expression ‘CheckboxApproach to Compliance’ is disparagingly aimedat anyone who treats compliance as a project.For these ‘Checkbox Compliance Cowboys’,compliance receives focus once a year over afew weeks with the sole intention of providingenough paperwork to satisfy an auditor, butwith little substance beyond that.

Of course, those who treat compliance ascynically as this are missing the point. Threatsto security are constant and, on that basis,security measures and the associated checksand balances of compliance also need to beoperational on a continuous cycle.

Security and compliance is a hugely complextask, while the implementation of a hardenedbuild standard is a highly technical project inits own right. There’s no doubt that finding theright balance between a configuration standardthat protects vital business systems withoutpreventing them from working demands verycareful consideration.

Overlaid with configuration hardening is therelated task of patch management. Bothdisciplines will address vulnerabilities and bothcan have nasty side-effects.

On this basis, within the overall context ofvulnerability management, it’s valid to group allvulnerabilities together. Indeed, manyvulnerability scanners will aim to detect bothconfiguration and software-basedvulnerabilities with one scan. However, becausethe nature of vulnerabilities and the actionsrequired to either mitigate or remediate themare so different, it actually makes sense tosegregate their management.

The ‘Traditional Scanner Approach’One of the main obstacles to makingvulnerability a streamlined process is thatthere’s a tendency to always be starting at‘Square One’. The vulnerability landscapechanges daily with new exploits beingdiscovered and reported. As such, new scansignatures will always be available. There’s alsothe issue of needing to know which devices youhave and where they’re located in order to scanthem – a secure network is going to befirewalled to prevent scanning activity.

Finally, it’s always better to operate a scan ina focused manner, which means knowingwhat’s installed on the hosts under test in orderto specify those vulnerabilities for which you’regoing to test.

The alternative is to merely run a simple butoverkill ‘Route One: Let’s-test for every exploitof every package’ but in a large estate this is fartoo wasteful of both resources and time.

Once the scan results are reported it’s thenthat the real work begins. Each failure needs tobe reviewed in turn for its relevance andassociated risk. In a large estate whereremediation work could take days or evenweeks, which vulnerabilities (and for whichdevices) should you address first?

For configuration-based vulnerabilities, is itpractical to mitigate the vulnerability given thatreducing the opportunity to exploitvulnerabilities invariably reduces functionality?

Likewise, is it safe to go ahead and patch asystem? An update that addresses a specificvulnerability may well introduce other issuessuch as feature/functional changes or even anew ‘bag of bugs’.

Faced with these potentially undesirableside-effects, the first question to ask is: ‘Howserious is this vulnerability?’ Or, in other words,does the risk posed by the vulnerability

58www.risk-uk.com

When is a vulnerability not a vulnerability? Vulnerabilities exist in business data systems via

configuration settings, software bugs and the misuse ofsoftware features. That’s why it’s essential for security

risk managers to minimise the ‘attack surface’ of ITsystems by employing a vulnerability management

process. Mark Kedgley pinpoints the right procedures

DataRiskManagement November2014_riskuk_nov14 07/11/2014 12:30

Mark Kedgley:CTO at New Net Technologies

fundamentally outweigh the risk of causingother operational problems?

Categorising and scoringVarious systems exist which attempt tocategorise and score each vulnerability. Qualyshas its own scoring system as do Tripwire (andnCircle), but there are also the consensus-based systems – presided over by NIST – whichreference the three earlier definitions ofvulnerability classes. In turn, these are:• Common Configuration Scoring System

(CCSS): Used to score the severity of securityconfiguration-based vulnerabilities

• Common Vulnerability Scoring System(CVSS): Used to score the severity ofsoftware flaw-based vulnerabilities

• Common Misuse Scoring System (CMSS):Used to score the severity of softwaremisuse-based vulnerabilitiesAt a high level, the intention is clear – define

how potentially dangerous each vulnerabilityreally is, but that isn’t such an easy assessmentto make and scoring vulnerabilities starts tobecome extremely complicated very quickly.

Each of the Common Scoring Systems factor-in the context of the threat: ‘Just how likely is itthat this exploit can be used?’, ‘How real is theexploit?’, ‘How available are the fixes and howrisky are they?’ and ‘How much damage couldbe done using the exploit?’

No vulnerabilities should be ignoredThere are no vulnerabilities that should beignored, but there are any number that, withinthe context of your estate, might be toleratedtemporarily or permanently due tocompensating controls that are in place.

SCADA infrastructure components subject toNERC CIP compliance will require the highestlevels of security, while user workstationssegregated from confidential data systems canbe treated as lower priority, lower risk items.

With scan results highlighting hundreds ofvulnerabilities across the estate, the last thingyou need is to be re-reminded every time youscan the same known-and-acknowledgedvulnerabilities. The concept of improvement-based vulnerability management begins withthe overriding need to address this key issue.

For example, with a large complianceinitiative, there could be any number of reasonswhy servers or network devices will remain in anon-compliant state for months – resource

constraints, applicationcompatibility and networkarchitecture, etc – so theneed to either suspend orexclude compliancerequirements for certainhosts or device groups isabsolutely essential.

If we think it will take usthree months to remediate allvulnerabilities across allsystems then we can settime-based milestones forminimum levels ofcompliance to be achieved and, in doing so,give a realistic set of targets to hit progressivelyover time without being repeatedly beaten upover all outstanding vulnerabilities.

Similarly, there may be a need to makeexceptions or adjust compliance requirements.

Last, but not least, the ability to extend thecompliance standard to include additional fileintegrity monitoring checks over and above theSTIG or other secure build standard is valuable.

Minimising the ‘attack surface’Vulnerabilities exist via configuration settings,software bugs and the misuse of softwarefeatures. It’s essential to minimise the ‘attacksurface’ of IT systems using a vulnerabilitymanagement process. Where patches can beused to remediate vulnerabilities, these need tobe carefully assessed for potential negativeside-effects before deployment.

Similarly, security configuration settings maybe deployed to close off potential exploits,albeit at the loss of functional freedom (whichalso needs to be weighed up).

Modern approaches to vulnerabilitymanagement make use of vulnerability scoresto help with decisions over whether the cost ofremediation outweighs the potential risk.Scoring vulnerabilities also helps prioritiseremediation work in large-scale estates wherethe workloads involved are significant.

However, the real answer lies in operating aprocess of improvement-based vulnerabilitymanagement. This ensures that intelligenceregarding your estate is accumulatedincrementally and accuracies continuouslyimproved. Ultimately, this serves to elevatevulnerability management above the‘Groundhog Day’ scenario that traditionalvulnerability scanners might engender.

Data Risk Management: Minimising the ‘Attack Surface’ of IT Systems

“The vulnerability landscape changes daily with new exploits being discoveredand reported. As such, new scan signatures will always be available”

59www.risk-uk.com

DataRiskManagement November2014_riskuk_nov14 07/11/2014 12:30

Risk in ActionLone worker security at VINCIFacilities boosted by MySOSPart of the VINCI construction group, VINCIFacilities has chosen to roll out Skyguard’sMySOS personal safety service in order tomitigate potential risks for all of the company’slone workers.

VINCI Facilities provides bespoke solutionsand services to a variety of traditional verticalsectors (including housing, education andhealthcare) and fully understands the potentialrisks and threats faced by its dedicated groupof lone worker employees.

On that basis, Josephine O’Connor – businessand community investment manager at VINCIFacilities – set about sourcing a BS 8484-compliant and approved lone worker personalsafety service to support and protect thecompany’s lone working employees.

Following extensive research, VINCI Facilitiesawarded Skyguard the contract to provide 24-hour emergency back-up for all lone workerpersonnel by way of its fully-accredited MySOSpersonal safety device.

The MySOS allows end users to raise analarm at the press of a button should they feelthreatened or deem their personal safetycompromised. That alarm is sent to Skyguard’sIncident Management Centre where trainedcontrollers will listen-in, locate the end user,assess the situation and take appropriateaction (including potential escalation of thescenario to the emergency services).

When tracking options are enabled, theMySOS device will also automatically recordand transmit its GPS locations at set intervals.Alternatively, manual activation is realised bythe press of a button on the device. Locationsmay be viewed on a map with grid references –and in real-time – via Skyguard’s Customer

Service Centre online portal.“The Customer Service Centre

portal gives us themanagement data we need

to be able to keep thelone working staff safe,”

asserted O’Connor. “Italso details thegeography of my

teams. This has theadded benefit ofenabling me tobetter managetheir time andafford anenhanced serviceto our clients.”

60www.risk-uk.com

Showsec helps put Leeds’ FirstDirect Arena on the venue mapEvent and venue security specialist Showsechas been acclaimed for the substantial partthe company has played in helping toestablish the First Direct Arena in Leeds as afriendly, customer-focused venue.

The 13,000-capacity First Direct Arenarecently celebrated its first birthday whenJake Bugg performed his unique blend ofindie rock and folk to a capacity crowd. Thisspecial occasion also marked the 25thAnniversary celebrations of Leeds-basedbank First Direct, the venue’s sponsor.

Showsec was contracted by SMG Europe toprovide its specialist services for the FirstDirect Arena from the outset, and hasundoubtedly made an important contributionto many memorable events (among them thehosting of the BBC’s annual SportsPersonality of the Year Awards ceremony).

First Direct Arena’s general manager BenWilliams commented: “During the launchyear of the First Direct Arena, SMG Europehas relied upon the scale, expertise andprofessionalism delivered by Showsec. As acompany, Showsec has not only embracedbut also proactively committed to thevenue’s vision for placing the customer at theheart of everything we do.”

As well as the anniversary event featuringJake Bugg, the First Direct Arena has playedhost to many other international artistsincluding Kasabian and The Kaiser Chiefs.

With Showsec’s Sam Hodkin nowoperating as the Arena’s head of security, thecompany has developed a strong team ofexperienced supervisors, Security IndustryAuthority-licensed professionals andstewards to help the venue enhance itsreputation for top class entertainment.

“The emphasis has been on ensuring thatthe experience for all visitors to the FirstDirect Arena is the very best it can be,”explained Julian Kumah, Showsec’s areamanager for Yorkshire. “The fact that we’vebeen able to deliver that level of service isdue to the professionalism of our staff.”

RiskinAction November2014_riskuk_nov14 07/11/2014 14:04

61www.risk-uk.com

Risk in Action

Charter Security dog patrols reducecrime in London’s Tower HamletsResidents in London’s Tower Hamlets havepraised a project that has helped to reducecrime in their neighbourhood.

The ‘Dealer a Day’ programme sees CharterSecurity working with Tower Hamletsenforcement officers and Partnership TaskForce police officers to combat drug dealingand anti-social behaviour in an initiative that’smanaged by the local authority.

In response to residents’ concerns, snifferdogs and general patrol dogs are being used todetect a variety of items, among them potentialweapons and drugs.

The pilot initiative began at the end of 2013 and was so successful it hassince been extended. That project has already disrupted numerous drug dealsand detected (and seized) several quantities of cannabis. Raids have led to theseizure of heroin, cocaine and cannabis with a street value of over £6,000.

Regular patrols combat the problem at source, helping to disrupt and preventdrug deals from taking place. The dog patrols target high risk areas duringwhat would be considered ‘peak’ drug trading/anti-social behaviour hours.

Six tower blocks formed the pilot area, which has now been extended tocover 15. Stairwells of Tower Hamlets Homes-managed properties are regularlyvisited and patrolled, and dogs are also used in open areas such as greens.

Trevor Kennett, head of enforcement services at Tower Hamlets, explained:“We know that residents want the council, police and our partners to worktogether on stamping out drug dealing and bringing the dealers to justice.These latest patrols involving Charter Security’s dog handling services are partof our continuing efforts to do just that.”

BBC Worldwide awards prestigiousFM contract to MITIE Group plcFTSE 250 strategic outsourcing company MITIEhas just been awarded the prestigious facilitiesmanagement (FM) contract at BBC Worldwide.The contract will run for a three-year periodwith provision for an extension.

Under the Terms and Conditions of the deal,MITIE will now deliver the full range of FMservices including security, Front of Housesolutions, maintenance and repairs, cleaningand catering for BBC Worldwide’s new offices atTelevision Centre in London’s White City whenthey open next year.

Speaking about the contract, Andreas Arnold(director of strategic projects for BBCWorldwide) explained: “MITIE was chosen asour FM partner due to the company’s creativeapproach, the cultural fit with our own businessand the demonstrated use of technology toimprove service delivery.”

Tyco provides bespoke fireprotection for the Royal NavyFollowing an extensive tender process, Tyco Fire& Integrated Solutions was awarded thecontract to design fixed fire-fighting solutionsfor the UK MoD’s new Type 26 Global CombatShip Programme.

Appointed by main contractor BAE Systems,the team at Tyco Fire & Integrated Solutionshas developed a bespoke design packageconsisting of a variety of systems includingwater, mist, foam and gaseous solutions.

Graham Linney, engineering manager (marinedivision) at Tyco Fire & Integrated Solutions,commented: “Throughout the design phasewe’ve worked closely with BAE Systems and theRoyal Navy to ensure the solution for the newType 26 Global Combat Ships meets the specificrequirements of such a unique environment.This collaborative approach was vital in order tomeet client and end user requirements.”

2014 HMV FootballExtravaganza supportedby Cardinal SecurityCardinal Security was appointedto provide security solutions atthe annual HMV FootballExtravaganza event that tookplace on Tuesday 14 October.

Held at The Hilton Hotel on London’s Park Lane, this year marked the fifthoccasion that Cardinal Security had been asked to manage security for theevent. As in previous years, Cardinal supplied a number of SIA-licensedsecurity officers who duly took responsibility for all general and VIP admissionentrances as well as any additional security needs on site. In the spirit ofcharity, a number of the officers were provided free-of-charge.

Football Extravaganza was first launched in 1996 to raise money for NordoffRobbins, a national music charity dedicated to transforming the lives ofvulnerable children and adults across the UK. Since then, the event hasrealised over £5 million for the charity through a series of celebrity auctions offootball memorabilia and artwork.

Past Football Extravaganza events have celebrated the careers of severalfootballing heroes, among them Pele, Chelsea manager Jose Mourinho and SirBobby Charlton. This year, the evening honoured one of the most decoratedindividuals in English football’s history – Ryan Giggs, Manchester United’slongest-serving player – with the Legend of Football Award.

The successful 2014 gathering, which raised £402,000, also featured aspecial performance from rock band Stereophonics.

RiskinAction November2014_riskuk_nov14 07/11/2014 14:05

62www.risk-uk.com

Technology in FocusVista issues VFD analogue security cameras for end usersThanks to a Wide Dynamic Range (WDR) of up to 120 dB, the newVFD28V12WDR analogue cameras launched by Vista offer “outstanding imagequality” even under extreme backlit conditions.

Viewing images in highly contrasted scenes can lead to a loss of detail thatcompromises both image quality and usefulness. Thanks to CMOS WDRtechnology and “exceptional” 1000 TVL colour and monochrome images, thenew VFD28V12WDR models address these issues, providing more detail to beviewed and recorded.

Key features of the new cameras include:• Exceptional WDR of 120 dB for balanced and detailed images• 1000 TVL colour and monochrome images rendering “impressive” live and

recorded image quality• True day/night operation thanks to the built-in switching IR cut filter• End user-selectable privacy zones designed for protecting sensitive or

personal information• Optically correct bubble ensures superior

image quality at all viewing anglesVista brand product manager Kramar

Donachie commented: “TheVFD28V12WDR cameras include a host offeatures such as peak white inversion,3DNR and BLC which help end users toensure excellent resolution for themajority of lighting conditions.”www.norbain.com

Elmdene switches to STX PSU rangewith EcoCharge to power EN54-4compliant fire systems Elmdene International has launched the STXrange of energy efficient, cost-effectiveswitched-mode power supply units (PSUs).

The new range has been designed to meetthe demands of today’s EN54-4 compliant firesystems and is the first product line fromElmdene to be supplied as standard with thecompany’s advanced EcoCharge intelligentbattery charging capability.

The STX range comprises four power variants– 1A, 2A, 5A and 10A – each delivering a 27.6 VDC output. All models are certified to EN54-4:1997, A1:2002 and A2:2006. Rigorous in-house testing has demonstrated that the latestSTX PSU models are capable of deliveringhighly impressive efficiency levels of up to 95%.www.elmdene.co.uk

CEM Systems releases new versionof AC2000 access control softwareCEM Systems has issued Version 6.9 of theAC2000 suite of access control and securitymanagement software. This new edition of thesoftware offers improved security features andincreases the performance of the AC2000software suite including the AC2000, AC2000Airport and AC2000 Lite solutions.

“AC2000 is an integrated securitymanagement system that’s designed with thecustomer in mind, providing flexible solutions

that help increase security andimprove operationaleffectiveness,” said ConlethDonaghy, senior productmanager at CEM Systems. “Thelatest release of AC2000 furtherreinforces this, offeringimproved security features withthe addition of the SmartCardUtility and support for AESencryption across all CEMDESfire readers. Enhancementsto emerald also provide an

additional security level whereby images ofpersonnel may be immediately verified at thepoint of entry.”

An enhancement of AC2000 is the additionof user-defined keys through the AC2000SmartCard Utility application. This applicationis a convenient and flexible approach to smartcard key management allowing end users totake full ownership of their smart cardpersonalisation process. If encryption keys arecompromised, updates may be implementedusing the AC2000 SmartCard Utility.

AC2000 Version 6.9 now supports 128-bitAES (Advanced Encryption Standard)encryption across the CEM DESFire readerversions of the emerald terminal, the S610reader range and the sPass reader. Thisencryption standard provides a future proofaccess control solution, increasing security forthe end user while also reducing the risk ofcard cloning.

As stated, Version 6.9 of AC2000 offersenhanced functionality of emerald, CEM’saward-winning intelligent access terminal.www.cemsys.com

TechnologyinFocus November2014_riskuk_nov14 07/11/2014 14:12

63www.risk-uk.com

Technology in Focus

Samsung Techwin’s open platform WiseNetIII Series cameras nowintegrated with Milestone’s XProtect Video Management SoftwareSamsung Techwin’s award-winning open platform WiseNetIII Series of network cameras has beensuccessfully integrated with Milestone’s XProtect Video Management Software (VMS).

Milestone XProtect VMS is powerful, reliable, easy-to-use and proven in more than 100,000installations worldwide. Based on a true open platform, XProtect VMS enables integration with theindustry’s widest choice of cameras and ‘Best in Class’ business solutions.

All of the 1.3, 2 and 3 MP IP network cameras and domes within the WiseNetIII Series have beenintegrated with Milestone XProtect, including the recently launched SNP-6320 (pictured). This isthe world’s first 2 MP 32x PTZ dome, while the 1.3 MP SNP-5430 can claim to be the world’s first43x PTZ network video surveillance dome camera with intelligent auto-tracking.

Samsung Techwin’s open platform WiseNetIII DSP chipset recently won the Video Hardware ofthe Year category at Benchmark Magazine’s 2014 Innovation Awards. The spare processing powerand open platform capabilities of the chipset provide end users with complete freedom to choosetheir perfect combination of on-board video analytics, as well as a VMS that best matches therequirements of individual video surveillance projects.

“A key element of our product development strategy is based on the understanding thatcustomers are looking for easy-to-implement and easy-to-operate integrated video surveillancesolutions,” said Peter Ainsworth, head of product and marketing for Samsung Techwin Europe.

“Integration with independently developed software such as Milestone XProtect is essential inorder to provide the option for the latest generation of Samsung Techwin WiseNetIII cameras anddomes to be controlled and monitored alongside systems produced by other manufacturers.”www.samsungsecurity.com

Hikvision adds Mini IR PT networkcamera to Easy IP range Hikvision’s range of Easy IP solutions hasbeen supplemented with the launch of asophisticated infrared pan and tilt IP camera.The DS-2CD2Q10FD-IW 1MP Mini IR PTnetwork solution features HD 720p real-timevideo with motorised pan and tilt.

The discreet housing also incorporates abuilt-in microphone and speaker, an SD cardslot supporting on-board storage of up to 64GB, a 100 MB/sec Ethernet interface and Wi-Fi connectivity.

Despite its compactsize, the Mini IR PTcamera offers the fullflexibility andmanageability of anIP surveillancesolution, providing a0°-355° pan rangeand a -20°-90° tiltrange of view. TheDS-2CD2Q10FD-IW isideally suited to quick and easy installation,the Wi-Fi WPS capability enabling automaticconfiguration even for those end users witheither limited or no network knowledge.

The new cameras feature 3D DNR andDWDR image enhancement technology andzone configurable backlight compensationfor “outstanding” day/night performance inany environmental conditions.www.hikvision.com

Milestone Husky models withintegrated encoders ease move fromanalogue to digital technology Milestone Systems – the open platformcompany in IP Video Management Software(VMS) – has unveiled an easier and moreaffordable way for end users to make thetransition from analogue to digital technology.

Milestone’s Husky Series of NVRs now offersversions with integrated encoders that make iteasy to connect analogue and digital cameraswhich run on IP networks to the same box.

The Husky Hybrid NVRs are pre-installed withMilestone’s VMS and allow end users to buildon their initial investment. Security managerscan continue to use existing analogue camerasand add new IP cameras over time.

The Hybrid NVRs are aligned with the newMilestone encoder licensing. Here, only onehardware device license is needed for eachanalogue-to-IP encoder regardless of thenumber of analogue cameras connected to theencoder. This applies to encoders with no morethan one IP license.

In addition, the Husky Series supportsMilestone’s encoder licensing when externalencoders are used on the NVRs.www.milestonesys.com

TechnologyinFocus November2014_riskuk_nov14 07/11/2014 14:12

Security solutions for today’s challenging times

Global economic pressuresare forcing organisations toreview expenditure acrossthe board. But, the securityissues remain the same. So, do you cut your security?

Pilgrims offers a complete andcomplementary range of security,communications and support services,backed by an unmatched commitment to the highest level of quality, efficiency and client care, to reduce costs not cover.

Our expertise and global experience allowus to deliver robust, practical solutions fortoday’s challenging financial climate.

For more than ten years, Pilgrims has beensupporting clients across the globe, protectingand enabling their businesses to continue inspite of threats from terrorism, seriousorganised crime and natural disasters.

Our personnel are handpicked for theirexperience, skills, training and personality to match the requirements of our clients.This, combined with our continual exposureto the world’s hot spots and difficultregions, makes Pilgrims the ideal choice foradvice and support.

Pilgrims provides a global service, with localknowledge through our employment oflocal personnel, quality control, continualongoing training and our relationships withspecialists and local partners.

ConsultancyOperational ConsultancyManned GuardingTrainingInformation and IntelligenceCommunications SupportTechnical SystemsEquipment

We can help you find the right solution.Call Pilgrims on: +44 (0)1483 228 786

www.pilgrimsgroup.com


Appointments

65www.risk-uk.com

AppointmentsRisk UK keeps you up-to-date with all the latest peoplemoves in the security, fire, IT and Government sectors

Alex YoungerForeign Secretary PhilipHammond has announcedthat Alex Younger isappointed as successor to SirJohn Sawers as Chief of theSecret Intelligence Service.Younger will take up the

appointment this month.Often referred to as MI6, The Secret

Intelligence Service (SIS) collects Britain’sforeign intelligence. Based at Vauxhall Cross inLondon, the SIS provides Her Majesty’sGovernment with a global covert capability topromote and defend the national security andeconomic well-being of the United Kingdom.

Commenting on his appointment, AlexYounger said: “I’m delighted and honoured tobecome Chief of the Secret Intelligence Service.Our dedicated members of staff work tirelesslyagainst an array of threats that this countryfaces. They do so in close partnership with bothMI5 and GCHQ with whom I’m looking forwardto co-operating very closely.”

Alex Younger is a career SIS officer and hasbeen in the Service since 1991. For the last twoyears he has overseen the SIS’ intelligenceoperations worldwide.

Younger has held overseas postings in Europeand the Middle East and was formerly thesenior SIS officer in Afghanistan.

Having served as an officer in the BritishArmy, Younger has filled a variety of operationalroles in London, including leading the SIS’ workon counter-terrorism for the 2012 Olympics.

Jeff Little OBEBrigadier (Retd) Jeff LittleOBE MBA CGIA FSyI FICPE isnow an advisor to the Boardfor MITIE Group plc’s growingTotal Security Management(TSM) business.

For three years fromDecember 2010, Little served as CEO of theNational Security Inspectorate and brings toMITIE TSM a vast array of experience in thefields of strategic security, resilience, training,systems and emergency planning.

A distinguished military career resulted in anOBE from Her Majesty The Queen in recognitionof Little’s exemplary leadership skills during thethird Balkan War which ran from 1991 until 2001.

In this new role, Little will focus on MITIE’scritical security offering to existing majorcontractor clients within the defence, nuclear,utilities and data centre sectors.

“I’ve always been impressed by MITIE’ssecurity business,” explained Little. “I’m nowvery much looking forward to assisting thedevelopment of MITIE TSM’s offer and takingthe MITIE way of thinking forward. It’s vital thatwe continue to provide innovative solutions.”

Chris NorrisWicklander-Zulawski (WZ), the US-based consulting and trainingcompany, has announced that Chris Norris CFI – the organisation’sdirector of webinar, WZ Europe (WZ-EU) and international training – ismoving to the UK on a year’s secondment with a view towards raising theprofile of the brand’s investigative interview techniques across Europe.

Norris, who has been with the company for almost 15 years, will beresponsible for building the profile of WZ-EU training that’s available to

both UK and European businesses while also identifying training professionals who can helpdeliver WZ’s unique educational courses.

Since joining WZ in 2000, Norris has presented at several national US meetings fororganisations including the National Retail Federation and is a regular guest instructor at theFederal Law Enforcement Training Centre. He has trained thousands of Human Resourcesprofessionals, audit managers, loss prevention specialists, security and law enforcementpractitioners in the art of non-confrontational interviewing, and also conducted numerousprofessional investigations for both private companies and public agencies.

Speaking about his secondment to the UK, Norris said: “As we see more US companies tradingin the UK, so there has been a greater demand for our recognised form of interview training. Weknow that the loss prevention sector, for example, is recognising a need for such training to helpaddress internal issues and mitigate liabilities.”

Norris added: “By moving to the UK, I can help raise awareness of the benefits of our trainingservices to UK and European businesses and also respond to the growing demand for the non-confrontational interview techniques we can offer.”

Appointments November2014_riskuk_nov14 07/11/2014 12:23

Appointments

66www.risk-uk.com

Valerie DaleValerie Dale has joinedSecuritas as the company’snew Human Resources (HR)director. Dale relocates fromG4S Secure Solutions (UK)and brings over 20 years’ HRexperience to the role, 14 of

which have been spent in HR management.A Fellow of the Chartered Institute of

Personnel and Development, Dale will now beresponsible for the overall HR strategy at thecompany having helped to develop industrystandards across the last six years.

Speaking about Dale’s appointment, BrianRiis Nielsen (Country President at Securitas andmanaging director for the UK and Irelandoperation) said: “Valerie will be a key serviceprovider and, along with her team, willconsistently support the business to attract,retain, motivate and develop our people suchthat they can achieve their maximum potentialand realise exceptional customer service.”

Dale herself commented: “Securitas enjoys avery well respected reputation in the industry.We have clear security solutions objectives inplace and a structure that enables autonomy,accountability and innovation for ouremployees to deliver them. We’re hoping toexpand on the company’s already well-established training and developmentprogrammes and ensure an overall HR strategyin tune with the business’ philosophy.”

Paul KingPaul King has beenappointed regional directorat The Shield Group, theUK’s largest independentTotal Security Solutionsprovider. King brings no lessthan 25 years’ security

sector experience to his new role, the last 15 ofthem spent in senior management positionswhich have contributed towards thedevelopment of exceptionally strong leadershipand expert client relationship skills.

King will be based out of The Shield Group’sManchester office and looking after the group’sNorthern portfolio.

His commitment to customer service andofficer welfare will ensure that The ShieldGroup’s standards are maintained at the veryhighest level, and that back-up and support willalways be available to on-site teams by way ofensuring consistent service delivery.

For the last eight years, King has been adedicated member of the Manchester CityCentre Crime Prevention Panel.

Palm Timana and Vicky CooperPerimeter protection specialist Zaun hasappointed two newcomers to sales andcustomer support functions.

Palm Timana (pictured) takes on the newrole of sales estimator while, in anothernew role, Vicky Cooper is now sales andcustomer support administrator.

Timana has worked in the private sectoracross security guarding, CCTV and accesscontrol-focused roles and also spent almost five years at The Home Office, firstas an immigration officer and then in the sphere of criminal intelligence.

Timana holds a Masters Degree in Law and is a graduate of the InternationalSecurity Programme at Harvard University in the States specifically designed topromote international relations, peace and security.

Vicky Cooper’s career has seen her provide administration and co-ordinationin the public and voluntary sectors to support programmes with some ofSandwell’s most vulnerable and disadvantaged groups, including the victims ofdomestic violence and those with severe mental health issues.

Zaun’s director Alastair Henman explained: “2014 has been a great year forus. Five months ago we strengthened our delivery team on the back of keynotesecurity projects in the UK and overseas. We want to ensure that we don’t losesight of our core supply business to fencing installers. These two new roles willenable us to better service those customers.”

Chris PinderTavcom Training has announcedthe appointment of ChrisPinder, who joins from theNational Security Inspectorate(NSI) in order to spearhead thecompany’s marketing anddevelopment functions.

Pinder is well knownthroughout the security sectorhaving carried out importantroles for the British SecurityIndustry Association – where heserved as southern regiongeneral manager and export

services manager from November 1997 throughuntil August 2010 – and most recently at theNSI, where Chris was external affairs directorfor nigh on three years from November 2011.

Speaking about his latest move, Pindercommented: “I’ve known Tavcom for as long asI have been in the industry. I’m thrilled to havethe opportunity to contribute towards thefuture growth of such a professionalorganisation as Tavcom which, as the country’sleading security systems training provider, hasestablished an outstanding reputation fordelivering quality courses conducted by highlyknowledgeable tutors.”

Tavcom has grown significantly since thecompany was founded in 1994. Today, theorganisation offers over 70 courses supportingsecurity systems engineers and managers alike.

Appointments November2014_riskuk_nov14 07/11/2014 12:23

ACCESS CONTROL - BARRIERS, BOLLARDS & ROADBLOCKERSHEALD LTDHVM High Security Solutions "Raptor" "Viper" "Matador", Shallow & Surface MountSolutions, Perimeter Security Solutions, Roadblockers, Automatic & Manual Bollards,Security Barriers, Traffic Flow Management, Access Control SystemsTel: 01964 535858 Email: [email protected]: www.heald.uk.com

ACCESS CONTROLKERI SYSTEMS UK LTDTel: + 44 (0) 1763 273 243Fax: + 44 (0) 1763 274 106Email: [email protected]

ACCESS CONTROL – BARRIERS GATES & ROAD BLOCKERSFRONTIER PITTSCrompton House, Crompton Way, Manor Royal Industrial Estate,Crawley, West Sussex RH10 9QZTel: 01293 548301 Fax: 01293 560650Email: [email protected]: www.frontierpitts.com

ACCESS CONTROL

ACCESS CONTROL – BIOMETRICS, BARRIERS, CCTV, TURNSTILESUKB INTERNATIONAL LTDPlanet Place, Newcastle upon TyneTyne and Wear NE12 6RDTel: 0845 643 2122Email: [email protected] Web: www.ukbinternational.com

ACCESS CONTROL MANUFACTURERNORTECH CONTROL SYSTEMS LTD.Nortech House, William Brown CloseLlantarnam Park, Cwmbran NP44 3ABTel: 01633 485533Email: [email protected]

ACCESS CONTROLAPT SECURITY SYSTEMSThe Power House, Chantry Place, Headstone Lane, Harrow, HA3 6NYTel: 020 8421 2411Email: [email protected]

B a r r i e r s , B l o c k e r s , B o l l a r d s , P A S 6 8

ACCESS CONTROLACTACT – Ireland, Unit C1, South City Business CentreTallaght, Dublin 24 Tel: +353 (0)1 4662570ACT - United Kingdom, 2C Beehive MillJersey Street, Manchester M4 6JG +44 (0)161 236 [email protected] www.act.eu

ACCESS CONTROL & DOOR HARDWAREALPRO ARCHITECTURAL HARDWAREProducts include Electric Strikes, Deadlocking Bolts, Compact Shearlocks,Waterproof Keypads, Door Closers, Deadlocks plus many more T: 01202 676262 Fax: 01202 680101E: [email protected] Web: www.alpro.co.uk

ACCESS CONTROLCOVA SECURITY GATES LTDBi-Folding Speed Gates, Sliding Cantilevered Gates, Road Blockers & BollardsConsultancy, Design, Installation & Maintenance - UK Manufacturer - PAS 68Tel: 01293 553888 Fax: 01293 611007Email: [email protected]: www.covasecuritygates.com

...andlots

more

ComputerSecurity

Anti-Climb Paints& Barriers

Metal Detectors(inc. Walkthru)

Security, Search& Safety Mirrors

Security Screws &Fastenings

Key ControlProducts

Empty Property &Lone Worker Alarms

Traffic Flow &Management

see ourwebsite

Best Value Security Products from Insight Securitywww.insight-security.com Tel: +44 (0)1273 475500

www.insight-security.com Tel: +44 (0)1273 475500

ACCESS CONTROL – SPEED GATES, BI-FOLD GATESHTC PARKING AND SECURITY LIMITED4th Floor, 33 Cavendish Square, London, W1G 0PWT: 0845 8622 080 M: 07969 650 394F: 0845 8622 090info@htcparkingandsecurity.co.ukwww.htcparkingandsecurity.co.uk

ACCESS CONTROLINTEGRATED DESIGN LIMITEDIntegrated Design Limited, Feltham Point, Air Park Way, Feltham, Middlesex. TW13 7EQTel: +44 (0) 208 890 5550 [email protected]

ACCESS CONTROL, CCTV & INTRUSION DETECTION SPECIALISTSSIEMENS SECURITY PRODUCTSSuite 7, Castlegate Business ParkCaldicot, South Wales NP26 5AD UKMain: +44 (0) 1291 437920 Fax: +44 (0) 1291 437943 email: [email protected]: www.siemens.co.uk/securityproducts

oct14 dir_000_RiskUK_jan14 07/11/2014 16:42 Page 1

BUSINESS CONTINUITY MANAGEMENTCONTINUITY FORUMCreating Continuity ....... Building ResilienceA not-for-profit organisation providing help and supportTel: +44(0)208 993 1599 Fax: +44(0)1886 833845Email: [email protected]: www.continuityforum.org

AUTOMATIC VEHICLE IDENTIFICATIONNEDAP AVIPO Box 103, 7140 AC Groenlo, The NetherlandsTel: +31 544 471 666Fax: +31 544 464 255E-mail: [email protected]

BUSINESS CONTINUITY

PHYSICAL IT SECURITYRITTAL LTD

Tel: 020 8344 4716Email: [email protected]

CCTV

CCTV & IP SECURITY SOLUTIONS PANASONIC SYSTEM NETWORKS EUROPEPanasonic House, Willoughby Road Bracknell, Berkshire RG12 8FP Tel: 0844 8443888 Fax: 01344 853221 Email: [email protected] Web: www.panasonic.co.uk/cctv

CCTVG-TECGtec House, 35-37 Whitton DeneHounslow, Middlesex TW3 2JNTel: 0208 898 [email protected]

DIGITAL IP CCTVSESYS LTDHigh resolution ATEX certified cameras, rapid deployment cameras and fixed IP CCTV surveillance solutions available withwired or wireless communications.1 Rotherbrook Court, Bedford Road, Petersfield, Hampshire, GU32 3QGTel +44 (0) 1730 230530 Fax +44 (0) 1730 262333Email: [email protected] www.sesys.co.uk

ACCESS CONTROLSECURE ACCESS TECHNOLOGY LIMITED

Authorised Dealer

Tel: 0845 1 300 855 Fax: 0845 1 300 866Email: [email protected]: www.secure-access.co.uk

COMMUNICATIONS & TRANSMISSION EQUIPMENTKBC NETWORKS LTD. Barham Court, Teston, Maidstone, Kent ME18 5BZwww.kbcnetworks.com Phone: 01622 618787Fax: 020 7100 8147Email: [email protected]

CCTV/IP SOLUTIONSDALLMEIER UK LTD3 Beaufort Trade Park, Pucklechurch, Bristol BS16 9QHTel: +44 (0) 117 303 9 303Fax: +44 (0) 117 303 9 302Email: [email protected]

MANUFACTURERS OF A COMPLETE RANGE OF INNOVATIVE INFRA RED AND WHITE LIGHT LED LIGHT-ING PRODUCTS FOR PROFESSIONAL APPLICATIONS INCLUDING CCTV SCENE ILLUMINATION, ARCHITECTURAL UP-LIGHTING AND COVERT SECURITY.

ADVANCED LED TECHNOLOGY LTDSales: +44 (0) 1706 363 998Technical: +44 (0) 191 270 5148Email: [email protected]

CCTV POLES, COLUMNS, TOWERS AND MOUNTING PRODUCTSALTRON COMMUNICATIONS EQUIPMENT LTDTower House, Parc Hendre, Capel Hendre, Carms. SA18 3SJTel: +44 (0) 1269 831431Email: [email protected]: www.altron.co.uk

ACCESS CONTROL – BARRIERS, GATES, CCTV ABSOLUTE ACCESSAberford Road, Leeds, LS15 4EFTel: 01132 813511E: richard.samwell@absoluteaccess.co.ukwww.absoluteaccess.co.ukAccess Control, Automatic Gates, Barriers, Blockers, CCTV


TO ADVERTISE HERE CONTACT:Paul Amura

Tel: 020 8295 8307Email: [email protected]


CONTROL ROOM & MONITORING SERVICES

DISTRIBUTORS

INFRA-RED, WHITE-LIGHT AND NETWORK CCTV LIGHTING RAYTECUnit 3 Wansbeck Business Park, Rotary Parkway,Ashington, Northumberland. NE638QWTel: 01670 520 055Email: [email protected] Web: www.rayteccctv.com

THE UK’S MOST SUCCESSFUL DISTRIBUTOR OF IP, CCTV, ACCESSCONTROL AND INTRUDER DETECTION SOLUTIONSNORBAIN SD LTD210 Wharfedale Road, IQ Winnersh, Wokingham, Berkshire, RG41 5TPTel: 0118 912 5000 Fax: 0118 912 5001www.norbain.comEmail: [email protected]

ADI ARE A LEADING GLOBAL DISTRIBUTOR OF SECURITY PROD-UCTS OFFERING COMPLETE SOLUTIONS FOR ANY INSTALLATION.ADI GLOBAL DISTRIBUTIONChatsworth House, Hollins Brook Park, Roach Bank Road, Bury BL9 8RNTel: 0161 767 2900 Fax: 0161 767 2909Email: [email protected]

TRADE ONLY CCTV MANUFACTURER AND DISTRIBUTOR

COP SECURITYLeading European Supplier of CCTV equipment all backed up by an industry leading service and supportpackage called Advantage Plus. COP Security, a division of Weststone Ltd, has been designing, manufac-turing and distributing CCTV products for over 17 years. COP Security is the sole UK distributor for IRLAB products and the highly successful Inspire DVR range.More than just a distributor.

COP Security, Delph New Road, Dobcross, OL3 5BGTel: +44 (0) 1457 874 999 Fax: +44 (0) 1457 829 [email protected] www.cop-eu.com

CCTV SPECIALISTSPLETTAC SECURITY LTDUnit 39 Sir Frank Whittle Business Centre, Great Central Way, Rugby, Warwickshire CV21 3XHTel: 0844 800 1725 Fax: 01788 544 549 Email: [email protected] www.plettac.co.uk

ADVANCED MONITORING SERVICES EUROTECH MONITORING SERVICES LTD.Specialist in:- Outsourced Control Room Facilities • Lone Worker Monitoring• Vehicle Tracking • Message Handling • Help Desk Facilities • Keyholding/Alarm ResponseTel: 0208 889 0475 Fax: 0208 889 6679E-MAIL [email protected]: www.eurotechmonitoring.com

CCTV & IP SOLUTIONS, POS & CASH REGISTER INTERFACE, EPOSFRAUD DETECTIONAMERICAN VIDEO EQUIPMENTEndeavour House, Coopers End Road, Stansted, Essex CM24 1SJTel : +44 (0)845 600 9323Fax : +44 (0)845 600 9363E-mail: [email protected]

WHY MAYFLEX? ALL TOGETHER. PRODUCTS, PARTNERS,PEOPLE, SERVICE – MAYFLEX BRINGS IT ALL TOGETHER.MAYFLEXExcel House, Junction Six Industrial Park, Electric Avenue, Birmingham B6 7JJTel: 0800 881 5199Email: [email protected]: www.mayflex.com

EMPLOYEE SCREENING SERVICESTHE SECURITY WATCHDOGCross and Pillory House, Cross and Pillory Lane, Alton,Hampshire, GU34 1HL, United Kingdom www.securitywatchdog.org.ukTelephone: 01420593830

sales@onlinesecurityproducts.co.ukwww.onlinesecurityproducts.co.uk

FIRE AND SECURITY INDUSTRY RECRUITMENTSECURITY VACANCIESwww.securityvacancies.comTelephone: 01420 525260

EMPLOYMENT

IDENTIFICATION



SECURITY PRODUCTS AND INTEGRATED SOLUTIONSHONEYWELL SECURITY GROUPHoneywell Security Group provides innovative intrusion detection, videosurveillance and access control products and solutions that monitor andprotect millions of facilities, offices and homes worldwide. Honeywell integrates the latest in IP and digital technology withtraditional analogue components enabling users to better controloperational costs and maximise existing investments in security andsurveillance equipment. Honeywell – your partner of choice in security.Tel: +44 (0) 844 8000 235E-mail: [email protected] Web: www.honeywell.com/security/uk

INTEGRATED SECURITY SOLUTIONS

THE LEADING CERTIFICATION BODY FOR THE SECURITY INDUSTRYSSAIB7-11 Earsdon Road, West MonkseatonWhitley Bay, Tyne & WearNE25 9SXTel: 0191 2963242Web: www.ssaib.org

INDUSTRY ORGANISATIONSPLANNED PREVENTATIVE MAINTENANCE

TRADE ASSOCIATION FOR THE PRIVATE SECURITY INDUSTRYBRITISH SECURITY INDUSTRY ASSOCIATIONTel: 0845 389 3889Email: [email protected]: www.bsia.co.uk

INTEGRATED SECURITY SOLUTIONSINNER RANGE EUROPE LTDUnits 10 - 11, Theale Lakes Business Park, Moulden Way, Sulhampstead,Reading, Berkshire RG74GB, United KingdomTel: +44(0) 845 470 5000 Fax: +44(0) 845 470 5001Email: [email protected]

PERIMETER PROTECTIONGPS PERIMETER SYSTEMS LTD14 Low Farm Place, Moulton ParkNorthampton, NN3 6HY UKTel: +44(0)1604 648344 Fax: +44(0)1604 646097E-mail: [email protected] site: www.gpsperimeter.co.uk

SECURITY MAINTENANCE CONSULTANTS• Planned Preventative Maintenance (PPM) Specialists • Price Comparison Service (achieving 20-70% savings)• FM Support / Instant Reporting / Remedial Work• System Take-Overs / Upgrades / Additions• Access, CCTV, Fire & Intruder, BMS, Networks & Automation• Free independent, impartial advice Tel: +44 (0)20 7097 8568 [email protected]

UPS - UNINTERRUPTIBLE POWER SUPPLIESADEPT POWER SOLUTIONS LTDAdept House, 65 South Way, Walworth Business ParkAndover, Hants SP10 5AFTel: 01264 351415 Fax: 01264 351217Web: www.adeptpower.co.ukE-mail: [email protected]

POWER SUPPLIES – DC SWITCH MODE AND ACDYCON LTDCwm Cynon Business Park, Mountain Ash, CF45 4ERTel: 01443 471 060 Fax: 01443 479 374Email: [email protected]

The Power to Control; the Power to Communicate

POWER

PERIMETER PROTECTION

STANDBY POWERUPS SYSTEMS PLCHerongate, Hungerford, Berkshire RG17 0YUTel: 01488 680500 [email protected]

INFRARED DETECTIONGJD MANUFACTURING LTDUnit 2 Birch Industrial Estate, Whittle Lane, Heywood, Lancashire, OL10 2SXTel: + 44 (0) 1706 363998Fax: + 44 (0) 1706 363991Email: [email protected]

UPS - UNINTERRUPTIBLE POWER SUPPLIESUNINTERRUPTIBLE POWER SUPPLIES LTDWoodgate, Bartley Wood Business ParkHook, Hampshire RG27 9XATel: 01256 386700 5152 e-mail:[email protected]

COMPLETE SOLUTIONS FOR IDENTIFICATIONDATABAC GROUP LIMITED1 The Ashway Centre, Elm Crescent, Kingston upon Thames, Surrey KT2 6HHTel: +44 (0)20 8546 9826 Fax:+44 (0)20 8547 [email protected]

STANDBY POWER SPECIALISTS; UPS, GENERATORS, SERVICE & MAINTENANCE

DALE POWER SOLUTIONS LTDSalter Road, Eastfield Industrial Estate, Scarborough, North Yorkshire YO113DU United KingdomPhone: +44 1723 583511 Fax: +44 1723 581231www.dalepowersolutions.com

SECURITY PRODUCTS AND INTEGRATED SOLUTIONSTYCO SECURITY PRODUCTSHeathrow Boulevard 3, 282 Bath Road, Sipson, West Drayton. UB7 0DQ / UKTel: +44 (0)20 8750 5660 www.tycosecurityproducts.com



SECURITY

CASH MANAGEMENT SOLUTIONS LOOMIS UK LIMITED 1 Alder Court, Rennie Hogg Road, Nottingham, NG2 1RX T - 0845 309 6419 E - [email protected] W - www.loomis.co.uk

CASH & VALUABLES IN TRANSITCONTRACT SECURITY SERVICES LTDChallenger House, 125 Gunnersbury Lane, London W3 8LHTel: 020 8752 0160 Fax: 020 8992 9536E: [email protected]: [email protected]: www.contractsecurity.co.uk

PHYSICAL CONTROL PRODUCTS, ESP. ANTI-CLIMB INSIGHT SECURITYUnit 2, Cliffe Industrial EstateLewes, East Sussex BN8 6JLTel: 01273 475500Email:[email protected]

FENCING SPECIALISTSJ B CORRIE & CO LTDFrenchmans RoadPetersfield, Hampshire GU32 3APTel: 01730 237100Fax: 01730 264915email: [email protected]

INTRUSION DETECTION AND PERIMETER PROTECTION

OPTEX (EUROPE) LTDRedwall® infrared and laser detectors for CCTV applications and Fiber SenSys® fibreoptic perimeter security solutions are owned by Optex. Platinum House, Unit 32BClivemont Road, Cordwallis Industrial Estate, Maidenhead, Berkshire, SL6 7BZTel: +44 (0) 1628 631000 Fax: +44 (0) 1628 636311Email: [email protected] www.optex-europe.com

V

INTRUDER AND FIRE PRODUCTSCQR SECURITY125 Pasture road, Moreton, Wirral UK CH46 4 THTel: 0151 606 1000Fax: 0151 606 1122Email: [email protected]

INTRUDER ALARMS – DUAL SIGNALLINGCSL DUALCOM LTDSalamander Quay West, Park LaneHarefield , Middlesex UB9 6NZT: +44 (0)1895 474 474F: +44 (0)1895 474 440www.csldual.com

INTRUDER ALARMS AND SECURITY MANAGEMENT SOLUTIONSRISCO GROUPCommerce House, Whitbrook Way, Stakehill Distribution Park, Middleton,Manchester, M24 2SSTel: 0161 655 5500 Fax: 0161 655 5501Email: [email protected]: www.riscogroup.com/uk

ONLINE SECURITY SUPERMARKET EBUYELECTRICAL.COMLincoln House,Malcolm StreetDerby DE23 8LTTel: 0871 208 1187www.ebuyelectrical.com

LIFE SAFETY EQUIPMENTC-TECChallenge Way, Martland Park, Wigan WN5 OLD United KingdomTel: +44 (0) 1942 322744Fax: +44 (0) 1942 829867Website: http://www.c-tec.co.uk

PERIMETER SECURITYTAKEX EUROPE LTDAviary Court, Wade Road, BasingstokeHampshire RG24 8PETel: +44 (0) 1256 475555Fax: +44 (0) 1256 466268Email: [email protected]: www.takexeurope.com

SECURITY EQUIPMENTPYRONIX LIMITED Secure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QY. Tel: +44 (0) 1709 700 100 Fax: +44 (0) 1709 701 042 www.facebook.com/Pyronixwww.linkedin.com/company/pyronix www.twitter.com/pyronix

SECURITY SYSTEMSBOSCH SECURITY SYSTEMS LTDPO Box 750, Uxbridge, Middlesex UB9 5ZJTel: 01895 878088Fax: 01895 878089E-mail: [email protected]: www.boschsecurity.co.uk

SECURITY SYSTEMSVICON INDUSTRIES LTD. Brunel Way, Fareham Hampshire, PO15 5TX United Kingdomwww.vicon.com

SECURITY EQUIPMENTCASTLESecure House, Braithwell Way, Hellaby, Rotherham, South Yorkshire, S66 8QYTEL +44 (0) 1709 700 100 FAX +44 (0) 1709 701 042www.facebook.com/castlesecurity www.linkedin.com/company/castlesecuritywww.twitter.com/castlesecurity

INTRUDER ALARMS – DUAL SIGNALLINGWEBWAYONE LTD11 Kingfisher Court, Hambridge Road, NewburyBerkshire, RG14 5SJTel: 01635 231500Email: [email protected] www.webwayone.co.ukwww.twitter.com/webwayoneltd www.linkedin.com/company/webwayone



Memories. iFly Singapore, the world’s largest indoor skydiving simulator, uses Milestone XProtect® Enterprise surveillance software to monitor

park grounds and give visitors a lasting memory. Flying at speeds of up to 186 miles per hour, the software records each skydiver’s

flight and information using Radio Frequency Identification (RFID). After their flight, a video souvenir helps

visitors relive all of the adrenaline-fueled moments. Proving again that XProtect

is more than security.

Milestone XProtect® is the world’s leading IP video surveillance management software and is reliable, future proof and easy to use. It supports the widest choice in cameras and seamlessly integrates with business and security solutions such as RFID. Which means your possibilities are unlimited and you can keep your security options open.

Milestone is hosting introduction days for new partners in the UK and Ireland. Visit our website to sign up! www.milestonesys.com

Milestone Systems UKTel: + 44 (0) 1332 869380

Morethan security


risk uk november 2014

Documents

risk uk directorynovember

security officers

intruder security system

ne page uk

security institutes

transport sectormanaging

ofthe publisherrisk

integriti system oers