By Joseph Ricci
Published in the September 2007 issue of Today’s Facility Manager
Traditional security and risk management practices examine and confront potential threats to an organization by defining them and assigning appropriate measures and technologies to address each threat. Such classifications are often meant as stand-alone solutions to deal with specific situations and mitigate damage without impacting the organization as a whole.
Integrated security represents a different approach and involves the convergence of physical, electronic, and information technology (IT) programs with operational systems, such as building maintenance, fire and life safety, and HVAC. When properly planned, this type of coordination makes the organization better able to recover from a disruption.
Many facilities are moving toward an integrated approach. This is being driven by a variety of factors, including the increasing need for quick communication and maturing technology. Having security systems interact with other building systems can give managers expanded capabilities.
In addition, new electronic security systems incorporate information databases and computer systems and operate on the same organizational IT infrastructure. Taking full advantage of the advancements in physical, electronic, and IT security measures to protect an organization demands the convergence of these elements. Often the prime convergence point is the person, or people, responsible for operating the security and other building systems.
Other Integration Drivers
Statutory compliance is also driving the integration of security and building operations. New laws and mandates affecting a broad range of organizations, including healthcare, finance, and government, are forcing managers to re-examine their levels of protection and privacy.
For example, compliance regulations are affecting facility security and data through physical, electronic, and IT security measures that ensure higher levels of safety throughout the enterprise. Current regulations driving this trend include:
- Sarbanes-Oxley—A body of regulations outlining new corporate responsibility rules and procedures for publicly traded companies;
- Gramm-Leach Bliley Act—Regulations for the financial industry requiring new levels of protection for customer financial data;
- Health Insurance Portability and Accountability Act (HIPAA)—Data privacy regulations and guidelines for the healthcare industry;
- European Union Directive 95/46/EC—Rights to privacy with regard to data processing; and
- Emerging guidelines and standards—Organizations, such as ASIS International and the National Fire Protection Association, are creating guidelines and standards for security assessments, disaster planning and recovery, and security officer training.
Assessing The Potential
Introducing an integrated security approach requires a security survey and assessment plan that creates a secure workplace for conducting core operations. This process involves determining assets; identifying and categorizing threats and vulnerabilities; and implementing integrated countermeasures and procedures to address these risks across six security zones.
These zones begin at the outermost layer of the facility and work inward, taking into account the surrounding streets, curbs and parking areas, sidewalks, yard, perimeter, and interior. Each zone should be designed to impact the overall security of the building through deterrence, delay, denial, detection, and response using a wide range of measures such as signs, barriers, access control, and patrol.
Fully capitalizing on systems and personnel investments can only be achieved through integration and convergence, which will create a higher level of effectiveness. For security and safety, these increased operational efficiencies can add value. For example:
- Digital video surveillance systems provide visual awareness of people and property for asset protection. The systems can also be used by sales teams to evaluate response to visual displays and to monitor inventory.
- A biometric hand reader, which offers a high level of access control, can also operate as a time and attendance device.
- A corporate identification card, login ID, and password may be used for access control and network security. It can also be used to pay for food at the corporate cafeteria.
Efficiencies such as those listed above create an immediate return on investment and allow organizations to reduce their risk and liability through increased security measures. Overall, this assists organizations when assessing costs and improving operational productivity.
Additional long-term benefits of instituting an integrated security plan include:
- Higher levels of security for business processes and transactions across the organization, which minimizes risk, decreases security threats, and improves compliance with industry and government regulations.
- Reduced levels of risk as organizational plans and policies either diminish the possibility of an incident or develop mitigation procedures to reduce consequences.
- Faster collaboration between the organization and remote business partners, suppliers, and customers, which helps to create a higher level of business continuity.
- A single contact point for ensuring the enterprise is secure, decreasing the possibility that a department or security component will be overlooked.
- A single budget for security, thereby reducing the friction among departments as to funding sources for buying shared resources.
Integrated, enterprise-wide security offers managers greater visibility and control over operations. The long-term benefits of enterprise security can essentially elevate an organization to new levels in performance, growth, and profitability.
Ricci, CAE, is executive director of the National Association for Security Companies (NASCO). He is Chair for the ASIS International Private Security Services Council and Chair of the Coalition for Government Procurement Security Council. He has served on the advisory board of the TFM Show. Ricci also participates on the GSA Industry-Government Council and serves as a Special Advisor to the Security & Life Safety Conference for the National Systems Contractors Association (NSCA). He recently testified before the U.S. Congress regarding security issues.