By Andre Greco
Published in the September 2011 issue of Today’s Facility Manager
The integration of security systems with comprehensive building management can help to protect the bottom line, reduce risk, and improve compliance. There are several ways to approach achieving this goal, but first facility managers (fms) need to evaluate their current security strategy, then they must assess and prioritize security needs to identify opportunities for improvement.
The current economic climate calls for security solutions that lower costs while protecting people, assets, and environments. To meet these needs efficiently, a security system must address four core areas: event management, identity management, building management, and compliance management.
Closing The ROI Gap In Security
By Jim Sandelin
Starting in 2001,a rise in terrorism and fears of conflict caused a dramatic spike in demand for the most advanced security technology. As a result, the security industry experienced a technological evolution over the last decade, largely by using advanced software that integrated security systems and converged physical security with IT. Since then, facility managers (fms) focused on security have faced a new challenge: justifying these investments.
Threats remain high, but users cannot always rationalize new technologies in an age of austerity, thus creating a “ROI gap” in many organizations. To close this gap—to define and improve the ROI of security technology—security leaders must redefine their focus from technology to strategy. By treating security as a strategic asset and weaving it into the processes of each business, security end users (and suppliers) can better demonstrate the value of their investments to decision makers in their organizations.
Security leaders can view ROI three ways:
1. Ensuring risk protection: a benefit that has been recognized for many years and continues to provide the foundation for security services in many organizations;
Risk protection and proactive mitigation of threats is a sensible and effective way to justify ROI in many instances. Technology has advanced over the last decade such that individual security systems have given way to integrated security infrastructure. Software-driven solutions enable users to manage security more effectively and at a lower cost. The shift to software driven solutions, and the corresponding growth of security as a managed service like other aspects of IT, means organizations are not just collecting evidence but also preventing events from happening.
Beyond the traditional sphere of security responsibilities, security leaders can work with other members of their organizations to examine business processes and determine how their technology, deployed throughout the organization, integrates with processes such as logistics, manufacturing, and energy management. Data from security systems can help ensure specialized personnel are optimally allocated or monitor the performance of valuable equipment.
For example, in manufacturing centers that integrate video surveillance with supervisory control and data acquisition (SCADA) systems, live video can verify SCADA system alarms and events in remote locations of facilities. If an alarm indicates a valve has blown, fms can confirm the data visually and assess the situation so the right personnel are dispatched with the correct equipment—or keep personnel away from the area in unsafe conditions.
And this same concept should be applied to security management processes. For example, in situations where credentials are critical to the security of a facility, such as airports, integrating process and technology leads to a more secure protocol for issuing credentials. On the process side, businesses can create rules and work flow to manage how the staff issues credentials for the access control system. Three levels of security technology (card, fingerprint, and PIN identification) are designed into this process to verify the personnel with authority to issue credentials. The result is a more efficient, yet very secure function that supports safe and effective operations.
These are just some examples of how security can take a strategic approach, contributing its expertise and technology to strengthen the larger business. This approach can also enable the security industry to close the ROI gap, leading to advantages over the competition and a realization of the full benefits that modern security technology can provide.
Four Pillars For An All-Inclusive Approach
Event management is key to helping security personnel eliminate threats before they occur by maintaining full situational awareness of building activities. Implementing one integrated command and control system to streamline security measures allows convergence through one IP network to optimize real-time monitoring. Information from multiple systems is combined on one interface to reduce data overload and enable timely reactions. Security at building entrances and exits is linked to video surveillance, IT, human resources, and building automation systems to streamline an effective response.
Building management increases productivity and creates operational efficiency by ensuring various building subsystems and applications are harmonized for improved performance at a reduced cost. Linking security systems with building automation systems minimizes labor and energy usage while providing safety for the building’s occupants. For example, when the alarm system detects a fire, the HVAC system halts the delivery of fresh air to pressurize a path to clear smoke from the vicinity. Simultaneously, the access control system automatically unlocks doors along the emergency route while surveillance cameras provide responders with a live feed of the area.
Compliance management meets internal and external regulatory codes using an integration approach. A facility that assimilates security with building management functions allows staff to track security procedures with real time data while following government and industry guidelines. Real time data access enables direct enforcement, documentation, and quick intervention when needed.
Identity management policies are a critical element of any safety and security program. Remaining aware of who went where and had access to what is the key to maintaining a safe environment. An effective identity management program provides each employee, contractor, or visitor with a distinct, credentialed badge that can be used across many integrated systems, such as physical security, IT security, and human resources systems.
A seamless identity management solution enables facilities to:
- Check identities against black lists automatically;
- Generate reports for compliance and risk management audits;
- Assign or revoke access management rights and manage credentials from one centralized command center;
- Disseminate identity and access management based on changes to employment status, changes in job function, or changes in threat level; and
- Enforce workplace rules, such as minimum and maximum hours, minimum and maximum occupancy, and training and drug testing intervals.
Enhancing Identity Management
In Bristol, RI, Roger Williams University sought to implement an identity management solution to provide students and staff with appropriate access to facilities while maintaining the security of those individuals and university property. After a recent expansion of the university’s 140-acre campus, a more efficient, cost-effective way to manage physical keys and access assignments became a necessity. Considering the constantly shifting student course loads and housing arrangements, as well as changes in faculty, staff, and contractors, managing access control assignments on the university campus was not an easy task.
The school’s existing identity management system required manual programming of access permissions as a result of disconnected building systems. Student courses and housing locations were recorded in the university’s enterprise resource planning (ERP) system, which stored information on where each student needed to be and when. With the old system, these credentials had to be manually programmed into the security management approach, a time consuming and tedious process for security personnel.
Working with an outside automation company, the university used a role based policy engine to integrate existing but disparate systems in order to automate physical access assignments.
As a result, a high tech interface product now serves as a connection between the security management and ERP systems. So when a student is registered with the ERP system, the security management system is automatically updated to provide the student with appropriate access to campus buildings.
Now approximately 40% of security operations are automated by the system, eliminating up to 95% of manual errors and improving cycle time for physical change requests. This more efficient process reduces man hours spent programming the security system, allowing staff to use that time for other campus security related tasks, such as alarm upgrades, physical lock hardware replacements, and additional entrance security.
After a recent expansion of the university’s campus, the security management system was enlarged to secure all 65 campus buildings and is now integrated with over 500 card readers and more than 50 surveillance cameras. The new system enables easy management of the campus’ five swipe access policy, requiring students to use their I.D. badges at five different access points in their dormitories: their building, their floor, their wing, their suite, and their room. The automated system allows for an elevated level of security that would be an immense undertaking if handled manually.
The university is also now able to create authorized groups within the system for people (such as contractors) who will be on campus for a specific period of time. When the assigned time or date range expires, the system automatically restricts access.
A Sweeping Approach To Security
One of the largest challenges for the security industry includes disparate systems within facilities. The integration of security with other building systems requires fms consider security management more creatively. This often means they must look beyond traditional policies and procedures. A comprehensive program should manage events, buildings, compliance, and identity to lower costs efficiently and effectively while enhancing safety and security for the building and the people inside it.
Greco is the director of sales for Security & Fire, North America at Johnson Controls.