Home > Issue by Date > July 2007

Integrated Security

Some organizations can benefit from combining security functions with other building systems, since this often streamlines management and increases capabilities.

By Joseph Ricci

Integrated Security (Photo: Photodisc, Inc.)

Traditional security and risk management practices examine and confront potential threats to an organization by defining them and assigning appropriate measures and technologies to address each threat. Such classifications are often meant as stand-alone solutions to deal with specific situations and mitigate damage without impacting the organization as a whole.

Integrated security represents a different approach and involves the convergence of physical, electronic, and information technology (IT) programs with operational systems, such as building maintenance, fire and life safety, and HVAC. When properly planned, this type of coordination makes the organization better able to recover from a disruption.

Many facilities are moving toward an integrated approach. This is being driven by a variety of factors, including the increasing need for quick communication and maturing technology. Having security systems interact with other building systems can give managers expanded capabilities.

In addition, new electronic security systems incorporate information databases and computer systems and operate on the same organizational IT infrastructure. Taking full advantage of the advancements in physical, electronic, and IT security measures to protect an organization demands the convergence of these elements. Often the prime convergence point is the person, or people, responsible for operating the security and other building systems.

Other Integration Drivers
Statutory compliance is also driving the integration of security and building operations. New laws and mandates affecting a broad range of organizations, including healthcare, finance, and government, are forcing managers to re-examine their levels of protection and privacy.

For example, compliance regulations are affecting facility security and data through physical, electronic, and IT security measures that ensure higher levels of safety throughout the enterprise. Current regulations driving this trend include:

• Sarbanes-Oxley—A body of regulations outlining new corporate responsibility rules and procedures for publicly traded companies;

• Gramm-Leach Bliley Act—Regulations for the financial industry requiring new levels of protection for customer financial data;

• Health Insurance Portability and Accountability Act (HIPAA)—Data privacy regulations and guidelines for the healthcare industry;

• European Union Directive 95/46/EC—Rights to privacy with regard to data processing; and

• Emerging guidelines and standards—Organizations, such as ASIS International and the National Fire Protection Association, are creating guidelines and standards for security assessments, disaster planning and recovery, and security officer training.

Assessing The Potential
Introducing an integrated security approach requires a security survey and assessment plan that creates a secure workplace for conducting core operations. This process involves determining assets; identifying and categorizing threats and vulnerabilities; and implementing integrated countermeasures and procedures to address these risks across six security zones.

These zones begin at the outermost layer of the facility and work inward, taking into account the surrounding streets, curbs and parking areas, sidewalks, yard, perimeter, and interior. Each zone should be designed to impact the overall security of the building through deterrence, delay, denial, detection, and response using a wide range of measures such as signs, barriers, access control, and patrol.

Maximizing Return
Fully capitalizing on systems and personnel investments can only be achieved through integration and convergence, which will create a higher level of effectiveness. For security and safety, these increased operational efficiencies can add value. For example:

• Digital video surveillance systems provide visual awareness of people and property for asset protection. The systems can also be used by sales teams to evaluate response to visual displays and to monitor inventory.

• A biometric hand reader, which offers a high level of access control, can also operate as a time and attendance device.

• A corporate identification card, login ID, and password may be used for access control and network security. It can also be used to pay for food at the corporate cafeteria.

Efficiencies such as those listed above create an immediate return on investment and allow organizations to reduce their risk and liability through increased security measures. Overall, this assists organizations when assessing costs and improving operational productivity.

Additional long-term benefits of instituting an integrated security plan include:

• Higher levels of security for business processes and transactions across the organization, which minimizes risk, decreases security threats, and improves compliance with industry and government regulations.

• Reduced levels of risk as organizational plans and policies either diminish the possibility of an incident or develop mitigation procedures to reduce consequences.

• Faster collaboration between the organization and remote business partners, suppliers, and customers, which helps to create a higher level of business continuity.

• A single contact point for ensuring the enterprise is secure, decreasing the possibility that a department or security component will be overlooked.

• A single budget for security, thereby reducing the friction among departments as to funding sources for buying shared resources.

Integrated, enterprise-wide security offers managers greater visibility and control over operations. The long-term benefits of enterprise security can essentially elevate an organization to new levels in performance, growth, and profitability.

Ricci, CAE, is executive director of the National Association for Security Companies (NASCO). He is Chair for the ASIS International Private Security Services Council and Chair of the Coalition for Government Procurement Security Council. He has served on the advisory board of the TFM Show. Ricci also participates on the GSA Industry-Government Council and serves as a Special Advisor to the Security & Life Safety Conference for the National Systems Contractors Association (NSCA). He recently testified before the U.S. Congress regarding security issues.

Do your facilities have integrated security systems? What have the benefits or challenges been? Send an e-mail to avazquez@groupc.com.

Identity Management + Access Control = Fortified Physical Access

By Tom Tulli

The recent implementation of government regulatory compliance requirements (HSPD-12 and FIP 201) for identity management systems and access control management systems is one example of a growing emphasis on integrated systems Government mandates aside, the ability to tie together these two related security operations can help to improve the physical security of a facility. To appreciate the value of an integrated identity management/access control solution, first consider each approach as stand-alone systems.

For general access to a building, security guards are often employed to check simple identity cards. These cards usually contain a photograph, and while this provides a form of visual identification, it is often not a reliable means to verify identity.

A significant step up from the simple ID card is a biometric security card, which uses unique characteristics, such as fingerprints, to verify identity. The downside is data is usually embedded in a biometric device, which means tracking and monitoring functions are often not available.

Smart cards are another identity management tool. Available in contact or proximity formats, smart cards contain memory or microprocessor chips, which enable them to work with electronic access control devices. A downside is that implementation is made more complex with each additional function housed on the card.

Access control systems eliminate the need to replace locks and keys continually in response to employee turnover or other event. In addition to locking and unlocking doors, access control systems provide a form of validation when users swipe their cards to enter the facility. However, in a stand-alone system there is no way to verify that the user is actually the person to whom the card was issued.

Combined Capabilities
With a software based operating system and intelligent reporting and validation capability, access control systems can integrate various security system subsets. While ID cards and biometric technologies are powerful individually, their utility increases exponentially when integrated with access control systems.

Another benefit is system management. Instead of biometric data being stored locally in the scanner device, it is stored in a central database that can also communicate with IT databases (i.e SQL or Oracle systems). This enables an organization to establish a single, consolidated repository for authentication credentials, as well as having a centralized means to set access privileges for physical and logical resources.

This kind of system collaboration saves time and money in the form of reduced manpower, more secure protection against theft, and an overall enhanced security posture. Additionally, in an emergency, an integrated system enables consolidated logging of entry and access records by user identity, and a more accurate occupancy roster list can be created.

While individual development and technology advances will continue to be made in physical access control systems and other related security technologies, the real gain will be achieved when the open architecture allows intelligent systems to be integrated into a more powerful solution.

Tulli is manager, marketing services for IDenticard Systems in Lititz, PA.

Click here to qualify for a complimentary subscription to Today's Facility Manager Magazine.