How to choose a system supplier: Approach it systematically

Sep 1, 1998 12:00 PM, GARY DANIEL, DAVE LINN and BILL REED

           

You could spend millions to acquire and implement a new security system. How can you make sure the supplier you choose is equipped to meet your needs? Depending on the assets to be protected, an organization can spend millions of dollars to acquire and implement a new security system. New security systems often take years to integrate, test, install and start up. When ready to buy, organizations face security equipment manufacturers and integrators who advertise their systems as the latest, state-of-the-art solutions. Some vendors are relative newcomers; others have been suppliers to the security industry for generations. Combine the brochures and technical bulletins produced by these vendors with the numerous books and articles written by "security experts," and an organization finds itself overwhelmed with information. How does an organization ferret out specific information it needs to make a decision it must live with for years to come? Security consulting firms often approach the challenge through a process that gradually reduces an initial set of candidates to a single system that best fits the organization's needs. This article will provide a glimpse into that process.

The selection process One goal is to select a vendor that: - is an established firm using state of the art technology; - has provided integrated access control and intrusion detection systems for a period of five years or longer; - provides comprehensive service and maintenance support; - maintains a continuing R&D effort (5-7 year projections); - is financially sound (staying power in the market place); - is reputable within the security system industry; - will partner with the organization to provide long-term security system support. A further goal is to identify a system that: - will meet all of the organization's requirements without major modifications. (Minor modification and site configuration should be expected, but extensive modifications are costly and technically risky.) - has a proven track record. - incorporates state-of-the-art technology.

Steps in the process Step 1 to meeting the goals is to establish organizational requirements for the system. Related activities include: - identify facilities and other assets (equipment, personnel, information, etc.) to be protected; - conduct a threat and vulnerability assessment for the assets; - develop countermeasures to offset identified vulnerabilities; - conduct a risk management assessment to identify countermeasures to be implemented based on cost effectiveness; - select those countermeasures to be fulfilled by the security system; - develop operational and functional requirements for the security system. Normally, many of these activities have already been accomplished by the organization itself and only require updating. Step 2 is to compile a list of essential elements of information (EEI) to be collected about each candidate system. These EEI are based on the operational and functional requirements for the system produced in Step 1. Table I (see page 65) presents a sampling of EEI that can be used to evaluate candidate systems for the protection of high consequence assets. Step 3 is the compilation of an initial list of candidate systems. Candidate systems are developed from a number of sources including: - knowledge of the security industry; - advertisements and articles in security industry trade publications; - manufacturers' booths and presentations at security trade shows and expositions; and - recommendations of other security professionals. Step 4 is to develop requests for information (RFI) to be mailed to the vendors of the candidate systems. These RFI include: - A questionnaire to collect the previously developed EEI. The vendor is asked to have the chief engineer or other technical representative fill out the EEI questionnaire since vendor sales personnel are often unaware of detailed technical specifications of their product line. - A request for system documentation (operator and maintenance manuals). - A request for the vendor to estimate the cost of a model system. This model system is developed using all key elements of the organization's operational and functional requirements. Step 5 is the evaluation of questionnaire responses and the comparison of vendor cost estimates. The purpose of this step in the process is to select no more than five candidate systems to receive further evaluation. Any method of evaluation that assigns values to responses based on the importance of each EEI can be used. The vendor's response to the cost model should be considered during this evaluation but should not be a driving factor in eliminating a candidate system. Once the candidate list is narrowed, a formal visit to each vendor's facilities is requested.

Before deciding: Visit the vendors Step 6 is a visit to each vendor's facilities to evaluate the following factors. Technical staff. Discussions with the vendor's chief engineer and lead hardware and software designers will determine if the vendor has sufficient technical resources to support the integration, test, installation, and startup of a new system; to develop any special requirements for the organization's system; and to provide long-term support for the system. These discussions should also resolve any unanswered EEI remaining from previous steps. Product manufacturing and assembly capabilities. A tour of the vendor's manufacturing and assembly area, and discussions with the chief engineer, will determine if the vendor can supply sufficient quality products to meet the organization's schedule for installation. Quality control program. Discussions with the vendor's quality control organization, and a review of the vendor's quality assurance program documentation, will determine if the organization will receive system components that have produced under a rigorous quality control program. Integration and test capabilities. A tour of the vendor's integration and test facilities, and discussions with the chief engineer, will determine how the vendor will support integration and factory testing of the system prior to shipment. Installation and service support capabilities. Discussions with the chief engineer will determine how the vendor would support on-site installation, startup, operational testing, cutover, and subsequent maintenance. A tour of the service support center, and observation of ongoing operations, will determine how responsive the vendor will be to problems that may be encountered during any warranty or maintenance period. Product development program. Discussions with the chief engineer will determine if the vendor has a satisfactory program to upgrade the system's components based on advances in security equipment technology, changes in industry code requirements, and user requirements. Financial status. Discussions with the chief financial officer will determine if the vendor has sufficient financial resources to not only support integration, test and installation, but also to provide warranty, maintenance, and upgrade support for the life of the system.

The final choice Step 7 is the ranking of the short list of candidate systems based on the information collected during vendor site visits and selection of the candidate system of choice. Again, any qualitative system of evaluation can be used to rank the systems and make this selection.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

SUBSCRIBE

Select an Issue April 1, 2008 March 1, 2008 February 1, 2008 January 1, 2008 December 1, 2007 November 1, 2007 October 1, 2007 September 1, 2007 August 1, 2007 July 1, 2007 June 1, 2007 IP Security Supplement May 1, 2007 April 1, 2007 March 1, 2007 February 1, 2007 January 1, 2007 School Security December 1, 2006 November 1, 2006 October 1, 2006 September 1, 2006 August 1, 2006 July 1, 2006 June 1, 2006 May 1, 2006 April 1, 2006 March 1, 2006 February 1, 2006 January 1, 2006 December 1, 2005 November 1, 2005 October 1, 2005 September 1, 2005 August 1, 2005 July 1, 2005 June 1, 2005 May 1, 2005 April 1, 2005 March 1, 2005 February 1, 2005 January 1, 2005 December 1, 2004 November 1, 2004 October 1, 2004 September 1, 2004 August 1, 2004 July 1, 2004 July 1, 2004 June 1, 2004 May 1, 2004 April 1, 2004 March 1, 2004 February 1, 2004 January 1, 2004 December 1, 2003 November 1, 2003 October 1, 2003 September 1, 2003 August 1, 2003 July 1, 2003 June 1, 2003 May 1, 2003 April 1, 2003 March 1, 2003 February 1, 2003 January 1, 2003 December 1, 2002 November 1, 2002 October 1, 2002 September 1, 2002 August 1, 2002 July 1, 2002 June 1, 2002 May 1, 2002 April 1, 2002 March 1, 2002 February 1, 2002 January 1, 2002 December 1, 2001 November 1, 2001 October 1, 2001 September 1, 2001 August 1, 2001 July 1, 2001 June 1, 2001 May 1, 2001 April 1, 2001 March 1, 2001 February 1, 2001 January 1, 2001 December 1, 2000 November 1, 2000 October 1, 2000 September 1, 2000 August 1, 2000 July 1, 2000 June 1, 2000 May 1, 2000 April 1, 2000 March 1, 2000 February 1, 2000 January 1, 2000 December 1, 1999 November 1, 1999 October 1, 1999 September 1, 1999 August 1, 1999 July 1, 1999 June 1, 1999 May 1, 1999 April 1, 1999 March 1, 1999 February 1, 1999 January 1, 1999 December 1, 1998 November 1, 1998 October 1, 1998 September 1, 1998 August 1, 1998 July 1, 1998 June 1, 1998 May 1, 1998 April 1, 1998 March 1, 1998 February 1, 1998 January 1, 1998 December 1, 1997 November 1, 1997 October 1, 1997 September 1, 1997 August 1, 1997 July 1, 1997 June 1, 1997 May 1, 1997 April 1, 1997 March 1, 1997 February 1, 1997 January 1, 1997

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue