Sharing the wealth

Aug 1, 2001 12:00 PM, By Denis O'Sullivan

“As new generations of security and facility managers take leadership positions, the role of technology in management practices is increasing. It can be driven by the perceived importance and visibility of security as mainstream management function.”

Trends of corporate change are profoundly impacting many organizations' security operations — and the professional lives of security managers. Here are some examples:

• As corporations expand and decentralize geographically, management is placing more emphasis on top-down visibility across the organization into all aspects of its operations. The demand for consolidated, meaningful information is driving huge investments in “enterprise” information systems that collect, store and analyze massive amounts of data.

• There is a growing organizational partnership between the security and information technology departments as they work together to integrate proprietary access and surveillance systems installed over time and across facilities into existing corporate IT infrastructures.

• Security directors are finding themselves involved, more than ever, in task forces and committees. At least a third of the US Fortune 500 companies are integrating GE's “Six Sigma” quality and benchmarking processes into their operations. As a key organizational support function, security is being challenged to look at its processes and procedures and to define the best practices and performance standards.

• CEO and boardroom concern about litigation exposure in such areas as premises liability, inadequate security, and employee hiring/retention practices is driving demand for reliable electronic “paper trails,” documenting compliance to legal and professional standards.

A visible practical impact of these trends is that stand-alone electronic security systems are giving way to integrated, networked systems based on de facto standards. Information from these systems is archived in corporate databases and analyzed to spot trends or detect suspicious behavior by employees and visitors to company sites. Another trend is the growing demand for information about security ranging from actual incidents and losses to Internet chat room comments by dismissed employees. The increasing expectation is that security information will be formatted, archived in corporate databases and made available across departments. The trend points to convergence, integration, and sharing of security information.

Development of “security-intelligent” buildings

The term “intelligent building” is at least a quarter-century old. It generally refers to the computerized, networked integration and control of a building's internal environmental systems — lighting, temperature, fire/safety, air quality, hydraulics — and electronic security systems. The latest generations of intelligent buildings extend this control further by providing access to and integration with key business functions such as manufacturing and process automation, financial and personnel management, and supply-chain management.

Until recently, these sophisticated systems were based on proprietary technologies requiring customers to “lock-in” to a primary vendor who would then integrate related subsystems into the facility's control network. Now, however, industry-standard networks and software interfaces featuring a de facto standard Graphical User Interface are making disparate hardware systems invisible to users.

Facility systems integrators place increasing importance on design-in security electronics — a seamlessly integrated solution for badge creation, ID management, access control, asset management, digital video, visitor management and alarm monitoring. This complete-integrated-solution approach increasingly emphasizes hardware independence, high-level network integration and support of diverse corporate relational databases.

Many global corporations are applying similar principles of “security-intelligent” buildings across their domestic and international operations, networking those systems and monitoring them from a single control station, but still allowing localized operations management. Access systems installed and networked across dozens of sites worldwide mean that an employee leaving her office in San Jose, stopping for a sales meeting in Boston, then flying on to the company's manufacturing site in Dublin can use the same identification badge. Her journey can be electronically monitored from a single central station.

Integrated security and safety information management

Even with increasingly effective electronic systems, managing physical security programs has never been easy, and is becoming less so as high-value assets face increasingly complex and potent threats. Until recently, security management has not been known for innovative use of information technology. Those relatively simplistic spreadsheet security officer-scheduling tools were never really adequate and are increasingly less so, but they are still used. However, virtually all contract physical security firms and larger organizations with proprietary guarding programs today use some kind of electronic scheduling software — typically developed in-house — that enables them to schedule shifts and generate payroll data.

More problematic and increasingly critical is keeping track, making sense of, and capturing the cost of millions of “incidents” officers report — or that other employees report to the security department. These incidents range from routine, but still significant, reports about burned-out corridor lights and exit signs to broken pavements to workplace crime such as theft, drug use, or assaults.

Managing this information has never been completely ignored. Obviously, some incidents, and the issues and problems they generate, cannot be ignored. In particular, injuries, serious thefts, and workplace violence have always commanded attention from security management, intervention and assistance of other relevant departments, and even impatient or anxious interest from the CEO. But this is reactive fire-fighting and executive hand-wringing, rather than proactive professional security management.

It is usually at budget review moments that security and facility managers go into a higher gear to report on the results achieved by the previous year's budget and to justify next year's budget. This, too, is usually reactive fire-fighting. Budget justifications often take the form of reporting that horrific incidents did not happen, thus suggesting that the security program spent its budget effectively.

To be fair, a growing number of companies and organizations are buying and using security incident management software that enables them to capture, track and analyze all kinds of incidents and their eventual costs and disposition. Usage is increasing, but it is still certainly small compared, for example, to software applications long-ago implemented within other back-office departments. Organizations with even a few hundred employees use sophisticated software to manage salary, benefits and compliance requirements. Finance departments, obviously, were among the first and have been the most aggressive to employ electronic financial management systems across their organizations.

As new generations of security and facility managers take leadership positions, the role of technology in management practices is increasing. It can be driven by the perceived importance and visibility of security as mainstream management function. As high-value assets are deployed across sites, geographies and electronic networks, threats become more complex and powerful. Security has never been more important. And security has never had a greater need for technology tools to provide the increasing value it is expected to deliver.

Bridging islands of departmental security and safety information

There are some interesting historical analogies that can help us understand how security management will continue changing in the years ahead. In the 1970s and 1980s, as word processing systems became the engine of office automation, organizations soon realized that they had isolated “islands of information,” but were not reaping the benefits of true information sharing with other departments, let alone with customers and suppliers. The rise of local area networks and email soon followed. Today, while integrated, networked security electronics are becoming a “best practice” de facto standard, automation of other traditional security management functions — such as security officer activity tracking, incident tracking, investigations management, and training — is only now emerging as a significant change trend. Within virtually every organization today, there are isolated “islands of security information,” whose potential value across the organization is not being leveraged and is not even yet fully understood.

Security/safety incident tracking software — in some cases, together with security officer activity tracking software — is more frequently being shared across multiple departments within an organization. For example, a major city in the Northwest uses an incident tracking database to keep track of a huge array of incidents that can be resolved only by the active intervention and cooperation of several departments, including security, police, building management, parks and recreation, personnel, and legal affairs.

A large pharmaceutical company makes security and safety incident data accessible by authorized personnel across all corporate departments via a browser connection to the company's intranet. This data, along with more general security and safety information, is helping to raise line managers' awareness of workplace-related security and safety issues.

The emerging era of integrated security and risk management information

The islands of security information — from access control to CCTV to security/safety incident data — will gradually be integrated into more comprehensive and robust “Enterprise Security Information Systems — ESIS” (see schematic). Such systems will begin to parallel the power and sophistication of information management systems already broadly deployed across HR, financial and legal departments.

Other electronic information tools are also enjoying broader adoption:

• External (neighborhood) crime prediction technology.

• Electronic security risk site surveys in which data are entered via a wireless PDA by security consultants, with results compared across sites and geographies, and with expert “rules” to analyze alternative safeguard options for dealing with vulnerabilities that the survey identified.

• Electronic employee incident reporting with which incidents and other causes of concern can be confidentially reported at work or from any other location.

• Networked incident analysis used to identify trends, vulnerabilities and relative proven effectiveness and cost-effectiveness of different safeguards.

• Organization-wide access via an Intranet to security officer post-orders, policies and procedures, and training materials — in a secure environment with controlled multi-level access.

The economics of enterprise security information systems are still unfolding and the fundamentals emerging. Clearly, the case for electronic access control systems has been made and won. Positive outcomes and benefits from enterprise security information management systems can ultimately be translated into vivid cost savings and value generation.

Recovery of lost property, discovery and prevention of electronic theft and fraud, reductions in negligent hiring, reductions in premises liability litigation and settlements, avoidance of business interruption and reputation protection are all included.

For the record

About the author

Denis O'Sullivan, CPP, is president and CEO of PPM 2000 Inc., a provider of security information management software.

Want to use this article? Click here for options!
© 2008 Penton Media Inc.

This month in Access Control

• Opening Up About Door Closers
• An Enterprise Approach
• The Framework For Open Systems
• On A Higher Plane
• More from April's issue