The Radio Equipment Directive which is applicable for most wireless equipment also in the fire and security industry looks to be prepared for an update where cyber security requirements will become part of the directive and with that part of the CE-marking. While Euralarm supports the need for increased cyber security, the fire and security industry will preferably support a horizontal cyber security regulation.
Nevertheless, if embedded in the RED, Euralarm wants to ensure that the technical aspects addressing cyber security are relevant for wireless fire safety and security equipment and can work for manufacturers and service providers.
Horizontal Cyber regulation
With incidents around privacy reported after updates from wireless equipment with official and unofficial software, the commission is urgently looking to enforce increased cyber security to protect consumers and to ensure that radio equipment manufacturers meet a level of cyber security before they release a product to the market.
These developments will impact companies that manufacture or market wireless Fire and Security equipment
Because Horizontal Cyber regulation is still under construction and can take some time before being completed, it looks like the EC plans to do this through an update of the RED. These developments will impact companies that manufacture or market wireless Fire and Security equipment.
Industrial Internet of Things
Following the Internet of Things (IoT) the industrial version of it, Industrial Internet of Things (IIoT) now also enters a phase of wider adaption and deployment around numerous industries. It is predicted that the worldwide IoT spending will surpass $ 1 trillion in 2022 (source: IDC). More and more products and industrial assets with electronics, software, sensors, and network connectivity enable us to collect and exchange data.
By connecting numerous devices and pieces of equipment through the Internet, (I)IoT can help businesses operate more efficiently, make more informed decisions and unlock new revenue sources. However, the devices themselves also introduce serious risks for business and society with every device being a potential source for cyber criminals to unauthorised enter home, business or industrial networks.
Radio Equipment Directive
Radio Equipment Directive is being considered for inclusion of cyber security requirements
This threat is caused by the radio communication function ‘on board’ these devices which enables them to communicate via wireless networks and by the possibility to wireless update software / firmware on these devices. Now that products are getting more and more connected, the European Commission is looking how to create a legislative framework to make these products better resistant against cyber attacks.
This could be done by including cyber security requirements into directives and regulations of the New Legislative Framework (NLF). This framework sets mandatory product safety requirements that are necessary to put products on the EU market (CE marking). The Radio Equipment Directive (RED) is the first Directive that is being considered for inclusion of cyber security requirements.
Low voltage equipment
The idea is to include the cyber security requirements through a delegated act on Internet connected and wearable radio equipment. Such an act is a legally binding act that enables the Commission to supplement or amend non‑essential parts of EU legislative acts, for example, to define detailed measures. Euralarm supports an increased level of cyber security and a better protection for the consumers.
And they are not alone. With the Cybersecurity Act in place the European Union Agency for Cybersecurity ENISA is now working on new certification schemes to cover a wider range of products, processes and services on all aspects of cyber security. Putting aside the EU Cybersecurity Act and pursuing the “RED path” would bring a clear risk of overlaps and inconsistencies across European legislations, not only for radio equipment, but also for instance for low voltage equipment (LVD), machines (MD) and medical devices (MDR).
Meanwhile the European Commission initiated a public consultation on two essential requirements
It could result in legal uncertainty and significant impact in case of concurrent mandatory requirements and certification schemes. This would threaten European companies’ ability to compete across the Digital Single Market as well as globally, forcing them to misallocate scarce resources. Fearing a future patchwork of different legislations, the industry suggested a horizontal legislation for products.
Meanwhile the European Commission initiated a public consultation on two essential requirements. It concerns the safeguards to ensure that the personal data and privacy of the user and of the subscriber are protected as well as certain features ensuring protection from fraud. This consultation laid down several proposals for the application of those 2 requirements to internet-connected radio-equipment and wearable radio-equipment.
Impact assessment study
Based on the results of this consultation, the Commission mandated a consultancy firm to conduct an impact assessment study. In his report, the contractor highlights that delegated acts are already mentioned in the RED and that they therefore should be preferred above legislation on cyber security which might take more time to develop. It is therefore unlikely that a horizontal cyber security related legislation on products can still be developed in a short-term.
The report adds that such a horizontal legislation could be considered at mid-term. Euralarm is presently supporting a proposal in this direction. The consultants also recommended that the European Standardisation Organisations should be mandated to pertain to the delegated acts. Both CEN-CENELEC and ETSI are now preparing themselves to get ready for this.
Cyber security requirements
Installing new software or firmware could have an impact on the compliance of the equipment
Euralarm recommends companies involved in the production of security equipment to stay informed on the development to ensure that the relevant technical aspects for fire safety and security equipment are embedded into the cyber security requirements.
Another RED related development that is taking place concerns the Reconfigurable Radio Systems, i.e. radio equipment that can be reconfigured by software (including firmware). Under some conditions, installing new software or firmware could have an impact on the compliance of the equipment.
Reconfigurable Radio Systems
The European Commission is therefore currently investigating this to ensure that the RED adequately addresses this issue and that reconfigurable radio systems for Europe's single market stay compliant with the Radio Equipment Directive after new or modified software is installed. The investigation is focused on the essential requirements of the RED itself: health and safety, EMC, efficient use of radio spectrum and requirements empowered by adopted delegated acts.
Software implemented functions that have no influence on the compliance to these requirements are not technically impacted but the need for demonstration of no-impact will appear. That means for instance that manufacturers of Wi-Fi connected smoke alarm devices would have to demonstrate that software updates do not impact RED compliance.
Euralarm has therefore advised manufacturers of wireless equipment falling under the RED to follow these developments. Euralarm will make sure that additional legislation that could result from the current investigation will be feasible for manufacturers.
SALTO Systems has announced the release of its SALTO contactless smart card NCoders. The SALTO NCoder is for next-generation access control systems and they integrate the encoding capabilities of a powerful updated encoder with a built-in desktop reader function.
The SALTO NCoder configures permissions and user access plans for user credentials. It is compatible with a wide range of RFID cards and mobile keys and can be used in most commercial markets including hospitality, enabling users to control management and user rights within their own building access system.
Security meets design with the SALTO BLUEnet generation of smart locking access control products and the NCoder is no exception. Featuring a sleek design, the SALTO NCoder extends SALTO SPACE data-on-card best in class performance while adding innovative features to keep buildings secure, flexible, and smart. It integrates DTLS v1.2 security technology to protect communications.
Supports multiple credential technologies
SALTO NCoder’s SPACE standards-based design puts system operators in complete control
SALTO NCoder’s SPACE standards-based design puts system operators in complete control, working with any compatible cards and smart-locking platform from SALTO Systems.
Focused on innovative functionality and secure communication, the SALTO NCoder supports multiple credential technologies (MIFARE and iCLASS Seos) and digital key delivery establishing security between devices.
ProAccess SPACE system
The ProAccess SPACE system allows operators to grant users access permission for multiple doors and zones, configure date and time for access, and even schedule timed access. The SALTO NCoder lets platform operators manage all access control needs with one smart and secure device.
Quickly and efficiently manage system operator user key creation, visitor management, and PPD (SALTO Portable Programming Device) data storage from a single smart and contactless secure management device.
SALTO NCoder features:
Compatibility: Runs on SALTO ProAccess SPACE and currently programs MIFARE DESFire EV1 and EV2 cards and tags and iCLASS Seos versions.
Communications protected by standard cryptography (DTLSv1.2 - AES128)
Built-in Ethernet and USB interfaces
DHCP IP addressing
Standards-compliant reader/encoder with SAM data is not stored in the device to ensure secure key management technology system
SALTO Systems, a globally renowned manufacturer of electronic access control solutions, has released the SALTO Neo Cylinder, a new electronic cylinder that offers more features and better functionality than any other cylinder on the market.
The compact SALTO Neo Cylinder is designed for doors where fitting an electronic escutcheon is not possible or required and can be installed on standard doors, server racks, gates, cabinets, electric switches, sliding doors and more. It’s available in an extensive range of models to suit almost any kind of door – from Europe to Asia to the Americas.
SALTO Neo Cylinder
The SALTO Neo Cylinder provides the most efficient and convenient way of securing buildings and assets. The re-engineered clutch system design makes efficient use of energy, dropping consumption to impressively low levels, resulting in 100,000/130,000 cycles with just one set of batteries. System standby power consumption is reduced, which extends the electronic cylinder’s battery life.
The IP66-rated SALTO Neo Cylinder is weather-resistant, making it especially suitable for the outdoors in even the harshest of environments. Encapsulated safely inside the tough Neo Cylinder exterior is the absolute latest in electronic lock technology.
Certified to high security standards
The SALTO Neo Cylinder is designed to provide users the finest in safety and security
Certified to the highest security standards, and pursuing ever-higher quality and reliability, the SALTO Neo Cylinder is designed to provide users the finest in safety and security.
The SALTO Neo Cylinder offers value far beyond security. However, upgrading a mechanical door to electronic access control enhances security, but the SALTO Neo Cylinder provides greater control over the door by offering end-users access to audit trails, reports, alerts and so much more.
Utilises smart keys and mobile technology
Using smart keys and mobile technology with the SALTO Neo Cylinder allows users to manage access rights quickly and keyless, which is more secure than using mechanical keys. There is also additional value in the flexibility, convenience and operational efficiency provided by the Neo Cylinder’s wireless technology.
SALTO continues to release impressive technological innovations where connectivity between the door, user and system operations aids the growth of overall access control for any building application or access type.
Keyless access control solution
“SALTO’s new Neo Cylinder technology allows us to introduce customers, systems operators and installers to new experiences and to connect keyless access where we couldn’t have justified wiring a door before,” said Marc Handels of SALTO Systems.
Marc adds, “We’ve seen for years that electronic locking technology is an ecosystem that has continuous change and growth and we’ve had to consider how to best anticipate customers’ needs and recommend smart locking solutions that are easy to adopt and install.”
SALTO KS cloud-based access management platform
SALTO Neo Cylinder has more functionality and performance capability than any other cylinder on the market"
He further said, “The SALTO Neo Cylinder has more functionality and performance capability than any other cylinder on the market, allowing businesses to connect to their on-premises network via advanced SVN technology or the cloud with our SALTO KS cloud-based access management platform.”
Because the SALTO Neo Cylinder is compatible with SALTO SVN, SALTO BLUEnet Wireless and the SALTO KS – Keys as a Service – cloud-based technology, it can be switched to any of SALTO’s technology platforms at any time without changing the hardware. This allows businesses to decide which technology fits better with their security, operations and IT needs.
Featuring SALTO SVN-Flex and JustIN Mobile technology
The SALTO Neo Cylinder adds SALTO SVN-Flex technology, which increases the potential, efficiency and reliability of the SALTO SVN, yielding better security, control and convenience for users and sites.
SALTO JustIN Mobile technology is onboard every cylinder. This gives users and system administrators the capability to send or receive a mobile key to open any door or gate with an installed SALTO Neo Cylinder with their iOS or Android Bluetooth or NFC-enabled smartphone.
SPACE data-on-card on-premise management software
This adds incredible convenience and efficiency for end-users in the field which is where a SALTO Neo Cylinder would most likely be used. JustIN mobile app capability also complements usage of SALTO’s other management platforms, such as SALTO SPACE data-on-card on-premise management software or the SALTO KS cloud solution.
For any building, function or model, SALTO offers the perfect electronic cylinder to fit any door. Available in the beginning of July of 2020, the SALTO Neo cylinder delivers an easy-to-use electronic locking platform that integrates all physical security needs through smart, wireless and battery-operated smart cylinders, providing all the latest user access information for virtually all of the doors in a facility.
Today’s market wants access control systems that are always available, scalable, and integrated with other security solutions like video and intrusion systems to ensure the highest security and safety levels. At the same time, these systems must be easy to configure and use. With the introduction of the Access Management System 3.0, Bosch meets all of these requirements.
Always available for security
Access Management System 3.0 is designed to be available at all times. Its resilient design includes a Master Access Controller (MAC) as an additional layer of defence between the server and the access controllers.
If the server fails, the MAC takes over, ensuring continuous communication across controllers while sharing necessary information from the card readers. In addition, access control functionalities that involve multiple access readers, such as anti-passback and guard tour can continue to perform.
The anti-passback functionality is an important feature to ensure a high level of security. It prevents a cardholder from passing a card to another person enabling an unauthorised entry. Guard tour is a safety functionality offered to security guards, which uses access readers as checkpoints along a defined route at specified times.
Threat level management
The different threat levels can make all doors open, or all doors blocked, or a mix of open and blocked
Any deviation of sequence or timing causes an alarm in the Access Management System. Immediate notifications to colleagues or first responders increase the safety of security guards. In the rare event that both the Access Management System 3.0 server and the MAC fail, cardholders can still enter and leave areas with their badges because the database is stored directly on the Access Management Controllers (AMCs).
Thanks to this offline capability, it is possible to save millions of events even during downtimes, ensuring the continuous availability of the system. Access Management System 3.0 offers up to 15 configurable threat levels such as lockdown, controlled lockdown, or evacuation, which means safety measures can be initiated quickly in critical situations such as fire or security breach.
The threat level state is activated by one of three triggers: operator workstation, external contact such as an emergency button, or specially configured “emergency” cards that are presented to a reader. The different threat levels can make all doors open, or all doors blocked, or a mix of open and blocked.
Scalable and future-proof
Users can start small and add extra capacity whenever necessary. The Access Management System 3.0 software can be expanded up to 10,000 doors and 200,000 cardholders. The software is offered in three pre-configured software bundles from medium to large organisations: Lite (max. 144 doors), Plus (max. 512 doors), and Professional (max. 10,000 doors). All bundles support up to 200,000 cardholders.
No hardware needs replacing when expanding; users only require software upgrades and possibly additional controllers, readers, and cards. So, increasing the system is also cost-efficient. Customers who work with the software solution Access Professional Edition (APE) from Bosch can migrate to the Access Management System 3.0 by using the new importer/exporter tool. Together with regular updates to data security enhancements, these features make the system a future-proof investment - suitable for office and government buildings, retail environments, educational institutions, and more.
Easy configuration and operation
Access Management System 3.0 also has trusted digital certificates for mutual authenticationConfiguration is easy: Users can import existing floor maps into the system, and drag and drop icons on the map to represent controllers, doors, and building objects. User onboarding is straightforward. For example, enrolment and assignment of access profiles are all implemented in one dialogue manager.
Operation is smooth: The graphical user interface (GUI) is simple and easy to understand. The dark colour scheme of the GUI reduces eye-strain and fatigue, so operators stay fresh and alert.
Access Management System 3.0 offers protection against cybercrime and loss of personal data. The database, as well as the communication between the server and access controllers, is encrypted at all stages through the support of the secure Open Supervised Device Protocol (OSDP) v2 protocol. Access Management System 3.0 also has trusted digital certificates for mutual authentication between the server and client to prevent tampering by unauthorised clients and uses secure design principles such as “secure-by-default” and “principle of least privilege.”
Integration with third-party solutions
Access Management System 3.0 is ideal as a standalone solution to meet today’s access control needs. It integrates seamlessly with Bosch B Series and G Series intrusion control panels as well as with video systems such as Bosch Video Management System or third-party systems like Milestone’s XProtect for increased security and enhanced situational awareness.
The integrated command and control functionality enables operators to arm and disarm intrusion panels directlyIntegration with Bosch Video Management System (version 10.1 and higher) offers manual video verification to increase the security level at doors. The operator can visually verify whether the person at the door matches the registered person in the database. If so, the operator allows the person to enter. Bosch Video Management System integration also enables searching for cardholder events and events at doors.
With the searching functionality, it is possible to quickly check who has entered an area and at what time. Moreover, access commands and events can be handled in Bosch Video Management System, making the operation of the integrated system most efficient.
Intrusion control panels integration
B and G Series intrusion control panels integrate seamlessly into Access Management System 3.0 for efficient authorisation management and a central overview of all access and intrusion events. With central user management, operators can add, delete, and modify intrusion-related user passcodes and authorisations directly into the system, as well as organise users by groups or functionalities.
The integrated command and control functionality enables operators to arm and disarm intrusion panels directly in the Access Management System 3.0 user interface as well as to see states of the areas (e.g. “armed”, “ready to arm”) and detectors (e.g. “motion detected”) on the system map. This provides operators with a central overview of all access and intrusion states, allowing them to easily and remotely handle intrusion events.
Bosch Access Management System 3.0 is available for sale and makes access management simple, scalable, and always available.
COVID-19 has been a thorn in the side of countless companies within the security industry and far beyond. Here, we speak with Richard Huison, Regional General Manager for the UK and Europe at Gallagher Security, who summises his personal experience from these recent months and how Gallagher has adapted in the face of pandemic-induced adversity.
How has the COVID-19 crisis impacted Gallagher on a day-to-day basis?
Gallagher was actually well placed as a result of work already in progress with a number of visionaries and innovators within our business, such as our CIO Neville Richardson. They are determined to put the business on the front foot, making it more digital and proactive in delivering high speed change and we had already been migrating to Microsoft Teams before COVID-19 first reared its ugly head. It’s part of our philosophy to make our business and the solutions we create as stable, reliable and resilient as possible.
Gallagher has adapted to the new way of operating fairly seamlessly, while still working alongside the evolving guidance from governments around the world
It means Gallagher has adapted to the new way of operating fairly seamlessly, while still working alongside the evolving guidance from governments around the world. When lockdown was imposed, we set about prioritising our clients’ needs and delivering on our commitments as a critical supplier. The Gallagher leadership team quickly rolled out the means to stay connected, positive and safe as each region went into isolation. Effective communication, both internally and externally, has always been a critical success factor for our business. That hasn’t changed with the more remote and virtual nature of our communication now and, if anything, it’s even more important both for business continuity and for the personal wellbeing of each and every one of our colleagues.
We’ve quickly adapted to this new way of working and have even become quite adept at recognising people’s contributions and acknowledging a job well done in new ways, such as using the emojis on Microsoft Teams.
Perhaps the most striking example of this is our new European marketing manager Bethan Thompson, who joined Gallagher on 1 April, little over a week after lockdown was imposed in the UK. She has enjoyed the richest and most comprehensive introduction to the business from the safety of her own home armed with just a laptop and Teams.
What can be the benefits of having employees working from home?
There are many benefits of working remotely with productivity right up the top of the list. By reducing the unproductive time spent commuting and travelling to meetings, we are able to get much more done in a day. Add to this the reduction in stress and improved work-life balance and it makes for an impressive formula of happier, healthier and more motivated colleagues. And it’s still easy to measure results no matter where someone is working.
We’ve quickly adapted to this new way of working and have even become quite adept at recognising people’s contributions and acknowledging a job well done
To be honest, before COVID, we didn’t disconnect enough, close the laptop, switch off our technology and allow ourselves NOT to respond instantly. But trust is an integral part of our culture at Gallagher and we can easily and effectively continue to champion the right balance and support for the team moving forward.
How can employees ensure they keep a healthy work/life balance?
Working from home can require some personal discipline around taking regular breaks and disconnecting from technology. I encourage all my colleagues to stay active and get regular exercise during the day. Taking time out allows you to process ideas with greater clarity, to be more creative, to plan your day and use your time more effectively – all of which is part of achieving that balance.
And it’s important that we do switch off and close our laptop at the end of the day, which requires some discipline when you work for a business headquartered in New Zealand, where they are 11 hours ahead.
It’s good to cultivate hobbies and welcome distractions that you are passionate about, to switch off from work more effectively. Personally, I love to be outside on a long dog walk with no technology. It’s liberating.
Are you seeing that businesses are already beginning to think differently about their security?
We have to remember why security is important. We all have a different view on how we should maintain business continuity. Yes, properties need a reliable detection and defence solution to resist the opportunist. With the mass migration to work remotely, business leaders are concerned that their IT systems are vulnerable to attack and we read daily about the growth in cyber-attacks. It’s common sense to protect your business with a suitable access control and intrusion detection system and the pandemic has proven to business the value of being truly resilient and able to still operate whatever circumstances ensue.
What will be the biggest security challenges facing businesses over the next six months?
In that timeframe, I don’t see us returning to how things were prior to the pandemic, so businesses will have to adapt to a new normal. We will have to adopt a more holistic view of security, encompassing safety, security and wellbeing, with our teams at the heart of that. In the new world, how can we maintain our teams’ safety at home, or limit them to certain floor space or introduce rotas for office attendance and keep surfaces virus free while they’re there? We need to be alert to where the next threat will come from and mitigate risk against both cyber and biological threat as we’ve seen a virus in either domain can be devastating.
How is Gallagher meeting the evolving demands of the market?
To be honest, Gallagher has always been ahead of the curve. We’ve been talking about competencies, compliance and resilience for decades, long before cyber became the buzzword. Everything we do is related to business resilience and continuity and security is baked in to our products and solutions at source, providing confidence and reliability for all of our customers.
You are not alone: operators everywhere are asking themselves what are they going to do? How are they going to get back to business, and fast? How are they going to cost-effectively operate with all the new safety requirements that have arisen as a result of COVID? How are they going to ensure it all gets done for the safety of customers and staff? How are they going to protect their brand from the negative exposure of being identified as a property with a reputation for COVID?
The economic impact of COVID is expected to hit brick and mortar businesses the worst, as their businesses are dependent on people being physically present. According to a recent report by RBC, it is estimated that 70% of Americans expect to avoid public spaces, 57% of Canadians will be unwilling to attend conferences without a vaccine and 63% of people will prefer to drive vs fly.
This means, that for those of you in the business of travel, conferences, co-working spaces, retail stores, museums, art galleries, restaurants, sports arenas, hotels, cruises, airlines, resorts, theme parks, long-term care, education, etc. in the blink of an eye your approach to on-site safety just changed. To ensure your property is safe and secure, it is no longer just about access control, video surveillance and intruder alarms; it is also about sanitisation
To get back to business and operating at full capacity after COVID, operations must find a way to eliminate the fear, uncertainty and doubt in the minds of their customers and employees.
The affect of COVID-19 on safety and security
To safely get back to business, the Centers of Disease Control and Prevention (CDC) emphasis that all operations need a pandemic response planJust like cybersecurity has had a direct impact on the IT strategy and budget, COVID will have a direct hit on the operations strategy and budget. To ensure your property is safe and secure, it is no longer just about access control, video surveillance and intruder alarms; it is also about sanitisation, the lines between the security and maintenance just blurred.
From customers, to employees, to government regulators, to management, the focus is now on operations and the sanitisation policies, procedures and actions of the team. To put this change of priority into perspective, six months ago, sanitisation was not top of mind for people. Why, because it was not a life or death issue, we had other first world problems to garner our attention.
From an operations perspective if we enabled a sanitisation issue to become significant enough to impact the safety of customers and staff and therefore the brand, then that was an operational choice versus a mistake.
Standards for sanitisation
Just like cybersecurity has had a direct impact on the IT strategy and budget, COVID will have a direct hit on the operations strategy and budgetThe issue is, today while the operating priority of sanitisation has significantly increased, it is not measured and managed to the same standard as the other safety and security concerns across a business. Also, important to consider, while people may not hold an operation liable during this first wave, we can guarantee they are not going to be as understanding during the second wave or a future pandemic.
To safely get back to business, the Centers of Disease Control and Prevention (CDC) and the Occupational Health and Safety regulators emphasis that all operations need a pandemic response plan and should follow these simple guidelines:
Develop your plan
Implement your plan
Maintain and revise your plan
While this sounds simple enough, keep in mind that requirements are constantly evolving and will continue to do so for the foreseeable future, or at least until all the research is in. To create an emergency response plan for a pandemic, properties must first determine what needs to be sanitised.
The current requirements dictate that most surfaces and objects will just need a normal routine cleaning, it is only the frequently touched surfaces and objects like light switches and COVID has changed the game and made the digital transformation of operating procedures not a ‘nice-to-have’ but a must-havedoorknobs that will need to be cleaned and then disinfected to further reduce the risk of germs on surfaces and objects.
The challenge is when you step back and consider what people touch in a day; the list quickly grows. After only 30 minutes, I easily came up with a list of over 60 items that one could call ‘high touch’! If you think about it, the list is extensive; telephones, doorknobs, drawer handles, counters, pens, keypads, computers, etc. and the list is only going to get longer as the research comes in.
The challenge is when you step back and consider what people touch in a day; the list quickly grows
If we don’t change our ways, not only will we be doomed to continue making the same mistakes, but we will continue to be lost in paper and filing cabinetsTo scope the impact on operations as part of the plan, we must then find and identify all of those high touch things across the property. If we then combine that with the fact that CDC requires that all high touch locations must not only be cleaned more often, but that they also require that each location is first cleaned with soap and water, and then disinfected for one minute before finally being wiped down.
This means a one-minute task just turned into a 4-minute task, that must now be completed multiple times a day. From a resourcing perspective this adds up quickly, and operating efficiency must be a priority. Not to mention it is going to get very complicated to measure and manage especially.
Post COVID rules
Getting back to business is going to be complicated; lots to do, lots of moving parts and no technology to help. The fundamental challenge to keep in mind is not that the sanitisation requirements have evolved, the real issue is that for most businesses this area has been left unchanged for generations.
Still today most rely on checklists, logbooks and inspections to manage the responsibilities of our front-line workers, which might have been fine before COVID. Post-COVID the rules have changed and so should the approach to managing physical operating compliance on the front lines. COVID like most physical operating requirements is tactical, detailed and specific; broad strokes, the honor system and inspections are not going to cut it.
The digital transformation
COVID has changed the game and made the digital transformation of operating procedures not a ‘nice-to-have’ but a must-have. If we don’t change our ways, not only will we be doomed to continue making the same mistakes, but we will continue to be lost in paper, filing cabinets filled with checklists, never to be seen again. Only with the right data can we significantly improve the operational decisions necessary to accelerate our return to full operating capacity.
At the end of the day, to fully recover, operations must eliminate the fear, uncertainty and doubt in the minds of customers and employees, only then can we really get back to business.
News reports and opinion columns about face recognition are appearing everyday. To some of us, the term sounds overly intrusive. It even makes people shrink back into their seats or shake their head in disgust, picturing a present-day dystopia. Yet to others, face recognition presents technology-enabled realistic opportunities to fight, and win, the battle against crime.
What are the facts about face recognition? Which side is right? Well, there is no definitive answer because, as with all powerful tools, it all depends on who uses it. Face recognition can, in fact, be used in an immoral or controversial manner. But, it can also be immensely beneficial in providing a safe and secure atmosphere for those in its presence.
Concerns of facial recognition
With the increased facial recognition applications, people’s concerns over the technology continuously appear throughout news channels and social media. Some of the concerns include:
Privacy: Alex Perry of Mashable sums up his and most other peoples’ privacy concerns with face recognition technology when he wrote, “The first and most obvious reason why people are unhappy about facial recognition is that it's unpleasant by nature. Increasing government surveillance has been a hot-button issue for many, many years, and tech like Amazon's Rekognition software is only making the dystopian future feel even more real”.
Accuracy: People are worried about the possibilities of inaccurate face detection, which could result in wrongful identification or criminalisation.
Awareness: Face recognition software allows the user to upload a picture of anyone, regardless of whether that person knows of it. An article posted on The Conversation states, “There is a lack of detailed and specific information as to how facial recognition is actually used. This means that we are not given the opportunity to consent to the recording, analysing and storing of our images in databases. By denying us the opportunity to consent, we are denied choice and control over the use of our own images”
The concerns with privacy, accuracy, and awareness are all legitimate and valid concerns. However, let us look at the facts and examine the reasons why face recognition, like any other technology, can be responsibly used:
Privacy concerns: Unlike the fictional dystopian future where every action, even in one’s own home, is monitored by a centralised authority, the reality is that face recognition technology only helps the security guard monitoring public locations where security cameras are installed. There is fundamentally no difference between a human security guard at the door and an AI-based software in terms of recognising people on watchlist and not recognising those who are not. The only difference is that the AI-based face recognition software can do so at a higher speed and without fatigue. Face recognition software only recognises faces that the user has put in the system, which is not every person on the planet, nor could it ever be.
Accuracy concerns: It is true that first-generation face recognition systems have a large margin for error according to studies in 2014. However, as of 2020, the best face recognition systems are now around 99.8% accurate. New AI models are continuously being trained with larger, more relevant, more diverse and less biased datasets. The error margin found in face recognition software today is comparable to that of a person, and it will continue to decrease as we better understand the limitations, train increasingly better AI and deploy AI in more suitable settings.
Awareness concerns: While not entirely comforting, the fact is that we are often being watched one way or another on a security camera. Informa showed that in 2014, 245 million cameras were active worldwide, this number jumped to 656 million in 2018 and is projected to nearly double in 2021. Security camera systems, like security guards, are local business and government’s precaution measures to minimise incidents such as shoplifting, car thefts, vandalism and violence. In other words, visitors to locations with security systems have tacitly agreed to the monitoring in exchange for using the service provided by those locations in safety, and visitors are indeed aware of the existence of security cameras. Face recognition software is only another layer of security, and anyone who is not a security threat is unlikely to be registered in the system without explicit consent.
In August 2019, the NYPD used face recognition software to catch a rapist within 24 hours after the incident occurred. In April 2019, the Sichuan Provincial Public Security Department in China, found a 13-year-old girl using face recognition technology. The girl had gone missing in 2009, persuading many people that she would never be found again.
Face recognition presents technology-enabled realistic opportunities to fight, and win, the battle against crimeIn the UK, the face recognition system helps Welsh police forces with the detection and prevention of crime. "For police it can help facilitate the identification process and it can reduce it to minutes and seconds," says Alexeis Garcia-Perez, a researcher on cybersecurity management at Coventry University. "They can identify someone in a short amount of time and in doing that they can minimise false arrests and other issues that the public will not see in a very positive way". In fact, nearly 60% Americans polled in 2019 accept the use of face recognition by law enforcement to enhance public safety. Forbes magazine states that “When people know they are being watched, they are less likely to commit crimes so the possibility of facial recognition technology being used could deter crime”.
One thing that all AI functions have been proven to achieve better results than manual security is speed. NBC News writes, “Nearly instantaneously, the program gives a list of potential matches loaded with information that can help him confirm the identity of the people he’s stopped - and whether they have any outstanding warrants. Previously, he’d have to let the person go or bring them in to be fingerprinted”.
Facial recognition can also be immensely beneficial in providing a safe and secure atmosphere for those in its presence With AI, instead of spending hours or days to sift through terabytes of video data, the security staff can locate a suspect within seconds. This time-saving benefit is essential to the overall security of any institution, for in most security threat situations, time is of the utmost importance. Another way in which the technology saves time is its ability to enable employees (but not visitors) to open doors to their office in real time with no badge, alleviating the bottleneck of forgotten badge, keycode or password.
A truly high-performance AI software helps save money in many ways. First, if the face recognition software works with your pre-existing camera system, there is no need to replace cameras, hence saving cost on infrastructure. Second, AI alleviates much of the required manual security monitoring 24/7, as the technology will detect people of interest and automatically and timely alert the authorities. Third, by enhancing access authentication, employees save time and can maximise productivity in more important processes.
AI-enabled face recognition technology has a lot of benefits if used correctly. Can it be abused? Yes, like all tools that mankind has made from antiquity. Should it be deployed? The evidence indicates that the many benefits of this complex feature outweigh the small chance for abuse of power. It is not only a step in the right direction for the security industry but also for the overall impact on daily lives. It helps to make the world a safer place.
The global pandemic caused by the novel coronavirus is changing work environments to an unprecedented degree. More employees than ever are being asked to work remotely from home. Along with the new work practices comes a variety of security challenges.
Without the proper precautions, working from home could become a cybersecurity nightmare, says Purdue University professor Marcus Rogers. “Criminals will use the crisis to scam people for money, account information and more,” he says. “With more people working from home, people need to make sure they are practicing good cybersecurity hygiene, just like they would at work. There is also a big risk that infrastructures will become overwhelmed, resulting in communication outages, both internet and cell.”
Concerns about the coronavirus have increased the business world’s dependence on teleworking. According to Cisco Systems, WebEx meeting traffic connecting Chinese users to global workplaces has increased by a factor of 22 since the outbreak began. Traffic in other countries is up 400% or more, and specialist video conferencing businesses have seen a near doubling in share value (as the rest of the stock market shrinks).
Basic email security has remained unchanged for 30 years
Email is a core element of business communications, yet basic email security has remained unchanged for 30 years. Many smaller businesses are likely to still be using outdated Simple Mail Transfer Protocol (SMTP) when sending and receiving email. “The default state of all email services is unencrypted, unsecure and open to attack, putting crucial information at risk,” says Paul Holland, CEO of secure email systems provider Beyond Encryption.
“With remote working a likely outcome for many of us in the coming weeks, the security and reliability of our electronic communication will be a high priority,” says Holland. The company’s Mailock system allows employees to work from any device at home or in the office without concerns about data compromise or cybersecurity issues.
Acting quickly and effectively
As the virus spreads, businesses and organisations will need to act quickly to establish relevant communication with their employees, partners and customers surrounding key coronavirus messages, says Heinan Landa, CEO and Founder of IT services firm Optimal Networks. Employers should also enact proper security training to make sure everyone is up to speed with what’s happening and can report any suspicious online activity.
Reviewing and updating telework policies to allow people to work from home will also provide flexibility for medical care for employees and their families as needed.
Scammers, phishing, and fraud
An additional factor in the confusing environment created by the coronavirus is growth in phishing emails and creation of domains for fraud. Phishing is an attempt to fraudulently obtain sensitive information such as passwords or credit card information by disguising oneself as a trusted entity. Landa says homebound workers should understand that phishing can come from a text, a phone call, or an email. “Be wary of any form of communication that requires you to click on a link, download an attachment, or provide any kind of personal information,” says Landa.
Homebound workers should understand that phishing can come from a text, a phone call, or an email
Email scammers often try to elicit a sense of fear and urgency in their victims – emotions that are more common in the climate of a global pandemic. Attackers may disseminate malicious links and PDFs that claim to contain information on how to protect oneself from the spread of the disease, says Landa.
Ron Culler, Senior Director of Technology and Solutions at ADT Cybersecurity, offers some cyber and home security tips for remote workers and their employers:
When working from home, workers should treat their home security just as they would if working from the office. This includes arming their home security system and leveraging smart home devices such as outdoor and doorbell cameras and motion detectors. More than 88% of burglaries happen in residential areas.
When possible, it’s best to use work laptops instead of personal equipment, which may not have adequate antivirus software and monitoring systems in place. Workers should adhere to corporate-approved protocols, hardware and software, from firewalls to VPNs.
Keep data on corporate systems and channels, whether it’s over email or in the cloud. The cyber-protections that employees depended on in the office might not carry over to an at-home work environment.
Schedule more video conferences to keep communication flowing in a controlled, private environment.
Avoid public WiFi networks, which are not secure and run the risk of remote eavesdropping and hacking by third parties.
In addition to work-from-home strategies, companies should consider ways to ensure business cyber-resilience and continuity, says Tim Rawlins, Director and Senior Adviser for risk mitigation firm NCC Group. “Given that cyber-resilience always relies on people, process and technology, you really need to consider these three elements,” he says. “And your plan will need to be adaptable as the situation can change very quickly.”
Employees and their employers
Self-isolation and enforced quarantine can impact both office staff and business travelers
Self-isolation and enforced quarantine can impact both office staff and business travelers, and the situation can change rapidly as the virus spreads, says Rawlins.
Employees should be cautious about being overseen or overheard outside of work environments when working on sensitive matters. The physical security of a laptop or other equipment is paramount. “It’s also important to look at how material is going to be backed up if it’s not connected to the office network while working offline,” says Rawlins.
It’s also a good time to test the internal contact plan or “call tree” to ensure messages get through to everyone at the right time, he adds.
HID Global is introducing a new “flagship” line of access control readers as successors to the iCLASS line. The new HID Signo readers will support 15 different credentialing formats and communicate using the latest NFC (near field communication), BLE (Bluetooth Low Energy) and OSDP (Open Supervised Device Protocol) standards. HID Global says the new readers will simplify integration to more secure and mobile credentials.
HID Global has invested in a “future-proof” approach that both accommodates a variety of current market needs and can adapt to embrace new technologies as they come onto the market. The new line incorporates “all the hardware you need,” combining the capabilities of older generations of readers into a single product.
Simplifying the choice of readers
The new reader line seeks to simplify the choice of readers in a time when a variety of trends is complicating the access control market, from cloud systems to mobile access to identity management.
“We are simplifying the way we bring our products to market, and baking it all into our readers,” says Harm Radstaak, HID Global Vice President and Managing Director. “If an installer takes a reader out of the box and mounts it on the wall, it just works.”
We are simplifying the way we bring our products to market"
In designing the product, HID sought feedback from channel partners, installers, consultants and end users on how the new readers would function. In addition, the company sought advice from architects on the design of the product. Aesthetics and industrial design elements were a priority because they ideally reflect the quality and “promise” of how the product will perform.
Cybersecurity is another emphasis. The readers store cryptographic keys and process cryptographic operations on certified EAL6+ secure element hardware, and custom authentication keys can be used for organisations who prefer that level of control. EAL6+ certification is a designation of the Evaluation Assurance Level of an IT product or system (the highest score is EAL7). Signo also includes a velocity checking feature designed to mitigate and thwart brute force attacks.
“The new Signo line is a continuation of the journey we have been on,” says Radstaak. “It is the natural succession of what we have been doing for years, and it underlines our position in the market.” By natively supporting mobile credentials, the new product line reinforces HID’s commitment to mobile systems, which the company first brought to market in 2014. Signo readers also include Enhanced Contactless polling to support mobile credentials in Apple Wallet.
Embracing the OSDP standard, which was created in 2008, also addresses the growing customer need for bi-directional, secure communications. There is built-in support for OSDP Secure Channel as well as legacy Wiegand communication for organisations seeking to transition.
Signo incorporates support for most credential technologies globally, including Seos, credentials with HID’s Secure Identity Object, and a variety of 125kHz legacy technologies such as Indala and Prox.
The flexibility and openness of Signo is a response to the acceleration of new technologies entering the access control market. “If you look at new technologies in general, our market has been slow in adopting them,” says Radstaak. “However, with new entrants in the market, new technologies, new device manufacturers and artificial intelligence (AI), I believe the market is adopting new technologies much faster than before. Users are much savvier.”
Administrators will be able to remotely configure and diagnose readers
Radstaak says he expects market adoption of the new readers will be fast. “Customers have been waiting for this platform,” he says. “This has been a tremendous investment for HID Global, and it underlines our position in the market with its open platform, simplicity and future-proofing. We are prepared for whatever comes next technology-wise.”
With Signo readers, administrators will be able to remotely configure and diagnose readers as well as monitor status through a centrally managed and connected reader ecosystem.
As a member of the FiRA Consortium, HID Global has advocated bringing new technology to market based on the “fine ranging” capabilities of ultra-wideband (UWB) technology, which has applications in detection of the precise location or presence of a connected device or object. It’s the kind of technology that Signo platform’s “future-proofing” approach is geared to accommodate. “As the capability unfolds, we will be there to adapt,” says Radstaak.
The U.S. Department of Homeland Security (DHS) will be participating at ISC West in a big way. Representatives of the federal department will be taking part in more education sessions this year, and the DHS tech-scouting team will be on hand to view the latest technologies on display at the show. Exhibitors – and anyone else at the show – are invited to the “DHS Town Hall” on March 19 (Thursday) at 3:30 p.m. in meeting room Galileo 1001. The aim is for DHS to engage with the technology community and provide guidance as industry innovation moves forward.
In the face of growing operational demands and complex threats, the need for homeland security technology solutions continues to rise. The Department of Homeland (DHS) is seeking new ideas and partners to safeguard public trust, save lives, reduce risks, and protect the flow of commerce and goods for the community. They will share information about the department’s problem sets, capability needs and business opportunities for accelerating technology development to ensure they are keeping pace with the speed of innovation and complex threats.
Speaking at ISC West
DHS seeks to challenge industry partners to develop technology to enhance security operations across multiple end user missions. The DHS Science and Technology Directorate (S&T) and Cybersecurity and Infrastructure Security Agency (CISA) will jointly speak and exhibit at ISC West.
Attendees can meet DHS professionals working in cyber security, critical infrastructure, resilience, aviation security, border and port operations, and first responder capabilities. Attendees are invited to visit the DHS exhibit booth #33040 in the Drones and Robotics Zone.
The DHS Town Hall on Thursday, titled “Enhancing Security and Doing Business at the Speed of Life,” will be a “call to action” for show participants to help secure the future. DHS seeks to become more agile and to pursue new pathways to do business in a fast-moving world. Through strategic partnerships, DHS is mobilising the innovation community to safeguard the public trust.
DHS will also be participating in these sessions at ISC West, March 17-20 at the Sands Expo, Las Vegas, Nev:
You Say It’s Going to Change the World? Tues., March 17, 9:45 a.m., Sands 302.
Security relies on anticipating what comes next and staying a step ahead. How will 5G increase secure capabilities and reduce threats from bad actors? How will blockchain secure personal and financial identity and when will quantum computing render all encryption obsolete? How is DHS investing in counter-drones? How does AI change the security landscape?
The New Federal Security Landscape – Are You Prepared? Wed., March 18, 1 p.m., Sands 302.
The federal security landscape is evolving alongside the private sector. What are the new high-risk areas of concern and how are emerging threats (cyber, UAS) changing the way federal facilities are protected? How are these new risks balanced against traditional ones? How is the Interagency Security Committee (ISC) responding? DHS panelists will discuss.
CISA Special Guest Speaker at SIA Interopfest. Wed., March 18, 4 p.m., Sands 701.
Daryle Hernandez, Chief, Interagency Security Committee, DHS, Infrastructure Security Division, will provide insights to complement the technology interoperability demonstrations.
Enhancing Security Through UAS Technology, A DHS Perspective. Thurs., March 19, 11:30 a.m., Venetian Ballroom.
What is DHS doing today to prepare for a future of increased visualisation and automation? New questions are emerging around capabilities and vulnerabilities. Emerging technologies like AR, Next Gen Sensors, and UAS, provide the Department of Homeland Security (DHS) with tools to become more responsive and adaptive to new threats.
Teleste Corporation and a renowned international rail vehicle construction company Stadler have agreed on deliveries of Teleste’s passenger information and CCTV systems to Stadler’s new FLIRT trains for Norwegian State Railways. The deliveries will take place in 2019–2021, continuing the cooperation between Teleste and Stadler that was started in 2009.
The deployment will include on-board passenger information (PIS) and CCTV systems for more than 20 trains complemented with video security cameras and video recorders, intercommunication and public address systems as well as TFT and LED information displays. The flexible and future-proof system works seamlessly together with the existing PIS systems, delivered during earlier stages of the cooperation, and includes upgrades such as enhanced cyber security.
Rolling stock manufacturers
We have been able to fulfil Stadler’s requirements for high-quality delivery of passenger information"
“Today, transport operators and rolling stock manufacturers need to stay at the cutting edge of on-board technologies to deliver an excellent travel experience for the growing number of public transport users who wish to be informed about their travel at every step of the journey."
"We are pleased that we have been able to fulfil Stadler’s requirements for high-quality delivery of passenger information on their trains to Norway, and we are looking forward to continuing our cooperation,” stated Jörn Grasse, Vice President of Rail Information Solutions at Teleste.
Effective transport system
Teleste’s on-board passenger information system is based on modular software architecture, which makes it possible to use the system technology for different kinds of applications. The system provides a flexible option for the delivery of passenger information for rolling stock manufacturers and operators who wish to build and run an effective transport system that can carry large volumes of passengers smoothly and safely every day.
Customers can visit the company’s website for more information about the solution and its benefits.
In St. Petersburg, a set of Dahua thermal body temperature monitoring system was installed at the entrance of JSC Concern Okeanpribor to help the company with preliminary body temperature screening of employees and visitors during the pandemic. The equipment can quickly and accurately detect people with elevated body temperatures, one of the key symptoms of COVID-19, providing the organisation with an additional layer of protection for its employees.
JSC Concern Okeanpribor is a company engaged in the production of sonar systems and shipbuilding stations to meet the needs of the country’s naval force and national economy. It is also listed as one of the ‘backbone enterprises’ of the Russian Federation.
Temperature monitoring solution
To provide its employees with safe working conditions under COVID-19, JSC Concern Okeanpribor hopes to use the Dahua thermal body temperature monitoring system to assist their daily temperature screening work and minimise the chances of infection with the strictest measures possible, while not ignoring privacy and respect.
The Dahua thermal body temperature monitoring solution was installed at the checkpoint of JSC Concern Okeanpribor, consisting of:
Thermal body temperature monitoring camera DH-TPC-BF5421P-T
Calibration equipment (blackbody)
Accessories (2 tripods, 2 adapters for a tripod)
The Dahua thermal body temperature monitoring system is a part of the VideoNet security systems at the facility
The implementation of this solution was completed by Skyros Corporation, a gold partner of Dahua Technology in the Northwest Federal District, together with a well-known Russian software developer for security systems – VideoNet. The Dahua thermal body temperature monitoring system is a part of the VideoNet security systems at the facility.
The Dahua Thermal Body Temperature Monitoring Solution provides a non-invasive way to help organisations check body temperatures of a group of people at the same time, which is faster than hand-held scanners and can be done at a safer distance. That’s why this solution is accepted and adopted by JSC Concern Okeanpribor and other security experts during the pandemic and recovery. Moreover, the most important factor why it was chosen is its accuracy.
Reducing false alarms
With a blackbody, the solution uses a hybrid thermal imaging camera to achieve highly accurate temperature monitoring of ± 0.3 ℃, which is essential in detecting people with abnormal temperatures. At the same time, the camera’s built-in face detection enabled by advanced AI technology can improve the overall measurement accuracy with better positioning of the measuring point on the face.
This approach significantly reduces false alarms caused by a variety of hot objects that may accidentally or intentionally appear in the monitored zone. It can also detect the temperatures of people wearing medical masks.
This solution also includes a special version of Dahua DSS software, which can handle temperature alarms
This solution also includes a special version of Dahua DSS software, which can handle temperature alarms. If the set temperature threshold is exceeded, this could be an indication that the system has detected a person with fever and should be checked by a medical professional. In this case, the camera will send an alarm message to this software, allowing the operator to take appropriate measures.
Conduct preliminary detection
Featuring long distance, non-contact and fast detection speed, the Dahua Thermal Body Temperature Monitoring Solution allows JSC Concern Okeanpribor to conduct preliminary detection of people entering their building who are exhibiting fever, thus effectively limiting cross-infection caused by physical contact, saving manpower and material resources, enabling efficient passage of people at the entrance, as well as enhancing protection for the operation of the whole company.
The solution has been widely used in China and many parts of the world during the pandemic and corresponding recovery. Its effectiveness for mass scanning especially in public places such as shopping centers, office buildings, airports, train stations, subway, as well as in hospitals and educational institutions has been proven by its applications all over the world. In one transportation hub for instance, the system detected more than 100 passengers with abnormal temperature. After conducting medical tests, 60 of them were confirmed positive for COVID-19.
Synectics has secured a multi-site protection contract for a customer whose infrastructure assets are considered critical to national security. Responsible for maintaining an energy network that supplies over 3.9 million homes and businesses, the customer required a centralised system to guard against both physical and cyber threats at five key sites – each recognised as a national asset with corresponding levels of access clearance.
The Synectics solution, driven by its Synergy 3 command and control platform, integrates third-party sensors, analytics, cameras, systems, personnel databases, and edge devices. The resulting level of situational awareness gives the team – based at the customer’s state-of-the-art Alarm Receiving Centre (ARC) – complete oversight and control of security, safety, and site-management systems at each facility.
Electrified perimeter-fence systems
As part of the contract, Synectics will also provide a redundant ARC solution for failover scenarios. The core integrations included as part of the project ensure alerts and responses are linked to, and can implement direct control of, door-access systems, intrusion-detection systems, intercom technology, and the electrified perimeter-fence systems deployed at each location.
Synectics will conduct a complete system FAT, which includes all specified third-party software and hardware, at its dedicated UK testing facilities. Given the high-risk, high-security nature of the project, the provider’s ability to system-test at such scale was a crucial factor in the contract being awarded. The five locations to be monitored from the ARC are government-authorised to trigger armed response units to deal with imminent or actual threats.
Command and control system
In addition to meeting technical resiliency specifications, Synectics will be providing cyber security consultation
The solution will, therefore, employ customised workflows to support incident (alarm) validation and protocol-compliant responsive action. The solution will also see each site equipped with its localised command and control system for on-site management, with the ability to manually and automatically escalate incidents to the ARC team as required. Cyber security was a specific focus of the brief.
In addition to meeting technical resiliency specifications with authentication and encryption solutions, Synectics will be providing ongoing cyber security consultation, working in partnership with in-house specialists to ensure the continuous development of protective measures.
Martin Bonfield, UK Sales Manager at Synectics, commented: “The perfect alignment between customer requirements and Synectics’ track record in CNI meant the lead integrator came directly to us with this exciting project. Our credentials and expert team, coupled with Synergy 3’s ability to remotely integrate and interoperate with any third-party system vital to effective operations, meant we ticked multiple boxes."
"We are regarded in the industry as a safe pair of hands with the relevant experience, and an innovator with the forward-focused technology required to meet all aspects of the brief.”
The Office for Students (OfS) is the independent regulator of higher education in England, responsible for ensuring that all undergraduate and postgraduate students, whatever their backgrounds, have a fulfilling experience of higher education which enriches their lives and careers and delivers value for money. They are headquartered in Bristol, United Kingdom with a workforce of around 450 people.
GDPR Data Privacy Management
Higher Education Funding Council for England (HEFCE), Office for Students’ predecessor, became a client of SureCloud back in 2017, implementing the GDPR Data Privacy Management Suite to support and enhance their GDPR programme.
As a new organisation and a successor of HEFCE, Office for Students has been looking to mature its approach to risk management. The focus of this for the team was initially to improve risk policies and procedures, to develop internal capability, enhance reporting to show transparency and allow challenge, and to identify and manage risks enterprise-wide systematically.
Effective Risk Management approach
Office for Students needed a single, seamless, enterprise-wide solution to manage all aspects of risk management
These improvements established a highly effective risk management approach, but the organisation soon hit the ceiling in terms of their process supporting risk systems, with technology being a limiting factor rather than an enabler.
The organisation was relying on numerous disparate spreadsheets to assess and monitor different types of risk, these were inconsistent, time-consuming and error-prone. Office for Students needed a single, seamless, enterprise-wide solution to manage and monitor all aspects of risk management.
Data privacy Risk Management solution
Office for Students has been a SureCloud client for cybersecurity services since March 2017 and began deploying SureCloud’s governance, risk and compliance (GRC) solution in July 2017 to assist with their responsibilities under GDPR.
Knowing that SureCloud also offered a comprehensive risk management solution (recognised on Gartner’s IRM Magic Quadrant), which could be tailored to their precise needs, Office for Students opened a conversation with SureCloud about how best to configure their existing SureCloud Data Privacy Risk Management solution to enable enterprise risk management.
SureCloud’s Risk Management solution delivers:
A central view of risk across the organisation via a single intuitive dashboard
Risks organised across divisions, legal entities, business functions, and geographies
The ability to provide a central repository for enterprise risk, allow the organisation to show the entirety of the risk environment and consider overlaps and interdependences
A range of risk management methodologies to understand the likelihood, impact and overall risk rating
Configurable drillable dashboards and reports to provide a real-time snapshot of risk at any time
Centralised, cloud-based platform
SureCloud’s centralised, cloud-based platform underpins the Risk Management product
SureCloud’s centralised, cloud-based platform underpins the Risk Management product, allowing anyone from across an organisation deploying the application to add information at any time, from anywhere.
Office for Students worked with SureCloud to configure the Risk Management application to their precise needs and was ready for rollout ahead of schedule.
Rapid implementation services
“SureCloud got to grips with our requirements incredibly quickly,” said Ben Whitestone, Head of Governance at the Office for Students, adding “As the only independent regulator for higher education in England, we regulate in the interests of hundreds of thousands of students, and we take that responsibility very seriously.”
Ben adds, “Managing the risks we face is an important part of our governance. But with our legacy systems, we were focused more on updating spreadsheets than actually managing risk. SureCloud’s platform is enabling us to take a far more agile approach to risk management, focusing on taking action to mitigate threats and exploit opportunities, with substantial time and cost savings as a result.”
Streamlined, centralised Risk Management
“SureCloud’s Platform has moved us away from using a series of disparate spreadsheets and countless emails for recording risk, with all of the potentials for errors that entails, to a single, centralised source of risk information for every member of staff,” said Whitestone.
He further adds, “It’s dynamic and agile, if we want to get a snapshot of risk for a particular department or function, we can.”
Intuitive, user-friendly platform
We are very pleased with how quickly staff can get to grips with the SureCloud Platform"
“Despite us being at the start of our risk management journey, we are very pleased with how quickly staff can get to grips with the SureCloud Platform, this was a key factor for us” commented Whitestone.
Whitestone adds, “They can more or less log on and go – it’s extremely intuitive and easy-to-use. In turn, this means that it frees up a huge amount of time spent manually inputting or transferring information, which is a great advantage for us.”
Systems and culture working in-sync
“We undertook a great deal of work to evolve our culture of risk management, to one that was far more consistent and proactive.” stated Whitestone
He adds, “With SureCloud’s Risk Management solution in place, we have the systems to underpin that culture, and enable us to take a far more streamlined, agile and accurate approach to help manage risk across the organisation.”
Protecting the oil and gas market is key to a thriving economy. The list of security challenges for oil and gas requires the best technology solutions our industry has to offer, from physical barriers to video systems to cybersecurity. We asked this week’s Expert Panel Roundtable: what are the security challenges of the oil and gas market?
We are all more aware than ever of the need for cybersecurity. The Internet of Things is a scary place when you think about all the potential for various cyber-attacks that can disrupt system operation and negatively impact a customer’s business. Because most physical security systems today are IP-based, the two formerly separate disciplines are more intertwined than ever. We asked this week’s Expert Panel Roundtable: How can cybersecurity challenges impact the physical security of a company (and vice versa)?
Cloud systems are among the fastest-growing segments of the physical security industry. The fortunes of integrators can improve when they embrace a recurring monthly revenue (RMR) model, and cloud systems are expanding the services and features manufacturers can provide, from remote diagnostics to simplified system design. But for all the success of cloud systems, there remains confusion in the market about the exact definition of “cloud”. Or does there? We asked this week’s Expert Panel Roundtable: what is “the cloud”? Is there agreement in the market about what the term means?