Security seals

Feenics announced that it participated in CA Technology’s Veracode Verified program over the past 10 months, a stringent process that validates a company’s secure software development procedures, and has received the seal of Verified by Veracode. With approximately 30 percent of all breaches occurring as a result of a vulnerability at the application layer, software purchasers are demanding more insight into the security of the software they are buying. CA Veracode Verified empowers Feenics to demonstrate its commitment to creating secure software. When purchasing software, customers and prospects are demanding to understand how secure the software is. As part of CA Veracode Verified, Feenics can now demonstrate through a seal and provide an attestation letter from an industry leader that the application has undergone security testing as part of the development practice. Additionally, participating in the program ensures that our software meets a high standard of application security, reducing risk for the customer. Security gates in software development Organisations that had their secure development practice validated, and their application accepted into the Standard Tier, have demonstrated that the following security gates have been implemented into their software development practice: Assesses first-party code with static analysis Documents that the application does not allow Very High flaws in first-party code Provides developers with remediation guidance when new flaws are introduced The API is secured with TLS encryption and optionally authenticated with time-based, one-use passwords (RFC 6238) Keep’s RESTful API The Keep API provides the developer with programmatic access to all the functionality of a deployed physical access control solution. From adding cardholders, to adjusting door schedules, modifying access levels or querying for hardware status, all activities are programmable through this unified, RESTful API. In addition to the stateless HTTPS protocol the API service also offers a live stream of events over a web-socket connection.  This stream of events can be used for live alarm monitoring, real time data analysis and threat detection. The API is secured with TLS encryption and optionally authenticated with time-based, one-use passwords (RFC 6238). Reducing risk of security breaches “Feenics is committed to delivering secure code to help organisations reduce the risk of a major security breach. Companies that invest in secure coding processes and follow our protocol for a mature application security program are able to deliver more confidence to customers who deploy their software,” said Asha May, CA Veracode. Denis Hebert, President of Feenics, stated that “third party review and audit within our software development lifecycle is an essential part of the vulnerability assessment process, ensuring that Feenics does everything possible to mitigate cyber risk for our users.” Feenics believed it needed to take additional precautions to validate our solution, Keep, from potential threats"  Additional precautions against threats “As breaches become more prevalent, the electronic security industry has a responsibility to take every possible step to guard against potential threats that may be caused by weaknesses within its API." "While quality assurances (QA) are steps that all manufacturers should take before release of any solution or additional functionality, Feenics believed it needed to take additional precautions – such as taking part in and being compliant with Veracode’s Verified program – to validate our solution, Keep, from those potential threats,” said Paul DiPeso, Executive Vice President, Feenics.

March Networks, a global provider of intelligent video solutions, is proud to be one of the first companies in Canada to become Cyber Essentials Canada certified, designating it as a cybersecure business. Cyber Essentials Canada certified Developed as part of the United Kingdom’s National Cyber Security Programme, the Cyber Essentials certification is awarded to organisations able to demonstrate good cybersecurity practices and an ability to mitigate risks from Internet-based threats in areas including: firewalls, routers and other boundary security devices; Internet-connected email, web and application servers; desktop PCs and laptops; and cloud, Internet and other service providers. The Cyber Essentials Canada toolset is an important asset for end user organisations eager to monitor and protect their supply chain In addition to helping organisations identify the required controls believed to shield companies from most common Internet threats, the Cyber Essentials Canada toolset is an important asset for end user organisations eager to monitor and protect their supply chain. March Networks The certification is a further affirmation of March Networks’ holistic approach to security, which involves a 360° view of all aspects of its business – from product development and source code management, to operational processes and customer data privacy. For example, the company operates a secure Network Operations Center, conducts background checks on employees working with product code, and has participated in extensive security audits with Fortune 500 customers. It also takes a proactive, transparent approach to identifying potential vulnerabilities in its products. March Networks’ Security Updates and Advisories program involves regularly tracking US-CERT reports, conducting in-depth investigations when required, and quickly alerting customers and partners to any necessary software updates via email alerts and information posted directly on the March Networks website. Cybersecure standards March Networks has always taken a responsible approach to our security policies and practices" “As the video solutions provider of choice for many of the world’s enterprise organisations, including leading banks and credit unions, March Networks has always taken a responsible approach to our security policies and practices,” said Peter Strom, President and CEO, March Networks. “Achieving this Cyber Essentials certification, which is already well recognised in the U.K., provides our customers with yet another assurance of our cybersecure standards.” Cyber Essentials was created in collaboration with industry partners in the United Kingdom (U.K.), including the Information Security Forum (ISF), and the British Standards Institution (BSI), and is endorsed by the U.K. government. CyberNB, a special operating agency of Opportunities New Brunswick, recently brought the program to Canada, where it is expected to be a major requirement to win business in both public and private sectors in the future.  “Business today is largely conducted online, and every organisation has a critical responsibility to protect its business data,” said Stephen Lund, CEO of Opportunities New Brunswick. “We are delighted to extend this certification to March Networks, in recognition of the security controls and best practices the company has in place within its IT systems to address cybersecurity effectively and mitigate Internet-based threats.”

HID Global, a global provider of trusted identity solutions, announced that its HID Crescendo PIV smart card has achieved FIPS 201 compliance and is listed on the General Services Administration’s Approved Products List (APL). Government agencies and private enterprises looking for the highest level of security and interoperability can leverage the Crescendo PIV smart card to protect the identities of their people when accessing facilities and IT systems. GSA’s Approved Products List provides federal agencies with products and services that have been approved for FICAM implementation based on rigorous security vulnerability and interoperability testing performed by the FIPS 201 Evaluation Program. The Crescendo PIV also has a NIST FIPS 140-2 Level 2 security certification, in addition to the NIST FIPS 201 interoperability certification, and it has optimised performance for faster physical access using digital certificates. Key component to multi-factor authentication solutions HID Crescendo PIV dual-interface smart cards enable access to a broad range of applications, including physical access, PKI based authentication, digital signature and data encryption “With the HID Crescendo PIV on GSA’s Approved Products List, government agencies have the assurance that the PIV card complies with governmental regulations for credentials,” said Yves Massard, Director of Government Solutions, IAM Solutions, HID Global. “HID continues to be a leader in providing PIV solutions to the U.S. federal government, delivering the security, interoperability, high performance and durability that government employees need.” HID Crescendo PIV dual-interface smart cards enable access to a broad range of applications, including physical access, PKI based authentication, digital signature and data encryption. Use cases include secure login to workstations and laptops, web-based cloud applications or VPN gateways. HID Crescendo PIV is a key component to HID Express and HID PIV Enterprise, multi-factor authentication solutions that deliver standard-compliant identity and credential management for the complete lifecycle of the identity.

The deal will enable all the senior members of their security team to obtain Professional Membership status The Security Institute announced at their Annual General Meeting, held on Tuesday 25th April, that it has entered into a Group Membership arrangement with the Foreign and Commonwealth Office (FCO). Professional Membership status The deal will enable all the senior members of their security team to become members of the Institute and obtain Professional Membership status. Several members of the FCO security team are already Institute members and the new arrangement will enable about another 50 members of the team to join the Institute. Latest security industry advancements Roddy Drummond, FCO Head of Security Profession, said: "The FCO are delighted to enter into partnership with the Security Institute which will ensure our team of security professionals keep up to date with the latest industry advancements and have the opportunity for ongoing development." Andrew Nicholls, Chief Executive of the Security Institute, said: "We are delighted to be able to make this announcement as it brings together several weeks of discussion and agreement and I very much look forward to working with the FCO in the future over CPD arrangements and achieving formal qualification for all members their Security Team.”

ISO/IEC 27001 is the internationally recognised best practice standard for an ISMS Esoteric, a counterespionage and electronic sweeping company, announced that after a rigorous evaluation of its information security processes, they have been granted ISO 27001 certification by British Standards Institution (BSI). Protecting information The accreditation demonstrates the company’s commitment to information security, both of internal data and that of the clients and partners, who entrust them with their valuable sensitive information. Compliance with the International Organisation for Standardisation's (ISO) strict requirements highlights a commitment to using best practice, providing the clients and partners reassurance with the handling and protection of their information. "We place the highest priority on information security, our ISO 27001 certification demonstrates our commitment to continual improvement and confirms our policies and practises comply with the most stringent standards," stated Peter Gregg, Operations & Compliance Manager. ISMS framework ISO/IEC 27001 is the internationally recognised best practice standard for an information security management system (ISMS). The ISMS framework of policies and procedures includes legal, physical, and technical controls involved in information risk management and covers people, processes, and technology. For more than 100 years, BSI have led the way in standards. They are among the most respected and reputable management systems certification bodies in the world and are accredited by around 20 local and international bodies. "We recognise that information is one of a company's most valuable assets, any risk to the integrity of that data can make or break a business, security threats impact a company financially, impede expansion, prevent client attraction, damage assets and above all impact reputation," remarked Emma Shaw, Managing Director. When properly managed, a successful information security policy allows an organisation to operate with confidence—something the Esoteric team lives by and advocates for all its clients.

BS 7960:2016 was revised to accommodate changes in the legal requirements for door security staff British Standards Institution, the business standards company, has revised BS 7960 Door Supervision – Code of Practice. The updated standard gives recommendations for the organisation and management of companies providing door supervision services, whether contracted or in-house, to licenses premises or events. Fulfilling legal requirements BS 7960:2016 was revised to accommodate changes in the legal requirements for door security staff. A ‘response to emergencies’ section replaces the previous ‘contingency plan for security’, and a new threat level provides guidance for door security personnel on how to handle emergencies as divergent as performing first aid to a vulnerable person to responding appropriately to a terrorist attack or other large-scale emergency. The revised standard has new requirements to identify and implement violence reduction measures, and that Security Industry Authority (SIA) licenses are checked against SIA records at least once a month. There are additional guidance notes regarding the Data Protection Act and SIA Licence requirements when CCTV or other data recording devices are used. Door security personnel To reflect the changing face of the labour market, BS 7960 now refers to the deployment rather than the employment of door security personnel, as the individual may be under instruction of the company but paid by a third party. A new clause has also been added to ensure that the requirements of the standard are still met when the door security personnel is working for a subcontractor. “Professional door supervisors fulfil a crucial role not only in providing security for premises but in upholding the safety and wellbeing of individuals on their premises” As well as public and private organisations requiring the use of door supervisors, the standard is expected to be particularly relevant to the Association of Security Consultants, the Institute of Professional Investigators, Ex-Police in Industry and Commerce, and the National Association of Security Dog Users. Ensuring safety of individuals Anne Hayes, Head of Market Development for Governance and Resilience at BSI, said: “Professional door supervisors fulfil a crucial role not only in providing security for premises but in upholding the safety and wellbeing of individuals on their premises. In developing BS 7960, we worked closely with private security firms to ascertain what door security personnel need to do their job as safely and effectively as possible.” BS 7960 now accommodates the 2013 legal requirement that all door security staff secure an SIA Level 2 Award for Up-Skilling. In common with the standard it replaces, the private security industry was heavily involved in the development of BS 7960:2016. Organizations involved in the development of the standard include the British Security Industry Association; National Security Inspectorate; Security Industry Authority; and the Proof of Age Standards Scheme (PASS).

The term ‘marine’ comes from the Latin mare, meaning sea or ocean, and marine habitats can be divided into two categories: coastal and open ocean. Video surveillance (VS) applications can cover both types of marine environment with system for ships, maritime ports, onshore and offshore installations, etc. We should want to further analyse VS for ships and try to explain the types of ships on which it can be used, the ways in which VS can be used on ships, the typical certifications in use and what features a camera station must have to be installed on a ship. Starting with ships that have a minimum tonnage, around the world we have: liquefied natural gas (LNG) tankers, passengers ships, chemical tankers, crude oil tankers, container ships, general cargo ships and bulk carriers.As the LNG market grows rapidly, the fleet of LNG carriers continues to experience tremendous growth, offering more opportunities for VS Video surveillance for all marine vessels An LNG carrier is a tank ship designed for transporting liquefied natural gas. As the LNG market grows rapidly, the fleet of LNG carriers continues to experience tremendous growth. A passenger ship is a merchant ship whose primary function is to carry passengers by sea. This category does not include cargo vessels which have accommodation for a limited number of passengers, but rather includes the likes of ferries, yachts, ocean liners and cruise ships. A chemical tanker is a type of tank ship designed to transport chemicals in bulk. These ships can also carry other types of sensitive cargo which require a high standard of tank cleaning, such as palm oil, vegetable oils, tallow, caustic soda and methanol. An oil tanker, also known as a petroleum tanker, is a merchant ship designed for the bulk transport of oil. There are two basic types of oil tankers: crude tankers and product tankers. Crude tankers move large quantities of unrefined crude oil from its point of extraction to refineries. Product tankers, generally much smaller, are designed to move refined products from refineries to points near consuming markets. Container ships are cargo ships that carry their entire load in truck-size intermodal containers: a technique called containerisation. They are a common means of commercial intermodal freight transport and now carry most seagoing non-bulk cargo. Today, about 90% of non-bulk cargo worldwide is transported by container. A cargo ship or freighter ship is any sort of ship or vessel that carries cargo, goods and materials from one port to another. Cargo ships are specially designed for the task, often being equipped with cranes and other mechanisms to load and unload, and come in all sizes. Bulk carriers make up 15%–17% of the world's merchant ships and they are specially designed to transport unpackaged bulk cargo such as grains, coal, ore and cement in its cargo holds. For all these ships the protection of vessels, cargo and crew is a priority, that’s why the adoption of VS technology plays a key part in terms of security and safety. Human error is regularly named as a major factor in ship accidents, and one way to avoid it is to aid seafarers by providing them with technology and equipment that is reliable and easy to use in all weather and sea conditions. Marine VS encompasses liquefied natural gas (LNG) tankers, passengers ships, chemical tankers, crude oil tankers, container ships, general cargo ships and bulk carriers Emergency security solutions on ship One of the most important applications for camera stations is during “docking”. Mooring is the securing or confining of a vessel in a particular location with a fixed or a floating object (jetty, pier, ship, barge, buoy, etc.) as various cargo operations are carried out. Docking is the final stage of mooring operations when the ship docks to the jetty. This is a very delicate operation and cameras are very helpful in making sure docking is done without accidents.'Man overboard’ is an emergency in which a person has fallen off a boat or ship into the water, and can happen at any time during the day or night Another important application for camera stations is the Man Overboard detection system (MOB). ‘Man overboard’ is an emergency in which a person has fallen off a boat or ship into the water. Man overboard events can happen at any time during the day or night, in all types of weather and sea conditions, and from almost any location on the ship, ranging from a few tens of feet above the water, to over 180 feet.  When these events occur, the immediate availability of important data is crucial. Accurate confirmation of the event including time of occurrence, location on the ship and location in the sea is critical. A proactive detection system must immediately and accurately detect man overboard events and provide prompt, actionable data to response personnel. A typical man overboard detection system can report a MOB event in under 1 second. VS on a vessel can also monitor the engine room at all times and provide a good view of people working on dock, machinery and stowed equipment. But what are the most important features that a camera station must have to work in one of the most aggressive environments in nature? Marine surveillance must operate in one of the most harsh environments in nature Ruggedised reliability in surveillance First of all, and perhaps it’s obvious, but it’s extremely important to have camera stations with amazing reliability. Housing units manufactured from AISI 316L stainless steel, passivated and electropolished, makes the cameras completely impervious to air, water, rusting and corrosion, therefore offering excellent weather protection and increased reliability. Housing units manufactured from AISI 316L stainless steel, passivated and electropolished, makes the cameras completely impervious to air, water, rusting and corrosion Sometimes ships also use cameras constructed entirely from technopolymer, which guarantees high impact resistance and superior protection from external weather agents. Keeping the camera glass clean at all times is another essential feature, and it can be done via a wiper/wash system that greatly reduces the need for maintenance. In the case of PTZ cameras, the best option would be a great pan and tilt speed (up to 100°/s). What is the operative temperature range for the cameras? Sea is everywhere and therefore ships go everywhere, from the Arctic Ocean to the Mediterranean, so we need cameras that have to be fully operational across a wide temperature range.  -40°C to +65°C covers almost all areas. Analogue or IP Cameras? Actually, both options can be used, especially for applications like docking where it’s important to avoid image delay (as can happen with IP cameras due to the natural latency of data communication over a network). Marine certifications Last but not least, the certifications: Certifications guarantee the quality and reliability of camera stations. There is no compromise! One important certification is the Lloyd’s Register Type Approval which subjects cameras to rigorous testing for performance, vibration (critical on ships), humidity, etc. The application field of the LR Type Approval is VS in public places (e.g. passenger ships), open decks, enclosed spaces that are subjected to heat generated from other equipment, and technical premises. Often, VS cameras used in specific areas of ships, such as hazardous areas, are required to have ATEX and IECEX certifications.

The security industry can be like a house built on sand if there's a lack of professional standards set in place Picture the scene: You’re suffering from a persistent pain and so decide to take a trip to your doctor to get it checked out. You step into the consulting room but, before you can speak, he looks you up and down, haw and hums, and then writes out a prescription. Would you be happy that drugs prescribed in this manner will cure your ailment when your doctor has not even bothered to establish what the problem is? Would you accept this as any sort of professional approach? Of course you wouldn’t, and yet every day, in every corner of the Security Industry, this is exactly what is happening, informs Stephen D Green, Physical Security Sector Champion for the Security Institute Research Directorate Knowledge Centre. Security Managers, faced with an immediate security problem and Directors screaming for action, over-rely on experience, leap to conclusions as to what the solution should be, reach for the catalogue and start ordering. This is why, for example, all too often I will come across vehicle control points in site perimeters equipped with K12 crash-rated roadblockers, when 10 yards to each side of the entrance is a chain-link fence that my kids could punch through. The Security Managers, like the doctor above, have failed to analyse and diagnose the problem, leaving it to chance that the action taken will fit the need. But when the measures put in place fail, it is the Security Managers competence that is drawn into question. All security system designs should be risk-based. Such an approach encourages analysis of evaluation of risks such that priorities may be established Is such criticism fair? After all, Security Managers are only human, and humans use unconscious heuristics, or shortcuts, to achieve their goals. We all have personal biases and comfort-zones (“…it’s what we’ve always done”…), we all benchmark or crib off others (…”it’s what Bill down the road does”…) and we all satisfice (…”it’s good enough and it’s available now”…). And it’s not as if there is a wealth of reliable, independent information out there on which to base procurement decisions; in 2007 Professor Adrian Beck of Leicester University, describing the “data desert” at the heart of the Security Industry, stated that “…if CCTV or EAS were a drug, we would be absolutely appalled at the way it has been introduced and widely used without any rigorous testing of its likely impact on the patient”*.I also wonder if the prevalence of second-careerist, ex-armed forces or police officers in the industry has a bearing; General Colin Powell famously once stated that “…if you have between 40 and 70% of the information required to make a decision, go with your gut”. So what can the poor beleaguered Security Manager do to improve this situation? The answer is simple; all security system designs should be risk-based. Such an approach encourages analysis of causality and evaluation of risks such that priorities may be established, leading to problem-oriented solutions which, most importantly, are justifiable before a Company Board being asked to provide funding. An initial and comprehensive risk analysis assessment should be executed prior to purchasing products for the system Risk was defined in the seminal 1992 Royal Society report as “..the probability that a particular adverse event occurs during a stated period of time, or results from a particular challenge.”** There are many variants of quantified risk assessment process around the world, including the relatively-new ISO31000 standard, which developed out of the AS/NZS 4360 standard. Alternatively a good method, widely used within the petrochemical industries, is the American Petroleum Institute Security Vulnerability process. All of these various methods share a number of common features: Risk Identification –Identifying and characterising all critical assets and the specific threats facing them Risk Analysis – Identifying from the list of all possible risks those which are credible given the existing vulnerabilities , the counter-measures already in place and the capabilities of the adversary Risk Evaluation – Assigning a numerical, ordinal value against each risk to allow ranking and prioritisation of effort The level of understanding required to achieve this can only come from careful and continuous stakeholder engagement to ensure a good cross section of views and opinions; it cannot come from one person, or indeed one discipline, in isolation. The perception of risk is influenced by too many factors to describe here, but suffice to say that it is subjective, personal and experiential in nature. This is why some people read a book or walk the dog at weekends whilst others throw themselves out of perfectly good aeroplanes or climb up the side of mountains. Even risk-based technical counter-measures are only of use when deployed in support of a set of good, well-thought out security policies, procedures and practices on which staff have been trained and exercised Risk management is inherently a group activity, and should be iterative to reflect the changing nature of threat environments. The outcome of the risk assessment process should be a document, known variously as a security treatment plan or a Concept of Operations, which outlines the way the proposed new counter-measures are intended to work. From this it should be possible to define a detailed Operational Requirement for every device, listing its intended functionality and any technical performance criteria it needs to comply to. Later, following implementation, it is these two documents that will close the circle by verifying the installation delivers that which was intended at the outset.  Of course, it must be acknowledged that getting the technical element right is only part of the solution. Security is a sociotechnical system; it is made up of technical and human elements. Even risk-based technical counter-measures are only of use when deployed in support of a set of good, well-thought out security policies, procedures and practices on which staff have been trained and exercised. Remove any of these elements and the project can only fail. Therefore, paraphrasing Mathew 7:26, the Security Industry can often be “…likened unto a foolish man, which built his house upon the sand”. If the industry wishes to present itself as professional, it needs to adopt professional standards of evidence-based and methodical design rather than the haphazard guesswork which remains all too prevalent today. * - Beck, A. (2007a) The Emperor Has No Clothes: What Future Role for Technology in Reducing Retail Shrinkage? Security Journal, Volume 20, pp57–61 ** - Royal Society (1992) Risk, Analysis, Perception and Management. London. Author

Companies that have developed a culture of openness can provide and receive feedback at all levels The nail that sticks out gets hammered down” is an old Japanese saying that encourages an unspoken rule of conformity combined with an authoritarian hierarchical structure. Brent O’Bryan, SPHR at AlliedBarton Security Services, explains that a winning formula for both the organisation and an individual is a culture actively exhibiting healthy behaviours and practices, combined with a zero-tolerance policy for any inappropriate or troubling behaviours.  Many metropolitan cities wrestle with significant violence on the streets. In such cities, law enforcement and the state attorney’s offices face the headwind of a “stop snitching” culture. When criminals and bullies are accepted as commonplace and have greater influence than the law, their actions will not be reported, and the perpetrators themselves will ultimately not be held accountable for their actions. An anti-snitching philosophy also infiltrates many workplaces as criminals, or at least those who have yet to be found guilty, and bullies become the employees sitting in the next cubicle or office. Or worse, they become the boss.  Aligning organisational culture with policy People who feel they are in a safe and secure environment are capable of achieving great things If individuals see something but say nothing, or if organisations discourage, intentionally or otherwise, the active reporting of concerning actions and behaviours, chances of violence in the workplace increase. So, what can an organisations do to transform from a “see something, say nothing” culture to a “see something, say something” culture? Organisational culture, policy and practices need to be objectively evaluated, and if necessary, changed. The culture of an organisation will always trump policy when the two are not aligned. And, culture is often best defined by the accepted behaviours and practices in an organisation. While the printed or preached culture may be a positive one, if the reality of what is practised every day is not, senior leadership needs to take steps to make the desired culture a reality. Driving an organisational culture change The following are some areas that business leaders in human resources and other senior leadership roles should review, analyse and work collectively to change. Tame Senior Management Bully Squads If leadership fosters a workplace bullying culture, then this attitude and behaviour will trickle down, permeate and dramatically alter the work culture in an extremely negative fashion. Human resource leaders, in particular, need to demonstrate to senior management that the adverse culture fails to foster productivity, teamwork and creativity – three vital objectives that every company wants to fulfil. Human resource leaders may consider corporate wide surveys, implemented by a third party vendor, that poll employees anonymously. If employees know that they can vent their frustrations and share feedback anonymously, without fear of losing their job, real change can start to occur. Companies with a secure work environment increase productivity Create Leadership Development Programmes Nurturing in-house talent with a well-defined leadership development programme makes employees feel more connected to the business, eases the chain of succession and empowers employees to be more creative, connected and engaged. Just as there are companies in many shapes and sizes, leadership development programmes differ dramatically from company to company. The end goal of these programmes is that employees have an opportunity to improve their skills through classes and workshops, have access to promotional opportunities as they arise, and feel a sense of community and kinship with their company. Leadership development begins with recruitment as human resource professionals seek individuals who can successfully lead their company’s mission. Develop Culture of Openness Companies that have developed a culture of openness can provide and receive feedback at all levels. A 360-degree feedback initiative can be a valuable option but is only recommended after a company has begun its journey to developing an open culture.  If the workplace still fosters a ‘see something, say nothing’ ideology, employees will not be forthcoming for fear that their confidence won’t be kept, or that the source of negative or constructive feedback will be too easily identified. A third party survey company should be brought aboard to confidentially assess feedback by employees at all levels of the organisation. Establish reporting mechanisms  It is important for an organisation to establish clear reporting lines. These should be made especially clear in policies and procedures and communicated frequently. The expectation that employees report inappropriate, violent or suspicious activity can only be realised when there are measures in place that allow and encourage reporting. Leadership effectiveness is dependent upon the ability to gain the trust of the people who work for them. This also assumes that the one holding the trust – the employee – will perform certain desired behaviours, and that the leader has both the desire and ability to “walk the talk.” People who feel they are in a safe and secure environment are capable of achieving great things. It is up to their leaders to tap into this fundamental optimism and allegiance, and move them forward to success.  By building a successful culture where employees feel safe, not threatened, and not maligned by their bosses, they will flourish creatively and be more productive. By developing a culture where employees understand the range and varieties of workplace violence and its warning signs, they will feel empowered to do something about it. 

Klass Software’s acquisition of incident management software company PPM 2000 is the first step in an evolution to build a broad, unified software solution to manage multiple aspects of the security function. In buying PPM, Klass sought to obtain “a very good platform business and grow it with the existing team,” says Will Anderson, CEO of Klass Software (and now CEO of PPM). He sees expansion and enhancement of PPM as a “long-term project,” maybe 10 years. Klass Software is the acquisition group of Klass Capital, an enterprise software growth equity fund headquartered in Toronto. The acquired company will continue to operate as PPM, and the head office will remain in Edmonton, Alberta. Anderson says software related to the security market “looks a little unconsolidated to us.” Over time, he foresees pulling various software elements – PSIM, incident management, analytics, compliance – together into a single platform built around PPM’s existing software product. They will achieve the goal either by enhancing PPM, by acquiring related companies, and/or through partnerships. Anderson said the new PPM will likely do one or two acquisitions a year to build out and augment PPM’s capabilities. The company has $10 to $12 million “in our pockets” to invest, and could access another $50 million as needed over time. They are looking to invest $10 million or so each year in acquisitions. In terms of enhancements to PPM, Anderson says the core incident management capabilities are mature, and new features will likely be related to real-time operations, more sophisticated investigative tools, and analytics. The tools exist in the market, but “smaller clients need us to pull them together and put them in a box.” The main idea is to take information and insight available from various systems and make it “actionable,” he says. “We want to really talk about solving problems,” he says. “We are an open organisation. We have to be able to interface when it makes sense. It’s a very fluid industry, and we are here to help solve the customer’s problem.”  “We’re excited about a future focused on expanding PPM’s incident management portfolio with complementary technology and services,” says Elaine O’Sullivan, who will continue as president of PPM under the new ownership. “The value of a software company is knowledge of the market,” Anderson says. “You have to have people who really get the problem, and PPM has the best people in terms of going to market. Their technology is among the best in the space, and their customer list is impeccable – one in every five Fortune 100 companies use it. It’s a great fit all around – great company, great people, great technology. What was lacking was capital, which we have. We can add value by making them better, improving execution of software management.”

How often is security used as a selling point? You don’t see it very often. Generally greater security is seen as a necessary evil, a corporate “cost.” Interesting, therefore, to see a company hoping that greater security can help turn around a flagging brand. In this case, security is related to identity protection, and the company is Blackberry. Blackberry recently signed an agreement to purchase Secusmart, a company that specialises in secure communication for governments, defence ministries and corporations. The Secusmart web site expresses it this way: “The past few years have shown that the future will be all about security.” Reputation management expert Ken Wisnefski says the purchase responds to concerns of vulnerability among people who are moving more of their lives online. The Secusmart high-security voice and data encryption and anti-eavesdropping technology addresses such concerns. “Corporations, governments and practically everyone else cares about privacy and security when it comes to sensitive information, but today’s online mobile world can make it seem almost unrealistic to secure all of that information,” says Wisenfski, who is the CEO of WebiMax, an online marketing agency that specializes in reputation management, social media and mobile advertising. Wisenfski notes that Blackberry has been losing serious ground in the mobile device market even as concerns about eavesdropping and security have increased. “If Blackberry can create capable devices that people want, this serious effort to reassure folks that someone is looking out for their mobile security could generate huge value and win them back a sizable share of the market,” comments Wisenfski. Seems like turning around Blackberry is a lot to expect from even the best data encryption technology. But I wonder if there are other examples out there that address the value of security as a selling point. We have certainly seen the reverse; that is, the harm done to the Target brand by the recent high-profile data breach. Does it work the other way, too? There was talk at IFSEC about how security can be a “business enabler,” such as making it possible to effectively operate a business in a high-crime area. Wonder if we can take that a step further and say that there are instances when security, even physical security, provides a competitive advantage? I would love to hear about any examples of that.

HID Global, the globally renowned company in trusted identity solutions, has announced that it has deployed the government of Libya’s first diplomatic and special ePassport program. HID Integrale HID Global provided Libya’s Ministry of Foreign Affairs (MOFA) with HID Integrale, a secure end-to-end solution that expedites the application and issuance processes and manages the entire ePassport lifecycle. For improved security, the redesigned and modernised booklets include a durable polycarbonate data page and are personalised using new laser engraving and chip encryption equipment. HID Global designed, engineered and delivered the identity solution to the Libyan government in four months, even amid travel restrictions due to the COVID-19 pandemic. Robust and complete ePassport system We are pleased that our collaboration with HID Global has yielded a robust and complete ePassport system" “We are pleased that our collaboration with HID Global has yielded a robust and complete ePassport system that we have seamlessly integrated with our existing processes,” said Mohamed Elkoni with Libya’s Ministry of Foreign Affairs. Mohamed Elkoni adds, “HID’s identity document expertise, the delivery of the solution in record time against the current restrictive backdrop, and ongoing technical support has greatly simplified the implementation of our new systems.”  Public key infrastructure (PKI) service To ensure compliance with ICAO standards, HID Integrale’s public key infrastructure (PKI) service creates and manages Libya’s Country Signing Certification Authority (CSCA) keys and certificates to sign personalised eDocuments and enable verification. By implementing the PKI service, Libya can connect with the ICAO Public Key Directory, which enables the global use of their new ePassports and the potential for future security enhancements, such as biometrics. In addition, the solution’s web-based platform makes it possible for HID engineers to efficiently train the ministry’s staff as part of HID Integrale’s customer support package. Issuing secure diplomatic and special ePassports “A successful migration to an ePassport system requires a solution that enhances each touchpoint of the user experience, from application to travel,” said Craig Sandness, Senior Vice President and Head of Secure Issuance and Citizen ID Solutions with HID Global. Craig Sandness adds, “By opting for HID’s Integrale software suite, the Libyan government has created a solid and future-proof foundation to issue diplomatic and special ePassports.”

The control room furniture designed for Warrior Insight is from the standard range of MDesk-Technical modules Warrior Insight, a risk management specialist based in Kenya, has chosen Custom Consoles MDesk-Technical for installation at its Nairobi headquarters. The desks house the operational infrastructure for a newly built video surveillance control suite. "Custom Consoles has a global reputation for the robustness, ergonomic excellence and attractive styling of its control room furniture," comments Warrior Insight Kenya's CEO Adam Miller. "Equally important is the company's attention to detail in terms of equipment accessibility, ventilation and cable management. The desks form the basis of a good working environment which allows our staff to give total attention to their security duties. Based on successful prior experience with Custom Consoles, we were fully confident to install the desks ourselves. Pre-assembled modules were air freighted from Custom Consoles' UK factory complete with easy-to-follow instructions." Fit within the available floor dimensions "The control room furniture designed for Warrior Insight is from our standard range of MDesk-Technical modules, configured to fit within the available floor dimensions," adds Custom Consoles' Sales Manager Gary Fuller. "The furniture comprises three desks providing a total of eight independent workstations. Each operator has access to a dedicated computer housed in an under-desk pedestal plus three desktop monitor display screens and a desktop keyboard. Largest of the desks is a 6.4 metre wide four-operator unit facing a large-screen video wall. Behind this is a parallel 4.8 metre wide three-operator desk. Third of the three desks is a 1.6 metre wide supervisor's workstation with an additional work surface extension. Each desk is finished in cherry with a hard-wearing blue Marmoleum work surface." MDesk-Technical is a structured system Custom Consoles' MDesk-Technical is a structured system enabling bespoke configuration from a number of standard modules, providing an ergonomic working environment for control rooms of any size. Dual horizontal cable ducting is provided throughout entire length of each desk with access via an intermediate leg or pedestal. Monitor display mounting arms are available if required. MDesk-Technical furniture is constructing from a selection of sustainable veneered MDF carcasses, with Marmoleum or laminate work surfaces, edged in a matching hardwood.

Operators identify themselves at the Traka key cabinet using their company ID cardsOver 200 fork trucks and other materials handling equipment at Jaguar Land Rover's Halewood site in Liverpool are now being managed by Traka electronic access management systems. Jaguar Land Rover employs more than 1900 people and produces a car every 135 seconds. Fork trucks are used to transport materials and components to the production line and the company had a number of issues to address including driver accountability, damage control, cost savings plus health and safety compliance.Traka uses intelligent iFobs, each containing an electronic data chip. The iFob thus becomes an electronic key and replaces the conventional truck key. Each truck is fitted with a receptor socket into which the driver inserts the iFob to start the truck. When awaiting use, the iFobs are locked into a designated port within a special Traka key cabinet and operators identify themselves at the cabinet using their company ID cards. An iFob will only be released if the operator has permission to access the cabinet and, even then, will only give access to iFobs to trucks for which he or she is authorised to drive. This is all controlled through the Traka32 software, with the user and iFob details stored on a central database. Because all trucks are not keyed alike, it's easy to know who has driven a particular truck at any time, crucial in the case of an accident or Health & Safety incident. The advantages for Jaguar Land Rover are clear: using Traka saves time; and, by not having a single key for each truck, vehicles can still be used even if a key has been taken home inadvertently by a driver. If an iFob isn't returned at the end of a shift, it's easy to identify who has it. Driver accountability is now a reality: previously, trucks were often treated badly and there was no way of tracing who had caused the resulting damage. By reducing truck damage, downtime is also reduced and trucks spend less time in the workshop. With the new level of accountability, there is also less damage to stock, pallets and racking, resulting in lower operating costs. Daily incident reports are downloaded from Traka and reconciled against the driver report. Failure to complete an incident report is deemed a serious offence and is subject to disciplinary action. When Traka was introduced, the company found that good drivers took to the system well, whilst others quickly realised they would have to modify their behaviour or risk disciplinary action. There have been benefits for drivers too: Traka has done away with paper-based forms, meaning records can be managed with less administrative effort. Drivers also know that trucks will be in the right place when needed and be in good working condition. The Traka system has enabled all these safeguards to be put in place and the most striking change has been in driver behaviour. Typically, more than 27 incidents had been recorded each week but the number has now been reduced to just one."Traka has provided Jaguar Land Rover with better control and complete accountability," says Godfrey Anderson of Traka. "It has clearly improved productivity, as well as considerably reducing damage to stock, trucks and infrastructure."Following the success of Traka's fork truck control for the firm, Jaguar Land Rover has also adopted it to manage keys to rooms, buildings and storage areas.