Training services

Codelocks, global manufacturer of access control products, has announced its new training programme for locksmiths and installers. The courses on 25 September, 23 October and 20 November 2019 are available to book online. Locksmith training course Codelocks first introduced its locksmith training courses in 2012 and the programme continues to be successful. Held in Codelock’s Newbury head office, the sessions are hands-on and practical – ideal for Trade professionals wanting to expand their knowledge. The training provides locksmiths and installers with the opportunity to familiarise themselves with the Codelocks product line. The Autumn 2019 programme focuses on Codelocks’ extensive mechanical, electronic, KitLock and smart lock range The Autumn 2019 programme focuses on Codelocks’ extensive mechanical, electronic, KitLock and smart lock range. The impressive portfolio includes the popular CL5510 and the CL4510 smart locks as well as the traditional mechanical and electronic locks. Attendees will get the chance to experience its new door controller product range – Access by Codelocks. Smart mechanical and electronic locks By understanding the benefits of each of the products and discovering which access control solutions overcome customer challenges, locksmiths are able to identify new business opportunities, solve complex access control dilemmas and offer the very best advice to their customers. Locksmith and training attendee Robin Priest from J Priest & Son said, “The locksmith industry is competitive, which is why we are always looking for the edge to ensure that we are offering the best products available.” Codelocks access control products Locksmiths and installers are able to see how Codelocks access control products have benefitted customers in variety of settings including offices, hired venues, holiday rental homes, sports facilities and healthcare environments. Attending locksmiths and installers will also gain unique market insights and have the chance to network with like-minded professionals in the access control sector. We have facilities managers, locksmiths and resellers that are interested" Jo Milne-Rowe, national sales manager UK and Middle East at Codelocks and national chairperson for the Institute of Architectural Ironmongers (IAI) is one of the trainers. Jo has worked in the industry for over 20 years and has a skilled background in architectural hardware, mechanical security and electronic access control. Electronic locking solutions training She says, “We have a real mix of people that come in for the training. We have facilities managers, locksmiths and resellers that are interested in knowing all about the products so they can offer it as a solution. By coming to the training, they get an in-depth knowledge on how to install the products, but also learn some of the problem-solving techniques, so if they do have issues on site, they know how to rectify them.” Codelocks is pleased to offer training courses to professional locksmiths and installers free of charge. All locksmiths who attend and complete our training sessions will also be promoted on Codelocks’ Find an Installer directory.

STANLEY Security, one of the security providers, launches a new website as part of its continued commitment to improving the security and safety of people and their environment. The website, which remains at the same address of STANLEYSecurity.co.uk, significantly improves access to information, products and services and features a modern, clean design style. The overall content of the new website has been totally transformed, for greater clarity. The focus is all around the visitor experience with reliable sources of knowledge from a trusted security provider. Dealership programme for installers In line with customer demand, the very latest smart technology for both homes and businesses are available via the website and is structured into levels of security, priced accordingly, to answer varying customer needs. The latest blog/news section features industry news, innovations, security tips, guest interviews, videos and advice from professionals within the security industry. Navigation of the new website has been designed to be both customer focused and easy and quick Navigation of the new website has been designed to be both customer focused and easy and quick, with a range of options depending on user preference, from an easy access new top menu through to large on page buttons to take visitors through to the most popular sections/pages. The home page benefits from a number of these quick access navigation buttons: to the residential, SME and enterprise security sections, to the access control and CCTV sections, and to information on STANLEY Security’s dealership programme for installers looking to expand their businesses with STANLEY Security. Advising visitors about security The new resource section on the website is home to event listings, case studies, videos, infographics and brochure downloads, an interactive crime map and a time & attendance savings calculator, designed to show organisations how much money and time they can potentially save by implementing a time & attendance system. Clare Hilton, Head of Marketing UK, STANLEY Security “We are very excited about our new website launch. We have invested significant time prior to designing the new site, speaking and listening to customers about what currently works well for them and what they would like to see going forward. The new website is built around that feedback, in order to enhance the customer’s experience. As a result, our website focuses on advising visitors about security, products and services in a significantly improved format, with the goal to help answer their questions as speedily and simply as possible.”

A survey of UK GDPR decision-makers conducted on behalf of Egress, the provider of people-centric data security solutions, reveals that 52% of businesses are not fully compliant with the regulation, more than a year after its implementation. The survey also found that 37% of respondents had reported an incident to the ICO in the past 12 months, with 17% having done so more than once. Interestingly, the results showed that over half (53%) of mid-size companies had reported data breaches to the ICO in the past 12 months, compared with 36% of small companies and only 23% of enterprise organisations. Handling of sensitive data These figures indicate an evident gap in compliance performance among mid-size companies Similarly, a notably lower percentage (39.5%) of mid-sized companies reported full GDPR compliance compared with 56% of large and 51% of small companies. Taken together, these figures indicate an evident gap in compliance performance among mid-size companies. Other key survey findings include: Only half of decision-makers (48%) reported that their business was fully compliant 42% rated their organisation as ‘mostly compliant’ Over one-third (35%) said GDPR has become less of a priority for their organisation in the last 12 months Implementing new processes around the handling of sensitive data has been the greatest area for compliance investment in the last 12 months, cited by 28% of those surveyed Compliance investment priorities were then split across better auditing of what data is collected and why (18%), employment of a Data Protection Officer or other compliance personnel (18%), and new technology (17%). 7% said user education and training had been their biggest area of investment. Making GDPR a top priority We now appear to be seeing an ‘almost compliant is close enough’ attitude towards GDPR" A significant proportion (35%) of GDPR decision-makers said that the majority of compliance activity had taken place in the lead up to the May 2018 deadline and had since dropped down the priority list and remained less important. Only 6% said that the ICO’s recent high-profile announcements of its intention to fine British Airways and Marriott had subsequently shocked the business back towards greater awareness. While 70% of decision-makers surveyed said that their organisation felt very positively about GDPR, less than two thirds (62%) said their business had made GDPR a top priority over the past year. Tony Pepper, CEO, Egress comments: “Since the rush to meet last May’s deadline, we now appear to be seeing an ‘almost compliant is close enough’ attitude towards GDPR, with a significant percentage of decision-makers indicating that focus has waned in the past 12 months.” Taking necessary steps towards protecting data “The wait of more than a year between implementation and the first action taken by the ICO under GDPR seemed to lead to a perception outside the security industry that the regulation was ‘all bark and no bite’. Although the authority’s announcement that it intends to fine British Airways and Marriott such staggering sums sent shockwaves through the security community, it is concerning only 6% of organisations have taken action to avoid the full potential of the legislation. These announcements should definitely have acted as a clearer warning that organisations cannot risk compliance complacency.” “This is important for businesses in the small and mid-market segments, where our survey found lower compliance levels being reported. Although the ICO’s action to date has focused on two well-known enterprise organisations, GDPR demands compliance from businesses of all sizes and they need to take all necessary steps towards protecting data.” End-user education and training When asked about their single greatest area of compliance investments, decision-makers chose: Implementing new processes around the handling of sensitive data (28%) Better auditing around what data we collect and for what reasons (18%) Employment of a Data Protection Officer or other additional compliance staff (18%) New technology (17%) Implementing new procedures around incident reporting (8%) End-user education and training (7%) Security-related personal data breach incidents Over one-third of respondents (37%) have reported at least one incident to the ICO in the last 12 months Yet despite these investments, over one-third of respondents (37%) have reported at least one incident to the ICO in the last 12 months. According to analysis of ICO data, 60% of security-related personal data breach incidents in the first six months of 2019 were caused by human error. Pepper adds: “The majority of respondents (96%) acknowledged their organisation has made investments in GDPR compliance in the last 12 months, with implementing new processes the most common top priority. Yet despite this, we continue to see data breach incidents being reported and we know from the ICO that the primary cause is human error – so clearly strategies need to shift if we are going to turn the tide against data breaches.” Latest advances in security and DLP technology “Reliance on people to follow processes and protect data is only going to get organisations so far: people are always going to make mistakes or behave unexpectedly, and more must be done to provide a safety net that protects sensitive information.” GDPR is here to stay, and we’re only going to see more companies penalised for data breaches" “It’s positive to see that almost one-fifth (17%) of respondents are looking to technology as a way to mitigate breaches, but they must ensure these solutions tackle human error as the root causes of many of these incidents.” “They must look to the latest advances in security and DLP technology that can map a user’s behaviour to prevent the array of mistakes that put data at risk – from falling for phishing attacks that can lead to malware or stolen credentials, to misdirecting emails or attaching the wrong documents. GDPR is here to stay, and we’re only going to see more companies penalised for data breaches unless we’re able to overcome these issues.”

In the two years since the formation of the National Cyber Security Strategy (NCSS) there has been a significant increase in the threat of cyber-attacks from hostile nation states and cyber criminals. Despite this, studies consistently report that the skills gap in the Cyber Security sector is growing. In fact, the NCSS reports that more than half of all businesses and charities (54%) have a basic technical cyber security skills gap, falling to 18% in public sector organisations. With this in mind, Cyber Security Connect UK (CSCUK), the conference and industry forum for CISOs, is calling for government and the industry to work together to tackle what is fast becoming a potential crisis situation. Pool of talented people The threat from cyber-attacks is on the rise, already costing British business billions each year" Jim Griffiths, head of information security at Kier Group and member of CSCUK’s steering committee, comments: “The threat from cyber-attacks is on the rise, already costing British business billions each year. While this is the case, our readiness to deal with such situations depletes only further as the gap between our requirements and the pool of talented people available to fulfil roles such as that of the CISO grows larger.” “The challenge we face is not a simple one, we not only need to attract more people to our industry, but we also need to attract a rich and diverse skillset, able to deal with the various requirements of cyber security in all sectors.” Mitigating the increased risk of cyber-attacks “This is a skill set which will need to evolve quickly too, as technology advances and the talents of cyber criminals develop also. While significant steps have been taken to begin tackling this issue, it’s clear more needs to be done, and quickly.” In order for more significant progress to be made, industry must work collaboratively with government" “In order for more significant progress to be made, industry must work collaboratively with government to attract talent to the industry, retain said talent and educate and nurture it so those we do have in place can operate effectively and efficiently. Only by working together can we address the skills shortage quickly enough that the UK stays resilient and mitigates the increased risk of cyber-attacks.” Developing the next generation of cyber talent During CSCUK 2019 there will be a discussion covering the subject of developing the next generation of cyber talent with figures from the cyber security industry. CSCUK takes place in Monaco from 13-15 November and brings together more than 300 top-level cyber security professionals. It is organised by the same team that produces the market-leading Les Assises de la Sécurité conference and offers a unique opportunity for delegates who participate in an insightful programme, with expert roundtables and partner workshops.

RTI, a global pioneer in control and automation, announced the promotion of Vincent Bova to the position of Director of Dealer Experience. Bova has earned the new role by ensuring an exceptional experience for the company's dealers through robust training programs, superior technical support, and project design assistance. Bova has extensive experience in the CI industry, having owned an integration business for over 12 years, where, in addition to doing installations of his own, he became a programming resource for other dealers. Joining RTI in 2017 as the Dealer Experience Manager for the Eastern region, Bova was instrumental in developing the new RTIXCEL training program, including a state-of-the-art online learning management system, online webinars, and the successful three-day headquarter training. "With his extensive knowledge of the CI industry and passion for supporting dealers, it's no surprise that Vincent has made a huge impact at RTI since joining our team," said Ed McConaghay, CEO, RTI. "His contributions to our Dealer Experience initiative and RTIXCEL training program have been invaluable to their success, and we're thrilled to recognise his leadership with this promotion to Director of Dealer Experience."

STANLEY Security, an integrator of comprehensive security solutions, announces its extensive presence at the upcoming 2019 Global Security Exchange (GSX) conference, taking place September 8-12 in Chicago. STANLEY Security’s 2,000-square-foot booth will offer various interactive experiences, including demo kiosks and a mega screen featuring industry-specific security solutions. GSX, hosted by ASIS International, brings together security professionals from all vertical markets to network, learn and reinvest in the industry. The conference offers education tracks for every security professional and an exhibit hall showcasing the full spectrum of security solutions. Providing security solutions Every industry is taking a hard look at how to protect against physical and cybersecurity threats" At STANLEY Security’s booth 903, attendees will have the opportunity to preview the latest solutions and technologies designed to alleviate some of the biggest security challenges facing businesses today. “Every industry is taking a hard look at how to protect against physical and cybersecurity threats,” said Kyle Gordon, vice president of sales and marketing at STANLEY Security. “It’s our responsibility to help customers address those challenges, which is why we provide data-driven security solutions that can help prevent and mitigate significant risks for their businesses.” Demo kiosks at STANLEY Security’s booth will include: IntelAssure Professional Services Cloud Access Control TRENDS Global Customer Portal Sonitrol

In 2017, IoT-based cyberattacks increased by 600%. As the industry moves towards the mass adoption of interconnected physical security devices, end users have found a plethora of advantages, broadening the scope of traditional video surveillance solutions beyond simple safety measures. Thanks in part to these recent advancements, our physical solutions are at a higher risk than ever before. With today’s ever evolving digital landscape and the increasing complexity of physical and cyber-attacks, it’s imperative to take specific precautions to combat these threats. Video surveillance systems Cybersecurity is not usually the first concern to come to mind When you think of a video surveillance system, cybersecurity is not usually the first concern to come to mind, since digital threats are usually thought of as separate from physical security. Unfortunately, these two are becoming increasingly intertwined as intruders continue to use inventive methods in order to access an organisation's assets. Hacks and data breaches are among the top cyber concerns, but many overlook the fact that weak cybersecurity practices can lead to physical danger as well. Organisations that deploy video surveillance devices paired with advanced analytics programs often leave themselves vulnerable to a breach without even realising it. While they may be intelligent, IoT devices are soft targets that cybercriminals and hackers can easily exploit, crippling a physical security system from the inside out. Physical security manufacturers Whether looking to simply gain access to internal data, or paralyse a system prior to a physical attack, allowing hackers easy access to surveillance systems can only end poorly. In order to stay competitive, manufacturers within the security industry are trading in their traditional analogue technology and moving towards interconnected devices. Due to this, security can no longer be solely focused on the physical elements and end users have taken note. The first step towards more secured solutions starts with physical security manufacturers choosing to make cybersecurity a priority for all products, from endpoint to edge and beyond. Gone are the days of end users underestimating the importance of reliability within their solutions. Manufacturers that choose to invest time and research into the development of cyber-hardening will be ahead of the curve and an asset to all. Wireless communication systems Integrators also become complicit in any issues that may arise in the future Aside from simply making the commitment to improve cyber hygiene, there are solid steps that manufacturers can take. One simple action is incorporating tools and features into devices that allow end users to more easily configure their cyber protection settings. Similarly, working with a third party to perform penetration testing on products can help to ensure the backend security of IoT devices. This gives customers peace of mind and manufacturers a competitive edge. While deficient cybersecurity standards can reflect poorly on manufacturers by installing vulnerable devices on a network, integrators also become complicit in any issues that may arise in the future. Just last year, ADT was forced to settle a $16 million class action lawsuit when the company installed an unencrypted wireless communication system that rendered an organisation open to hacks. Cybersecurity services In addition, we’ve all heard of the bans, taxes and tariffs the U.S. government has recently put on certain manufacturers, depending on their country of origin and cybersecurity practices. Lawsuits aside, employing proper cybersecurity standards can give integrators a competitive advantage. With the proliferation of hacks, malware, and ransomware, integrators that can ease their client's cyber-woes are already a step ahead. By choosing to work with cybersecurity-focused manufacturers who provide clients with vulnerability testing and educate end users on best practices, integrators can not only thrive but find new sources of RMR. Education, collaboration and participation are three pillars when tackling cybersecurity from all angles. For dealers and integrators who have yet to add cybersecurity services to their business portfolios, scouting out a strategic IT partner could be the answer. Unlocking countless opportunities Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step Physical security integrators who feel uncomfortable diving headfirst into the digital realm may find that strategically aligning themselves with an IT or cyber firm will unlock countless opportunities. By opening the door to a partnership with an IT-focused firm, integrators receive the benefit of cybersecurity insight on future projects and a new source of RMR through continued consulting with current customers. In exchange, the IT firm gains a new source of clients in an industry otherwise untapped. This is a win for all those involved. While manufacturers, dealers and integrators play a large part in the cybersecurity of physical systems, end users also play a crucial role. Becoming educated on the topic of cybersecurity and its importance for an organisation is the first step. Commonplace cybersecurity standards Below is a list of commonplace cybersecurity standards that all organisations should work to implement for the protection of their own video surveillance solutions: Always keep camera firmware up to date for the latest cyber protections. Change default passwords, especially those of admins, to keep the system locked to outside users. Create different user groups with separate rights to ensure all users have only the permissions they need. Set an encryption key for surveillance recordings to safeguard footage against intruders and prevent hackers from accessing a system through a backdoor. Enable notifications, whether for error codes or storage failures, to keep up to date with all systems happenings. Create/configure an OpenVPN connection for secured remote access. Check the web server log on a regular basis to see who is accessing the system. Ensure that web crawling is forbidden to prevent images or data found on your device from being made searchable. Avoid exposing devices to the internet unless strictly necessary to reduce the risk of attacks.

Last week, the Schedule 84 Suppliers Research Panel participated in reviewing the 2018 contracting year with the GSA Schedule 84 leadership team. Our panel group consists of experienced contractors and consultants meeting for a monthly conference call. Schedule 84 is the GSA Schedules Contract for Total Solutions for Law Enforcement, Security, Facilities Management, Fire and Rescue. Our opinions are part of a research programme to provide valuable feedback to the GSA Schedule 84 programme and on to the GSA central office. The director of GSA Region 7 Schedules Program, the Schedule 84 Branch Chief and the Category Manager Subject Matter Expert who manages our suppliers' panel gave us their full attention as we discussed the successes of the programme, hot topics, problems and the future. We determined 2018 under the Schedule 84 team to be a year of innovative thoughts, cooperative effort and renewed enthusiasm Innovative review team We determined 2018 under the Schedule 84 team to be a year of innovative thoughts, cooperative effort, renewed enthusiasm and productive changes building upon the successes of 2017. There was high praise for the accessibility to the Schedule 84 staff. Their consistent quick response to questions and concerns, thinking outside the box and supporting the programme by partnering with their contractors was much appreciated. There has been a renewed spirit of partnering to cooperatively bring the best to agency customers. It seems to be working as per the Centre Director sales are growing for GSA Schedule 84. Advocating for the security industry In my experience, business development starts with the Administrator from Region 7 in Ft. Worth, TX. As the annual Schedule 84 Industry Day at the SSAC begins he is shaking every hand and passing out his cards looking folks right in the eye asking, “how can I help you?” They have the best practices and most organised paperwork. The SSAC director has chosen well in her staff and is hands-on in every endeavour to direct things along when challenges occur or to improve the programme. The new 84 Branch Chief is knowledgeable, innovative, tireless and has been heavily involved in advocating for the security industry It continues with the centre’s CASE Manager encouraging the contractors at events, visiting agency customers and promoting the GSA Schedules Program by helping coordinate the partnering. The new 84 Branch Chief is knowledgeable, innovative, tireless and has been heavily involved in advocating for the security industry for adding new technology, meeting with industry associations, understanding the complexity and challenges of Homeland Security Presidential Directive 12 (HSPD12) and advocating for the purchasing Physical Access Control Systems (PACS) utilising the appropriate standards and the GSA Program among other innovations. As far as the supplier panel, we gave our GSA Schedule 84 team and leaders high praise for 2018. GSA also added new categories or SINs for clearly identifying Physical Access Control Products that appear on GSA’s Approved Product List Changes in the GSA programme Some changes this year in certain GSA programmes included the creation of a new category of products/services Special Item Number (SIN) for Order Level Materials (OLM) developed to assist with solution procurements. This new SIN was added to Schedules 03FAC, 56, 70, 71, 00Corp, 738X and 84. Under Schedule 84 it is SIN 84-500. GSA Schedule 84 consolidated many Special Items Numbers (SINs) to make finding products and services less complex Essentially this SIN allows agencies procuring under the aforementioned GSA Schedules’ programmes to purchase and the contractor to add items and services not known prior to the task as a Contract Line Item Number (CLIN) not to exceed 33% of the order. For more information and FAQs on OLMs go to www.gsa.gov/olm. This is not to take the place of “Open Market” items for adding products only that are not listed on a company’s GSA Contract. Physical access control products Previously, GSA Schedule 84 consolidated many Special Items Numbers (SINs) to make finding products and services less complex for the agencies. GSA also added new categories or SINs for clearly identifying Physical Access Control Products that appear on GSA’s Approved Product List according to the standards created under FIPS201. These products appear under SIN 246 35-7 after being tested and approved by GSA. To be qualified to install these products under the GSA Program at least one individual from the GSA Contractor company must complete the class and be CSEIP certified before applying for labour SIN 246 60-5. Additionally, the company must demonstrate certain qualifications and have past performance for this type of work. The Security Technology Alliance offers the training class and certification. Certified individuals and approved products are listed at www.idmanagement.gov. Companies listed with SIN 246-35 7 and SIN 246-60 5 may be found by searching at www.gsaelibrary.gsa.gov. Updates to guidance for procurement Updates to guidance for procurement of PACS will continue to be posted to the GSA PACS Ordering Guide Updates to guidance for procurement of PACS will continue to be posted to the GSA PACS Ordering Guide. The ordering guide posted at www.gsa.gov/firesecurity is a valuable support tool created to assist agencies with understanding the requirements of FIPS201 and procuring a PACS. The guide includes relevant regulations, FAQs, sample systems designs, sample statements of work, a list of key points of contract for additional help and questions. In partnership with GSA and guided by the GSA Ombudsman group, the Security Industry Association and the Security Technology Alliance members and their contractor companies participated in a GSA Reverse Industry PACS Training Day on September 17, 2018. We presented from an industry perspective important fact on PACS system requirements, procurement planning, providing information on resources and further educating with panel discussions, individual presentations and amusing skits to over 300 Government agency staff and acquisition specialists. You can find some of the unedited recording of the PACS Reverse Industry Day Training on YouTube. Some changes included the creation of a new category of products/services Special Item Number (SIN) for Order Level Materials (OLM)  GSA Schedules Program A hot topic about the GSA programme for 2018 was also an issue for the prior year. The GSA Schedules Program is a streamlined contracting vehicle incorporating specific Federal Acquisition Regulations for more efficiently purchasing commercial items. Companies may apply per a continuous open season for a 5-year contract with three 5-year options to renew. Contractors are vetted for past performance, corporate experience and financial capability. Products and services are considered for offering to Federal, State and Local customers (for Schedule 84) with pricing that is determined to be fair and reasonable through negotiations with GSA. To make the determination for fair and reasonable pricing GSA carefully reviews the commercial practices of the contractor To make the determination for fair and reasonable pricing GSA carefully reviews the commercial practices of the contractor as well as the competition of identical or similar item pricing. The most vocal complaint of concern from the contractors was regarding the consideration of competitor contractors offering identical items with out-of-date pricing or holding a Letter of Supply not authorised by the manufacturer. GSA pricing tool Since the GSA utilises a pricing tool to determine if the pricing offered is competitive, a rogue competitor can cause a pricing action to possibly be rejected due to out of date information even as the manufacturer offers an update of the product. This is an issue on all GSA Contracts that the supplier panel hopes will be reconsidered by GSA policymakers at the central office. Most of us believe the Letters of Supply should only be issued by the manufacturer or with documented specific permission of the manufacturer to a reseller. Manufacturers may want to have a better understanding of the Letter of Supply, how it is considered by GSA and more carefully choose their Government partners for experience and compliance. Another challenge for the security community is regarding the lack of accessibility of participating dealers to GSA eBuy Overcoming challenges for the security community Contractors may only see RFQs which are posted under the Special items Number(s) that were awarded to their GSA Contract Another challenge for the security community is regarding the lack of accessibility of participating dealers to GSA eBuy. GSA eBuy is an online Request for Quotation (RFQ) programme that is for GSA Contract holders only. Agencies will post their requirements by Special Item Number for at a minimum 48 hours. Contractors may only see RFQs which are posted under the Special items Number(s) that were awarded to their GSA Contract. GSA Participating Dealers may take orders on behalf of a manufacturer if they are authorised under the manufacturer’s GSA Contract. They may also have an online PO Portal to receive orders. But they have no access to GSA eBuy to response to RFQs. Usually, under these arrangements, the manufacturers do not respond directly, so there is a problem using GSA eBuy for opportunities as their GSA Participating Dealers have no access to respond. GSA Schedule 84 leadership In some instances, a contracting officer may allow an emailed quotation. However, with the use of the electronic ordering system, this has become a common problem we hope to bring to the attention of policymakers. Some changes to the programmes may make the presentation of documentation more effective going forwardThe GSA Schedule 84 leadership has been helpful to explain the challenges to the agencies to try and resolve such issues. So, what’s up for 2019? GSA modernisation is coming. There will be improvements to their tools and more consolidations of SINs and more. There have been discussions of a revival of the GSA Expo. The Expo offered training for contracting staff both Government and private industry. Valuable tools for vendor training Equally important is the networking, meetings and the exhibits of the contractors. Expos have been discontinued since 2012 but smaller events have been growing as well as online webinar training. Webinars are valuable tools for GSA and vendor training, but they do not take the place of being able to meet your customers face-to-face. GSA online eOffer and eMod programme have made processing actions more efficient. Some changes to the programmes may make the presentation of documentation more effective going forward. The GSA online website for viewing the items on the GSA Contract and for purchasing items, GSA Advantage could definitely use an update as it has been basically the same for 20 years. Keep an eye on GSA Interact for the latest happenings with GSA.

PenTesting, also known as “ethical hacking” or “white-hat hacking,” has always been viewed as the “sexy” side of cybersecurity, a task that is far more exciting than monitoring systems for intrusions, shoring up defenses, or performing compliance audits. Numerous security conferences are devoted to the fine art of attempting to hack into systems – with an owner’s full knowledge and permission – and reporting on the results. At an organisational level within businesses, they also value PenTesting under the premise that it allows them to identify security vulnerabilities before cyber criminals can. There are some regulatory requirements like PCI-DSS that require penetration assessments as part of their PCI compliance. However, many organisations have come to over-rely on PenTesting, thinking that if all the issues were identified in a PenTest, they’re good to go. Not only is this not helping them improve their security posture, it is also leaving them with a false sense of security. A penetration test is a simulated, live attack on your environment by a white-hat hacker What is PenTesting? A penetration test is a simulated, live attack on your environment by a white-hat hacker, customised to address specific problem areas, such as web-based applications, mobile applications and infrastructure services like border VPNs and firewalls. The PenTest may include different types of attacks based on the requested scope from an organisation so that the tester attempts to come at each system from all sides, the way a cyber-criminal would. The goal is to identify which systems and data the tester was able to access and how an organisation can address the vulnerabilities that allowed them to get in. The limitations of PenTesting There is great value in performing periodic PenTests, which is why PCI DSS and other security standards mandate them. However, PenTesting has three significant limitations: PenTesting does not provide solutions Let’s be honest: No one likes reading technical reports, but typically, that's the only deliverable provided by a PenTester. The value of a PenTesting report varies wildly based on the scope of the testing, the PenTester’s technical expertise and their writing ability. The tester may miss some things, or not clearly convey their findings. Additionally, a PenTest is a snapshot in time and the PenTester could miss changes in the systems, configurations, attack vectors and application environments. Even if your system “passes” a PenTest, will it crumble in the face of a brand new, more powerful attack vector that emerges a week later? The worst type of “PenTest report” consist of an analyst producing nothing more than the results of a vulnerability scan. Even if the PenTester produces a well-written, comprehensive report filled with valuable, actionable information, it’s up to your organisation to take the action, which leads to the next limitation of PenTesting. The value of a PenTesting report varies wildly based on the scope of the testing, the PenTester’s technical expertise and their writing ability PenTesters only exploit vulnerabilities and do not promote change PenTesting does not highlight the missing links in your organisation's technology stack that could help you address your security vulnerabilities. This is often in the guise of being agnostic to the technologies that exist because their expertise is only offensive security – unless, of course, the performing company has “magic software” to sell you. PenTests also do not help to develop your organisational processes. Additionally, they do not ensure that your employees have the knowledge and training needed to treat the identified fixes. Worst of all, if your in-house expertise is limited, any security issues that are identified during a PenTest aren't validated, which leads to a misrepresentation of their magnitude and severity while giving your team a false sense of security. PenTesters are self-serving Too often, PenTesting pits the assessment team against the organisation; the goal of the assessment team is to find the best way to "shame" the business into remediation, purchasing the testing company’s “magic software”, then call it a day. Once the PenTesters find, for example, a privilege escalation or a way to breach PII, they stop looking for other issues. The testers then celebrate the success of finding a single “flag”. In the meantime, the business is left in a precarious situation, since other unidentified issues may be lurking within their systems. Shifting the paradigm of PenTesting The goal of PenTesters is to find the best way to "shame" the business into purchasing the testing company’s “magic software”, then call it a day Penetration testing can uncover critical security vulnerabilities, but it also has significant limitations and it’s not a replacement for continuous security monitoring and testing. This is not to say that all PenTesting is bad. PenTesting should be integrated into a comprehensive threat and vulnerability management programme so that identified issues are addressed. The purpose of a mature vulnerability management programme is to identify, treat and monitor any identified vulnerabilities over its lifecycle. Vulnerability management programme Additionally, a vulnerability management programme requires the multiple teams within an organisation to develop and execute on the remediation plan to address the vulnerability. A mature threat and vulnerability management plan takes time and is helpful to partner with a managed security services provider (MSSP) to help you in the following areas: Improve your cyber-risk management program so that you can identify and efficiently address vulnerabilities in your infrastructure, applications and other parts within your organisation’s ecosystem on a continuous basis; Perform retests to validate any problems identified through a vulnerability scan or a PenTest assessment; Ensure that your in-house staff has the knowledge, skills and tools they need to respond to incidents. Cyber risk management and remediation is a "team sport." While periodic testing conducted by an external consultant satisfies compliance requirements, it is not a replacement for continuous in-house monitoring and testing. To ensure that your systems are secure, you must find a partner who not only performs PenTesting but also has the engineering and development experience to assist you in fixing these types of complex problems in a cost-effective manner and ensuring that your systems are hardened against tomorrow’s attacks.

While security salesmen are touting megapixels and anti-passback features, they are missing an opportunity to communicate the role of technology in the broader context of risk management and incident response – and in saving lives. That’s the message of Gerald Wilkins, PSP, Vice President of Active Risk Survival. Incident response is at the core of how an enterprise reacts to risk and is a standardised approach to the command, control, and coordination of emergency response. Effective incident response requires integrating a combination of facilities, equipment, personnel, procedures, and communications operating within a common organisational structure. All the elements must work together to achieve the desired outcome – to mitigate a risk using countermeasures. Capabilities of systems during emergencies I want to see us have more meaningful conversations with security directors and emergency operations planners"Equipment such as CCTV, access control and mass notification systems can provide effective countermeasures, but salesmen in the physical security market are not ‘connecting the dots’ between equipment specifications and its capabilities as part of the broader incident command system. “Historically, purchases of security technologies have not been considered in that context,” says Wilkins. “Rather, the industry’s sales pitches have been about features and capabilities – pixels or communication distances or intelligence – not about how those capabilities are useful in the specific context of emergency response.” “My goal is to change the industry,” says Wilkins. “I want to see us have more meaningful conversations with security directors and emergency operations planners.” Focusing on the Emergency Operations Plan “We are in the life safety business, and we need to have more conversations about where technology fits into the Emergency Operations Plan (EOP). When was the last time you [as a security salesman] asked a client to look at their Emergency Operations Plan? No one knows the technology better than we do.” What’s missing, however, is attention to how technology is applied to risk management and response“There are so many folks in our industry who are technology gurus, who ‘get’ the technology, and are good at selling it,” he says. What’s missing, however, is attention to how technology is applied to risk management and response. “As an industry, even guys who have been in the business a long time have never heard about incident command,” says Wilkins. “How are we weaponising technology to maximise the outcome? We don’t talk about it. We want to talk about megapixels and wide dynamic range. But when are we going to talk about how we can apply that technology to mitigate our tangible and intangible risks?” Importance of security equipment In the wake of each active shooter or other incident in the news, Wilkins looks back to consider the missed opportunities and how security equipment could have saved lives. “What technology did we have to help first responders – video, access control and paging – but they weren’t used?” he asks. An example is the San Bernandino shooting in 2015, when police officers were heard asking “has anybody found that access control card?” In effect, a law enforcement officer was asking for technology that should have been included as part of the emergency plan. Situational awareness, such as that provided by video systems, can help responders judge which areas are safe fasterSituational awareness, such as that provided by video systems, can help responders judge which areas are safe faster and provide Emergency Medical Services (EMS) personnel more time to save lives. However, video is not being viewed in that light as a part of the broader life-saving mission. “Our industry needs to sit down with a security director or operations manager and ask: How are you using technology as a resource tool that will become part of your critical response?” says Wilkins. Understanding how equipment works Technology is often not being incorporated in emergency planning, even with something as simple as a fire drill. Most fire drills are ‘one size fits all’ – every person knows where they should go and how they should exit. But what if there is a fire in a particular part of the building? Today’s fire alarms operate in zones to communicate the location of a fire, but this capability is not being used to practice a variety of resulting scenarios that could save lives.  “We need to understand as an industry how our partners in law enforcement and EMS do their jobs,” says Wilkins. “We can help stakeholders in a building understand how our equipment works every day and how they can use it in a critical incident. We need to understand Emergency Operations Plans (EOPs), how incident command works, and how we can help emergency responders.” Security training for salespeople I want to know everything I can know to help guys sell things that can change the outcome if something bad happens"“If a guy wants to talk about his pixels or his anti-passback, he should instead consider having a meaningful conversation with the client about best practices and how to mitigate risk. This creates a different position [for the salesman], and if there is a critical incident, something you said or did might save someone’s life.” When it comes to training and taking a more strategic approach to sales, to some extent, the security technology industry has been a victim of its own success. When business is good, security companies are less likely to look for ways to train their salespeople. “We’re in the life safety business, not in the ‘stuff’ business,” says Wilkins. “I want to know everything I can know to help guys sell things that can actually change the outcome if something bad happens.” Another problem is “we don’t know what we don’t know.”

As physical security systems increasingly resemble the architecture of an IT (information technology) network, the cybersecurity risks are increasing. Sometimes hacks in physical security go unrecognised because of poor detection. Here's part two of our Cybersecurity series.  Going forward, the physical security industry should adopt the same principles as the information security market, embracing new elements such as risk assessment and certifications. A change in culture is needed to align and embrace cybersecurity and make necessary improvements, says Terry Gold of D6 Research. Independent testing and access control There are signs of progress. Increasingly, access control systems today are designed to be more cyber-resilient and are tested extensively to discover and address any vulnerabilities. Data capture form to appear here! For example, the latest version of Tyco’s C-Cure 9000 undergoes independent testing to discover and address any critical vulnerabilities, and new firmware and software updates are tested to ensure they do not open any ‘back doors.’ Tyco’s Cyber Protection Program is part of the company’s ‘holistic approach’ to supplying customers with quality solutions. If cybersecurity is managed properly, the new wave of access control systems are as secure as previous systems. In some cases, more secure. For example, the new generation of smart cards, such as MiFARE DesFIRE EV1 or EV2 and HID iCLASS SEOS, use protocols that are much safer than the last generation Wiegand systems. New secure protocols such as OSDP version 2 are a better alternative to Wiegand. The new wave of access control systems are more secure than previous systems and use protocols that are much safer than the last generation Protocols for wireless electronic locks Wireless electronic locks use security protocols such as encryption and authentication that prevent cybercriminals from accessing the network to get data and intercept commands. In short, the information in an IP-based access control system is at no greater risk than any other information being transmitted over the network, as long as smart decisions are made on how systems are connected and data is transmitted and stored. Standards are one approach to ensure a minimum level of cybersecurity for physical security products and systems. For example, Underwriters Laboratories (UL) seeks to work with manufacturers to up their game on cybersecurity and to certify compliance to a minimum level of cybersecurity ‘hygiene.’ Requirements for software cybersecurity The UL Cybersecurity Assurance Program (CAP) has developed the UL 2900-1 standard, which offers General Requirements for Software Cybersecurity for Network-Connectable Products. It was published in 2016 and in July 2017 was published as an ANSI (American National Standards Institute) standard. The standard was developed with cooperation from end users such as the Department of Homeland Security (DHS), U.S. National Laboratories, and other industry stakeholders. UL 2900-2-3 – the standard that focuses on electronic physical security/Life Safety & Security industry, was published in September 2017. Cybersecurity should be an element in physical security as the risk for data to be physically removed from a building is greater than ever Physical security integral to cybersecurity Not only should cybersecurity be an element in physical security, the reverse is also true: Physical security should be seen as integral to cybersecurity. Looking at the intersection of cybersecurity and physical security from this opposite angle uncovers a world of opportunity to make the enterprise safer. Physical risks to cybersecurity include insider and outsider threats, poor or non-existent screening, and the presence of a seemingly innocent personal item. Off-the-shelf devices such as SD cards, external hard drives, audio recorder and even smart phones can be used to transport audio, video and/or computer data into and out of a building. For the private and public sectors, the risk for data to be physically removed from a building is greater than ever, and physical security systems can protect against this vulnerability. Missed part one of our Cybersecurity series? Click here. Part three, coming soon.

Newly modernised halls with lots of daylight will house hundreds of exhibitions and conference events at the upcoming Security Essen 2018 at Messe Essen, Germany. A new layout and hall numbering system will be unfamiliar to past attendees but promises to simplify the experience as it brings together attendees and exhibitors. European physical security market Security Essen is an international trade fair, but the emphasis is more on German, Austrian and Swiss companies. In all, Security Essen will feature 1,000 exhibitors from 40 nations. The trade fair has more of a continental European “flavour” compared to IFSEC, which focuses more on the U.K market. At the last Security Essen in 2016, organisers reported about 40,000 visitors including conference participants, VIP guests, members of various delegations and journalists. Security Essen 2018 has more of a continental European “flavour” compared to IFSEC, which focuses more on the U.K market  “This year, we have sharpened the profile of Security Essen,” says Oliver P. Kuhrt, CEO of Messe Essen, a trade fair, congress and event organiser with its own exhibition grounds. “The trade fair has become considerably more digital, more modern and more interactive. Due to the optimised hall layout, we are offering our exhibitors and visitors the best possible experience with short paths and direct communication.” Newly modernised Messe Essen The newly modernised site of Security Essen will encompass eight halls, newly renumbered and with the subject areas reorganised, too. Visitors will find Services in Hall 1; Access, Mechanatronics, Mechanics and Systems in Halls 2 and 3 and the Galeria; Perimeter Protection in Hall 3; Video in Halls 5 and 7; and Fire, Intrusion and Systems in Halls 6 and 7. A helpful smart phone app, downloadable free from the Google Play Store (Android) or the Apple App Store (iOS), will be available two weeks before the event and include a show floor plan; the exhibitor list with booth numbers and contact information; and an overview of the supporting programme. A separate hall – Hall 8 – will house new Cyber Security and Economic Security categories. Cyber Security Conference At the new Cyber Security Conference, located prominently at the new East Entrance, experts will share their knowledge about the more pressing challenges and potential of cybersecurity. The programme opens and closes on 25 and 28 September with the main topic “Opportunities and Risks of Cyber Security”. On 26 September, discussions and lectures will centre on “Entry, Admission, Access: Identification Options”.A helpful smart phone app, downloadable free will be available two weeks before the event and include a show floor plan On 27 September, the topic will be smart homes and focus on “Connected Building, Security in the Buildings of the Future”. Speakers will include the president of Germany’s Federal Office for Information Security, who will address cybersecurity as a challenge for politics, business and society. The fair organises the conference in cooperation with the BHE Federal Association of Security Technology and the technical support of the Federal Office for Information Security. In Hall 8, a new Public Security Forum will enable visitors to experience digital security technologies for public spaces from the areas of sensors/IoT, cyber security and surveillance. The products and solutions will be installed in four different building scenarios (town hall, school, hospital and library) and it will be possible to test them extensively. The forum, including lectures and discussions, will target municipal decision makers and planners of public spaces. Comprehensive programme A Security Expert Forum in Hall 2 will present a continuous programme with more than 90 presentations during the period of the fair. Visitors will obtain information and solution ideas about all six subject areas covered at the fair, and the programme will begin with a keynote lecture each morning and finish with a live demonstration in the evening. On the first day of the fair (25 September), Security Essen’s Career Forum will introduce retrainees, students, trainees and graduates to companies from the security industry. Targeted and professional communication will be established between companies and job applicants to facilitate making contacts, developing networks, and filling actual vacancies. Thursday (27 September) will be observed as Fire Prevention Day, and a Drone Course will be provided each day in Hall 7. One day admission to Security Essen is €41; a four-day ticket is €105. Advance sale tickets are discounted.

H-Farm has a strong track record supporting innovation and creativity in European start-ups. The company focuses on skills development, new approaches to education and digital transformation. Its most recent transformation project involved an access control system — for its own offices. H-Farm needed a solution to streamline access management for lots of people at a growing portfolio of sites and buildings. H-Farm experiences rapid turnover of users, both because new businesses join regularly and because they organise up to 300 events every year. Battery-powered locks Any new locks would need to extend an existing Axis system, but without adding complexity for day-to-day administration. To meet their needs, H-Farm selected a combination of Aperio® handles, security locks and escutcheons, each easy to retrofit, so day-to-day work at their busy offices would not be disrupted by intrusive installation. So far, 40 Aperio® Online H100 wireless door handles, 6 Aperio® Online L100 wireless locks and 4 Aperio® Online E100 wireless escutcheons have been fitted across multiple H-Farm locations in northern Italy. All Aperio® battery-powered locks are wireless, so no ugly cabling runs to H-Farm’s doors. Because Aperio® offers wide range of battery-powered devices, H-Farm can choose the precise wireless lock for every application: the L100 lock protects doors with high security demands; robust H100 handles suit interior doors with high traffic. Wireless access control Aperio® H100 enables customers to add doors to their access control solution because cost per door is lower H-Farm interior doors are mostly secured with the new Aperio® H100 wireless handle — Intersec’s Access Control Product of the Year in 2018. The Aperio® H100 packs the flexibility and affordability of Aperio® wireless access control into a slim, cleverly designed door handle. Its standard battery slots inside the handle, ensuring a minimal footprint. ASSA ABLOY’s device design team incorporated electronics into the handle lever on the outside of the door, without jeopardising security. Design has become a major feature of the H100’s appeal. H-Farm wanted devices to blend with the contemporary architecture of their new €101m H-Campus development. “Aperio® wireless access control hardware is solid, nice looking and perfectly fits our environment — solving our access problem,” says Alberto Aldrigo at H-Farm. The H100 and other Aperio® devices are easy to install; for the H100, basically two screws complete the job. Going forward, this will enable H-Farm to quickly bring new buildings into the same access system as they expand to fresh locations. The H100 fits around 90% of target doors with two main models: one for left-handled doors, the other right-handed. “The Aperio® H100 also enables customers to add more doors to their access control solution because the cost per door is lower,” says Tania Amico, Aperio® Sales Manager at ASSA ABLOY Italy. Seamless integration H-Farm managers want to control access to site doors, or bring entirely new premises into their access system The open architecture underpinning Aperio® devices enabled easy online integration with their existing Axis system via PRYSM AppControl. Remote operation from a single, central software interface is seamless, which makes administering the system easy. “The PRYSM AppControl software utilizes the integration Axis completed with Aperio®,” says Piergianni Marana, Key Account Manager at Axis. “And the AXIS A1001 Door Controller is based on open hardware, which makes installing and configuring an Aperio® wireless lock easy and seamless.” An Aperio® RS-485 Hub coordinates up to 8 Aperio® locks within a typical range of 15 to 25 meters, communicating with the admin system via the powerful AXIS A1001 IP Network Controller. One AXIS A1001 Door Controller can manage one wired door and one Aperio® hub, up to 9 doors per hub. AES 128-bit encryption ensures communication between lock and system is secure. Online Aperio® integration gives facility managers real-time status information about their premises. Aperio® locks are wireless, so there was no expensive or time-consuming cabling. The AXIS A1001 uses Power over Ethernet (PoE), which eliminates the need for power cables to the controllers, too. If needs change at a facility — perhaps H-Farm managers want to control access to more site doors, or bring entirely new premises into their access system — it’s quick, efficient and easy for an installer to fit Aperio® locks and integrate the doors with the AXIS Entry Manager control panel. To discover whether your existing security system is ready for wireless Aperio® locks, download a free, fast Compatibility Checker at https://campaigns.assaabloyopeningsolutions.eu/aperio-upgrade

PerpetuityARC Training, part of the Linx International Group recently delivers a risk and crisis management workshop for Lafarge Egypt (part of the LafargeHolcim Group) in Cairo. The training provided senior managers from across the organisation with the knowledge and skills needed to manage resources during a crisis and operate within the organisation’s crisis management and compliance framework. The intensive programme was built collaboratively between PerpetuityARC Training and Lafarge Egypt and specifically tailored to its operating environment in the construction materials industry. Achieve successful resolution It was great to see them solving problems in a pressured, but safe environment" In a series of practical and theoretical exercises, Linx International Group Director, Angus Darroch-Warren, assessed and enhanced the ability and confidence of participants to apply their new skills to manage complex and evolving crisis scenarios, each requiring close collaboration between team members, in order to achieve a successful resolution. Security Director at Lafarge, Magdy Khorshid, stated: “The course was amazing, very practical and interesting to all and I received much positive feedback from all learners.” Angus commented: “The Lafarge teams engaged fully with the workshop scenarios. It was great to see them solving problems in a pressured, but safe environment, that allowed them to think through issues and respond using identified resources and procedures.” The workshop is the latest collaboration in a five year relationship between Lafarge Egypt and PerpetuityARC Training. During this time PerpetuityARC Training has delivered its security and risk related courses to employees and stakeholders in Egpyt and the UK.

Surveillance solutions business Synectics develops and delivers a solution to help enhance safety and security monitoring at Nottingham Trent University. With more than 28,000 students and 3,100 staff to protect, surveillance footage at Nottingham Trent University (NTU) is captured by over 1,300 cameras covering the estate of 75 buildings. Each of the university’s three main campuses has a 24/7 control room and its own security team, ensuring that safety measures enable free movement while protecting the community from both external and internal threats. Integrated surveillance solution Synectics deployed a tailored solution based around its Synergy 3 command A progressive development plan, coupled with the need to optimise legacy technology, meant the university required an integrated surveillance solution that would enable teams based at each control room to monitor and manage footage from both IP and analogue cameras, supporting a gradual transition to digital solutions and full-IP ambitions. In one of the UK’s first cloud-based surveillance contracts, and in collaboration with integrator PFS, Synectics deployed a tailored solution based around its Synergy 3 command and control platform to support NTU’s long-term objectives. Interactive camera map Mark Stacey, Security Systems Operational Manager, NTU, said: “Moving the university onto a sophisticated surveillance monitoring platform has significantly improved the provision of student security, saving our team vital minutes in the event of emergencies.” “As well as supporting both analogue and IP inputs, where many solutions on the market do not, Synectics’ Synergy 3 offers impressive functionality and is easy to use. The ability to import an interactive camera map means we can now bring up footage in just seconds, where operators previously had to spend time manually correlating sensor triggers to the relevant cameras – an enhancement that keeps our students safe in real time.” Cloud-based system “Synectics even created a new feature at our request, which enables us to circle an area of the on-screen map and immediately view up to nine local cameras in that zone. Furthermore, opting for a cloud-based system means we don’t have to look after a physical server, freeing up space and our resources.” The system will help us in our mission to provide an ever-safer environment for our students" “Throughout the process, Synectics has gone the distance to deliver, as highlighted by the tailored training sessions provided for the team and its commitment to support us throughout the life of the system. We’re delighted with the results and sure the system will help us in our mission to provide an ever-safer environment for our students.” Future-proof solutions Martin Bonfield, Sales Manager at Synectics, commented: “We passionately believe that command and control systems should be flexible enough to allow for the evolution of customer needs. Only then can you provide seamless, future-proof solutions that improve safety both now and in the long term.” “Working closely with the team at NTU to understand their needs, the Synergy 3 platform has been designed to ensure they have an intuitive system that saves staff-hours and significantly improves incident response times. Nottingham Trent University is nationally recognised, having received the University of the Year award three years in a row. I’m delighted that we’ve provided them with this leading-edge solution, along with support, and ongoing training, to help safeguard their students, staff, and premises.”

Located in the middle of the deep forests of Småland in the south of Sweden, the Strandudden Gated Community has been designed to provide a safe environment for homeowners who wish to enjoy a high quality of life. The first phase of the development has seen the construction of 18 apartments which have stunning lake views. The materials and features of each apartment have been carefully selected to ensure sustainable energy consumption. When the development is completed, over 100 Wisenet cameras manufactured by Hanwha Techwin, will enable security personnel to closely monitor the movements of people and vehicles as they enter and move around the public areas of the gated community. Ensure strict compliance Equally important, the massive processing power of the chipsets of the open platform cameras means that our client is able to run specialist applications" 6 Wisenet cameras were initially installed during the construction of the apartments. These have been used to ensure strict compliance with the site’s healthy & safety regulations and to keep a close eye on valuable plant and machinery. “We evaluated products from a number of different manufacturers, but the superb quality of the images captured by the Wisenet cameras made it a very easy decision for us to recommend that they should be deployed throughout the Community,” said Henrik Carlsson, CCTV Product Manager for Elajo, one of Sweden’s electrical, mechanical, engineering and energy installation companies who were awarded the contract to manage the project. “Equally important, the massive processing power of the chipsets of the open platform cameras means that our client is able to run specialist applications, such as licence plate recognition (ANPR), in order to control vehicle access to the Community.” High quality images The Hanwha Techwin Europe pre-sales and technical teams have worked closely with Elajo to ensure the best camera types have been specified for each of the carefully chosen camera locations. 6 different Wisenet models have been selected to ensure high quality images can be captured day or night and that there are no blind spots. Among these is the Wisenet IP network PNP-9200RH 4K PTZ dome which has built-in IR illumination. The PNP-9200RH, which is IP66 and IK10 rated for vandal-resistance and outdoor use in the harshest environments, utilises Progressive Scan technology to provide sharp edges on moving subjects and vehicles. The PNP-9200RHs which have been installed at the entrance to the Community are equipped with the Wisenet Group ANPR solution which provides the opportunity to automatically control the movement of white listed cars through barriers via camera relay outputs. Drag and drop tool Images from all 100 cameras will be displayed in the Community’s control room via Wisenet WAVE video management software (VMS) Developed by Hanwha Techwin in partnership with analytics experts, FF Group, the solution uses camera-to-camera IP communication technology to enable up to 4 Wisenet Group ANPR cameras to work together, with data from each simultaneously transmitted to a single web based display. Images from all 100 cameras will be displayed in the Community’s control room via Wisenet WAVE video management software (VMS). An intuitive ‘drag & drop’ tool makes it extremely easy for operators to set up a display of live and recorded images on a single screen or video wall, with customisable layouts and sizes. Other key features include a virtual PTZ which, with just simple clicks of a mouse, enables operators to zoom in to see close up detail of any suspicious activity, whilst motion detection and video analytics support can be configured to generate alerts when user defined incidents occur. Auto-discover feature “Wisenet WAVE has proved to be extremely easy to use and it is a significant bonus that, with minimal training, operators are able to take maximum advantage of its wide range of innovative features,” said Henrik Carlsson. “It has also helped reduce installation costs as it has an auto-discover feature which means connected cameras can be addressed and set up within just minutes.” In addition to the images being displayed in the Community’s control room, should an incident occur that needs a rapid response, security personnel on patrol will be able to remotely view any activity via a smartphone or tablet with the help of the secure Wisenet Mobile App. PNP-9200RH: Wisenet P 4K PTZ IR dome camera PNM-9020V: Wisenet P 7.3 megapixel multi-sensor 180˚ Panoramic camera PNV-9080R: Wisenet P 4K Vandal-Resistant IR dome camera PNO-9080R: Wisenet P 4K IR Bullet Camera QND-7080R: Wisenet Q 4 megapixel IR dome camera XNO-6120R/FNP: Wisenet X ANPR camera

With a mission to provide and maintain good quality homes for Blackpool Council’s tenants and leaseholders, BCH has won a number of awards and accreditations for housing, repairs, customer services and community projects. The safety and security of residents is a high priority for BCH, which is why it has used products from STANLEY Products & Solutions for many years. During this time the primary system was made up of a GDX5 door entry system, along with an Indigo 1000 access control system, which were fully integrated. “We have a policy of continual improvement in the service we provide,” explains Anthony Walker, Mechanical & Electrical Officer at BCH. “Although the previous configuration performed well, I was convinced that the business and operational benefits of remote monitoring and the cloud could be utilised by upgrading the Indigo 1000 with a PAC 512 access control system.” Innovative remote monitoring platform The PAC 512 devices control all aspects of two secure doors, with up to two card readers installed as entry and exit readers on each doorAn upgraded system was specified for a BCH site comprising 80 blocks. It utilises the existing GDX5 front panels, which have been integrated with the PAC 512 controllers to create a highly innovative remote monitoring platform that can be accessed via a PC, tablet or smartphone. This is achieved using a general packet radio service (GPRS) platform, which is a faster and cost-effective means of connecting remote sites via a mobile network. It provides an enhanced service over traditional mobile/landline telephone connections and makes administration of the system more flexible. The PAC 512 devices control all aspects of two secure doors, with up to two card readers installed as entry and exit readers on each door. Each door also has a programmable auxiliary input that may be used for alarm system integration, and an auxiliary output that enables a buzzer or strobe to activate when security is breached or a door is left open. Email alerts during equipment failure In the event of communication loss, the PAC 512 allows all local functionality to continue until the server connection is restored, while the system features an auto-dial or email alert program that, in the event of an equipment failure at one of the locations, sends a notification so that the issue can be quickly rectified. In the event of communication loss, the PAC 512 allows all local functionality to continue until the server connection is restoredExplaining the benefits of using PAC 512, Andrew Burton, area sales manager at STANLEY Products & Solutions, says, “The cloud revolution has had a dramatic effect on the physical security equipment industry. Its development into access control technology means that not only can a system be managed remotely, specific personnel can even be granted or denied access to certain areas at different times, making it not only good for security but also for health and safety. “Furthermore, in the event of a theft or antisocial behaviour, it is possible to pinpoint exactly who was where and initiate appropriate action, using the live events and reporting.” Remote diagnostics and servicing BCH can also access information via the PAC Residential Cloud – helping to further enhance its remote monitoring operation. Remote diagnostics, technical issues and servicing can be carried out, and it’s also possible to remotely view status, set and unset a system and access an event log. For instance, if someone loses a key fob, BCH can access their information, carry out an authorisation check, let them into their abode and, if necessary, deactivate the missing device. It also allows the incumbent installer to remotely access the system’s software to physically input any special information such as extended door release times for specific residents. Programming key fobs remotely BCH worked with STANLEY to generate reports which show when a key fob hasn't been used for a specific period of timeWith a number of vulnerable residents, BCH worked with STANLEY Products & Solutions to generate reports which show when a key fob hasn't been used for a specific period of time. Anthony Walker comments, “If the report indicates non-use of a fob, we can take measures to deactivate it, and/or can send someone over to check on the person concerned and, if necessary, notify next of kin or the relevant authorities. “In extreme circumstances, we can also remotely open doors to allow access to the emergency services. Having the ability to immediately and remotely program fobs has been particularly beneficial to our customers who previously would have had to travel to our offices for this to be completed - saving both time and money and making best use of our resources.” Seamless migration to cloud With a large number of residents, each with their own key fobs, Anthony Walker was keen to avoid any disruption during the upgrade and wanted to ensure that the process was achieved as seamlessly as possible. Configuring the physical hardware was helped by the installation team’s existing knowledge of STANLEY Products & Solutions’ technology. On-site training was also provided by experts from STANLEY Products & Solutions and, on the very rare occasion when there was a problem, a full support and advice package was available. The use of the PAC Residential Cloud meant that the migration of tenant fob information into new system was straightforwardInstalling a new access control system can often result in replacing existing key fobs with new ones – not only is this costly and inconvenient but there is also an administrative burden associated with transferring all the information to the new devices. However, all these issues were circumvented, as the use of the PAC Residential Cloud meant that the migration of tenant fob information into new system was straightforward – so much so that tenants didn't even realise any change had taken place. In addition, having access control data in the cloud means that it is always backed up. Enhanced safety and security BCH’s Anthony Walker considers the installation a total success and concludes, “I initiated this upgrade project because I firmly believed that it would improve tenant satisfaction and make our overall operation more efficient.” He further added, “I’m delighted that both of these objectives have been achieved and that STANLEY Products & Solutions’ access control technology has improved security, safety and protection across our estate.”

One of the UK’s top business and management schools, the Bloomsbury Institute, has upgraded its access control capabilities to the award-winning ASSA CLIQ Remote wireless locking technology from ASSA ABLOY, the global leader in door opening solutions. Based in central London and formerly the London School of Business and Management, the Bloomsbury Institute delivers full-time undergraduate and postgraduate courses in business, accounting, finance and law, which are awarded by the University of Northampton. ASSA CLIQ Remote wireless locking technology The Bloomsbury Institute has to contend with a high turnover of students each academic year, as well as any changes to staff. The sheer number of people using the Institute’s buildings meant that its existing mechanical master key system was simply no longer feasible, unable to provide adequate protection for areas that might hold sensitive information, such as exam scripts. As a result, the Bloomsbury Institute needed a flexible access control system that would be easy to maintain, granting secure access to individuals as and when needed, while delivering greater key control too. Electromechanical locking system Providing an easy-to-use electromechanical locking system, the ASSA CLIQ Remote solution uses high-end micro-electronics and programmable keys The answer was ASSA CLIQ Remote, which has been installed throughout the Bloomsbury’s Institute’s 7 Bedford Square teaching site, and selected areas within the institute’s 99 Gower Street building. Providing an easy-to-use electromechanical locking system, the ASSA CLIQ Remote solution uses high-end micro-electronics and programmable keys and cylinders to offer flexible control over access rights. The Bloomsbury Institute can now programme and update each key remotely, removing or granting access privileges for the key holder in real time. This allows only those with the necessary authority to obtain access to private areas without inconveniencing others and removes the security risks associated with lost or stolen keys. Remote Key Access ASSA CLIQ Remote also provides a full audit trail for assured peace of mind and has the functionality to create time-defined user keys, only allowing access to an individual for a specified period. This feature is proving invaluable to the Bloomsbury Institute, which plans to eventually convert all cylinders at its 99 Gower Street site to ASSA CLIQ Remote, as part of its expansion plans. Stephane Middleton, Estates & Facilities Manager at the Bloomsbury Institute, explains: “We are committed to the security and safety of student data, which led us to consider upgrading the mechanical master key system that we previously had in place. Using ASSA CLIQ Remote could not be easier. It is saving us countless hours of key cutting and changing cylinders, while significantly improving our key control.” ASSA CLIQ Remote key for enhanced security When a new employee joins the team, the ASSA CLIQ Remote key is the only one they will need"“When a new employee joins the team, the ASSA CLIQ Remote key is the only one they will need, irrespective of how many rooms they may occupy or how many areas they may need access to during their time with us. In addition, the system provides robust security; if a key is lost or stolen, we can cancel it, safe in the knowledge that we are completely secure.” “The service from ASSA ABLOY has been outstanding. The company really made the effort to understand our business and its requirements. During the implementation phase, ASSA ABLOY provided comprehensive training on how to use the system to all staff that have administration rights, while working with our IT team to ensure the systems’ software is uploaded onto their machines.” High-security physical master key system “The best part of the service has been having a dedicated contact that has been onboard since the start, providing us with new updates, support and guidance. This part of the service is proving to be of great value, filling us with confidence to continue using ASSA ABLOY products in the future. Indeed, as we look to expand the sites we operate in, we envisage that all the cylinders will one day be converted to this system.” Simon Wilson, National Sales Manager for ASSA CLIQ Remote at ASSA ABLOY, said: “Our ASSA CLIQ Remote solution combines all the benefits of access control with a high-security physical master key system. The system was easily retrofitted, meaning there was very little disruption to the university during the installation process, and the institute no longer has to worry about the security concerns that come with a misplaced key. Data security “The fact that ASSA CLIQ Remote also offers the capability to log and provide a record of who has entered and exited an area is helping to ensure rooms that hold confidential papers or sensitive information remain secure.” “We’re delighted to help the Bloomsbury Institute revolutionise its key management systems, delivering greater security, flexibility and key control.”

What is a business, or an industry, but a collection of people and the results of their work? People make all the difference in the destiny of a business or industry. And the people involved in a business reflect the impact of demographic changes – and the passage of time. The security industry has been largely built by Baby Boomers, who are getting older and increasingly stepping aside to make way for younger folks. We asked this week’s Expert Panel Roundtable: Is there a “new generation” of employees and managers entering the physical security marketplace, and what will be the impact?

The retired police officer who takes a cushy job as a security director is almost a cultural cliché. Like any cliché, the idea has roots in the real world, where police departments have often been a rich source of the security industry’s leadership talent. Former military personnel often find their way to the security industry, too, and realise that the familiar elements of discipline and command structure translate well. We wondered about the impact of this historic trend and whether it is changing as the security industry itself evolves. We asked our panel: What effect has the traditional recruitment of corporate and institutional security leaders from the law enforcement and/or military communities had on the security marketplace? Is the tradition changing and why?