SMT Online Web Exclusive

Developers must recognise security as "vital component" of construction process

05 Apr 10

Steve Garton explains to Brian Sims why architects, developers and builders simply must consider on-site security as an integral part of the construction process from the outset.

By Brian Sims

The recent devastating fires at the Green Acre Homes’ building sites in South London have highlighted the need for architects, developers and builders to consider on-site security as an integral part of the construction process.

At Advent IM, there's a firm belief that security must be regarded as a crucial building component from the outset of the design process: only then can fully-effective solutions be installed.

Steve Garton, director at Advent IM, commented: “The recent spate of fires on building sites in Southwark, and the subsequent investigation into any links between them by the Health and Safety Executive, have highlighted the need for independent security consultants to be brought in from the outset of the design process. Working with the architect, developer and site manager from the beginning would allow the consultant to advise on what needs to be defended, and how the building designer can integrate the appropriate security measures seamlessly within the overall design of the building.”

Garton told SMT Online that Advent IM’s own service includes a comprehensive threat assessment that looks at the environmental and criminal risks to a specific building rather than proposing a ‘one size fits all’ solution.

Meeting the exact needs of business

By undergoing a thorough threat analysis, a security solution that meets the exact needs of a business and its location can be designed.

Garton continued: “Prior to any security procedures or equipment being specified and installed, our threat assessment identifies the actual risks to a business through extensive environmental research and liaison with the local police on local criminal activity. This comprehensive assessment allows us to advise our clients on a security solution that is tailored to meet realistic threats, rather than ones that are unlikely to occur, with potentially high installation costs."

Advent IM’s consultants have more than 100 years' experience between them, and work to the industry’s Best Practice guidelines.

The company’s physical threat assessment service includes a logical analysis of potential and existing security infrastructure and its supporting directives and components, including CCTV, access control, lighting, fences and barriers in addition to the standard security guarding elements.

Complex and diverse positions

Garton is also a firm believer that the roles of the facilities manager and risk manager are ever-evolving into much more complex and diverse positions, with responsibilities encompassing multi-disciplinary activities across several different environments.

Particularly in the current climate as companies tighten their budgets and look to restructure their manpower, the facilities manager is increasingly pulled-in to assist other offices and senior management. Together, they must ensure that security measures are considered and appropriately implemented to safeguard an organisation both physically and virtually.

"This transition requires them to have a much greater awareness of security issues, and to be more involved in the delivery of security in all of its forms across an organisation," commented Garton.

Historically, the facilities manager in particular has not been adequately informed for overseeing such security measures, or given the appropriate guidance to implement suitable procedures or technologies to tackle potential threats. This is now a situation that needs to change, particularly with legislation such as the National CCTV Strategy now in place.

"With the advent of enhanced technology, businesses work in different ways. Given that scenario, it has become unclear who should be responsible and held accountable for certain roles. In the past, it has been extremely clear who is responsible for IT security and physical security across an organisation."

Who's responsible? IT or facilities manager?

Now, with processes being conducted differently, this is not the case and raises questions as to whether it should be the IT manager or the facilities manager that is responsible. Facilities managers and security managers now need to jointly agree the security provision, whether it is within the IT Department or as part of the Estates and Facilities Department's managerial remit.

"In this instance, it is useful for a facilities manager to be aware of the security concept as a bare minimum along with the standards that come with physical security compliancy requirements. This reduces the blurring of territory and responsibility, which can leave employees confused, as well as encouraging a better work culture with security raised higher up the business agenda."

Security threats to an organisation can occur from both internal and external sources. The security business is constantly aware of the increased risks associated with the current economic climate and how it could (and probably is) affecting the UK workforce, especially with regards to information assurance and the general protection of assets. It is fair to say, suggests Garton, that the threat from the insider has always posed a significant risk to businesses across the UK and indeed is now a contagious global concern with more disgruntled staff around due to redundancy.

"By working together with IT," continued Garton, "the facilities manager can now ensure that there are procedures in place to restrict disgruntled former employees entering buildings and knowing shortcuts or passwords."

One of the key aspects a facilities manager must recognise is that technology is an enabler of safer systems but not the complete solution. Facilities managers need to manage the working environment to control how technology, information and physical assets are shared and kept safe.

This entails them working far closer with the IT manager to control systems that protect information assurance. These same systems also need a back-up plan to ensure business continuity, so that if a disaster or major disruption occurs that could impact virtual and physical assets, the company will be able to recover and restore partially or completely interrupted critical (urgent) functions in a timely fashion.

Additionally, the physical security of a building is becoming an important part of both the facilities manager and the risk manager’s role with many issues that need to be taken into consideration.

Conducting the threat assessment

The first step these workers should take when considering the physical security of a building is to conduct a threat assessment.

When addressing building security, facilities managers should consider from where the risk initiates. Is it from an outsider looking to force entry or potentially an inside worker with authorised access to the building? Has there been a thorough threat assessment conducted to assess ‘real’ risk to ensure the security design can be based upon analytical findings and not from perception or rumour?

This will pay dividends in the long-term and achieve significant savings during the design phase of any security plan. It is vital that every security design is overseen by an independent security consultancy and sufficient commissioning takes place for sourcing additional security components or systems (e.g. CCTV, access control, intruder detection and lighting).

"There are also a number of compliance documents and guidelines issued by the UK Government that today’s facilities manager should be aware of, recognise and understand," explained Garton. "One of particular note is the Government’s Security Policy Framework, which contains the most recent primary internal protective security policy and guidance on security and risk management for Government departments and associated bodies."

Taking account of BS 7858

Another is BS 7858, the British Standards Institution's Code of Practice which urges employers to screen all individuals who have unescorted access.

"In the current economic climate, fraud and crime will undoubtedly be on the rise both from the inside and out," suggested Garton. "Consequently, it is paramount that each company safeguards themselves from a serious threat: the people. An employee screening process should be conducted for all prospective workers, regardless of their position, in an attempt to confirm legitimacy."

Those facilities managers who are lucky enough to have a source of security expertise in-house should have the capacity to address the physical security issues that affect their building. This is however, not always the case and we know from experience that many facilities managers are seeking expertise in this field on a consultancy basis.

Many security companies are keen to offer a plethora of security products including CCTV and alarms for example, where in reality, fewer products are needed. By handling a comprehensive threat and risk assessment, the type and volume of products will become instinctively clear.

"Facilities managers seeking counsel should request that this security consultant mentor their interests throughout, keeping them abreast of the assessment and of any suggestions to permit a useful and feasible plan of protection. Regular independent reviews are also paramount."

At a corporate level, a well-structured physical security plan contributes to the delivery of strategic and operational objectives. Further to this, on a day-to day level effective facilities management provides a safe and efficient working environment, which is essential to the performance of any business – whatever its size or role.

Focus on protective security management

Advent IM is an independent specialist consultancy focusing on protective security management solutions for information, people and physical assets, across both the public and private sectors. Established in 2002, Advent IM is a Centre of Excellence for protective security services, promoting the benefits of Best Practice guidelines and standards and the need to address risk management to protect against potential threats.

From their offices in London and the Midlands, the company's consultants work nationwide and are members of the Institute of Information Security Professionals (IISP) and The Security Institute (SyI).

Advent IM is a sponsor of the CESG Listed Advisor Scheme (CLAS), a member of the Business Continuity Institute and British Computer Society – The Information Security Specialist Group (ISSG) Forum and part of the Associate Consultant Programme (ACP) for the British Standards Institution (BSI).

The company boasts CLAS consultants, lead auditors for the international standard for information security management (ISO 27001), practitioners of PRINCE2 (a recognised project management methodology widely used within the public sector), Home Office-trained physical security assessors and ex-Intelligence Corps personnel.