printer friendly version

The power of business intelligence

Kevin Buret, MD of SUKEMA Integrated Solutions voices his views on the importance of integrating all your security technology to derive business intelligence.

When picking up literally any security related article or magazine these days, one is immediately faced with a huge amount of information and adverts regarding technology, from CCTV systems, biometrics, access control to virtually any other technological device known to man.

In today's climate of 'out of control crime', the focus seems to be directed at implementing as much technology as budgets can afford in an effort to monitor and respond to potential unwanted situations. This is not only prevalent in security, but also areas such as health and safety, maintenance, environmental and many others. We have enough technology available to meet just about any requirement, and that is just where the problem starts. Many companies and individuals seem to think that throwing technology at a problem is the answer to all their prayers. However, many seem to have forgotten the fundamentals and principles involved in implementing these mechanisms, and overlook the soft issues.

Over the past 25 years in technology, I have witnessed more unsuccessful attempts at deploying systems and technologies than I can remember. And, in most cases, there was nothing wrong with the technology itself. The systems and technologies in general were good, but the processes, buy-in from stakeholders and project management behind these implementations was poor. And then of course there is the proverbial bakkie brigade who are all technology experts who undercut everyone in order to get the contract. Sound familiar?

Needless to say, six months later (if the system ever worked at all) the system does not function as you thought it would, the people who were trained to use the system have long since left the company, nobody knows how to use the system, and before long, you have another white elephant in the corner that has cost you an arm and a leg. And to top it all, the board of directors wants results! Sound familiar too? When are we going to get wise to these pitfalls and stop dealing with the cheapest quote available and implementing systems without a proper vision and strategy as to what it is we are expecting from the system?

One would think it obvious, but the reason we generally implement systems is in order to capture, manage and report on information that is mission critical in our particular field of expertise, and of course, to save us time and money. And yet, how many companies implement systems that are never utilised correctly or near their full potential, and do not analyse the information extracted in hundreds of reports to prevent or resolve issues that occur time and time again? We all make use of some type of financial system to manage cash flow, salaries, expenses and so forth, which we could not cope without. When are we going to realise that any security related system implemented should be viewed in the same light? If it is not assisting you in your everyday functions and inevitably saving you time and money (often not directly evident), then you should not have the system in the first place. Unfortunately, management most often places security at the bottom of the budget spreadsheet, and it is the first item to drop off when budget cuts are implemented. Until something catastrophic happens on site! Suddenly it is a different story, and someone's head will roll.

The security industry in South Africa specifically is lacking clearly defined strategies and process planning around system implementation. Most companies have a plethora of systems including CCTV, access control, fire alarms, financial, maintenance, RFID, biometrics, and health and safety to mention but a few. What is most often missing is a centralised incident management system that integrates all of these disparate systems, giving management an overview of the status during and after an incident has occurred.

Many clients will testify that their IT department has spent 10 hours searching for a 10 second snippet (possibly) captured of an incident. Or even worse, having to contact their CCTV service provider to come in and locate this footage for them. Why not automatically extract and store the footage inside the incident database in realtime, thereby eliminating 10 hours of work? Why not automatically integrate with the access control system to download and store details of personnel that were in the vicinity of an incident when it occurred, in realtime? Imagine, heaven forbid, an explosion occurs on your site. You do not know immediately who was on site at the location, who was off sick for the day, who was away from the vicinity at the time, and you have 20 persons reported missing. Were they present, absent, injured, or even killed? Were there more people in the vicinity that you were not even aware of, such as visitors or contractors? All of these are critical questions requiring quick answers, and yet we do not view this as being important until it happens.

Getting back to system implementation, there are some fundamental best practices to follow when contemplating this. Firstly, why do you want the system? Who are the stakeholders? Who is the champion going to be? Do you have the skilled personnel to maintain and use the system correctly, or should you outsource this function? What are the critical success factors of the system in order to meet the requirements of your management team? Do you have the buy-in from the users, management and, very importantly, your IT department? What about system configuration? Are you going to attempt this yourself, or let the consultants do it for you? What about defining the exact requirements in a BRS according to your company policies and procedures? Have you considered that the successful implementation is reliant upon processes being enforced? And on the list goes.

My advice is to work with a reliable, professional and referred company that is involved in the project with you for the long haul to ensure your system implementation is a success for you and for them. Stay away from the box droppers and build a relationship with your service provider to ensure that the project is delivered and maintained; review processes and system configuration on at least a bi-annual basis to ensure that harmony is maintained between your ever changing requirements and the system. Remember, there are three cornerstones to a successful system: people, process and technology. If any one of these is absent, the system will undoubtedly fail.

Directors of companies need to understand that they can be held personally liable in the event of a disaster if due process has not been followed; this means at best case a hefty fine, or a lengthy jail term. This applies not only to security related events, but to health and safety and environmental issues. An incident management system is crucial in ensuring that there is compliancy in all aspects of your business. One should be tracking compliancy or non-compliancy in just about every day-to-day task.

A common example of this would be an organisation that has 100 CCTV cameras installed. Security personnel are expected to conduct a virtual patrol when coming on shift, but seldom do this to the required standards. In your incident management system, every procedure should be logged and managed as a compliancy or non-compliancy. In other words, the controller should log on the system that they have monitored camera #1, and that the camera is functional, pointing in the right direction, in focus, iris open, lens clean and that in terms of safety, security and productivity, there are no deviations from the norm. If there is a deviation, this should be logged as a non-compliancy. This now enables management to determine whether correct procedures were followed, or whether there are areas of incorrect procedures that need to be addressed. The day will come when a serious incident occurs, and lo and behold, you did not capture any CCTV footage of the event because the camera was faulty. This could have been averted had you known from your daily system reports that this was the case. In today's criminal activities, almost 90% of incidents are engineered to happen by individuals or syndicates; they don't just happen randomly as much as we would like to think this is the case.

In closing, and going back to the original point of this article, what is required today is the integration of multiple systems and technologies, strategic planning of the implementation, and driving the business processes around these systems to maximise the benefits of the information extracted. The real benefits lie in the business intelligence extracted from data and trends captured, and doing this in realtime.

Share this article:

Further reading: