printer friendly version

Getting the most out of security consultants

How can a vendor-neutral consultant help its customers to negotiate the costly minefield of security technology installations and upgrades?

How does a client decide between installations and upgrades? What factors influence this decision?

Making a choice on whether to embark upon a new installation or whether to upgrade an existing technology installation may be a daunting decision for clients to take. Factors that may well influence it are as follows:

* Does the existing installation allow for any significant sort of upgrade in terms of system and/or obsoleteness?

* If the installed system is restrictively upgradeable, would the client miss future upgrades and waste a valuable investment or would their system requirements hold good for the foreseeable future.

* What is the existing monthly cost of repair and maintenance?

* Has it increased significantly or still within budget and what is envisaged within the next year or two?

* What kind of budget does the client have available for upgrade or installation?

* Are there existing maintenance programmes on site to allow for phased upgrades within an agreed monthly cost?

Clients may expect an independent consultancy to develop and establish a security master plan that serves as a strategic road map for the client’s organisation. Such a plan would typically cover a 3 –5 year period and address all components of the client’s physical protections system, namely: physical infrastructure, security organisation, enabling security technology solutions and physical security processes.

A comprehensive security master plan, if professionally developed, would serve the client well in easily deriving at the solution of whether to install, upgrade or apply a layered combination of the two choices.

Should a customer not have a security master plan, a prudent approach would be for a vendor neutral security management consulting company to perform a thorough security review of the existing security technology system, if any, develop and recommend a conceptual design road map that needs to answer this very daunting question for and on behalf of clients.

Can a hybrid installation be as effective as pure analogue/IP?

The essence of any enabling security technology system is centred in the customer’s user/system requirements, which is realistically offset against the available budget. Should a technology solution system deliver on what is required then a hybrid system may well be as effective as a pure system.

Further to the above, any system is as good as the processes that govern it. Security processes (policy, standards, SOPs, etc.) form the framework of a physical protection system and without it, all the technology in the world means very little

Just think of the number of companies you have visited with hi-tech access control systems installed where employees access different areas of their business via proximity cards or biometric fingerprint readers yet visitors manually complete a no-technology visitor register.

There is certainly a case to be made for Internet-protocol (IP) based enabling-technology, as it is the predominant way forward from a development perspective. This notwithstanding, we would have to stand firm that each customer’s needs are different and would determine what is best.

When are IP systems the systems of choice? When is analogue a good choice?

Before a decision is made to procure any closed circuit television (CCTV) equipment, it is imperative that the client seeks unbiased professional advice that is vendor neutral. This advice should be packaged in the form of a comprehensive physical protection system (PPS) assessment where not only the CCTV requirements are assessed but the entire client PPS to ensure that the client ends up with a cost-effective total security solution comprising a suitable mix of all PPS components.

The solution should consistently achieve the client’s security system objectives, which may include detection, deterrence and timely response to prevent loss events and/or security incidents. Once the assessment has been conducted and the client is presented with a conceptual design for any required system upgrades, then the composition of the CCTV system can be measured against the following considerations:

* What is the desired application requirement of the CCTV equipment?

* What is the client’s available budget?

* What are the client’s desired expectations in respect of the upgraded CCTV system? What should it be able to do?

* Would the existing communications backbone on site support and cope with a significant system upgrade or would it need to be reconfigured or even replaced?

* What are the site-specific network requirements?

* Are there currently analogue cameras on site that can be re-integrated?

* What is the status and requirement of currently installed enabling technology with respect to integration? For example, access control interfaces, perimeter protection etc.

* Does the system proposed align with the clients’ strategic security plan?

When the above considerations have been measured the client should have a better idea of what the best choice is in respect of CCTV selection.

How does the customer decide that spending a lot of money on improvements and/or a new installation will be worth it? In other words, how does the customer determine the ROI potential of a security installation?

Unfortunately major security technology installations tend to happen once a serious security problem was discovered and the customer loses money. In such cases ROI can easily be justified against the increasing loss, should the problem not be remedied.

Business fraud trends clearly show that fraud is usually perpetrated over several years before being detected (mostly by chance). Financial reporting as an internal control is by no means sufficient protection against fraud, pilferage or theft. Fraudsters are often a network of long-serving employees in key positions who know how to manipulate the customer’s business processes without being detected.

Although very few customers formally measure the ROI of installed security systems or the cost-effectiveness of their total security programme for that matter, there are well-established methodologies to provide clear ROI indicators. These may include:

* Security performance metrics specifically formulated to measure ROI against the security threats exposed prior to and after installation.

* Security programme ROI formula where the cost of the security program is measured against prevented losses, losses recovered and actual losses.

* Security Risk Assessment Equation method where threat probability, threat interruption probability and consequence are calculated prior to and after installation.

Share this article:

Further reading: