Security should sit at the heart of every business, after all what is the point of creating a valuable enterprise with staff, property, goods and services if someone can just take them from you? In reality, however, security is a grudge purchase for many businesses.
Physical Security Information Management, or simply PSIM, is a relatively new technology enabling companies to streamline, automate, and measure security tasks and workflows to increase operational efficiency and reduce ongoing security costs.
The Ultimate Guide to PSIM is designed to answer any questions you have about this essential enabling technology. It will demonstrate to you what PSIM is and how it can help your organisation. It will also show you: how to select the right PSIM system for your needs and what investments are required for success.
PSIM defined
WHAT: PSIM is a category of software that provides a platform and applications created by middleware developers, designed to integrate multiple unconnected security applications and devices and control them through one comprehensive user interface.
HOW: It collects and correlates events from existing disparate security devices and information systems to empower personnel to identify and proactively resolve situations.
WHY: PSIM integration enables numerous organisational benefits, including increased control, improved situation awareness and management reporting. Ultimately, these solutions allow organisations to reduce costs through improved efficiency and to improve security through increased intelligence.
A complete PSIM software system has six key capabilities: Collection, Analysis, Verification, Resolution, Reporting, Audit Trail.
1. Collection – Device management independent software collects data from any number of disparate security devices or systems.
2. Analysis – The system analyses and correlates the data, events and alarms to identify the real situations and their priority.
3. Verification – PSIM software presents the relevant situation information in a quick and easily digestible format for an operator to verify the situation.
4. Resolution – The system provides Standard Operating Procedures (SOPs), systematic instructions based on best practices and an organisation’s policies, and tools to resolve the situation.
5. Reporting – The PSIM software tracks all the information and steps for compliance reporting, training and potentially, in-depth investigative analysis.
6. Audit trail – The PSIM also monitors how each operator interacts with the system, tracks any manual changes to security systems and calculates reaction times for each event.
What PSIM is not
A fancy name for a VMS or ACS system. Not even, close. As the term suggests, PSIM encompasses all aspects of physical security – from bollards and barriers to social media monitoring to video analytics. What’s more, PSIM combines focused capabilities from your video systems, human resource systems, sensors, and other systems to create something that is more than the sum of the parts. That means you get insight that can improve every security decision you ever make!
A way to watch your security teams. Like anything else, PSIM technology delivers results based on how you use it. Yes, it can be misused for monitoring in a bad way. But it can also be used for creating insightful but unobtrusive security across your entire organisation.
A solution that only benefits security. Yes, the security department benefits from PSIM technology. Although, a high-quality PSIM software solution ultimately is about increasing intelligence across an organisation.
A PSIM solution that delivers value without effort. If only you could just buy PSIM technology, then sit back and watch the results produce themselves. Unfortunately not. PSIM is not a panacea by itself. Delivery requires the support of a comprehensive strategy that integrates the right processes, people, content, data, and more. In other words, success is not guaranteed.
What PSIM does
Beyond the timesaving and efficiency benefits of automation, PSIM enables modern business processes that are essential to any modern security department. For organisations, this includes regular reports, incident logs, continuous process improvement initiatives, training drills, system healthcare checks, and more.
Verification of threats
Many of the alarms and alerts that come into your security environment are not really threats. These need to be prioritised according to risk, such as time of day, location of personnel and a whole range of other critical factors. You also need dynamic alarm management to find the hot ones that indicate that they need you take some action.
Once you have identified an alarm as hot, you will want to make sure security follows up quickly and in a relevant manner. You will, therefore, need integration with all connected systems and automation of processes such as key personnel alerting, video verification, and Service Level Agreements (SLA).
Creating centralised security
PSIM is enabling companies to create centralised security infrastructures, some of the advantages this provides includes:
• Consistent levels of security across all sites, so no weak links.
• Cost reductions through reduced manned guards.
• Cost reductions through fewer control rooms.
• Better use of remote monitoring.
• Reports and dashboards covering the entire security estate.
Extracting security ROI
PSIM has become the perfect catalyst for this transition from systems, which are reliant on constant monitoring and input by security personnel to information-based systems which proactively manage the increasing volume of information in the control room. To further drive value from the security departments of a company, PSIM data mining and analytic capabilities can be utilised to create highly specialised reports for other department heads.
For example, to enforce vendor compliance with drug tests and site safety, the HR department can access video data from a camera on a loading dock combined with a truck gate card reader that is normally used by the security department.
The facility manager can use that same data to monitor safety procedures for internal staff while loading the truck and verifying that the operator loading the truck is current on his equipment operation licence. This trend is set to grow, as more security infrastructure becomes IP based and products become available to allow them to talk to other business systems.
PSIM – the story so far…
Within physical security operations, it has been widely accepted that critical information from numerous sources is left to system operators to interpret and act upon consistently and correctly. Most end-users have video surveillance, access control and building management systems. These systems are not integrated and work independently with no communication with other systems in the ecosystem.
Following several large security breaches, such as 9/11, security professionals recognised the need bring together this information in a format that can be visualised and distributed. As a result, the security industry is now in transition: moving from disparate systems to integrated and interoperable systems.
If security is to do more and have less people, it needs to get smart about how it uses technology.
• End-user focus is on what they can do better with the data/knowledge they already have – requires making greater use of critical metadata and corporate systems.
• Large scale projects looking to PSIM to provide the ‘smarts’ in and out of the control room.
• Greater need for security to do more than just secure a site.
• The average number of systems deployed in a control room is increasing.
• Need for better visualisation and reporting of incidents and trends.
The ROI for PSIM varies greatly depending on how it is applied and the vertical segment it is being used within. Opportunities for ROI across all sectors can be divided into groups based on when they are going to provide a return.
What does PSIM replace?
Full security management system integration using a PSIM platform is very different from simply connecting disparate systems using a VMS or an ACS. Whether from business unit acquisitions or a desire to move toward a centralisation of corporate services, progressive companies are facing the business decision of how to bring disparate systems together into a single, unified, integrated security management platform. The biggest obstacle is typically a multitude of different systems that give acceptable service at the local level, but due to the intentional proprietary nature of these systems, it is almost impossible to bring all of these systems together into a single system. Most security equipment manufacturers have made interoperability through a common GUI almost impossible.
Companies are looking to combine their existing security systems, expand with their chosen brand, and slowly replace failed components with that chosen brand. The optimum platform for this is the PSIM platform. Unfortunately, there is currently no universally accepted term for what a PSIM is and what it isn’t. It is surprising how far some VMS and ACS companies are willing to stretch the description so as to add ‘PSIM’ to their product labels.
Some Video Management System (VMS) vendors are positioning themselves against PSIM by calling it a custom, expensive solution for high-end, high-security needs. How accurate is that perception of PSIM’s applicability?
PSIM creates business value by levelling proprietary physical security systems and bringing security operations in line with other business systems. This in turn allows physical security to interact with other business systems and take its place within corporate governance. This is functionality that VMS integration simply cannot provide.
A VMS has limited use. Typically it is purchased as a system to prevent security problems. In reality, the value that it provides is to help piece together the chain of events after a security incident has taken place. Video analytics have promised to make surveillance systems more proactive. In practice, these software and hardware additions have been greatly oversold in their capabilities. Even those VMS whose users have attained an acceptable level of functionality with their video analytic systems do not have the tools to integrate into the company’s key operational business needs.
When you talk about PSIM as a solution for integrating disparate physical Access Control Systems (ACS), how can or does PSIM address the issue of multiple physical credentials within an organisation?
PSIM software integrates data at a database level, so it can work with a headquarters database as a single point of contact to update credentials for multiple ACS. This ensures corporation-wide identity management that works both efficiently and securely.
There are instances where PSIM software is used to integrate ACS from multiple manufacturers, across multiple facilities. One badge will allow an individual to gain access to all buildings, irrespective of what ACS may be in use. Without the software, the end-user would have no choice but to replace the access control systems in some of these buildings, which would cost significantly more money and cause much more inconvenience during the cutover phase. The reason for this is simple; access control vendors rarely share their SDKs and APIs with their competitors. Their goal is to sell their proprietary software and hardware, not to integrate with other access control systems.
Relationship to IT-based security
How might PSIM solutions interact with IT-based security solutions like SIEM to provide a comprehensive view of enterprise security? How interested are customers and/or prospects in achieving such a view?
PSIM has the ability to use standard IT connectivity such as ODBC to integrate with other business systems such as SIEM, Tivoli, SAP, and a host of HR systems. This enables organisations to create holistic solutions providing enterprise-wide integrated security systems for Enterprise Risk Management solutions. Examples include Enterprise Single Sign On (E-SSO), on-boarding and off-boarding, physical and logical alarm management, and hardening of physical and logical security posture.
Largely, drivers for the adoption of this technology include the hardening of security for compliance to industry regulation and increasing risk associated with operating in certain industries such as critical national infrastructure, pharmacological, biotechnology and finance.
Creating solutions between physical security, logical security and building management systems allows an organisation to prove and enforce compliance to standards such as HIPAA, Sarbanes Oxley, and HSPD-12, which requires having intelligent systems in place.
M&A activity, corporate social responsibility, and green issues as drivers of PSIM technology in the corporate space. This has been a catalyst for converged solutions, which make greater use of technology for enterprise wide security management, focusing on reducing security operational expenditure.
Advanced PSIM
Powerful authentication and permissions systems: PSIM software is designed to integrate into corporate authentication policies using corporate IT standards. This ensures a consistent level of security across the organisation, regardless of system, operator or user. An additional advantage is that a PSIM can offer administrable role-based permissions which help enforce corporate compliance and complete a full security, safety, and HR programme management system.
High availability/disaster recovery: Well-designed PSIM solutions allow organisations to build high levels of resilience for five nines, giving 99.999 percent of uptime. In a command and control facility, downtime of any type for any reason is unacceptable, even for routine maintenance. Many are surprised, often at the worst of times, that their security system has several single points of failure.
Process guidance and intelligent workflow: A significant benefit of PSIM is its ability to guide an operator through the process of managing alarms, whether they are from a fire alarm system, an access control system, video content analytics, etc. This is typically done to ensure security operations comply with processes in line with enterprise risk management, or that are needed to ensure compliance with regulatory bodies. Often the need to enforce regulatory compliance is the key value driver of a PSIM solution; this is also a feature missing from most ACS and VMS platforms.
Management reporting and integration of business systems: A true PSIM is based around adding business value; its ability to link into other business systems allowing it to increase overall business performance. Business speed and incident impact are now too far reaching to keep important situational data down at the operational level. In-depth and specialised reporting can be easily generated using simple built-in tools. Management reports can be automated and sent out to relevant individuals by e-mail. Generally, end-users create different levels of reports for different levels of management.
For example a shift supervisor would receive relevant reports on his shift, a security manager would receive overall security performance and incident based reports, and a CISO would receive high level KPI-based reports. To further drive value from the security system out to other departments of a company, PSIM data mining and analytic capabilities can be utilised to create highly specialised reports for other department heads. For example, video data from a camera on a loading dock combined with a truck gate card reader normally used by the security department can be used by the headquarters department to enforce vendor compliance with drug tests and site safety induction currency.
For a copy of ‘The Ultimate Guide to PSIM’, please email [email protected]
For more information contact CNL Software EMEA, +44 (0)1483 480088, [email protected], www.cnlsoftware.com
© Technews Publishing (Pty) Ltd. | All Rights Reserved.