Littleton Public Schools is recognized throughout the country as one of the top 5 school districts in terms of security and emergency preparedness.

Guy Grace, Security and Emergency Preparedness Manager, has been instrumental in implementing LPS's new security system approved by voters in November 2002 as part of the bond program.

Click on any of the links below to read the full article.

Security Innovations Today and Tomorrow: More Personal, Versatile and Mobile - Security Magazine - September 2010

What's In Your Playbook, Security Magazine - January 2009

Nightmare or Opportunity, Security Magazine - January 2008

Wireless Enhances Security in Older Structures, Security Director News - October 2007 

Tough Stuff

by Bill Zalud
Security Magazine
August 1, 2007

On the job in America’s top corporations, government agencies and institutions, the security task is a tough one but the assignments are getting done, new threats are being faced squarely and challenges – ranging from people issues and compliance to metrics and convergence – are better appreciated and handled.

Last January, Security Magazine assembled and reported the views of a roundtable of security practitioners relative to a host of issues. Some of those executives, augmented with other security colleagues, revisit those issues here.

Among them is Bill Anderson of Ryder System Inc., who is this month’s cover person. Anderson is director, global security for Ryder, the Fortune 500 global transportation and supply chain management solutions company. He, like others quoted here, is also deeply involved in his industry’s security and business efforts. Anderson, earlier this year, authored an informative feature article for the magazine, “Securing the Supply Chain - Prevent Cargo Theft.(Read the complete article on the Web at www.securitymagazine.com)

The update roundtable partitions issues of importance, summarizes the previous roundtable consensus thoughts and reports on what this month’s executive panel has to say.

BUDGETS

“Corporate security must find ways to improve performance while keeping control of expenses. I don’t see this changing,” said William (Bill) Anderson, director, global security for Ryder System Inc.

Last January security executives spoke about tight budgets for upgrades, new technology and training. Also they saw the need to change the perception from security as a cost center to one that adds value to the business mission.
Bill Anderson: Similar to other functions, corporate security must find ways to improve performance while keeping control of expenses. I don’t see this changing. However, I believe most corporate executives can recognize a value proposition if it is properly constructed and shows a good return. Also, significant gains can be made by leveraging the skills of frontline managers. At Ryder, we’ve made significant security improvements by teaching our frontline managers that security management is not complex and if they focus on the basics, they can have a well run and secure operation.

Jack Dowling: As time grows since 9/11, the impetus for security seems to have decreased. The initial flow of funds has abated and more justification is needed. Security executives must provide a different strategy, concentrating on the business case approach, to improve the chances of funding approval. Training will continue to be a major concern as more technology is added to the security operation and critical response to emergency situations is demanded of the security staff.

Lynn Mattice: Not much change…keeping cost in check is still a key area of focus . . . generally, we have always been viewed as a value add and not a cost drain.

Jeff Bardin: I do not see things changing but actually moving to even tighter budgets. Until security is included at the beginning (the conceptual stage) of new or updates to products and services, security will not be seen as a value add, cost benefit and not included in marketing and sales pitches. Most still don’t get it.

Ronald Mahaffey: Money is always scarce, however, if managed properly and if Sr. Management has the confidence in you, then it should not be as great of a problem as some might perceive.

Anthony (Tony) Potter: The key phrase here is “adds value.” Technology and training are the twin foundations on which we built our public safety team. Administration sees the results every day, so I don’t have to fight for technology and training dollars. Getting more people to train is another story.

COMPLIANCE

In January 2007, security executives said a growing focus of their job is on regulatory compliance and working with internal and external auditors.

Anderson: Due to the growth of corporate compliance issues and the effects of Sarbanes-Oxley and other regulations, there has been a much greater emphasis on corporate security efforts, more awareness of fraud related issues and more visibility to ensure appropriate investigations are completed. Added to that are efforts to improve supply chain security through the C-TPAT program and other TSA related security regulations which have increased the regulatory and audit burden on most corporate security functions. On the positive side, security programs have become more disciplined and better documented.

Dowling: As laws and industry standards increase, the security executive will need to be aware of these requirements and work closely with compliance reviewers from both outside and inside the organization. Issues related to privacy and data security will continue to dominate the security field as well as liability for inadequate security.

Mattice: Regulatory hurdles have never been higher and there appears to be new and more complex regulations on the horizon. The single biggest advantage I have today is my access to the Regulatory and Compliance Management (RoCM) gap analysis tool I receive through my membership in the Security Executive Council. RoCM provides me the ability to ensure compliance with multiple regulations at once and provides me with a cost of compliance model. I also utilize the C-TPAT and PCI compliance modules separately to conduct annual compliance reviews on these two key areas to our business.

Bardin: Fully concur that internal audit and security should be allies.

Mahaffey: We work very closely on compliance issues and have even formed a Compliance & Intelligence Unit within Corp Security. This keeps us current with issues and demands and eliminates many of the problems generally experienced in facing requests by “regulators.”

Potter: Regulatory compliance is a different issue in healthcare, especially in voluntary (not-for-profit) hospitals. We have to worry about (an agency) yanking our Medicare and Medicaid funding, Joint Commission accreditation, etc. It gets tougher every year.

PEOPLE ISSUES

Roundtable participants, earlier this year, said there are issues in their competitive environments centering on seeking and holding security people with the needed skills, talents and experiences.

Anderson: Corporate security is shifting, from a case-management and investigation function, to a profession focused on prevention. This requires new skills as corporate security managers have to think ahead of an incident and leverage a company’s resources and capabilities to the prevention of security incidents. With this shift, corporate security managers will need to have strong communication and planning skills. They will need to understand how to document and implement new processes and programs. And they’ll need to be able to change their corporate security culture from reactive to proactive. 

There are a lot of “investigators” and fewer corporate security managers in the corporate security talent pool. 

Dowling: This concern will always exist and you must pay to get the most qualified personnel and continue to pay to keep them. This applies not only to the security administration but also to the entry level positions, i.e. security officers. Budget cuts should not be directed at the salary lines or staffing positions as a means of improving the bottom line.

Mattice: The most important area security executives need to focus is on building the next generation of security leaders. Moving into a mode within the company where senior leadership training programs include a stop along the way in security will not only ensure a solid flow of talent into the security organization, but will enhance the understanding within senior corporate leadership of the importance of the role security plays.

Bardin: Hiring staff who are “smarter” than you in needed disciplines is still effective if you can find these people. Understanding your staff’s personality traits and in turn, their strengths is key to building an existing team. Instead of trying to improve individual staff weaknesses, which is painful, improve their strengths and truly build a team. Then hire into the areas of weakness with someone with that strength.

Potter: We manage to attract and retain exceptional people with attractive pay ranges and an outstanding benefit package. We work closely with corporate compensation to ensure that our pay is highly competitive in the marketplace. Three years ago, we implemented a four-step “career ladder” that allows our officers to plot their careers by seeing where they want to go and what they need to do in terms of education and experience to get there. As a result, our annual turnover rate stays at 12 percent.

TERRORISM

Previously, security executives contended terror threats have evolved and gotten more sophisticated with the response being better handling of emergencies as well as enterprise-wide business resilience.

Anderson: Generally, there have been significant improvements in emergency and crisis management planning. Now, many of those companies that have completed this work are focusing more efforts on prevention of the next incident.

For the transportation sector, this means tighter control of supply chains and ensuring the security of transportation equipment and infrastructure. Ryder is in the business of providing transportation equipment and supply chain services, so our efforts have been two-fold. First, as a C-TPAT participant, we are continually working with our business partners, both customers and vendors, to improve supply chain security. Second, we are working with the Truck Rental and Leasing Association (TRALA) to find better ways for our industry to secure our vehicles and reduce the risk of terrorism. Both of these efforts have resulted in audits and assessments of thousands of Ryder locations which have improved our business.

The effort has truly been grass-roots as the majority of these assessments have been completed by local managers. In the end, the process of assessing their locations and developing action plans goes hand-in-hand with building an effective security culture and giving frontline managers the skills to effectively manage security issues.

Dowling: Much of the initial “target hardening” based on 9/11 related terrorism has, in most cases, been accomplished. Emergency response and crisis management plans have included terrorism and it appears that business continuity, focusing on the aftermath of a terrorist attack or other calamity (avian flu, hurricane, etc.), has gained interest. Any of these events lean heavily on and impact the security operation. An immediate availability and prompt, professional response will be expected of the security force.

Mattice: The latest buzz word in corporations is “resiliency.” While we always seem to reinvent programs of the past, it really is nothing more than the coupling of a solid business intelligence program, risk management and business continuity. If you had solid programs in those areas, surprise, you already had resiliency built into the equation. (Editor: Last month’s Security Magazine cover story featured resiliency.)

Bardin: It is still largely a reactionary mode. We forget all too quickly in the U.S. Plans for response are gathering dust on the shelves. Disaster Recovery, Business Continuity Planning (DR/BCP) I believe is improving but there are still significant gaps.

Potter: As a healthcare system, we are more concerned about the casualties that a terrorist attack would cause than a direct attack on our facilities. We are continuing to upgrade our emergency management capabilities and drill monthly for a variety of threats, both man-made (including terrorist attacks) and natural disasters.

CUSTOMER SERVICE

“As laws and industry standards increase and become more complex, security must be aware and work closely with compliance reviewers both outside and inside the enterprise,” pointed out Jack Dowling, president of JD Security Consultants.

In January security executives said that more of their job is customer driven, whether internally with employees or when in contact with stakeholders and the public.

Anderson: Most of our security efforts are in some way affected by, or have an impact on, our customers. For Ryder’s supply chain business, the customer plays a key role in setting the standards and processes by which their goods will be moved. Security planning is a cooperative effort between both parties so the customer plays an integral part in determining the overall security investment that will be made. Corporate security’s responsibilities include developing a cost-effective solution to the protection of their goods in storage and transit, ensuring that the customer’s security expectations are met and continually working with the customer to improve security performance.

Dowling: Access control to facilities is the point at which security interacts with employees, the public and customers. Creating an efficient, effective and friendly first contact with these individuals will be the main goal of the security operation and personnel assigned to that function. Realizing that you only get one chance to make a good first impression and first impressions are lasting, staffing the security checkpoints with the individuals that have the best interpersonal skills is crucial.

Mattice: This is one of the most vital areas security executives need to focus their energy. If you do not understand and are not able to articulate how what you do translates into supporting the needs of the company’s ultimate customer/end-user, then you are destined to fail.

Bardin: It is customer driven largely from the standpoint that we are still trying to educate customers on their role in security and what they need to do to be part of the overall security program. This ties back to the first question on budgets; we are not included early and therefore awareness needs to be stepped up and until that is done, we spend much more time in a customer service role.

Mahaffey: Much depends on the kind of company and what industry you’re in, location, etc. I don’t find this to be any more true than it was 14 years ago when I joined the company. Wall Street and financial services are customer driven versus a suburban or rural manufacturing company.

Potter: Over 50 percent of our calls are service- rather than enforcement-related. Our COO refers to us as the customer service department in the hospital. A dozen felony arrests won’t give us as much traction at budget time as one letter of appreciation from a customer.

Guy Grace: The educational environment has changed greatly post-9/11, post-Columbine, along with the awareness of school violence. The school year 2006-2007 was particularly a tremendous time of turmoil for school safety.

With incidents like the Bailey/Platte Canyon hostage situation and killing in September, Lancaster County, Pa., and the Virginia tech killings, all schools were affected across the country. The after affects were increased bomb threats, threat assessments and heightened alerts for the entire school year. One of the greatest threats to our schools is ironically the understanding and use of technology as means for socialization and expressing oneself violently using technology and media as was most certainly evident in the Columbine tragedy but most recently with the Virginia Tech incident.

For example in our district several threats of violence were posted in places such as Myspace and other chat rooms and posting services. Most of these threats were unknown to schools until someone with a great concern about the communications and/or postings alerted us to it. By the time we heard about the threat within the district it was hours and days after the first postings started. The communications and postings were never created within the school but most often within the child’s home.

What was most disturbing was how the parents were just unaware of the activity as anyone else. Parents may not even had Internet in their houses, but the children knew how to access the Web by using their neighbor’s unsecured WiFi network, using Web-enabled video games, and/or just using the cell phone to take and post inappropriate material.

This is just the tip of the iceberg, and this issue is being discussed nationwide at other school districts. We all just have to develop our tactics to deal with this latest challenge. However what is important is that our parents need to be educated somehow as to what is happening so that they understand technology, too.

DISASTERS

Last roundtable participants viewed disaster preparedness as training beforehand, testing of the plan and best practices to get back up and running as soon as possible.

Anderson: Security’s role in disaster recovery and business continuity is going to vary depending on the company.

At Ryder, we have a business continuity function that resides within our IT function. Separately, the corporate security group has developed the company’s corporate Crisis Management Plan or CMP. Development of the CMP involved almost every function within the company, but the effort was lead by the corporate security group. Currently, the safety, health and security team plays a functional role on Ryder’s emergency planning team focusing on the protection of our people and assets before, during and after an emergency. A well coordinated team of functional experts (human resources, operations, communications, IT, safety and security, etc.) lead by operations will provide the most effective response.

Dowling: Business continuity plans, involving all aspects of the enterprise, have grown over the past years. The security operation will necessarily be involved in the prevention and/or mitigation strategy for the disaster, the planning and preparing prior to the disaster, response during and after the disaster, and recovery from any disaster. Drills, exercises and tests will rely heavily on the security operation and training will be the key to success in either the drill or a real event.

Mattice: While all of these areas are important, preventative work up front to minimize the impact of a disaster is just as important, if not more important.

Bardin: Still not fully engaged with DR/BCP. Many first have this separate from security and do not understand the time wasted in not aligning security and DR/BCP. Since most do not subscribe to a standard such as ISO27002, most do not understand the need for alignment. In addition, the work done during BIAs should and must be used within security. Getting this info and getting the DR/BCP staff to collect the right info would be a significant timesaver and help in asset management, critical device definition, vulnerability and patch management, configuration management, etc.

Mahaffey: Security plays a major role in disaster preparedness given its intended role during and post- incident. Each business unit must have its own plan to include business continuity (including security) and security must be flexible enough to interact with all.

Potter: Disaster management and recovery is a primary security responsibility in any environment. We have a key role in implementing new Joint Commission emergency management standards. As a hospital, we have to keep functioning regardless of the nature or magnitude of a disaster. Now we’re planning for a pandemic, which when it occurs, will stretch our physical security and response capabilities to the max. However, since we are the primary community resource, failure is not an option.

Grace: Schools are responsible for at least one-third of the day for the most precious treasures of our communities -- the children that attend them. Schools as so called “soft targets” have to take homeland security very serious. It is important for schools to promote the overall security awareness from the community, staff and students with an emphasis on homeland security concerns. The overall awareness will be very helpful for the entire community as whole when suspicious activity arises. Encouraging people to report suspicious activity keeps not only the school safe but also the community as a whole.

Parents also expect the schools to have a plan in place to address concerns that may endanger their children while they are in school. Homeland security does have a great system in place that most certainly can be of a benefit to any school and or business and that is the NIMS (National Incident Management System). Schools and businesses should, at the very least, implement this system to put a structure in place to address emergencies. Being prepared for an emergency is the most important piece of a puzzle for any school district or business.

PROJECT MANAGEMENT

Especially when it comes to upgrading and new technology, project management – in conjunction with systems integrators, dealers and even manufacturers – is growingly important, according to January’s roundtable attendees.

Anderson: This is really a two part response depending on the size and scope of the project. First, Ryder has partnered with a security engineering firm that handles most of the project management tasks from a security standpoint. Second, Ryder has an internal project management function that is responsible for developing and tracking the project plan and providing progress reports to senior management on a weekly basis. On most projects, the security project manager coordinates tasks and status updates with the internal project manager.

Dowling: As new technologies evolve, especially in the area of IP, project management will continue to become more complex. To ensure that the appropriate technology is purchased, it may be necessary to locate a security integrator who is well-versed and experienced in the IP security area.

Mattice: We have turned project management into more of an art that pays huge dividends. From pre-planning through becoming fully operational, we have detailed process controls, issue evaluation and resolution tools, tracking and communication tools, various other systems to ensure that project management is highly efficient and effective.

Bardin: I pull a PM or two from the PMO at the beginning of the year as budgeted in the previous fall and use them for all defined projects. They are funded through the security budget.

Potter: Over the past four years I have identified, promoted and trained an outstanding cadre of managers, each responsible for managing a specific area of our operations: uniformed patrol, physical security and loss prevention (including investigations). My physical security manager is responsible for keeping abreast of new technology and working with our vendors to apply it to our specific needs. For example, we are the healthcare beta test site for the next generation of GE’s SecurePerfect and Facility Commander.

METRICS

At the last roundtable, consensus was that there is more collection and analysis of information to determine the value, needs and growth of the security operation.

Anderson: Without a doubt, some form of security measurement is critical to determining whether progress is being made. Similar to other metrics, that measurement should be based on frequency and severity, with severity being measured by the cost impact to the company. From a security management standpoint, these measurements tell you where to apply your resources and whether the investments you have made are having the desired impact. However, even though this sounds simple in concept the development and tracking of security metrics become complicated in the details. The only advice I can give is to remember that most of the metrics used in other areas of a business often take years to develop and refine, and security metrics are no different. The process starts with capturing security incidents, reviewing the data, and continually refining your metrics.

Dowling: Measuring performance and communicating this information to top management is vital to demonstrate the effectiveness of the security operation and build a business case for any proposed enhancements. The data must be in a form and context that is familiar to top management. When competing for limited resources, metrics will support the position and furnish the necessary justification.

Mattice: The Security Executive Council has produced the bible on security measurements and metrics, as well as developing dashboards and presentation slides for these measures and metrics. Our team has embraced these measurements and metrics and providing input to the Security Executive Council’s database, which will provide the most comprehensive benchmarking tool available to security executives. These tools provided through my membership in the Security Executive Council have contributed significantly to enhancing the productivity of my team.

Bardin: It’s a critical tool that is not used properly in many cases; just a bunch of meaningless numbers. Intelligence and analysis still needs to be applied to correlate the information to people, process and technology.

Potter: It’s a constant struggle for us to find security metrics that apply to the unique nature of a healthcare environment. For example, I just left a meeting with our budget experts who still want to use square footage as a way to determine security staffing. When I illustrated the fallacy of this approach by explaining that 64 percent of our calls originate in less than 8 percent of our square footage, they just shook their heads.

MANAGEMENT ATTENTION

Strong communications and a focus on the business goals are two ways to get a seat at the table with the CEO, according to January’s roundtable group.

Anderson: I think brief and focused communications are a more effective way to get “a seat at the table” with the CEO and other senior management. Most senior management will find time to meet with corporate security, at least initially. However, if you want a return engagement, you need to make sure that you use their time effectively. Don’t dump problems on their desk and expect them to resolve your issues. Before you walk through the door, be prepared to describe the situation, offer possible solutions and make a recommendation. Similarly, don’t have a laundry list of items to discuss, focus on your biggest issue, the one that needs their push to resolve.

Dowling: To be successful, the security executive must know and understand the mission and goals of the organization. Hopefully, since 9/11 or before, the security executive has earned a position on the group that advises the CEO. Relating any security initiatives to the goals of the enterprise will get and maintain attention from top management.

Mattice: Security executives need to be focused on what the CEO and the Board are reading for business books, who they see as the new gurus. Seek this information out. Understand where they are headed. Communicate in their language and you can’t help but get their attention and cooperation.

Bardin: The illusion of due diligence is many time the norm of the day. Until a breach occurs or some outside auditor comes down hard (which is very reactionary), attention is not given. Many first still have security buried two layers below the CIO seeing it as merely a technology solution.

Mahaffey: There must also be a trust…this the CSO must earn which then makes him/her more than just another entity within the company. If you have the trust, the business focus will be obvious and the communications will easily follow.

Potter: The only way to get along with your CEO is to find out what he or she wants and give it to him. Even though I report to a VP, having direct access to the CEO and COO has been a non-negotiable condition of my accepting every security director’s position I’ve ever held. I keep them well-informed about everything we do; and they are not only present but speak every time we graduate a class of new officers.

Grace: Support from our executive staff has been tremendous. As a result of the demands created by the school security climate, our security department was made its own department within the district and my position upgraded to an executive level. In the past we were attached to the property management department within the district. The change allows security to be part of the official executive process streamlining the response. The same players are in place but no toes are being stepped on and all emergencies are addressed more efficiently.

CONVERGENCE

In January security executives saw a coming together of physical and logical security, but they had a diverse view of how and how fast that convergence will happen.

Anderson: At Ryder, physical security and IT security are two separate functions. I think you’ll see corporate security managers dealing with more IT related security issues, but at the design and implementation levels I believe IT security experts are best equipped to handle the specifics. The other aspect to consider is the security of integrated and networked security systems with other corporate IT systems. Single and multi-site integrated security systems usually have an IT infrastructure that must be maintained and secured against intrusion.

Dowling: Networked systems for video management, alarms and access control are proliferating and require a close coordination with the IT department prior to, during and after the installation. As more and more technology is associated with the network, the security executive must have an outstanding working relationship with the logical security side.

Mattice: I am so tired of hearing about convergence. First and foremost, why are we focused on two narrow areas “physical security” and “logical security”? Logical security is only a very small silo in the realm of “safeguarding information” and physical security is a narrow silo in the overall “corporate security” realm. Can we once and for all end this silly debate? Many organizations have been running fully integrated security programs for years and years. This is not something that is new. For example, a fully converged security program was pretty common among the defense and intelligence companies during the Reagan era when big defense and intelligence budgets were focused at ending the Cold War.

Bardin: Very slow in occurring in most cases. How can we converge when info security is far from mature. A good idea before its time is not a good idea. People are still protecting their turf.

Grace: With the new WiFi in place, security operations can now look at using IP-based cameras and other devices. This will be investigated to its fullest potential and, if it works out, will solve many security related issues. This is the ultimate merging of physical security and IT; and, with wireless security technology using wireless high-speed connections for data, it will be a revolution for security as whole. New security technologies will also be developed and will flourish with the freedom that WiFi brings mainly because the leash of wires has been removed.

PRIVACY

Some security executives last time saw a political shift in business concerns about privacy from so-called intrusive cameras to protecting people and assets as well as databases of employees or customers.

Anderson: I think we’ll see more emphasis on the protection of privacy rights in the future. This is complicated by the proliferation of data and the ever present theft of laptops, PDAs and portable memory devices. This causes a lot of concern about the protection of personal information.

The emphasis has shifted from the physical value of the stolen equipment to the data and personal information that was stored on the device. Another area of concern is balancing the need for effective protection with the need to respect personal information. Corporations are doing more screening of prospective employees and customers, which creates a need for information that is often difficult to obtain. In addition, government regulations often create expectations that are difficult to balance with privacy concerns.

Dowling: Not only do federal and state laws require protection of sensitive personal data, the threat of identity theft through the unauthorized access to and use of personal identifiers maintained by the organization can add an additional security requirement. Providing adequate security controls for the information from creation to destruction is an obligation of the enterprise and the security operation should have an active role, both directly and indirectly.

Mattice: Security executives have to be keyed into the privacy issues that can affect their companies. Database losses can have a serious impact on the reputation of the company, as well as, its valuation. We have all seen more than one company report a significant loss of customer data and have watched their stock price plunge. These are not short term events either, these types of losses have lasting impacts on the company and are a drain on revenue for years to come.

Bardin: It is and always will be about protecting the data. That is what holds value.

Mahaffey: There may be some truth to (what January’s panel concluded). However, cameras continue to play an integral part in security and are invaluable when reconstructing an incident. There must and can be a blended into the environment.

Potter: We have the mother of all privacy legislation in HIPAA. It doesn’t apply to employees, but we have had some identity theft cases that caused us to add additional layers of protection. Our security video cameras are generally overt for deterrent effect, but we have used covert cameras for specific investigations without any adverse reaction.

PURCHASING

Among the January roundtable group, some have very structured procurement procedures while others do not.

Anderson: Outsourcing is critical to businesses and specifically the security function. The purchasing of physical equipment such as cameras, DVRs and access control devices can be a more level playing field, but the purchasing of services is more difficult to compare one vendor against another. None the less, whether you have a purchasing department or not, you must ensure that the purchasing of products and services is based on business needs and definable criteria.

Dowling: To protect the enterprise and reduce the opportunity for fraud in purchasing, checks and balances and strong internal controls should be implemented and this will require a formal process. The security executive should offer ideas that prevent fraud in addition to protecting the items after purchase.

Mattice: You have to have a mixed purchasing program that allows you to have structured procurement for appropriate areas, but you also need to have the flexibility to respond quickly around the world to issues that arise. If you are having a major investigation you are having to launch somewhere around the word, you do not have time to go out and get three bid based on a defined specification.

Bardin: Purchasing should be very structured and tied to strategic plans, programs, budgeting process and assessments of risk.

Mahaffey: We have an extremely structured purchasing process.

Potter: Most of our purchasing (other than office supplies, etc.) is highly specialized, but our assigned buyer is very helpful in getting us what we need.

SIDEBAR: About the Participants

Security Magazine has assembled a high-level group of practitioners to update last January’s informative roundtable on issues and concerns in the industry.

William (Bill) Anderson is director, global security for Ryder System Inc., a Fortune 500 global transportation and supply chain management solutions company.

Jack Dowling is president of JD Security Consultants, LLC, Downingtown, Pa., and a member of the Security Magazine Advisory Board.

Lynn Mattice is vice president and chief security officer for Boston Scientific. He was a key member of the January 2007 Security Magazine Roundtable and featured on the cover of the March issue.

Jeff Bardin is the chief information security officer for a New England-based financial institution. He was recently awarded the 2007 RSA Conference award for Excellence in the Field of Security Practices.

Ronald Mahaffey is chief security officer at American International Group, Inc., New York City.

Anthony Potter, a long-time security veteran, is director of public safety at Forsyth Medical Center, Winston-Salem, N.C., and a respected author.

Guy Grace is director of security and emergency preparedness for the Littleton (Colo.) Public Schools, and a member of the Security Magazine Advisory Board.


SIDEBAR: Technology Empowers the Team

It’s a wireless communications world for Guy Grace, director of security and emergency preparedness at the Littleton (Colo.) Public Schools.

“Our IT department is installing a district-wide high speed WiFi network. Security is working with IT to use this network for day-to-day security department use. For example, where the WiFi is active right now, security can access critical security information when needed from our video and integrated security system using our WiFi-equipped laptops. The IT department has also graciously agreed to expand WiFi networks out into deployable hot spots that extend the range dramatically. As a result of this, if an emergency arises, first responders can set a command control point away from the school. In addition IT has dedicated fiber optic lines that go from the school district to the City of Littleton’s network which will allow first responders quick access to need information in an emergency. Many years ago such sharing would have been not well received if we asked or even not possible. The new IT leadership include very impressive people and realize that their realm when combined with the security realm can and will save lives and property.”

SIDEBAR: Think Global, Think Local

Enterprise leadership, of course, sees value in security of their people, reputation, intangibles and facilities; but they also sees value with working within their industries as threats and solutions go global. Ryder System is a Fortune 500 global transportation and supply chain management solutions company.

Bill Anderson, director, global security for Ryder System Inc., is responsible for directing Ryder’s global security function and leading Ryder’s international safety, health and security team. It is also a leader in global supply chain security.

He is a member of Ryder’s crisis management team and corporate compliance steering committee, as well as the American Industrial Hygiene Association, American Board of Industrial Hygiene and American Society of Safety Engineers.

In a supply chain feature article focusing on cargo theft published by Security Magazine and authored by Anderson earlier this year, Anderson pointed out that a global supply chain drives today’s economy. But that one of the biggest challenges affecting businesses today is cargo theft, and the resulting potential disruption of the supply chain. It is difficult to quantify because cargo theft is not always categorized in the same manner and often goes unreported. According to experts, estimates range from $10 to $30 billion a year. However, this figure does not capture the indirect costs associated with theft such as lost sales, production downtime and missed deliveries.

Bill Zalud
zaludb@bnp.com
Bill is the Editor of Security Magazine, and he can be reached at (630) 694-4029.

Industry Insights @ ISC West

There’s no better way to learn about new and emerging security technologies, products and developments than at ISC West. We offer this additional insight into industry challenges, opportunities and trends, as described by dealers, end users and integrators.

The Challenges

End user security challenges differ by market. “Our main challenge in real estate development and management is leveraging technology to stabilize or reduce manpower costs,” says David Levenberg, vice president of security and loss prevention, General Growth Properties, Chicago. “Tenants pay a fixed amount monthly, and, even if expenses go up over a year, the money we collect does not.” Levenberg adds that one-size-fits-all solutions don’t work equally well in every sector. “We need partners who take time to learn our needs and our industry,” he states.

Guy Grace is director of security and emergency preparedness for Littleton, Colo., Public Schools, a K-12 district with 17,000 students and 26 schools. His greatest technology challenge is ensuring schools are secured against outside threats. “We estimate 25 outside threat possibilities for every internal one,” he says.

Dealer and integrator challenges often relate to internal efforts that can make them more competitive and successful in a fast-changing marketplace.

“Johnson Controls has so many customer relationships around the world and such a broad range of offerings that our security services can get somewhat lost in the mass,” says Steve Thompson, director of fire and security technology for the Milwaukee-headquartered integrator. “Our greatest challenge is building awareness of our security technologies and services and communicating how we can provide comprehensive technical infrastructure for facilities inclusive of security.”

“Delivering great customer service drives everything in this industry from reducing attrition, recruiting dealers and differentiating one company from another to, ultimately, financial performance,” states Mike Haislip, president and CEO, Monitronics Intl., a Dallas, Tex., alarm monitoring company. “We’re focusing on enhancing internal systems to deliver great service.”

Brad Wilson, president of RFI Communications and Security Systems, San Jose, Calif., is focused on strengthening Team RFI so his staff continues to be a value-added partner and trusted advisor. “The technology being rapidly deployed today is outpacing its channels,” he notes. “There’s opportunity in leveraging technology such as IP video and video analytics with services and knowledge that help customers apply technologies appropriately. A key role for enterprise integrators is bridging the gap between the IT and physical security worlds and educating both on our solutions and value.”

The Opportunities

Security dealers and integrators see business opportunities on the horizon in:

•The home security market: “We believe there’s a huge opportunity here” says Monitronics’ Haislip, “especially in intelligent home products compatible with security, such as heating and cooling, lighting control, integrated electronics and telecommunications and casual monitoring. Our goal is giving customers control over systems that provide a better life.”

•Large government and commercial markets: “We’re optimistic about profitable new business opportunities in these markets,” asserts Joe Nuccio, president and CEO, ASG Security, a Beltsville, Md., dealer, “especially for sales of integrated video surveillance and access control systems in the $100,000 to $400,000 range. Convergence is a reality today and I think this is the most exciting time in the alarm industry since I started in 1984.”

The Trends Ahead

Technologies and integration will be driving industry trends over the next two to three years.

According to Johnson Controls’ Thompson, “The security model is changing. Stationary guards vigilantly watching video monitors are being replaced by mobile forces that range throughout facilities and act on relevant data provided to them as needed. IP integrated security technologies and solutions have one goal: Getting the right information to the right people (wherever they are), at the right time—without overloading them with information.”

“The quick integration of IP video into access control platforms illustrates the trend towards more integration with open standards,” states RFI’s Wilson. “Another trend is more tiering of the dealer channel, á la Cisco’s Channel Partner Program, reflecting manufacturers’ need to work with integrators that have the people and skills to support their products.”

“We don’t live in an analog world any longer,” says ASG Security’s Nuccio. “Customers are moving to alternative technologies like VoIP to save money, but they don’t understand that these are not a secure way to transmit alarm signals. We need to communicate with customers so they inform us when they’re considering making a change—and we need to make sure our people understand the new technologies and communicate them effectively to customers and prospects.”

Littleton Public School’s Grace is excited about biometric access control using fingerprints. “This can be huge for schools because it would make them more secure without creating a prison environment,” he says. “Students lose their access cards or pass them along to someone else. That can’t happen with a thumbprint.”

There’s much more market intelligence and product information on the ISC West show floor and in ISC Education sessions to help your company meet its challenges and take advantage of opportunities. In fact, whatever you’re looking for, ISC West has you covered!

Partner Perfect
by Bill Zalud
April 1, 2007

It’s a partnership. Chief security officers, systems integrators and consultants agree: The more you know about each other prior to that final hand-shake, the better the decision. The better the decision, the longer a successful partnership will last.

Before a world-class project starts or a long-term relationship begins, there are hard questions to ask your integrator to guarantee business success and the boss’s pat on the back.

Skip Camp has been with his systems integrator a long time. How long? Well, when he first interviewed the integrator, Microsoft introduced Windows 3.1, Johnny Carson left the Tonight Show and Hurricane Andrew hit Florida.

Fifteen years later Camp, director of facilities management at Collier County Board of County Commissioners in Naples, Fla., maintains a deep, productive and satisfying rapport with Johnson Controls. A relationship record? Maybe. But there’s no doubt that Camp and chief security officers throughout the country have a greater chance at success if they do some hard-nosed homework before bringing a new integrator on board.

Heading an area that acquires property, oversees design, construction and maintenance as well as secures the government buildings, Camp’s reach is far indeed. With hundreds of buildings, the County geographically matches the state of Delaware.

“Our relationship first started with a comprehensive building automation system. Just before 9/11, we took a different approach to building management including everything that has to do with the buildings as well as security. Security has a major role but is also one of many elements,” commented Camp.

TRUST AND COMFORT

While systems integrators and facilities and security directors have identified 10 key questions to ask before starting a relationship, Camp boils it down to two words: comfort and trust.

“We would go to trade shows together,” pointed out Camp, as the integrator’s staff assigned to the Collier account got to know in detail the County’s needs, growth plans and culture. On the security side, the partnership started with card access control and video surveillance. Then about six years ago, things expanded. “I wanted a consultant, too,” said Camp. So Johnson Controls “became our consultant in addition to our technology provider. At that point, a true partnership was formed.”

The director of facilities management for Collier County aims for a one-stop source of product and advice, and he got what he wanted.

“Make sure you pick an integrator who can provide comprehensive services,” commented Camp.

“Instead of low bidding it, look for the qualifications, expertise and service supports so that as many of your needs are met,” added Camp. “And make sure the integrator can grow with you, too.” He also sees real value in an integrator who can supply products from a diversity of manufacturers and sources. “I secure courthouses, use metal detectors and have officer panic alarms, among other protection strategies. So it’s not just HVAC, security video and card access.”

How successful is the Collier County partnership? Skip Camp reports that his operation has become a constant destination for visitors from around the world as he shows off his security and facility technologies.

CONSISTENCY COUNTS

There is a dizzying array of exciting and emerging technology and neat ways to create “new-age” command centers but the right questions asked before the blueprints are drawn more often hit the levels of comfort and trust that chief security officers see as essential partnership factors.

Guy Grace shares consistency as a key integrator factor with Skip Camp.

“There are many factors that are important and must be evaluated before contracting with the security systems integrator. Number one: Does the integrator have a proven, consistent history in providing a quality system to the end-user?” commented Grace, director of security and emergency planning with the Littleton (Colo.) Public Schools.

Grace has a warning, though.

“Keep in mind that potential integrators can talk the talk, but can they walk the walk? The so-called walk would be that the integrator’s prior and current end-users are consistently happy with the end project,” added Grace.

“What this means is that the security executive will have to ask the integrator to provide a list of prior projects. The security executive would also ask the integrator if the key people working in his/her organization’s project had also worked on those prior projects. Obviously many integrators sub-contract and it is very important to ask about whom the sub-contactor is and hold them to the same standard as the main integrator.”

Prior client feedback is essential, according to Grace.

“The security executive would have to then make contact with his/her counterparts in the end-user organizations and get feedback on those projects. The number one question to ask those end-users would aim at getting an overview of what your colleagues are doing. Let them talk about their system. As professionals we all have pride about what we are doing and it never fails that we tell others about the good things that we are all doing when asked by a fellow professional. A personal view is the best feedback and many times it spawns other ideas,” pointed out Grace.

But then get down to business. “Afterwards get to the point and ask questions like was the project completed on time and at cost? Did the integrator deliver everything that was promised? How about contractual warranty repair issues? How was the integrator in meeting these issues? Was the system installed to standards? What would you do over again? How was the overall professionalism in the company? With the final question being, would you use the integrator again?”

Added Grace, “When you are done, look at your notes and be sure that the information you received is relevant to the project you are pursuing.”

CHECK BACKGROUNDS OF ALL WORKERS

After all of the above is completed, there are other unique security issues to consider.

“Since your organization values its security operations and is pursuing projects that will enhance security, the next question to ask is: Can the integrator not make you more vulnerable during and after the project? For example, if someone has any criminal intentions, nothing is better than knowing an organization’s physical security layout by installing it. Another factor: Do the people working on the system now bring a threat into your organization?” Observed Grace, “That’s why it is important that the integrator have stable, senior workman in all trades. In fact, for example, I would ask that the integrator to show clean background checks on all the employees involved from the accountant to the installer.”

With the contractual agreement, Guy Grace sees one key is pricing comfort for both partners. “Horror stories abound with integrators underbidding and end-users overpaying for projects. If you are both happy, the smoother things will go for you both. In addition, for the end-user, a very important point is to get the best warranty possible from your integrator. If you can get a 2-year or more warranty, do so. This also shows that the integrator will stand by his or her project,” concluded Grace.
There are even “before the dance begins” steps to take.

Roy Bordes has been in on the design and integration of hundreds of major security projects. He believes the chief security officer or security director needs to do some essential homework even before inviting in an integrator for a first talk.

“The security executive cannot talk to the integrator unless there is a good detailed specification of what the project entails and what is expected of the integrator from the standpoint of developing the system,” cautioned Bordes, president/CEO of The Bordes Group, which provides consulting services for clients requiring advanced technology integrated system designs.

IN-HOUSE TEAM INVOLVED

Bordes contends the security executive needs input from a minimum of three sources.

“Those sources include a technical source knowledgeable about equipment and how it operates; the enterprise’s IT director, who can provide input with reference to network capabilities and using that medium for video, data and signal transmission; and the director of facility operations for whatever sites are being secured. This person is always a wealth of information relative to the many questions concerning infrastructure capabilities on a site.”

Expectations should also be discussed.

“Unless a plan exists as to what is expected of the system, many of the features will be left on the table and it is very likely that the security executive will end up purchasing features in the future that actually reside in his existing integrated system but no one has told him,” contended Bordes.

The security systems design professional has his own set of questions to ask an integrator that Bordes feels are textbook perfect. They cover:
How long has the integrator been in business?
What is their capability to meet the project schedule?
Are they financially able to complete the project?
What is their relationship with the manufacturer of the technologies being specified?
Are their personnel certified and factory trained with reference to being able to integrate the technologies and sub-technologies?
Does the integrator have the ability to maintain and service the system?
Who are some other clients for whom they have installed similar systems?
To what extent can they identify and provide to the client new technologies that are developed after the system is installed?
What sub-technologies are involved and what is the integrator’s experience with these pieces of equipment?
Is the manufacturer of the systems willing to accept part of the responsibility to ensure the systems are operational?
Last but definitely not least, to whom is the system registered and does the client have the ability to purchase software upgrades directly from the manufacturer in the event the integrator goes out of business or “drops” the product line?
“Too many security executives think they can say, ‘give me a card reader here, put a camera there and make them work together.’ Unless they really are knowledgeable about the intricacies of getting this done, the results of their ‘integrated system’ will be less than acceptable,” warned Bordes.

SPECIALIZED PROJECTS

Then again, some specialized systems integration projects cry for specialized integrators.

Cynthia Freschi knows that. As president of North American Video, she has integrated some of the largest, most complex security video installations at some of the largest casinos, for instance, throughout the world.

“Just like any relationship, comfort is a significant factor. Take the time to meet with prospective companies to get a better feel for who they are and how you interact with them. The more you can count on communicating clearly, which is a critical factor on any project, the better the chance of total success,” said Freschi.

For the crucial security video project at Wynn Las Vegas, Freschi had to factor in construction of the total facility. “Our biggest challenge during the security project was construction,” said Patricia Fischer, executive director of surveillance at Wynn Las Vegas. “Most of the equipment had to be installed after walls and ceilings were in place. A detailed plan had video surveillance and security equipment on site and ready to go when needed during various stages of construction.” And Freschi, along with John Phillips, the integrator’s technical director of western operations and gaming industry veteran, personally directed the project team.

That showed the devil in the details nature of systems integration.

When it comes to a commitment to service support, Freschi agrees with Littleton Schools’ Guy Grace.

PUT SERVICE PROGRAM UPFRONT

“We had to get buy in from our IT department,” said John McDonald, Northside Hospital’s director of security. McDonald’s long-time security systems integrator made that teamwork challenge a positive experience.

Observed Freschi, “In most cases, service is provided for limited terms after an installation is completed by the systems integrator and, to some degree, by manufacturers. However, long-term service should be planned at the onset of your project to assure that your system stays up and running 24/7. Ask your systems integrator for a service program proposal in your initial discussions.”

NAV’s Cynthia Freschi has a simple 13-step countdown for a security video integration project.
Determine coverage requirements / “zones of protection”
Assess situations / location
Discuss budget
Evaluate specific needs / expectations
Review proposals and design parameters
Discuss / review short term and long term system objectives
Review additional system parameters – networking, satellite systems
Evaluate systems equipment and manufacturer recommendations
Review and approve final system specs
Enter installation phase; address concerns for new construction or rebuilds and need to work around
Commission the system – debug and get systems on-line
Train the staff
Establish system service and support
For Mike Havens, a security designer with HDR Architecture, chief security officers evaluating an integrator should take into consideration use of proprietary vs. non-proprietary systems. “Product manufacturers, designers and integrators have argued over the definition of ‘proprietary’ for many years. When considering facility and security systems, it’s important to consider the term as it applies to the products that are used within the facility. In a general sense, products that are available only from a single manufacturing source, aren’t installed or maintained by several integrators or cannot be purchased from multiple vendors fall into the ‘proprietary’ category,” said Havens.

PROPRIETARY VS. OPEN

Allowing an integrator to install proprietary products can cost in the future, even if it dramatically saves at first, according to Havens. “First, it’s likely that a limited number of integrators can work with a proprietary product. This can complicate future bidding processes. More importantly, a proprietary product’s manufacturer, and only that company, provides upgrades and maintenance. If that company goes out of business, their products — and the support for it — are no longer available.”

Havens also sees critical elements at the end of the integration process.

“It’s important that the systems integrator provide all required closeout documentation. This includes as-built drawings, equipment owners’ and maintenance manuals and other facility-specific schedules and manuals. These important documents should be stored in a location that’s readily accessible to security management and maintenance staff for future upgrades or renovations,” commented Havens.

The convergence movement also impacts the partnership between chief security officers and their systems integrators. “Convergence should meet business needs to reduce costs, share resources and improve efficiency, and at the same time, meet the standards-based requirements of the IT department,” said Michael Cation, CEO at NovusEdge, who sees multi-level convergence between physical and logical security but also between physical security and building automation.

SUPER INTEGRATOR SKILLS

If your enterprise aim is convergence, no matter if physical and logical security or physical security and building automation, make sure the integrator candidate is well versed in the details of this trend, according to Michael Cation of NovusEdge.

The “super-integrator,” contended Cation, is the firm that integrates security, building automation and IT operations.

Integrators who understand new government and industry regulations also have an advantage over others, according to some chief security officers touched by new regulations and industry requirements.

Security systems integrator Tom Keener, president and founder of Keener Technologies Inc. in Hawaii, took his knowledge of the Maritime Transportation Act, which also covers the U.S. Petroleum Industry’s coastal operations, to help The Gas Company of Hawaii harden the company’s offloading ports and terminals, which were identified as a major terrorist target.

Said Keener, “The system has saved The Gas Company several thousand dollars a year by displacing 24/7 security guards” while better meeting new homeland security requirements. The integrator set up the system to respond to DHS threat levels; to handle procedure changes; and the utility’s security executive can set so-called “time zones” by using the system’s command modes to allow only designated persons into the facility.

EXPANDING THE TEAM

Teamwork is both the foundation of the partnership between the security director and his integrator, as well as the basis for success as the team expands to include other enterprise players.

John McDonald, director of security at Atlanta-based Northside Hospital, knows best.

He has partnered for years with integrator Securitas Security Systems. But then the team had to be more inclusive. “We had to get buy in from our IT department. It marked a different way of doing business for us at the time. We were crossing into and sharing IT infrastructure for the first time. Due to the flawless execution of Securitas, it was and has been a positive experience. Other than that, we worked with facility services to pull cable,” said McDonald of a major security integration project.

Sidebar: A Partnership Is Honored

Perfect partnerships are not only good business but can also win national awards. The Sports Authority’s integrator/monitoring firm HSM Electronic Protection Services just won The First Line of Defense Award, a joint program of SDM Magazine, the sister publication of Security Magazine, and the National Burglar and Fire Alarm Association. First Line of Defense singles out the effectiveness of electronic security to prevent crime and catch intruders. Pictured are Terry Hodges (right), vice president for asset protection for The Sports Authority, inspecting a keypad at a Houston store with Gregg Oxfeld, HSM’s senior national accounts manager.

A strong relationship between The Sports Authority and HSM Electronic Protection Services has led to The First Line of Defense Award, a joint program of SDM Magazine, the sister publication of Security Magazine, and the National Burglar and Fire Alarm Association. First Line of Defense singles out the effectiveness of electronic security to prevent crime and catch intruders.

Steve McClain, senior vice president for asset protection, The Sports Authority, explained how his company selects companies with which it works. “One of the things we look for is a company that provides services where you come together and design the model that fits your company’s needs, not just a one-size-fits-all application,” McClain declared. “HSM…had a very strong customer service orientation. If there wasn’t something on the shelf that was readily available for us in our need to protect different things, we would work together as a team and create a design or product.

“We have specifications we have designed and utilized for all our stores, and a philosophy that surrounds it that protection systems should be designed to detect possible intruders early in the stages of an event,” he noted. “So we designed specifications that have layers of protection basically to give us an early heads-up.

“That’s done with motion detectors and contacts and (security video) equipment,” McClain noted. “We have some stores that have stronger integration capabilities than others. We do a risk assessment for stores based on the areas they’re placed in and the types of merchandise they handle. An example would be a facility that would sell guns, where we would have different protection capabilities.”

“There are a lot of talented people out there,” Gregg Oxfeld of HSM said. “The customer service aspect of follow-up and making sure that you provide your best job and to exceed the expectations of what you do in any facet of your life is the key to success.”

Oxfeld estimates HSM handles security for approximately 280 stores of The Sports Authority, which is approximately 70 percent of its locations.

Sidebar: 10 QUESTIONS YOU SHOULD ASK YOUR INTEGRATOR

1. Do you have the experience and expertise to become the single source of responsibility for design, integration, installation, commissioning and service? Do you have the experience and expertise with a wide variety of security, building automation and specialty systems?

The ideal integrator offers a comprehensive approach to creating and delivering diverse security and building systems tailored to meet your specific needs. This integrator should work with clients and suppliers to design and implement solutions that deliver simplicity of operation, enhanced effectiveness and cost-effective protection. This integrator needs to be the single source for turnkey installation and service of integrated systems as well as support for assessment, planning and design.

2. How do you as a systems integrator engage a systems project?

A relationship with a client typically begins at the very early stages of system design. The objective is to respect the project’s budget while meeting the needs of the facility’s prospective occupants. Involving the technology contractor early ensures that overall building architecture and systems are mutually supportive. The process results in streamlined systems that are efficient, optimized and future ready.

3. As a systems integrator, identify sources of potential cost savings.

An ideal integrator can help you make the leap into the future starting at the planning stage. They should begin with the future in mind. The ultimate function of the building should determine how it’s built; the ultimate goal of the project is growing your business. Taking a holistic view of your systems, the integrator should design and install technology to support your business objectives, not those of the design and construction team. These steps reduce infrastructure and system duplication, minimize risk and create better, smarter, more productive enterprise environments.

4. How deep and broad is your strength in computer and communications technologies?

Especially when working with your information technology area, an integrator that has computer and communications specialists – often certified through companies such as Microsoft and Cisco, to name two – talk the language of IT while naturally handling the electronic security aspects of the projects. It is better for your integrator to have such resources in-house. If not, get more details.

5. Do you have a national presence or close partners that can handle my needs across the nation or globally?

With an aim for a close partnership between you and your integrator that will last longer than, say, consultant advice, the ability to go to one firm to provide solutions, standardize systems, upgrade and provide maintenance without geographic limits is important. Even if you are not now spread out geographically, companies grow, acquire others or have to set levels of security at contractor sites or other areas.

6. What is your business philosophy when it comes to equipment selection?

Often the more types and brands of equipment your integrator handles or is knowledgeable about, the better. Proprietary approaches are yesterday’s way of doing business. Open systems, interoperability and scalability are essential today. Integrators that limit their selection may be as much working for the equipment manufacturer as for you.

7.What other enterprises are you working with? Please provide me with some client contact information at my level/title at those enterprises.

Talking with other clients can be educational. Make sure the references are at your level; colleagues are often more honest among themselves. Also explore the professional and technical organizations of which your integrator is a member. Those with a diversity of affiliations – security, computer, communications, users groups, etc. – show a commitment and knowledge base to handle the diversity of technologies involved in today’s security and building projects. Contact the appropriate people at those organizations to gather more information on your integrator.

8. Do you feel you offer competitive pricing?

For most chief security officers, pricing is not the only or highest factor. However, there should be competitiveness in pricing and it should be visible or provable.

9. What is your commitment to ongoing service after the sale? And what are the processes of that service and the depth of service staff within your firm?

Often service and maintenance are top concerns of chief security officers. Get a detailed idea of your integrator’s commitment as well as how he or she handles after sale problems. Also gather information on the depth, expertise and success of that staff when handling service issues.

10. Give me a few examples of “when things went wrong” and how you corrected them.

Any service provider will gladly talk about the winning relationships but it is often more telling to have your integrator talk about the problem projects, too, and how the problems were solved.

BONUS

Who will be your key members assigned to work on my project? Give me some details of who they are, their skills and knowledge, areas of expertise and availability by me when I need them.

The more key people within the integrator company you know and of which you are comfortable, the better. Share with your team and get to know your integrator's team, in reasonable detail.

Sidebar: Try This Exercise

Getting to know each other is a two-way street. Cut down the hang-time with this exercise suggested by Jack F. Dowling, CPP, PSP, of JD Security Consultants.

“Both the integrator and consultant should be asked to explain three challenges they encountered in a recent project and how they handled these. This will furnish an idea of each partner’s ability to be flexible and demonstrate their problem solving skills,” advised Dowling. He also suggested the each should present some “what if” questions about the project to see how they would address these concerns and issues.

“Determining actual independence from any particular vendor should be a focus of the first meeting. The need to be objective and unbiased is important in the attainment of the most efficient and effective technology and system,” contended Dowling.

Sidebar: Don’t Have RFP Writing Experience?

Writing a Request for Proposal can prove to be difficult to say the least, especially if you have little or no experience with it. If you don't have RFP writing experience, hire someone who has, suggested Joseph A. DiDona, director, corporate security of The Reader's Digest Association. Or go to security colleagues in your industry or business and see if you can use his or her template.

Try an end-around to gather more data on the potential integrator. “Check with appropriate manufacturers to determine the integrator’s ability to provide service, the history between the manufacturer and the integrator,” pointed out DiDona. Geographic coverage for service is as important, or more so, than for installation at those remote sites.

“Ask the integrator if he or she is able to provide service to several geographic locations (if necessary) or have the capability to ‘partner’ with others who will be able to support remote locations,” added Joseph DiDona.

Bill Zalud
zaludb@bnp.com
Bill is the Editor of Security Magazine, and he can be reached at (630) 694-4029.

Mix of Admin Confidence and Security Tech in the Schools

Guy M. Grace Jr.

Security: Solutions for Enterprise Security Leaders

My Turn: A Partnership of Practicality and Innovations The Littleton Public Schools is proactive in planning and prevention. One example: the sense of teamwork instilled between first responders and the school district. We are confident that we can respond to many types of emergencies, said Guy Grace. November 21, 2006 Guy Grace, Littleton Public Schools (Colo.) manager, security and emergency planning, works closely with Scott Murphy, superintendent of schools, and they view their shared mission and evaluate policies, procedures and technology innovations. How do you work with your CEO or other top management? Guy Grace: The most critical area is that of communication and keeping the superintendent and the leadership staff informed about security and emergency planning; this happens 24/7. The superintendent and leadership staff would expect no less of the security team. This puts me as security manager in a unique role with a wide variety of duties. For example, during the daytime I assist the schools with issues ranging from preparing incident reports to programming security cameras to coordinating and assisting a response during an emergency. At the end of a typical school day, security has addressed 12 incidents, at least half of which required communication to the leadership team. The position requires that I be available to respond 24/7. For example, I always respond when there is a crime in progress on school grounds and or when a serious crime such as vandalism has taken place. Most vandalism to school property takes place after hours. In addition, sometimes our students become involved in situations off campus. For example, we have had children who have run away from home. As a result, our local police departments include the school district in the investigation because we can respond 24/7 and can provide key information that insures the safety of the student. It goes without saying that the superintendent and the leadership team want to be informed about what is going on when these incidents occur. When a school is burglarized at 1:30 am, both security and the police respond and the superintendent is fully briefed about the situation, as is the school principal. Sometimes these incidents result in property damage that must be cleaned up immediately after the investigation. The goal is for the staff and students to come to school and not even know a crime has been committed. The superintendent also relies on my briefings so that he may alert Board of Education members about the incident and possibly address the concerns of a parent who saw the police cars around the school. He also takes a proactive approach and will contact me when he is concerned about a security matter. For example, he was concerned about the buildings over the 4th of July weekend. He contacted me on a Sunday afternoon; all he wanted to know was that we had implemented security precautions such as extra patrols. I know he knew that I had implemented extra precautions, but his call showed that he cared and that his mindset was in tune with what we are doing in the security office. How do you work with your top security executive? Security innovations including upgrades are an important part of the Littleton Public Schools plan, according to Scott Murphy, superintendent of Littleton Public Schools, and Guy Grace. Scott Murphy, Superintendent: Guy Grace is incredible at what he does. And, because of this, we rely on him a great deal. Superintendents don’t like surprises. One of the things I value so much is the way Guy is able to give me daily briefings of the state of security throughout the district. He keeps me informed of incidents that students, parents and neighbors may have questions about, which helps me be prepared to answer those questions. He makes sure I don’t have surprises. He is the center of the security command and control structure. He responds quickly and appropriately. Guy also has great relationships with local law enforcement. They work together frequently and regularly. Guy chairs our local interdisciplinary emergency planning team, on which many local law enforcement, health and emergency responders sit. Guy is also a great strategist. We ask him to help us brainstorm issues that affect safety and security—to ask a lot of “What if…” questions so that we can be proactive as much as possible. Guy also helps us communicate to our community effectively in times of crisis. He has a clear understanding of the issues, and he understands the role our director of communications must serve with the media in terms of representing the district in times of crisis. They have a great working relationship, and Guy is able to create a positive environment for her to communicate from, whether it is on or off school property, or from a law enforcement command center.

Security Magazine-November 2006 www.securitymagazine.com

2001 Association of School Business Officials Pinnacle of Achievement Award

Association of School Business Officials Magazine Article
Guy M. Grace Jr.
Manager of Security
Littleton Public Schools
Littleton, Colorado

School-based emergencies present an array of significant issues, particularly in our day and age. All educational entities are well advised to adopt response procedures designed for immediate, effective implementation.

Districts that don't yet have such a plan could benefit from the work of Guy M. Grace, Security Manager for Littleton Public Schools in Colorado, who site-specific emergency preparedness CD Rom project earned him a Pinnacle of Achievement Award.

Preparations for the project began in the summer of 1998. At that time, Grace embarked on a collaborative effort with Littleton's Assistant Superintendent, Director of Property Management Services, and Supervisor of Building Operations to compile site-specific data for facilities throughout the district. Their work resulted in a series of individualized, easy-to-use CDs for all of Littleton's schools and auxiliary buildings.

Littleton Independent
Community News
November 8, 2001
John Lloyd-Staff Writer

Guy Grace knows just about every square inch in all of the Littleton schools - 15 elementary schools, four middle schools, two charter schools, three high schools, and several alternative schools. And in a few months Grace, Littleton Public School's district security manager, and his security crew will know every inch, every nook and every cranny in all of the schools and district administration's buildings.

If the Littleton police need to know a specific classroom or rooftop of a certain school, if the Arapahoe County Sheriff's Office is wondering if there is a window access to Room 22 in Lenski Elementary School in the City of Centennial, if Littleton Fire Rescue firefighters want to know just to get into the basement of a building to reach the main water valve to shit it off, they can. Easily and simply.

It's the centerpiece of Grace's three-year long project - the LPS Emergency Preparedness/Response CD ROM for which he was awarded one of only three 2001 Pinnacle of Achievement Awards given nationwide and in Canada, sponsored by the Association of School Business Officials.

In essence, the CD gives law enforcement, fire departments and school personnel easy access to building floor plans, maps of the neighborhoods surrounding schools and administration buildings, and aerial photographs. It can also access weather channels.

School principals, SWAT team personnel and fire rescue members can access the information via the CD on their headquarter computers and laptops. Better yet, it can be downloaded into a palm pilot. And even better still, Grace and Security Facilitator Cathryn Niles have photographed and videotaped every elementary school in the district and transferred it to the CD. They are currently finishing middle and high schools, Grace said.

That's about 36 miles of school district, measured in a straight line, on CD. Every hallway, every single classroom, maintenance room, basement, rooftops, main entrance, back door, gymnasium, kitchens, main offices and the principal's office.

"The SWAT team needs information on the fly", said Grace, in security for 17 years, including a stint as a military policeman with the U.S. Army. He took over as the district's security manager in 1999 after 12 years with LPS.  "They could pull out a palm pilot and see a picture of a classroom", said Grace. "An officer might say, 'I need to see classroom 20.' Click. It's in his palm pilot.

Begun before Columbine, the CD has been requested by dozens of city and county agencies from law enforcement to fire rescue to school districts from around the country. "Here, we've been working with the Littleton Police Department, the Arapahoe County Sheriff's Office, and Littleton Fire Rescue and of course the school district", Grace said.  "We learned a lot as we went along, " he added. "We've taken hundreds of photos, hundred of videos."

The videos come with full narration, telling the user how to reach any particular location they wish to reach. "You know where you are all the time," Grace said.

"Suppose a hostage situation arises at an elementary school," Grace said. An officer, with the CD, could view the room, either photo or video. "He or she could know if there was cover in the room," Grace said. "He could know if there were concealment point, if there are windows. They could see, 'Maybe we can look through that window safely, or we can come in this way." And after hours, he said, it's dark. "Maybe you can't turn the power on," Grace suggested. "This gives you a lighted way." "With the CD," he said, "they have intelligence." All the walls and halls, bathrooms, and classrooms, offices and entryways should be photographed, filmed, narrated and Cd's by the end of the year, Grace said.

"We've kept it simple so everyone can use it. That's the key," he said, "simplicity,"

Littleton Public schools have a security system other districts envy. Its cameras sense  motion and zoom in on culprits.

As Published By Karen Rouse
Denver Post Staff  Writer
August 16, 2005

Littleton-In June, when a couple of late-night thieves decided to help themselves to construction materials at Field Elementary School, they didn't realize they were being watched by a "virtual bulldog."

As they drove onto school property, their vehicle headlights tripped the alarm in the Littleton School District's security office. Automatically, cameras monitored by a guard, zoomed in on the activity.

Despite the fact that he was sitting miles away, the guard was able to contact law enforcement officers without taking his eyes off the men as they loaded material onto their truck.

"It was a very quick action," said Guy Grace, manager of security and emergency preparedness for the district. "It provided evidence and information."

The $1.8 million security system was paid for as part of a 2002 bond package aproved by Littleton voters.

The system, which district officials began installing last school year, is in 18 schools and will be in all 26 district schools by November, Grace said. The project includes replacing all building keys with key cards with individual ID numbers.

The system-nickanmed "the virtual bulldog" by the district's security team-features camers that can sense motion and body heat, zoom in on license plates nearly a mile away and give district officials 360-degree coverage of school grounds.

It replaces an older system that relied on multiple black-and-white television sets that gave a grainy picture and required security staff to be at a school to witness a disturbance.

"We didn't have the ability to monitor 24 hours a day from one location," said Diane Leiker, district spokeswoman.

It has also made Grace the envy of others in the business of protecting students, staff and property at schools.

Larry Borland, director of school safety and security in the Douglas County School District and president of the Colorado Association of School Safety and Law Enforcement Officers, said that while the district has 500 cameras monitoring its properties, Littleton's system is more advanced because it is integrated.

When alarms are triggered in Littleton, the camera assigned to the alarm will rotate to focus on the trigger point, said Borland. In Douglas County, that must be done manually.

"I'm jealous of Grace's system, he said. "He's really ahead of the curve in terms of metro Denver, the whole state."

From the security office, where a wide screen can display activity at more than two dozen sites simultaneously, cameras captured a boy as he hurled a brick through a window at Lois Lenski Elementary School. The camera also documented a driver who stopped and urinated in a school lot and other break-ins.

And since the system was installed, Grace noted, kids don't seem to play on school roofs as much anymore.