It’s easy to forget that video surveillance is only part of the security manager’s operational matrix – without the support of additional systems and effective procedures, CCTV cameras are reduced to the role of investigative tools – useful but not able to inform security staff in real time, writes Luke Percy-Dove.
OVER the last few months, aside from doing the typical security design and risk assessment work that accounts for the bulk of our time at Matryx, we have also been auditing a diverse mix of commercial properties and acting as expert witnesses in a couple of civil suits. It has been both varied and challenging at times. What has been really interesting is learning what security means to each of the businesses that we have been working with and how they go about securing their properties.
One of the common themes has been a very high reliance on CCTV for property protection which we would strongly recommend against unless the CCTV is supported by other systems and processes. So we thought it was time to explore what security is, how it should be applied to your property or commercial premises and how to determine what you might need aside from CCTV.
What is security?
A quick search of dictionary.com states that security is:
1. Freedom from danger, risk, and safety
2. Freedom from care, anxiety, or doubt; well-founded confidence
3. Something that secures or makes safe; protection; defence
4. Precautions taken to guard against crime, attack, sabotage, espionage.
It is clear from these descriptions that security is intangible. It is not necessarily a product or a service, but more of a mindset. And it will likely be achieved only once a series of steps or precautions have been undertaken.
How do we apply security to a property or commercial business?
Security of a premises will be dictated by the property in question and its individual risk profile. This cannot be guessed or assumed, as each property will be different in some way; differing suburb and local environment, neighbouring properties, traffic patterns, crime rates, accessibility, lighting, parking, trees and foliage; the list goes on and on.
A fellow security professional that I have known for many years and have enormous respect for, once said to me that the level of security required is always ‘just enough’. It’s a principle we have embraced at Matryx and helps us bring perspective to many of the security recommendations we put to our clients. So the very first step that needs to be determined is what ‘just enough’ security actually is, relative to the property we are advising on. The best way to do this is to undertake a security risk assessment in accordance with ISO 31000 for risk management. This will identify the risk profile of the property and determine what risks need to be considered and addressed.
From the risk assessment process, it is common for a whole series of recommendations to be put to the client for consideration. We say consideration, because whatever is recommended to the client needs to make sense and not contradict the theme of the business. For example, you wouldn’t recommend steel bars and roller shutters to a welfare organisation that is heavily involved in community engagement. Security needs to achieve a purpose and more often than not, will come with a low profile. Security needs to achieve a purpose and more often than not, will come with a low profile.
Assessing your security performance – How well is your security working for you?
When we are deciding what measures are appropriate, we need to be mindful of what each treatment is capable of achieving relative to the fundamental principles of security risk management. These principles are:
* Deter – Will the measure provide a level of deterrence?
* Detect – Will the measure aid in the detection of unlawful access?
* Deny – Will the measure aid in the denial of unlawful access?
* Delay – Will the measure delay access into or from the property?
* Respond – Will the measure allow an efficient response to a criminal or other event?
Very few security treatments can tick all the boxes and achieve full compliance with each of these principles. So more often than not, security will be achieved through a range of treatments that are complimentary to one another.
When recommending a security treatment that has a physical or operational aspect to it, we need to understand exactly what function it will perform. The simple way to do this is to use a table such as we have below to compare treatments and to understand what value each can add from a security perspective. When recommending a security treatment that has a physical or operational aspect to it, we need to understand exactly what function it will perform.
In the table below, we have listed a range of treatments that can enhance security and would be common to many commercial properties. It can also be used to help you determine how well your security is working for your business and if it is meeting your organisational objectives.
Security Treatment Deter (*1) Detect Deny Delay Respond
Security lighting Possible Possible (*2) No No No
CPTED compliance Possible Possible (*2) No No No
Door, window locks Possible No Yes Yes No
Window Grilles Possible No Yes Yes No
Cyclone fencing Possible No No Yes No
Security fencing Possible No Yes Yes No
Intrusion detection Possible Yes No No No
Alarm monitoring No No No No Yes
CCTV Possible Possible (*3) No No Yes
Bollards Possible No Yes Yes No
Security gates Possible No Yes Yes No
Security guards Possible Yes Yes Yes Yes
Security Patrols Possible Yes No No Yes
*1. Deterrence is subjective and will be based on the state of mind and motivations of the intruder
*2. Detection would be achieved through improved surveillance of the property
*3. Where video motion detections and analytics have been applied.
In an ideal scenario, you would employ a mix of treatments that ensures you can achieve a ‘yes’ in each of the 5 columns at least once when all the security treatments applicable to the property have been listed. Once you can confidently say that, you have probably achieved a reasonable level of security. To improve on that further, we would recommend that at least two methods of detection are always used. This could be reed switches fitted to perimeter doors and internal intrusion detection. Or intrusion detection and VMD. Or security guards and CCTV. The point here is that if one treatment is bypassed for some reason, then another opportunity for detection still exists.
For high security properties or where risk of loss is greater, we would go further again and ensure that each column has a yes in it at least twice or more. This is good security risk management. If you are not sure how many boxes you can tick in securing your property, or how well your security is working for you, a professional security consultant can show you how. ♦
*Luke Percy-Dove CCTP is a physical security and risk consultant and a counter-terrorism and critical infrastructure security adviser at Matryx Consulting.