Registered Professional Engineer
Instructor at George Washington University, teaching “Integrated Security Systems” and “Corporate Security Management”
Member of A/E National Standing Council for ASIS International
Back to basics: functional requirements
Today, large companies are frequently expanding, and the end-result is a conglomerate of various companies that have been merged together. In these situations, it is highly unusual for the philosophy of the electronic security system — including functionality, scope of implementation and variety of manufacturers — to be standardized.
With the goal of moving to a more holistic electronic security philosophy, these organizations would be best served by developing functional requirements.
Functional requirements have been used for years to provide organization and structure to a security system, they allow for easier installation and upgrades in the future, and they ensure that future projects are cost-effective. The obvious goal is providing more consistent, uniform security across the enterprise.
The corporate culture often includes standards for the corporate mission statement, quality control, HR rules and regulations, IT infrastructure and hardware, and much more. The Security department can provide added services and benefits to the corporation through standardization as well.
Electronic security philosophy standards within a corporation are designed to:
1. Develop a common employee identification/access card;
2. Establish consistent procedures and alarm responses;
3. Provide cost savings in the security budget;
4. Ensure compliance with local/national codes and customer requirements;
5. Facilitate a consistent employee and visitor experience and expectation; and
6. Enhance information gathering.
So, what security functions should be standardized? To help answer this question, electronic security must be evaluated by desired functionality vs. the current evolved system — a.k.a. functional requirements. These requirements would state functional attributes that will enhance the electronic security system, thereby bringing about standardization.
For example, large corporations often share a common security access control problem: the lack of a standardized employee identification/access card. These corporations — often as a result of multiple mergers and acquisitions — are faced with access control card/badge systems from multiple vendors, which hinders an employee traveling among the various company facilities.
Management’s desire to develop a “one company/one employee identification access card” philosophy and mindset is hampered by the lack of a security functional requirement (using multiple employee identification badge/access cards).
Thus, the functional requirement might be to implement a standardized employee badge/access card that will facilitate easy movement within all locations of the corporation.
Functional Requirements across the Enterprise
A list of enterprise-wide functional requirements should be developed that will facilitate developing electronic and administrative security solutions. The solutions may overlap several functional requirements — but the requirements must exist before the solutions can be developed.
Implementation of security solutions should incorporate procedures, modifications to facilities and electronic security modifications. Each corporation will have unique requirements, but many are commonly shared, such as the universal employee badge/access card example, which will be referred to throughout this article.
There will be generally understood and/or implied ramifications regarding the universal badge example. Understood ramifications would be:1. Employee badges must conform to a standard visual format (photo size, colors, information printed on the badge, use of nicknames, clearances, etc.); and
2. The badge will allow visual and electronic access to general areas within all corporate facilities.
Examples of implicit ramifications include the sharing of credential numbers across all facilities, while ensuring that there are no duplications of credential numbers. To address this, a manual and/or automatic process must be put in place. The automated process eliminates human error, although it adds to the overall cost of the system.
Why are these ramifications important? If there are facilities that are primarily controlled by visual badge checking, then obviously a standardized, visually recognizable badge would be desired. Without electronic standards, the technology in the card, as well as the credential number in the database, will not allow access at different facilities without having to deploy multiple cards. This implied standardization requires standards for technology, protocols and a credential number for each employee that is shared in some fashion within the corporation with the various facilities.
The choice of technology for the electronic access control system — proximity, smart cards, etc. — is often based on corporate culture. The technology must be incorporated into every facility and new ones as they come aboard. Minimal training should be considered to educate employees on the new technology.
Depending on the existing access control systems, multi-technology cards and readers may be required as part of a transition plan. Each facility will also have to develop a roadmap explaining the path it will take to conform to the functional requirement.
A World of Requirements
Other functional security areas include video surveillance, intrusion and fire alarms, control center operations, and many more.
A possible functional requirement for video surveillance could be a desire that all camera coverage is recorded and automatically available to the Security Investigation department’s office for review and evaluation of cases.
A possible functional requirement for security central station(s) could incorporate a regional, business group or corporate-wide UL security control center(s) to monitor the alarm systems.
The key is that the functional requirements must be developed at the enterprise level, which will certainly effect the corporation’s culture, environment, employees, security requirements, existing electronic security systems and customers.
The Next Step: Security Surveys
After the functional requirements are developed for the corporation, the next step is to understand what electronic security functionality exists at each facility. A Security Survey should be sent to each facility or group of facilities that are under the oversight of a given Security manager, along with an explanation about the reasons for the survey.
The survey may, in and of itself, uncover additional functional requirements that need to be added to the list. The surveys help an electronic security expert to find the best solutions that are most cost-effective to achieve the functional requirements of the corporation. A spreadsheet developed from the surveys will illustrate the current status at each facility.
After the process of standardization begins, it is important to know and control any planned expenditure for electronic security equipment that could impact the enterprise functional requirements at a given facility to minimize additional cost.
With the survey results and the functional requirements in hand, a large corporation can finally begin to discover the best options for accomplishing its functional requirements.
Just like there is no single badge/access card technology that addresses all issues, there is no single way to accomplish a given functional requirement. The challenge for the security professional is finding the technology most suitable for said functional requirements. Solving functional requirements is more of an art form than it is a scientific method. Obviously science and technology are part of the solution, but the way the technologies are used and interconnected to achieve the functional requirement is more of a creative and intuitive process.
There are many other electronic security components that might also be addressed in the standardization process. Decisions will be made to determine if these components are an issue or not during the development of the functional requirements.
Back to the universal badge example: The cost of manufacturing and updating employee badge/access cards is a process that has substantial recurring year-after-year labor and material cost. After implementing the functional requirement of a universal employee badge/access card, cost savings will be realized on a continuing basis.
Suplemento Temático: Los nuevos retos del Director de Seguridad