Establishing Business Impact Levels and Risk Tolerance for your business.

Depending on the planning and investment in business plans and risk management, small business can flourish or die if the impact of an event or incident directly impacts on their operations or financial resilience.

Family and micro businesses are especially vulnerable as even a small loss due to repetitive incidents such as burglary, break and enter and shop stealing; or a reduction in family or other employees needed to operate the business due to injury, illness or death, will have a critical impact on cash flow and business operations. A critical impact then can be broken down as any hard dollar or reputational loss that could endanger the survival of the company.

The loss of stock, through fire, can be mitigated through insurance but the loss of customer/client information and listings through commercial espionage or loss of stock and client electronic data through a cyber crime ransomware attack can impact on your businesses reputation and operations.

Operations may also be interrupted by natural events, damage or breakdown of machinery, systems or equipment, power or gas outages, fuel delivery strikes, the failure of a supplier of goods or services or delayed deliveries or absenteeism of essential employees. There are many possible scenarios which should be considered such as:

Some quantifiable impact categories for a small retailer could include:

·         Inability to record sales

·         Inability to accept returns

·         Inability to process debit or credit cards, cheques (checks), gift cards, certificates

·         Inability to replenish merchandise

·         Inability to move merchandise between locations

·         Inability to respond to customer communications

·         Inability to advertise

A manufacturing company may see quantifiable impact categories as including:

·         Inability to order materials

·         Inability to receive materials

·         Inability to assemble materials

·         Inability to advertise products

·         Inability to process orders

·         Inability to ship products

·         Inability to collect payment[1]

 It is incumbent on all business owners to understand their risk tolerance and by identifying and evaluating the impact of disasters on business, owners can establish the basis for investment in recovery strategies as well as investment in prevention and mitigation strategies. To do this you need to have developed a risk management plan.

Once you have developed a risk management plan, you should conduct a business impact analysis to assess the likely impact of these risks on your business operations. This is the preparedness step in the prevention, preparedness, response and recovery (PPRR) model[2] for developing a business continuity plan. A business impact analysis identifies the activities in your business operations that are key to its survival.

Business owners should recognise that a business impact analysis (BIA) is a continuous process that predicts the consequences of disruption of a business function and process and gathers information needed to develop recovery strategies. Potential loss scenarios should be identified during a risk assessment. It is not a one-off process.

We don’t conduct one BIA report then step back from it for a year or so. It needs to be constantly monitored to take into consideration changes in the sales, production or security environment. As crime changes and moves from areas of a city or region, threats levels will change and as many small enterprises have found, a series of break-ins, caused by displaced crime, can change the financial state of a small business in a very short time and threaten its continued viability.

The first step in developing your analysis is to ask yourself some key questions:

·         What are the daily activities conducted in each area of my business?

·         What are the long-term or ongoing activities performed by each area of my business?

·         What are the potential losses if these business activities could not be provided?

·         How long could each business activity be unavailable for (either completely or partially) before my business would suffer?

·         Do these activities depend on any outside services or products?

·         How important are the activities to my business?

As the risks to your business change, so too will their potential impacts. When you update your risk management plan, you will also need to conduct a new business impact analysis.

Seek advice from all levels of your business in order to identify all processes and functions that go into making your business function, then, ask yourself these questions:

·         what could occur if this function of my business was unable to function for any reason?

·         where could critical financial impact occur and what is the potential amount of the impact?

·         where could critical reputational impact occur and what is the potential amount of the impact?

·         under what circumstances could a critical impact occur? and

·         what is the effect of the impact over a lifetime?

 Let’s look at an example of a small business that produces widgets for the mining industry. The widgets are high use and replaced every week to be refurbished by the manufacturer. If we have a crisis and are unable to supply the widgets, mining companies will understand a delay of a few days by adjusting equipment operation to reduce wear on existing widgets, but some may not be able tolerate a delay and may be forced to reduce or cease operations until supply is re-established. The cost to mining companies could be very high but the cost to the small business could be catastrophic if its reputation is damaged by the crisis that results in companies seeking alternate suppliers.

Business continuity and business resilience that arise from BIA reports are critical in ensuring you can weather a crisis and whilst bringing in expert consultants to work with you to develop your report on the results of a BIA is a good practice, you can assist by preparing BIA Worksheets that can greatly assist in bringing critical functions to the fore and allowing you to understand the real impact of events on your business.

A business Impact Analysis Worksheet allows you to look at each function, department or process and identify at which point in time, an interruption would have the greatest impact. Each worksheet should be developed for each department, function or process that you have identified. A simple example is shown below:

Business Impact Analysis Worksheet[3]

Department / Function / Process……………………………………………………………

Operational & Financial Impacts

Timing/Duration	Operation Impact	Financial Impact
Timing: Identify point in time when interruption would have greater impact (e.g., season, end of month/quarter, etc.) Duration: Identify the duration of the interruption or point in time when the operational and or financial impact(s) will occur. •   < 1 hour •   >1 hr. < 8 hours •   > 8 hrs. <24 hours •   > 24 hrs. < 72 hrs. •   > 72 hrs. •   > 1 week •   > 1 month	Considerations (customize for your business) Operational Impacts: •  Lost sales and Income •  Negative cash flow resulting    from delayed sales or income •   Increased expenses (e.g. overtime, outsourcing, expediting costs etc) •   Regulatory fines •  Contractual penalties or loss of contractual bonuses •   Customer dissatisfaction or defection •   Delay executing business plan or strategic initiative	Financial Impact Quantify operational impacts in financial terms.

As part of your business impact analysis, you should assign recovery time objectives to each activity to help determine your basic recovery requirements. The recovery time objective is the time from when an incident happens to the time that the critical business activity must be fully operational in order to avoid damage to your business.

By identifying a time frame necessary to recover and financial amounts to measure your risk appetite where you feel that the business can recover, you can add the information to the table (such as in the above example) to provide better context upon which to base your assessment of priorities for mitigation.

The information resulting from the BIA can be used to bring some local clarity to your consequence rating on your risk management matrix. The table based on ISO31000:2009 below provides a simplified example of how the BIA could be used when applied to business operations, creating your business impact level (BIL).

Minimal BIL-1	Minor BIL-2	Moderate BIL-3	Major BIL-4	Catastrophic BIL-5
Impacts on business operations
Operational capacity
·   Minimal impact on operations. Some reduction on function or process effectiveness but can be dealt with by routine procedures in place.	·   Minor impact on operations. Some reduction on several functions or processes effectiveness but can be dealt with by routine procedures in place.	·  Significant degradation in organisational capability to an extent and duration that, while the business can perform its primary functions, the effectiveness of the functions is noticeably reduced	·  Severe degradation in, or loss of, business capability to an extent and duration that the business cannot perform one or more of its functions for an extended time	·   Severe degradation in, or loss of, business capability to an extent and duration that the business cannot perform any of its functions. ·   Business closure likely.
Business Assets
·   Low or no damage to assets	·   Some damage to assets that will affect functions or processes whilst replacements are obtained. ·   Time frame for replacement >3 months.	· Damage to assets that result in multiple functions or processes that reduces productivity until replacements can be obtained. · Time frame for replacement <3 – 6 months.	·  Damage to assets that results in long term harm to the business. ·  Time frame for replacement <6 months.	·   Damage to assets that are irreplaceable or beyond financial capacity to replace.
Business Finances
·   Low or no financial loss	·   Medium financial loss that does not impact on the ability or capability to meet financial obligations. ·   $100,000 - $500,000	·  Financial losses are covered by insurance and recoverable within a short term but will have a short-term effect on capability. Potential regulatory attention. ·  >$500,000 - $800,000	·  Substantial financial loss leading to key activities being shelved and loss of public/shareholder confidence. Likely regulatory attention. ·  >$800,000	·    Significant financial loss leading to significant damage to the organisations 'brand' and ability to operate. Significant regulatory attention. ·    >1000,000

Note: Estimated financial losses based on micro business model requiring a reliable cash flow.

The information that arises can be used to:

·         evaluate whether the limits of insurance are adequate. Are you underinsured?

·         compile an inventory of properties and assets and determine whether insurable values reflect inflation costs over time, and

·         allow a review of whether property, stock and other insurance policies adequately cover actual cash value or replacement cost.

It can also provide you an overview of just where you need to improve your supply chain to ensure stock, plant or equipment can be replaced within a minimal timeframe to ensure business resilience.

The BIA can assist in allowing you to properly determine just what your risk tolerance level is. A small micro business (such as an on-line business or a restaurant) may have a risk tolerance of BIL2 whilst a medium size business, with a sound client base, good supply chain and regular cash flow may be able to tolerate BIL-3. Each business differs, and each risk tolerance level will differ.

Your mitigation strategies and security investment will, in most cases, align with your level of risk tolerance in which case second guessing would be a dangerous strategy but undertaking a BIA to determine consequences and business impact levels will provide you with quantifiable evidence upon which to make business decisions. Your business impact analysis will also help you develop your recovery plan, which will help you get your business running again if an incident does happen.

Like your Business Plan and Risk Management Plan, your Business Impact Analysis is a tool that can provide you an element of certainty during periods of crisis.  As Benjamin Franklin stated in his Philadelphia address on fire safety, “an ounce of prevention is worth a pound of cure”.

It is as true today as it was in 1736.

---

[1] https://www.ready.gov/business-impact-analysis

[2] https://www.business.qld.gov.au/running-business/protecting-business/risk-management/pprr-model

[3] https://www.ready.gov/business-impact-analysis

Safeguarding the workplace - A practical guide for public servants

UR

CENTRAL TO

SECURITY

Security Series No. 2
by Ray Andersson

SAFEGUARDING THE WORKPLACE

A PRACTICAL GUIDE FOR PUBLIC SERVANTS

These days we all should be careful about home security - locking doors and windows, having suitable locks and lighting.  It is also an unfortunate fact of life that we need to be on our guard against theft in the workplace.

Many of us think of our office as a “home away from home” and we want to believe that our personal possessions, and the government owned equipment we use, will be safe at work.  We don’t want to think that our personal items or work tools will “walk off”.  But office security, like personal health, is often lightly regarded until something happens.  There are departmental and Australian Federal Police (AFP) concerns about the incidence of theft in the workplace.

Some managers and employees may falsely believe that crime in the workplace is not their problem, that it is a matter for security to deal with. Theft at work is a problem for us all.   Don’t be disadvantaged through carelessness at work.  Get your co-workers and supervisors together to discuss how you can best ensure the security of all property and staff.

Here are some basic pointers on how to prevent or minimise theft in your workplace.

Personal Belongings

Ø  ALWAYS keep your wallet or handbag with you or locked in a secure drawer or cabinet. Never leave them unattended.

Ø       Smart thieves are quick. Never leave petty cash, government credit cards, wallets or purses insecure, even if its only for a minute or two. Lock them away unless you are using them or they are in you personal possession.

Ø       Ensure that a safe place is provided by your agency, to secure your personal belongings in the workplace, then use it.

Ø         When  you travel on official business, keep your excess cash, debit or credit cars or traveler’s cheques with you or locked away in a hotel safe. NEVER leave ‘valuables’ in your suitcase, under the mattress or in a coat pocket.

Visitors 

Ø           Don’t assume that a stranger wandering in the building is a member of staff.  A simple “Can I help you” may be all that is necessary to deter a potential thief.

Ø           Don’t allow anyone to remove equipment without checking first that they have authority to do so.

Ø             Don’t leave callers alone in the office.

Repairpersons 

Ø           Ask for identification - even if the repairperson is wearing a uniform;  if you must leave the office area ensure that attractive items and information are properly secured in your absence.

Ø          Be cautious ... uniforms, or patches with company or a person’s name, can look authentic but can be stolen or imitated by determined thieves.

Ø             Always check the identification of any stranger who comes to your office to do repair or other type of service work.  If you think it’s necessary, call the repair company and ask if they have a work order for your office and who is authorized to do the work.

Reporting Incidents     

Ø           Notify all security related incidents - including any apparent security weaknesses which may have contributed -  to your Security Liaison Officer who will notify the Security Manager.  Make sure you report anything that is missing - government or personal property - immediately.

Ø          Try to remember the day and time you last saw the item and where you saw it.  Describe the item thoroughly.  If it is marked with an identification number or symbol, give that information to the security liaison officer.

Your departmental security units' role, in dealing with reported incidents, is to analyse the incident and its circumstances, co-ordinate investigative and preventative action to mitigate any further occurrence of a similar incident, and to give feedback to management and employees reporting incidents.

Keeping Track of Your Office Equipment and Furniture    

Ø            Ideally, all office equipment and furniture should be marked, e.g., an engraved symbol and an identifying property number, in a prominent spot.  Plans to mark relevant items should be discussed with the appropriate equipment officer in your area, as some marking procedures may conflict with Departmental policy.    Also, where practical, mark any personal property with your initials and/or an identifying number (e.g. Driver’s Licence No.).

Ø             Ensure that an an up-to-date inventory of your office furniture and equipment (and a separate list for personal property) is kept in a locked drawer or cabinet.  List each item, with its model and serial numbers, engraved or marked symbol, and a thorough description of the item.

Ø            Do regular inventories of equipment and furniture that is not used daily, and don’t store unused equipment (Tablets, audio recorders or other attractive items) on top of cabinets, under tables, or in isolated areas.  Lock the equipment in a cabinet or closet and make sure all items are marked and listed; it may be more practical for unused equipment to be returned to a stores area.

Ø              Consider whether larger equipment (eg. personal computers, laptops, etc) should be secured by an approved security device.

Safe Combinations/Computer Passwords/Keys

Ø            Memorize  combinations and  passwords, but you should also have a backup system for use when a co-worker is on leave or moves to a new job and no one remembers the combinations and passwords.  

Ø         Write or type the safe and vault combinations and computer passwords on a piece of paper.  Double envelope the paper and secure with appropriate security wafer seals.  Put the envelope in an approved security container and record details of anyone accessing the contents of the envelope.  Change the combination(s)/passwords, as soon as possible thereafter.

Ø           Ensure that all combinations and passwords are changed on a regular basis, and especially when a staff member ceases duties in that particular office/area.  Be careful with keys and locks.  Keep keys in a safe place, not “hidden” in drawers, tins, etc.  Your departmental security unit can help with advice.

Office Security Tips

Ø              Keep that back door locked.

Ø              Lock all offices or conference or storage rooms that are regularly unoccupied.

Ø           If you’re the last person to leave at night (and especially before weekends or holidays), secure all computer systems, critical files and copiers.  If your office uses any electrical appliances, make sure they are switched off.  Most importantly  - close and lock all relevant windows and doors.  Where alternative arrangements have been made for cleaning, emergency access, etc., lock your office door.

Ø             Remember that not all thieves are necessarily outsiders.

Business Security: Another Break-In - Where do we start?

We are all familiar with the media reports of crime against business in our communities and can understand the reluctance for businesses to remain in operation as the loss through crime exceeds potential profit arising from continued business and they fight rising insurance costs, repair costs from crimes committed against their business, loss of income from stolen merchandise and loss of profit from their business that can affect their own, and families, well-being.

Business owners and their managers should not be living in an environment of fear, yet we live in a time where the balance of power is tilting towards criminals rather than law abiding citizens. Governments and Police have their hands tied, reducing their capacity to effectively address the problem of crime due to its inherent multitude of root causes such as social, mental, environmental and gang mentality issues that do not have simple solutions.

Businesses cannot continue business in the same way and expect different results. Business today must look at their business from a criminal’s viewpoint and identify vulnerabilities and, unfortunately in most cases, these vulnerabilities cannot be addressed by the business owner or retailer but also become the responsibility of property owners and Council.

Retailers continue practices that have been part of the industry for many years where marketing and promoting merchandise promotes sales and profit so we see large glass windows incorporated into building design to ensure the desired merchandise would be so inviting that shoppers will enter the store to either buy the merchandise on show or browse and shop, thus ensuring sales and eventual profit for the store.

In our current environment, such displays encourage offenders to break-in and steal merchandise and glass windows are not created to stop a determined attack. Why then, do we see retailers replacing vulnerable glass with identical products, yet expect a different outcome?  We need to start hardening business as part of a crime prevention strategy.  We cannot stop crime, but we can reduce opportunity and desire due to the increased risk of getting caught. Business and retailers must start seeing security as an enabler, not a cost to business. It’s time to shine the light on security and crime prevention.

True security for businesses relies on principles that have been in place for many decades and used from the earliest times of humans seeking protection from the elements, animals and enemies.  The principle is that of ‘Defence-in Depth’ or for business ‘Security-in-Depth’.

This principle relies of a series of ‘layers of barriers’ that protect that which is desired to be protected. It could be a person, secret information, IT systems, high value merchandise, a factory or business. These layers are mutually supporting, and each rely on each other. Many crime prevention methodologies also incorporate the principle without directly referring to it. The principle of ‘Security-in Depth’ incorporates:

·        Deterrence,

·        Detection,

·        Delaying, and

·        Response.

When we look at a typical retailer today, we see a premise that may have some small security signage on windows or the entry doors, have deadlocks installed on entry doors and emergency lighting required under Fire Regulations but the major investment on security is done within the shop itself, with electronic article surveillance, intruder alarm systems and possibly CCTV.  The error in this is that offenders are already inside, and any response is post damage and theft.  The store suffers a loss through the damage committed and its capacity to recover and continue business relies on their insurance company and local business support in undertaking repairs and insurance covering the repairs and restocking quickly.

Once an offender is inside a retail store or any other business, it is too late; your physical security has not protected your business and you will suffer a loss.

Fortunately, ‘Security-in-Depth’ is scalable from the very small to the very large.  As such, it is not something that can only be implemented by large enterprises.  Very affordable and effective options are available for small business however as many businesses do not own the premises that they operate in or the land outside the premises, they are limited as to what they can do, individually, and must have support from building owners and local Council.

Security-in-Depth must start at the outside perimeter of the asset to be protected and have layers of barriers that deter and delay any attack, allowing time for response. The traditional castle, pictured here, is a good example of this.

For a multi-occupancy shopping centre, the first layer of security may be the public area between the carpark and the building perimeter.  

For others where underground car-parking is in place or the premises faces a public street, the first line of defence will be on the footpath and around the building perimeter with a fence line at the sides and rear and vehicle barriers installed away from the building perimeter, on the sidewalk, at the front of the premises.  This will require local Councils to become part of the solution in identifying suitable barriers that do not detract from the environment yet deter or reduce the impact of any vehicle impact against the building structure and deter ram raiding.

Using both manpower security and technical solutions, a perimeter can be made safer, however the use of security manpower to provide patrols and response can add up to quite a considerable sum, so businesses must look at the return on investment for any solution. Ask yourself this question: How much can I, as a business, afford to lose before security costs become a business enabler and be seen as part of the cost of doing business?  


When looking at security-in-depth, using a range of security technology will assist in bringing together the layers of physical barriers by providing detection and reporting.  The technology includes:

• Intruder alarm systems,
• Intruder detection detectors (motion detectors, glass breakage etc),
• Digital CCTV systems (good quality Digital Video Recorder and high-quality CCTV cameras),
• Security lighting,
• Security film or steel security screening for glazed areas,
• Physical security hardware for doors and shutters.

The effectiveness of this technology can be further supported by private security services, security alarm monitoring centres and Police.

Businesses must ensure that all perimeter areas of the premises are protected. Hardening the front and leaving the delivery dock vulnerable is poor risk management. Layer any physical security around the premises to deter and delay any offender from continuing an attack on the premises. Keep in mind ram raiding when assessing risk as this will require vehicle mitigation strategies to be installed in areas that may be controlled by local Council.

Use of security technology can assist protection through the installation of security lighting around the building perimeter along with suitably installed CCTV cameras that have motion detection capability.  This provides you the second line of defence, providing detection and reporting to a security alarm monitoring centre that has the capacity to link in to the business CCTV system and get a positive record of an intruder, to inform police of a credible offence in progress. Modern CCTV systems that incorporate artificial intelligence can provide an automated CCTV system that can greatly improve protection.

The perimeter of the building structure will be the next layer of security and it should be designed to provide delay, through a series of physical barriers and detectors.  Use of steel shutters or roller doors that are securely locked down using floor anchors or other high security locks, with intruder alarm detectors installed on shutters and doors to alert a monitoring centre of a potential attack is effective although may not be aesthetically pleasing.   The entry doors should be also protected with a steel shutter or roller door anchored down to prevent attack by hand operated tools or lifted using car jacks and have detectors installed on the shutters or roller doors to alert security alarm monitoring centres to an attack in progress.

Glass windows can be hardened by installing impact resistant film and further protected by steel security screening, based on the results of the risk assessment undertaken on the business. Glass breakage detectors are also a useful tool to install on glass windows.  Linked to the intruder alarm system they will alert a monitoring centre to a continued attack on the premises, that can be passed on to Police or a responding security force.

For those who are in high risk areas with continual break-ins, installing attack resistant glazing would be recommended. Attack resistant glazing combines laminates with glass to maintain the existent appearance of normal glass but meets Australian Standard AS/NZ 2208:1996 - Safety glazing materials in buildings and AS3555.1 (2003) Building elements - Testing and rating for intruder resistance. 

A number of companies in Australia can supply attack resistant glazing that is constructed to ensure attack weapons simply bounce off, making penetration all but impossible with glazing designed to meet the Australian Standards, to protect against sledgehammers, axes, crowbars, picks, chisels and bolt cutters; giving 30 minutes of intruder resistance thus providing adequate time for response.

Internal motion detectors may be installed to provide final alert that intruders have breached the outer perimeter of the premises and are now inside the building. If the outer layers of security are effective, these detectors should not activate.  If they do, there is a gap in your outer defences and this gap may be response.

Security-in-Depth is not effective without all parts working together and, in many cases, it is the response that is the weak point of this system. Physical security measures are not designed to prevent entry into premises but are designed to delay any such entry, giving sufficient time for response by Police or a contracted security service. Of course, any delay encourages offenders to move on as the risk of being caught in the act would outweigh the benefit of continuing an attack on the premises.

A good quality lock or security door may give 20 minutes delay against common simple hand tools and improvised weapons (barring ram raids), which is the window of time in which offenders can be apprehended or scared away by responding Police or contracted security services.  The recommended window of time for any response is 15 minutes, with 10 minutes being great. This reduces the time offenders have to physically attack the building perimeter and reduces repair costs as no entry will be gained due to intervention.

By layering physical security utilising Security-in-Depth, with all elements in place and operating effectively, businesses will have the best chance of surviving an afterhours attack on their business.

The cost and implementation of having an effective crime prevention physical security barrier for a business must be borne by the business owner, the property owner, local Council and the Government (once again a layered approach). Taking short cuts, accepting or ignoring the risks is playing into the hands of criminals, who are out to benefit from your hard work and investment. It’s your business but your employees and the shopping public share the effects of crime against your business and crimes against your business can have a flow-on effect to the local and national economy.

Good business security doesn’t need the guards and gates mentality of the past. Business security in this modern age encompasses a wide range of business practices and new technology that not only protect the business building and stock but protects its reputation, its people, its information and its very existence as an on-going entity. The modern security mentality is that of resilience and risk management, with physical security mitigation strategies designed to deter, deny, delay and respond to events that allows a business to recover quickly and bounce back from the adverse event.

Design your security well and it will pay off in reducing the impact of crime in your area.

Crime Prevention Safety and Security Audit Kit

I have finally completed a Crime Prevention Safety and Security Audit Kit for use by community groups, community members, schools ad businesses.

Sergeant Rod Strong (NT Police, retired) did some good work back in the 80's that has been reviewed, updated and expanded to provide more information and provide support and information for business owners who are prime targets for crime.

my next project is to look at some suggested treatments to provide a start point for Audit Groups and business owners, to get them thinking and looking critically at what could be achieved and how.

Crime Prevention Safety and Security Audit Kit

Security Awareness for NT businesses - The Principles of Physical Security

Since the beginning of human endeavour, humans have used barriers, tools and procedures to protect themselves from attack. These practices have developed into principles over the generations of human development and are as relevant today as they were many generations ago.

The basic principle is that of layering defences to protect the asset that you wish to protect.  That could be your business or your family, but what does this layering actually attempt to achieve?

What we seek to achieve is a robust series of layered security measures to achieve security-in-depth.  This is the basis for all protective security, including the securing of IT systems.  The strategies may change but the principle of security-in-depth will remain.  

This system provides mutually supporting protective security measures that provide well defined protection of an asset or even your family.  It is adaptable and can be used in many areas of security where protection is necessary. Our army has practiced this principle for most of existence under the term 'Defence-in-Depth' when used to protect defensive positions..

Although it is a very old practice, we are seeing the principle being disregarded in crime prevention strategies and security being installed to rely on one element and at times one piece of technology.

When we look at many some crime prevention risk mitigation strategies being approved by State and local government agencies, it is obvious that these decisions are not being based on solid principles of defence, or security-in-depth.

What are these Principles? They are to Deter, Detect, Delay and Respond.

Deter

The deter perimeter is the farthest one from the location of the assets and is often a mix of Legislative controls (laws), physical infrastructure such as fences and lighting and policies and procedures that are posted as signage along fence-lines.

The security objective on this perimeter is to deter the criminal from even attempting a breach of the protective system. Signage, laws and regulations along with business policies and procedures all contribute to deterrence.

Deterrence is a psychological battle, and when security wins, the criminal activity never starts.

Applying surveillance technology along the perimeter of large enclosures such as industrial sites, will make it obvious to all approaching the perimeter that they are under surveillance.

Signs saying, “no trespassing” or “area under surveillance” also aid in communicating a deterrent message to unauthorised persons.

Deterrence also includes routine foot or mobile patrols of the area by police or security.  it reinforces ownership and crime awareness under the CPTED Principles and increases the risk of detection. The most common form of deterrence for industrial sites is that of a guard dog, however, if overcome, the property will be exposed to criminal attack.

This layer will deter the law-abiding person and most opportunist offenders. 

Detect

The detection layer’s security objective is to monitor large areas of space to accurately detect possible unauthorised intrusion in time to respond appropriately. Surveillance camera technology, is improving all the time and is very effective as an accurate detection tool.

Important objectives are the timely notification to security personnel, and having the ability to digitally or optically zoom into the area where intrusion was detected to clearly identify what is occurring and who is involved, with the ability to clearly identify those involved.

The use of external and internal motion detection technology enhances detection, providing a method of tracking an intruders progress. When combined with CCTV, these become an excellent tool for detection and assists response units by providing situational awareness.

Having patrolling guards, who detect unlawful entry also fulfils this principle and allows for more rapid response, when the event is reported to a control centre.

 Delay

The delay layer’s objective is to slow down an active intrusion enough to force the intruder to give up, or allow the security team to respond.

Use of heavy duty locking hardware and security padlocks on gates will delay an offender, who may be attempting to enter your property and may cause them to either change their attack method, scale the fence or gate or withdraw from the area to move to a softer target.  We would prefer that they move on.

Often, interior locking doors or other physical barriers are used to slow down the intrusion. Surveillance cameras can be used inside the delay perimeter to provide situational awareness and measure the effectiveness of the delay countermeasures.

The use of attack resistant laminated polycarbonate glazing or installing steel mesh security screens protecting glazed areas of the building perimeter structure will provide delay and, if supported by a detector, can give alarm to an attempted entry via the particular point of attack, providing responders with necessary information to quickly attend and challenge the offenders.

Insufficient delay will negate the effectiveness of other layers of security. Time is needed for a response and delaying is the tool to achieve the necessary time. 

 Respond

The response layer is typically a police or security personnel response that attempts to apprehend the intruder.  

Surveillance is used at this perimeter to record the apprehension and determine the effectiveness of the response.  

This final perimeter often includes the involvement of law enforcement and typically overlaps the other perimeters.

Some final comments

The general rule is that the farther away from a secured building the more expensive are the security measures. This holds true for cameras, sensors and access control systems.

Designing outdoor systems requires detailed upfront planning because of the wide range of operating conditions to which the security systems will be exposed. For cameras, lighting and weather conditions are the biggest problems the system will have to overcome and requires expert knowledge of surveillance systems and system capabilities to select the right solution.

Holistic design processes that combine both indoor and outdoor perimeters will provide the most effective physical security systems.

Look at your business or home. Where are your vulnerabilities?

• How can you modify or harden your building perimeter to best apply the principles of physical security and reduce your vulnerabilities?
• What technology can I afford to provide mutually supporting defence of your property?
• How effective is response to alarms in your area? The cost of implementing sound physical security may be negated by poor response.

Keep in mind that good security does come at a cost but the biggest cost will be not training your people and yourself in testing and using the technology. 

Know your systems well and test your systems to identify gaps or system failures.  A DVR hard drive in tropical areas, subject to severe electrical storms can be easily damaged during wet season tropical storms and, without testing, may not be identified as an issue for some time, leaving your business vulnerable to not having video evidence, when needed.

Security-in-depth and the principles of physical security rely on mutually supporting measures that complement each other. Reliance on one system to protect your property is gambling with your security and safety. Keep this in mind when people are advising you of how you can improve the security of your business or family home.

Crime Prevention - Preparation for Christmas

Christmas is coming to town and so are the criminals. Don't make their job any easier. Some simple hints to make your property safer.

1. Keep trees and gifts away from windows Don’t openly display your Christmas tree and gifts in the front window so it’s easily visible from the street. It can be tempting for criminals to smash the window and grab wrapped packages.

2. Hide presents Even if you don’t have children to hide presents from, make sure criminals can’t see them through your windows and doors by hiding them in cupboards and under beds. That includes gift-wrapped presents under the tree, if you won’t be home.

3. Look lived in If you’re going away for Christmas, make the house look lived in. Ask a friend or neighbour to keep an eye on your property, open and close curtains and put lights on. If you’re going away, ask a neighbour to park their car in your driveway to make it look like someone’s home.

4. Triple check your locks Make sure all windows and doors are firmly shut and locked when leaving home. Leaving an entry path slightly open is a temptation for a burglar.

5. Hide packaging When you take the bins out, make sure all packaging from expensive gifts is ripped up and buried under the rest of the rubbish, so criminals can’t easily see what you might have in the house.

6.Don’t run electricity cords through window cracks Burglars prefer to enter through unlocked doors or windows, so an electricity extension cord running through an open window to exterior Christmas lights can be an open invitation. Hire an electrician to install an inexpensive outside plug for outdoor lights.

7.Give a trusted neighbour a spare key Burglars know to look for the hidden door key near the front entrance. Don’t hide spare keys under rocks, in flowerpots, or above door ledges. Instead give the spare key to a trusted neighbour.

8. Be careful what you post on social media If you post on Twitter or Facebook that you’ll be away on holiday or visiting relatives over the festive period, you’ve given the green light to intruders who will know they won’t be disturbed. The same goes for posting how excited you are about expensive gifts, which could help thieves start a shopping list.