The Last Line of Defence: How Well is Your Business Protected?
There are few guarantees when it comes to managing risk and improving business resilience. But when solutions do come with some assurance, they warrant closer examination.
Michael Miles, Managing Director of Technocover discusses.
Sabotage, terrorism and infiltration are growing threats for critical national infrastructure, while theft, extortion and vandalism are risk factors of concern to all businesses.
Identifying these security risks is one thing. Implementing appropriate upgrades of operational assets and buildings to mitigate them is even more of a challenge, especially in the current economic climate.
Nevertheless, asset and security managers are under pressure to harden vulnerable areas of their operation against physical breaches and unauthorised entry. Greenpeace’s infiltration of Tricastin nuclear plant in France last year was a timely reminder of this.
In the UK, the government has long picked up the baton on asset protection in the utilities. The water industry works to a legislated standard of security, while telecoms, energy and transport have mandates on security, too.
This is driving the adoption within these sectors of third party certified security equipment – primarily CPNI or LPCB approved - for the protection of access points, process equipment, production storage and operational buildings. We are referring here to physical security products such as doors, locks, access covers, kiosks, escape hatches, window bars, louvres, cages, and associated ‘built-in’ deterrents to unauthorised entry.
CPNI and LPCB approval regimes test and rate the resistance of products for different categories of physical attack corresponding to different levels of risk, broadly from low to terrorist. In other words, they provide a tested measure of the product’s capability to defend the asset and resist entry, giving time for response by police or security personnel.
Assurance of Performance
This assurance of performance becomes extremely important when, for example, a door or access cover stands as the last line of defence between the assailant and process or asset under threat. Measures such as video surveillance, access control, biometrics and remote management provide important layers of security to intercept and identify unauthorised personnel. But ultimately, they are not designed to provide physical defence against a determined gang with heavy-duty tools.
Strange to say, but history’s depiction of the final assault on a castle with a battering ram has resonance for today’s security management. In many instances, asset integrity often comes down to how long an engineered ‘barrier’ will prevent infiltration of the ‘stronghold’.
Strategically, much is at stake if today’s strongholds of water, gas, electricity and telecommunications are breached.
It could be the doors and emergency exit to a building with strategic IT, production or site management facilities. It could be a cabinet with vital electronic controls, switch gear or water sampling outlets. It might be a kiosk housing hazardous chemicals or cables that could be targeted for their metal content. It may be an access cover to underground power distribution, telecommunications or water installations which must also foil attempts at other forms of sabotage such as chemical contamination not to mention theft.
Third party certification is as close as you can get to a guarantee of the physical integrity of these critical points and assets against an assessed level of risk. This can have far-reaching impacts on a business, from enhanced protection of supply infrastructure for business continuity and more favourable risk assessment for insurance purposes. Effectively, when you build in third party approved equipment to the fabric of your operation, you are also building in greater business resilience and a greater insurance of the bottom line.
Increasingly, asset managers across critical infrastructure and commerce are looking to the benefits of certified security for their risk strategies and business cost base.
Certainly, demand in the utilities has generated greater choice, sophistication and volume of third party approved products. Alongside CPNI approval which has grown out of government testing, LPCB third party certification is widely accepted as an alternative in the infrastructure, commercial and public sectors.
Under LPCB approval, façade elements must meet a robust dedicated standard, LPS 1175 (Specification for testing and classifying the burglary resistance of building components, strong-points and security enclosures).
Products are tested and awarded an LPCB security rating – SR 1 to 8, where 8 is the highest – according to the duration of attack and type of tools they are able to withstand. The security rating (SR) classes product performance according to a proven hierarchy of assessed risk of attack that is updated in response to Home Office guidance. LPCB also assesses the resilience of the product to possible ‘intellectual’ strategies to assail its defences.
Significantly, LPCB approval is not based on one product test. Through regular audits, LPCB certification ensures that the product continues to comply with the prevailing standards and their revisions. The LPCB auditing process ensures and helps to confirm that the product on the market offers the same security performance as the product which was originally tested.
Although a type test indicates the test sample meets a particular performance standard, the test results do not guarantee future products will provide equivalent performance. In addition, LPCB approval can only be awarded to companies already assured by ISO9001 quality systems for design and manufacture.
Third party certification represents a very significant investment by the manufacturer in design and production quality, and, in the case of LPCB, the on-going assessment of products. Better marques of security are not easily gained; almost 95% of products submitted to LPCB fail first time.
Inevitably, equipment certified to approval systems like LPCB may come with a perceived higher price tag. But this comparatively small extra investment buys not only a substantial element of engineering certainty, but can safeguard against potential business disruption or even catastrophic event that could cost millions of pounds.
Manufacturers signed up to certification like LPCB are invariably quality and innovation driven, and will consider other functionality in their designs. For example, assisted lifting on access covers, removable roofs to kiosks and access control on doors, enhances both operational efficiency and health and safety. The quality of product protection against corrosion, such as steel galvanising and paint finishes, will have a bearing on equipment durability and maintenance – also important in maximising return on security investment.
While CCTV, intruder alarms and other surveillance systems play an important role in asset protection, physical security as the last line of defence is especially critical for insurers.
An insurance company will have a perception of the level of security appropriate for a specific type of built asset and will require the customer to meet that expectation. If not, the insurer may be unable to insure at normal terms, may need to apply a higher excess or higher premium, or may even decide it does not want to take on the risk.
Certified security products will positively affect insurance assessment and premiums, especially over time when their effectiveness is demonstrated in reduced claims.
An insurer may recommend or even stipulate a reliable security standard including LPCB approved products and LPS 1175. Notably, businesses that self-insure often specify products to LPS 1175.
According to a recent study, huge growth is predicted in the global market for physical security – from $55.59 billion in 2013 to $85.51 billion in 2018. But businesses need to look carefully at the credentials of the security products competing for a slice of this burgeoning market.
With much of the UK’s critical national infrastructure in its hands, the private sector faces tough challenges in protecting critical assets to required standards under the competitive pressures of a commercial market.
Robust physical security protects more than just bricks and mortar and operational infrastructure. It pays off in other areas of risk management, including health and safety, operational efficiency and insurance liability, as well as underpinning business resilience and continuity of service.
For all types of business, inside or outside critical infrastructure, security products with reputable third party approval could be the best route to maximising all of these returns.
For further information telephone 01938 555511 or E-mail: firstname.lastname@example.org
Published in Risk UK Magazine, March 2014