Security Audits: They Must Be Done
The word audit seems to carry reprehensible connotations in many areas of life. Our industry is no different. But the fact of the matter is we rarely come across a facility that meets the minimum-security standards of the owning organization.
First, let’s start with the basics: there must be a standard. A previous FOCUS article discussed the advantages and structure of a corporate physical security program. To sum it up, an organizational program is necessary for efficient, large-scale operations. At the beginning of every project, the goal is to be able to say, "This is how we do it." Too often the question is, "How should we do it this time?"
Second, everything must work. For example, this means:
Every door contact, motion detector, card reader, glass break detector, tamper swich and other sensors must be in good repair and working order. In most cases, this means annunciating at the central console when activated. Each CCTV camera should provide a sharp and clear video picture. Even on new installations, it is rare to find a system that meets these requirements.
Every motion detector must be properly aimed to provide the required coverage. For request to exit devices, this means the hardware must release the door-locking device in sufficient time so as to not impede the movement of the exiting personnel. For volumetric applications, this means that the traffic path of asset to be protected is clearly included in the detection volume of the sensor. Additionally, in most cases, it is well to consider the potential direction of movement so that the sensor can be oriented to the highest probability of detection. CCTV cameras must be positioned to provide a clear view of the area under consideration. Proper lighting must be provided.
Every card reader must reliably read the chosen credential under all expected conditions.
There are many reasons why installed security systems do not operate as they should. Components may be defective from the manufacturer. Damage may also result from maintenance or normal facility activity, especially in manufacturing or warehouse environments. Mistakes during installation can result in leads being improperly terminated. An end-to-end test (field device to the annunciating terminal) will verify the integrity not only of the components but the data transmission path as well.
Even relatively small security systems contain hundreds of alarm points, all of which must operate properly. Therefore, verifying complete operability can be a tedious task. For new systems, the installation contract should require the installer to test the total functionality of the system. These tests should be conducted under the supervision of the owner and documented in writing.
Testing does not end with the acceptance of a new system. Every organization should develop a program to routinely (at least annually) test the functioning of their integrated access control, intrusion detection and CCTV systems. While time consuming, it will promote a better understanding of the system by the maintenance and monitoring staff resulting in increased operational efficiency. Head-end testing is another issue. Ask me next month.
Randy Nason, PE, VP
|
