business security guide

Every year Thames Valley Police sees many businesses which have been affected by crime, from the independent shop owner to the multinational company. Business crime is not a victimless crime, it can have longterm effects on the organisation and its staff. The effects go far beyond financial loss and short-term inconvenience. Security considerations should be an integral part of any business plan and not something left as a reaction after the event. Look at your business through the eyes of a criminal. How easy would it be for someone to break into your premises or even to walk into an office and take your property? How vulnerable are your employees' vehicles in your car park? What procedures have you employed to stop fraud or theft by your employees? These considerations should be regularly reviewed and, when dealt with, will support the longterm success of your business. Thames Valley Police, together with the generous support of businesses, has produced this brochure to help you improve the security of your company and aid recovery in case of disaster. By following the advice it contains you will greatly reduce the risk of becoming a victim of crime. The police cannot work alone. We need to work together if we are to reduce business crime. For further information please contact your local police station and ask for the Crime Reduction Advisor. In case of difficulty you can contact the Force Crime Reduction Office at Police Headquarters on 01865 846662. Thames Valley Police also operates a Crime Prevention Design Advisor service which specialises in reducing crime through the design of buildings and their environment. The advisors can also be contacted through the Force Crime Reduction Office. You can also view our website at www.thamesvalley.police.uk as well as the Home Office site at www.crimereduction.gov.uk Peter Neyroud Chief Constable Thames Valley Police The appearance of an advertiser anywhere in this publication must not be taken to imply approval by Thames Valley Police or Ten West Publishing. How to use this guide T This guide is designed to be a user-friendly, step-by-step guide to security for the non-practitioner. It is not meant as a comprehensive manual that gives detailed information in every subject area. The intention is to help point you in the right direction to show where you may have a weakness in security. You should be particularly concerned if your premises have already been subjected to crime. Once a commercial property has been attacked, it is five times more likely to be targeted again. The successful criminal has identified where some weaknesses are, it is therefore important toupgrade the security at that point. For example, merely replacing a broken window at a point of entry with another similar window is inviting a reoccurrence. You have not tackled the route of the problem. Take a few minutes to run through the checklist on pages CONTENTS Page Contents 1 Security checklist 2 Selecting your security supplier 5 External environment 6 2-4 of this publication. This will help you establish the effectiveness of your existing security measures and identify any areas for improvement. Then take the steps (often simple and inexpensive) outlined in the relevant sections to upgrade your current measures and procedures. Fire and personal safety must come before security issues; therefore fire regulations must not be breached. Before deciding on any new security measures, it is paramount that fire regulations are adhered to. Detailed advice is available from your local Fire Safety Officer. Building security 9 Alarms and alarm communication 12 Closed circuit television (CCTV) 14 Internal environment 17 Office equipment and IT 20 Business fraud and computer crime 22 Property marking Crime prevention advice is given free without the intention of creating a contract. Neither the Home Office nor the police service take any legal responsibility for the advice given. No part of this publication may be reproduced or transmitted in any form, or by any means – electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without permission from Ten West Publishing 01235 763385. Crisis management and recovery Staff 25 26 28 1 Security checklist . . . . . B By taking a few minutes to read through this section you will be able to identify those areas, if any, where your defences need to be strengthened. This is not meant as a comprehensive listing but it will serve as an indicator of the appropriate measures that should be considered. Where you require detailed or comprehensive security advice, it is recommended that you seek the help of an expert. Many commercial security companies are well placed to carry out a survey of your premises. See also ‘Selecting your security supplier’. General security issues Has a full risk evaluation survey of your premises been undertaken in the last couple of years? Have you identified all areas that are particularly vulnerable to vandalism or forced entry? Has guidance been sought from your local police sources or from the security industry on the security measures that you may require? Have you considered taking part in, or forming, a Business Watch scheme? Are the premises in good repair? Has consideration been given Do you allocate a specific budget to be put aside each year and have you established a rolling programme for crime and vandal prevention measures? to protecting or eliminating recessed doorways, concealed yards, shrubs, planted areas and similar features that can give cover to intruders? Are the premises regularly Are acts of vandalism recorded and reported immediately on discovery including full details of the nature, time, place, and cost, to a central recording point? Are all staff warned to note and report any suspicious activities and when strangers are seen on the premises? External environment (pages 6 - 8) Does your perimeter protection meet the guidelines outlined on pages 6? Are your boundary walls, fences and gates regularly inspected to ensure that they have not been damaged and that their security capacity has not been compromised? checked for neglect and kept clear of rubbish? Have you checked that the siting of outbuildings, bin shelters and other potential climbing aids do not offer a means of access? Are all tools and ladders securely locked away? Building security (pages 9 - 11) Are all doors of a sufficiently solid nature and adequately secured against potential break-in? Do all the locks, bolts and other door furniture meet the necessary security standards for the level of risk? Are all the locks frequently Have you installed security Have you sought professional advice on the siting, quality, and capacity of security equipment necessary to meet the risk level? illumination on your premises and do you make regular inspections of the lighting to ensure that it is in good working order? 2 inspected to ensure that they are in full working order? Is the locking up procedure of the premises under the control of competent officials? ................... When they are closed, are all keys to external doors removed from the premises or adequately supervised and protected - have you considered using a specialist keyhandling company? Does your alarm’s Do you limit keyholding to specific people and record the issue and return of keys? Have all keyholders been briefed to check that requests to attend the premises are genuine? Are the frame structures of all windows fully secure and fitted with quality locks or limiters, and do they meet security standards? Is the alarm system set Does the glass in all windows meet security standards? Have you considered security bars or grilles particularly for the most vulnerable windows? Do you regularly check the bars, grilles, and surrounding masonry for weaknesses and deterioration? Have you considered the use of a central alarm monitoring station? and unset solely by designated personnel, trained for this task? Is there an established procedure for police to contact keyholders promptly in the event of an incident? Is the alarm system inspected and maintained regularly? Have you registered your CCTV system with the Information Commissioner? Do you adhere to the police and data protection requirements for recordings to be used in court? Have you sought professional advice on the siting of cameras, remote monitoring, and the latest technology? Is your alarm system fitted with sequential monitoring? Are the names and details of keyholders to be contacted in case of emergency logged? Are all cameras regularly checked to ensure that they are in good working order? Does your system suit the existing level of risk and lighting conditions? performance meet police requirements and minimise the incidents of false alarms? CCTV (pages 14 - 16) Have you considered the use of CCTV? Alarms and alarm communication (pages 12 - 13) Are all areas of the main buildings included in the alarm coverage? If you are about to purchase an alarm system, have you obtained more than one quote from reputable dealers and asked whether the installers are members of a recognised independent inspectorate? 3 .................. Internal environment (pages 17 - 19) Do all visitors entering the premises have to pass through a fully supervised reception area? Do you have an identity badging system? If so, is a thorough record kept of all visitors and are badges only released against signatures? Has your computer Are visitors always accompanied by their host, both on entering and leaving the premises? Do you encourage your staff Are staff and employees fully trained in security awareness, especially those on reception? Office equipment and IT (pages 20 - 21) Is all your hardware secured to the infrastructure and sited away from open view? Are all smaller pieces of valuable equipment such as laptop computers securely anchored to the desk or building infrastructure to stop the walk-by thief? Is all important data fully backed up on duplicate tapes or disks and are copies stored away from the premises? Is access to your systems fully protected by confidential passwords? Has the plan been regularly reviewed and updated (eg. annually)? Business fraud and computer crime (pages 22 - 24) Do you have equipment to control external access via modems to your computer system? Crisis management (pages 28 - 32) Have you drawn up a comprehensive business continuity plan? not to leave any portable office equipment in their cars? Have you considered electronic tagging or chemical marking of valuable items of property? equipment been fitted with electronic tagging or tracking devices? Have you recorded all details of electronic/computer equipment eg make, model and serial number, and kept this record in a safe place? Do you have a complete listing of make, model and serial number of all equipment? Are all pieces of valuable equipment on the premises marked with identification? Property marking (page 25) Have you clearly publicised the security measures that have been taken at all points of access? Are your smaller pieces of equipment stored in secure safes when not being used? Have you issued an Information Security Policy document? Is your system fitted with a virus checker and is this regularly updated? 4 Selecting g your security supplier cheaper but can be prone to break down or require frequent servicing, thereby offering ineffective protection and costing you more in the longer term. Equally, the most expensive products and services may include far more than you actually need. A written guarantee of provision Always get a specification, written in layman’s terms, of precisely what the supplier is agreeing to provide, eg. how many cameras will be installed, how many guards will be employed (and the hours they will work) and of course, the costs. Having talked to at least three companies, set out the specifications and obtained quotes, you can then make an informed choice. Security consultancy Large companies should consider the use of specialist security consultants. Your local police crime reduction advisor will be able to give you comprehensive, impartial advice of a more general, rather than technical, nature. S Selecting appropriate security can be a potential minefield without previous experience on which to make an informed decision. Security is a business risk that needs to be managed as an integral part of any organisation. Before purchasing any such measures, it is imperative to identify precisely what needs to be achieved and how it will impact on the rest of your business. The problem is frequently compounded by the fact that the decision to safeguard the premises is often as a result of victimisation. It is tempting therefore to rush into decisions rather than selecting the most appropriate measures following serious and rational consultation. Prior to commencing the search for the correct security it is advisable to allocate a specific budget and devise a rolling programme to combat crime and vandalism. Selecting your security measures You should seek direction from your insurance company to ascertain their requirements, the nature and quality of protection that they demand. They may even provide a list of companies that they consider to be of good standing in any particular sector. Source a supplier The following should be considered: ■ How long has the company been trading? ■ Can it provide an on-going service? ■ Is it a member of a recognised industry body or association? ■ What is the level of training and qualifications of the staff? ■ Can the company carry out all of the work itself or is some sub-contracted? ■ Does the company specialise in any particular field? ■ Is it adequately covered by insurance? ■ Can it provide a list of references in the form of satisfied customers? Draw up accurate guidelines Having drawn up a shortlist of companies, clearly communicate the exact nature of your problems – they are the experts; let them provide the specialist knowledge as to how best to solve these problems. There are often several options that could satisfactorily meet your needs. Have all of the advantages and disadvantages of each clearly explained. Equipment quality Always confirm the quality of the equipment to be installed. Poor quality equipment may be 5 External environment B behaves. Business premises do not have to look like fortresses. Good design, landscaping and lighting, along with careful management and the appropriate use of security technology will do much to create a good impression whilst generating safety and security for the building, staff and visitors. The design and layout of a building’s external environment can influence the way a potential offender No perimeter protection can be guaranteed impregnable but it can delay or deter criminals and assist in their interception. By restricting vehicle access, you can minimise the quantity of goods that can be stolen. Surveillance Whilst there is the tendency to build high barriers to keep potential criminals out and to minimise the sight of valuables, the same barriers can provide a protective screen behind which the criminals can carry on their activity with no threat of being seen and making escape easy. The area around the outside of the premises should offer good surveillance to detect offenders, ensure staff and visitor safety, and to allow early detection of fire and other emergencies. This may be achieved in two ways: ■ natural surveillance by people on-site, passing by or in nearby buildings, ■ formal surveillance by security patrols or electronic surveillance CCTV, movement detectors etc. The boundary A perimeter fence or wall is a defining boundary of your premises and should restrict entry to a limited number of locations it should always be under your control. Fencing The height of the fence should be appropriate to the risk and site geography. In general, the minimum acceptable height for industrial estates is 2.4 metres these will require planning permission. A variety of fencing systems is available on the market. A mesh construction that allows natural surveillance - both in and out (but with mesh small enough to prevent finger or toe holds) should be used. Welded mesh is the most suitable. Chain link is no more than a boundary marker and is unsuitable for any degree of security. A range of toppings from barbed wire to revolving spikes are available. These should only be used to address identified risks. Appropriate technical and legal advice must be obtained before installing such measures. For high security applications or in large-scale and/or isolated premises, consideration can be given to electric fencing. Whilst this may seem an extreme form of protection, it is in fact lawful when correctly installed by 6 specialists and is extremely effective in deterring even the most determined of criminals. In addition, fences can be linked to alarm monitoring and CCTV systems which allow a small number of security staff (even if they are off site) to observe large areas of perimeter fencing and arrange for an appropriate response. They can also be linked to speakers through which the remote security officer can address and deter an intruder. These systems are also very reliable, and where fitted, have dramatically cut crime. Installations should comply with British and European standard BSEN60335. Walls Solid walls do provide a strong and durable line of defence providing they are of sufficient height. But walls also have disadvantages in that they can hide criminal activity and muffle sound. They are also much easier to climb than fences. Greater protection can be afforded by the use of anti-scale paint. Walls can also be topped with rotating cacti, razor wire etc. As in the case of fences, it is essential to get appropriate technical and legal advice prior to the installation of such potentially dangerous toppings. They also look less attractive and give a more negative impression than well installed security fencing. Gates These should be constructed to the same height and standard as the fencing or walls. They should be fitted close to the ground to prevent burrowing under, with anti-lift hinges and good quality close shackle padlocks. Security padlocks should conform to European standard, EN12320. Boxed steel gates are the best security option, provided they are designed with no cross-bars to aid climbing. They also allow for good natural surveillance. Other barriers Ditches, earth, rock and water features can all make adequate boundaries, dependent on the site and risk assessment. They may be particularly useful at preventing vehicles being used to ram buildings to gain entry ('ram raiding'). Such robust defences can also deter tresspassing by travellers’ vehicles. Some thorny species of shrubs create very good perimeter protection and can supplement fencing in environmentally acceptable ways. They can also be used around windows to make access very painful. Landscaping Ground cover should be kept below one metre in height and tree canopies kept above 2.5 metres from the ground so that passing pedestrians can have a clear line of vision. The temptation to hide car parking or unsightly structures should be resisted. Ensure that taller shrubs and trees do not create climbing aids to gain access to building roofs, upper windows or overhead phone lines etc. Remember also that telegraph poles make good climbing aids. These should be re-sited or made impossible to climb. Security lighting Good lighting is essential not only as a security measure but also as a valuable aid to reducing fear in your staff and visitors and by creating a safe environment. The type of lighting needed will depend on the level of risk, the geography of the area and the type of surveillance in place. Your supplier should advise you. There are many different types of lighting systems available for particular purposes - from those which provide excellent colour rendition (eg metal halide) to those which provide low running costs (eg low pressure sodium) and a whole host in between. Poorly sited lighting can assist intruders but can cause a nuisance to neighbours, therefore care must be taken to ensure they are 7 External environment (continued) positioned properly. It is advisable to seek specialist advice before purchasing and installing your lighting. It is preferable to have low cost, permanent lighting rather than being linked to a movement detector. External lighting must be carefully designed to work with other security equipment such as CCTV. Lights should be regularly checked to ensure that they are operating effectively. Maintenance Care of the area around the premises is vital. It is the first impression that visitors get when they arrive at the site and can give criminals many clues to the attitude and preparedness of the company to deter crime. Neglect is infectious, a broken window or a daubed wall will soon be joined by more. Litter, vandalism and graffiti should be dealt with immediately. Regular checks should be made to ensure that the premises remain in good condition. To prevent arson, waste should be properly stored prior to collection. Care should be taken when disposing of packaging such as computer boxes - empty boxes announce that there are expensive new items in the building. Confidential waste should be shredded before disposal and receipts and papers which can enable a criminal to produce false identity should not be left in Car parks Car crime accounts for a high percentage of business crime costs and lost time. Car parks should be in good view; well lit and safe to access from the buildings they serve. Staff who are fearful about leaving a safe building for a poorly maintained and badly lit car park are unlikely be motivated to 'get the job Cycle storage Staff will feel happier about using sustainable methods of transport to get to work if secure storage for their cycles and wet weather clothing / accessories is provided. Signage Clear signs should be used to display the company name, directing visitors, specifying ‘no parking areas’ or indicating access routes. They help bona fide visitors and allow staff to challenge people found in private areas of the site. It is imperative that you clearly signpost that security measures are in operation. accessible bins. Bins should be shackled away from the main building to prevent movement for use as climbing aids or to start fires in. finished' on winter afternoons. Remember you have a duty of care to provide safe and secure environments for your staff. You could be held liable for injury or an attack on a staff member if the correct prohibitive measures have not been installed. Well installed CCTV systems and guard patrols are ideal for car park security (See CCTV pages 14-16). Apply for a 'Secured Car Park' award to indicate that acceptable levels of safety and security for the users are in place. Your local police Architectural Liaison Officer will be pleased to give you more information about this or visit their website www.securedcarparks.com 8 Building g Security E Every building is different by virtue of its location, construction and by its contents, therefore the crime risk created varies accordingly. The best time to address the security of a building is during its original design, when your local police crime prevention advisor can be consulted. They offer free, impartial advice. Many modern business buildings are built speculatively for rent; the developers therefore do not know what the end use is going to be. It is vital when assessing the viability of a building as to its suitability for business, that the in-built security measures are adequate to protect that business. The building shell This includes all roofs, walls, doors and windows and any other area where intruders can gain access. Although doors and windows are the usual entry points for burglars, insulation and metal foil construction or even single skin brick walls used in some modern commercial buildings can easily be cut through with saws or disc cutters. When carrying out a risk assessment the entire shell structure should be examined closely. Flat roofs with roof lights, cellars with party walls to adjoining cellar space or access hatches, and even sewer tunnels can be exploited by criminals if the perceived gain is high enough. Doors Some general points for all external doors: ■ Doors should be flush with the building line, avoiding recesses. ■ The door should fit the frame well enough to prevent it from being forced open with jemmies or crowbars. ■ Frames should be as strong and as securely fixed as the door itself. ■ Wooden doors should be at least 44mm thick. ■ Be aware that materials such as UPVC and certain aluminium sections can have less strength and durability. ■ External hinges should be protected and hinge pins made non-removable. ■ All glazing in doors should be of laminated glass to prevent accidents and to deny entry by breaking the glass. ■ External and security doors should be fitted with a closer. These should always be on the inside face of the door. ■ Security doors must meet Product Assessment Specification (PAS) 024. Fire doors and emergency exits The fire escape door outside which the smokers gather, or which is propped open in hot weather, is an area where business security is often compromised. 9 Building security (continued) ■ External doors should be covered by the building alarm and have a ‘door open’ warning, even when the alarm is not set. ■ Fire doors require particular attention. Security must not impede escape. ■ The fire officer must be consulted before any alteration is made to external doors. Failure to do so may result in contravention of the fire certificate. Letterboxes Letterboxes are a point of potential weakness. Letter cages should be used. Commercial premises that deal with hire or repair of vehicles should ensure that keys deposited out of hours, drop into a secure receptacle. If the risk assessment indicates any possibility of arson or mailborne threats such as letter bombs, you must consider fire suppressing and blast-containing letterboxes. Windows These are often the most vulnerable part of any building especially those on the ground floor and most particularly at the rear of the building. ■ It is advisable to reduce the amount of opening panes. ■ All ground floor windows should have substantial window locks. Advice should be sought on the correct type. ■ For health and safety reasons, any low-level glazing (windows and doors) requires safety glass. These should be glazed with laminated glass or have a suitable security film applied to the inner face. ■ Appropriate window films are available to address risks of terrorism, vandalism, and accidental breakage and the risk of injury from flying glass fragments. ■ Security windows must conform to BS 7950, which are attack tested as an entire unit, ie the frame, glazing and locking mechanisms are considered together rather than independently, making these windows highly resistant to a criminal. ■ Window bars can be fixed to deny unwanted access but should only be considered where emergency exit in the case of fire would not be affected. ■ Particularly vulnerable windows can be fitted with grilles or shutters. ■ The use of blinds or reflective film to enhance privacy and prevent viewing of high value equipment or stock inside ground floor rooms should be considered. Specialist products are available which unobtrusively protect vulnerable windows by providing a durable metal screen in front of, or behind, existing windows. They are designed to let light in and out giving the appearance of tinted glass. These are a very effective way of protecting windows without the need for roller shutters or bars. 10 Grilles, shutters and bars Sliding grilles and shutters can be used to effectively protect windows, doors and emergency exits in most commercial premises. Grilles can be folded to the side of the door or window when the building is occupied. They can be made of expanded metal, galvanised steel or welded mesh and can be coated in a variety of colours to give a pleasing finish without reducing natural light or ventilation. Shutters can be fitted either externally or internally and can be manually or electronically operated. Your local fire officer should be consulted in cases of emergency exit protection. In retail premises shuttering should be of the open form that allows surveillance from the street into the premises (enabling ‘window shopping’) and deters the use of graffitti that can be left on a solid shutter. Keys and key management Where keys are used, they should be allocated to specific keyholders. Regular checks should be made to ensure that none have been mislaid. It is advisable to use keys that are registered to a company or organisation that will demand detailed information before they will produce duplicates. Nominated staff members need to be appointed as keyholders to attend out of hours in the event of fire, crime or other emergency. Many alarm and security companies provide a keyholding service. In addition, some will organise urgent repairs, boarding up etc. on your behalf. This will usually be done in conjunction with your alarm company, to comply with police alarm response policy. Care should be taken to ensure that keyholders are not compromised or called to the building under a false pretence only to be threatened and forced to allow access to the building and switch off alarms. Electronic access control is becoming more common. Door entry phones, many with visual verification by small video cameras, swipe cards or tags which are ‘read’ by computer operated detectors are all readily available (see below - page 18). If the main entry door or staff door is locked during the day only with a single rim latch, consider upgrading to a mortice latch. Many thefts occur after normal working hours but with some staff still in the building. A mortice type lock will help improve the security of these doors and stop it being overcome by an opportunistic thief. 11 Alarms and alarm communication T The technology in alarm design is continually improving - the incidents of false alarms are being reduced whilst higher degrees of security are being provided. Few properties with properly installed alarm systems are burgled. Alarms can be audibleonly or monitored remotely by a monitoring station arranged by your installer. For the business user, a monitored system is strongly recommended. Alarms can now produce not only audible warnings but also provide verification that an intruder is on the premises via additional signals to the monitoring station. Verified alarm activations improve the chances of apprehension and minimise the inconvenience of false alarms. All monitored alarm systems installed after 1st October 2001 have to have some form of confirmation that the activation is genuine before the police will respond. Selecting an alarm installer Many insurance companies now require their customers to use approved installers if they wish to benefit from the lower premiums. Check with your insurance company as to their requirements prior to selecting your alarm installer. In order to get a balanced view of what is on offer you should obtain more than one quote from installers who are subject to an independent inspection by a police recognised approval body. These regulatory bodies include: ■ NACOSS (National Approved Council for Security Systems). ■ SSAIB (Security Systems and Alarms Inspection Board). Whilst all independently inspected alarm companies will have to ensure they meet stringent standards on installation and equipment which includes fitting to British Standard 4737, you should ensure that you have asked the following questions: ■ Are there any maintenance and/or monitoring contracts or additional hidden extras, such as call-out charges? ■ Do you own or rent the system? ■ How long does the guarantee last for and what happens if there is a problem after that? ■ Is there a 24-hour call-out Alarm response Measures must now been implemented to reduce false alarm activations. Your installer will refer to your local police alarm policy. This must be adhered to. Besides covering police requirements for installers and associated equipment standards, it governs the level of response to alarm activations that can be expected. A disciplined approach to alarm setting and unsetting must be implemented to ensure that false alarms are kept to a minimum. In extreme cases police response can, and probably will, be withdrawn. It is essential to ensure that nominated individuals, when attending the premises in case of activation, cannot be compromised and forced to unset the alarm. Alarms are now available with in-built duress codes, whereby, although the service and emergency attendance within four hours? 12 alarm is unset, it actually alerts the monitoring station that it is an unauthorised entry. Alarm confirmation/ verification Monitoring stations are now required to provide additional information regarding alarm activations. More recent alarm equipment can provide confirmation of an intruder actually being in the premises. This is designed to increase the chance of apprehension and to reduce false alarms. Three types of confirmation are available. ■ Sequential verification. This is based on a signal confirmation that more than one detector has been activated. ■ Audio verification. This can enable a central monitoring station to ‘listen’ to the noise of forced entry or sounds of a person on the premises via strategically located microphones. ■ Visual verification. On-site confirmation is provided to monitoring stations via strategically located cameras. For further information on alarm verification contact an alarm company. Communication Any alarm, however advanced, is only effective if it is responded to. There are a number of methods of communication between the alarm and the monitoring centre. Digital communicator This is the most common signalling system fitted to domestic and low-risk properties. For the system to function, the telephone line is required to be intact. Telephone lines on domestic properties, however, are rarely interfered with, making these an economical form of monitoring. An additional line can be installed to carry an alarm signal direct to the central station. However, this may prove more expensive than the other methods. BT RedCARE Signals alarm activation and continuously checks that the telephone line is intact, requires a BT line to operate on the BT RedCARE network. This reliable signalling is continuously monitored 24-hours a day and can instantly detect malicious line cuts. RedCARE GSM and DualCom These systems provide dual signalling, ie. by telephone line and by radio signal. Reliable information on both the status of the telephone line and alarm activations is provided to the central station making it immune to line cutting or other forms of telephone interference. 13 CCTV closed circuit television will you be connected to a remote centre. ■ If a control centre is to be established, what equipment will be required? ■ Are the cameras to be operated and monitored from a CCTV control centre on a regular basis? ■ Where a dedicated monitoring room is not to be established suitable protocols need to be established over the treatment of information gained from the system. ■ Will the system be monitored, left to record only or maybe a mixture of both? Either way the need for equipment to enable tape erasure and tape review needs to be considered. ■ Is the video footage obtained expected to be of evidential quality? ■ Consideration must be given to the right to privacy of individuals. ■ The Data Protection Act demands that all CCTV systems (both internal and external) be registered and comply with the requirements of the Information Commissioner. Licensed premises Public houses and clubs may be required to have an effective CCTV system. Cameras should be sited at the entrances and exits. Other desirable areas such as bar areas and dance floor should also U Used in conjunction with other methods and strategies, CCTV can be very effective, but beware, as a stand-alone crime prevention tool, it is of limited use. Whilst all external areas of business premises should ideally be under surveillance, CCTV is not automatically the best answer to every security risk. Advice can be obtained from a range of sources. A competent installation company will provide you with a comprehensive survey. Independent advice can be obtained from a police crime reduction advisor. This may help to avoid commissioning inappropriate solutions. Types of CCTV systems A wide variety of systems are available. These can range from the very simple to the highly sophisticated. Systems can be fitted with facilities to pan, tilt and zoom as well as those that will operate in low light. It is also possible for CCTV to interface with alarm systems - upon activation of an alarm, the CCTV will record all visible activity. Alternatively, CCTV systems may relay information to an observer, who can then respond appropriately. Remote monitoring is now practical and cost-effective. This substantially reduces the required level of guarding and saves costs. Real-time visual verification, which is digitally stored for later review, allows immediate police response and minimises false alarms. Selecting the appropriate system ■ Assess the objectives of the scheme. ■ Identify the expectations of the surveillance. ■ How will the desired results be achieved? ■ Confirm what you actually hope the system will see. ■ Identify the prevailing lighting conditions and other environmental constraints, eg. obstruction by buildings, furniture (inside and out), trees and signs. ■ Is there a need for fixed cameras or fully functional pan, tilt and zoom? ■ Is it anticipated that the camera operator would need to track a person walking, a cyclist, a car etc. or is the camera to survey a static site only? ■ Do the cameras need to be colour or monochrome? ■ How will the CCTV be monitored and recorded? ■ Consider the means by which communication links will be achieved between the scheme and the police. ■ Is there a need for a purpose designed monitoring room or 14 be covered. Similar guidelines apply to retail premises. In all cases, the results of the CCTV footage must be able to achieve identification standards and minimum standard in detection (see ‘quality of images’ below). Personal data This must be processed fairly and lawfully, eg. with the subject’s consent or for a lawful purpose. Most commonly CCTV is used for prevention, investigation and detection of crime plus public and employee safety. This is known as an operational requirement (OR) and forms the basis of all CCTV systems. Having established why you need a CCTV system, all subsequent actions and requirements must be relevant to that purpose. Only monitor intended areas and for the purpose stated in your OR. Signs must be placed in a prominent position in the area being monitored displaying the organisation responsible, purpose of scheme and contact details (see below). From October 2001 all commercial CCTV systems (every system other than private houses) which record data in areas to which the public have free and unrestricted access must notify the Information Commissioner. Staff training The recruitment and training of staff is crucial. No matter how The CCTV owner, known as the Data Controller, is responsible for registration and compliance. To register, contact the Commissioner on 01625 545745 or via their website www.dataprotection.gov.uk. You may be liable to a fine if the registration of your system is not done correctly. much time and money is spent on the design and implementation of a scheme, if the information gained ie. the information on each videotape, is not handled properly and in accordance with the rules of evidence, the whole scheme will rapidly become discredited. Specific guidelines must be followed to ensure that taped evidence is acceptable and it must comply with data protection as set out below. 15 CCTV (continued) Quality of images must be adequate and relevant to your stated purpose, the system installed must reach the required standard it was installed to achieve. USAGE OF CCTV AS EVIDENCE Quality of images Data shall be adequate, relevant and not excessive. The system must fulfil its stated purpose. The equipment must be up to the task you’ve stated in your OR. Data shall be accurate and system is operating. A seven-day period may be sufficient for licensed premises. General town centres require a 31-day period. Surveillance of banks, ATM and fraud inquiries may necessitate three months. Again this period must fit the stated purpose of your system. Tapes must be retained securely. Failure to comply with the above guidelines may result in any evidence obtained by the CCTV being rejected by the courts. Only for use if an operator is viewing a monitor continuously and can zoom in. This would never be of value in court or aid a prosecution. maintained eg. data recording period shall be relevant to the purpose. Processing the images Data shall not be kept for longer than necessary. Handling data shall be efficient and recorded (a log book must be kept which This would support witnesses to an offence confirming that somebody did something. It is not good enough to recognise or identify an offender. Would not generally be acceptable in court and is of very little evidential value. covers all data movements). Access to monitors and recorded images must be restricted. For evidential purposes there must be a clear audit trail of any tapes/data. Access and disclosure Access to monitors and data will be permitted to third parties Recognition if not identification.To take an offender to court would require some other form of evidence ie. witnesses or property recovered. With no other evidence it is of very little value even with a confession if later retracted. who have previously been identified and are compatible with the purpose, e.g. a local authority scheme would provide data to the emergency services and the courts. Individuals whose images have been captured have a right to a copy of that data. Retention of tapes This must be relevant, fair and Can you recognise this man? Neither could the police. Only this quality of picture can be used alone for identification purposes in court. This is the only standard for identification purposes. linked to the reason why the 16 directory directory EXTERNAL SECURITY PERIMETERS Fencing, Gates, Barriers & Protection SECURITY LIGHTING Security Lighting SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER 0118 981 7300 THE SUPPLY & INSTALLATION OF AUTOMATIC GATE & BARRIER SYSTEMS, CCTV & ACCESS CONTROL. SERVICE & MAINTENANCE. FOR DOMESTIC & COMMERCIAL SYSTEMS Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston RG7 8EN . . . . . . . . . . . . . . . . . . 0118 981 7300 M J Security Systems Ltd 46 Edward Street, Dunstable, Beds LU6 1HF . . . . . . . . . . . . . . . . . . . . . . 0800 085 6126 CLOSED CIRCUIT TELEVISION Aegis 19 Bennetts Grove, Bennetts End, Hemel Hempstead HP3 8EW . . . . . . . . . . . . . . . 01442 240140 Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston RG7 8EN . . . . . . . . . . . . . . . . . . 0118 981 7300 Airwave Services 2 Firs Close, Whitchurch, Aylesbury HP22 4LH . . . . . . . . . . . . . . . . . . . . 08702 404038 Banham 36 High Street, Maidenhead, Berkshire SL6 1QL . . . . . . . . . . . . . . . . . . 0207 5225151 Tel: 01483 747373 www.gate-a-mation.com INSTALLATION & MAINTENANCE OF:CCTV, Intruder Alarms, Access Control Systems, Door Entry Systems, Security Lighting, Fire Alarm Systems. NACOSS Certificated BS4737/ISO0992. MJ SECURITY SYSTEMS LIMITED Telephone: 01582 665022 Creating a Secure Environment Complete Bespoke Security Systems CCTV & Video Storage Systems Access Control Automatic Gates & Barriers Audio & Video Identification Perimeter Protection Initial Assessment - Design Installation - Maintenance For All Levels Of Protection Creating a Secure Environment Call 01844 238720 Fax: 01844 238872 1 Brook Farm Barn, Dorton, Nr Aylesbury, Bucks HP18 9NQ www.chiltern-technology.co.uk info@chiltern-technology.co.uk Security Fencing SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER 0118 981 7300 Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston RG7 8EN . . . . . . . . . . . . . . . . . . 0118 981 7300 Chiltern Technology Brooks Farm Barn, Dorton, Nr Aylesbury HP18 9NQ . . . . . . . . . . . . . . . . . . 01844 238720 Falcon Signs 109 Grove Technology Park, Wantage, Oxfordshire OX12 0FA . . . . . . . . . . . . . . . . . . O01235 768868 Gallagher Security Europe Ltd Security House, Hemdale Business Park, Attleborough, Nuneaton CV11 6GL . . . . . . . . . 07762 116166 Gate-A-Mation Unit 8 Boundry Business Centre, Boundary Way, Woking GU21 5DH. . . . . . . . . . . . . . . . . . . . . 01483 747373 Jackson Fine Fencing 21 Stowting Common, Ashford, Kent TN25 6BN . . . . . . . . . . . . . . . . . . . . . . 01233 750393 CCTV SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER 0118 981 7300 PHYSICAL SECURITY Your Local Security Company Blue Rock Security St James Road, Brackley, Northants NN13 7XY. . . . . . . . . . . . . . . . . . . . 01280 700020 Chiltern Technology Brooks Farm Barn, Dorton, N Aylesbury HP18 9NQ . . . . . . . . . . . . . . . . . . 01844 238720 Coverguard 24 - 28 St Leonards Road, Windsor, Berkshire . . . . . . . . . . . . . . . . . . . . . . . . . 0870 787 1888 Feel Secure Services 70 Broadway, Didcot, Oxfordshire OX11 8AE . . . . . . . . . . . . . . . . . . . 01235 815920 M J Security Systems Ltd 46 Edward Street, Dunstable, Beds LU6 1HF . . . . . . . . . . . . . . . . . . . . . . 0800 085 6126 Triggered Covert Security 30 Broughton Grounds, Broughton Grounds Lane, Newport Pagnell MK16 0HZ . . . . . . . . 01908 232456 ELECTRONIC SECURITY - Intruder Alarms (Nacoss Approved) - 24 hour Monitoring / Technical Support - Remote Diagnostics - CCTV Systems Offices throughout Thames Valley Police Area and London: Reading 01189 817300 Oxford 01865 389167 Newbury 01635 818818 Bracknell 01344 669818 Basingstoke 01256 689623 Slough 01753 709818 London 020 242 9818 Large enough to cope . . . small enough to care 0118 981 7300 Head Office and Showroom: Unit 7, Bacchus House, Calleva Park, Aldermaston, Berkshire RG7 8EN. Fax: 0118 982 0455. Web: www.access-security.co.uk, Email: info@access-security.co.uk LOCKS, LOCKSMITHS & KEYHOLDING ALARMS & ALARM MONITORING BURGLARY PREVENTION Tel: 020 7622 5151 www.banham.com E-mail: security@banham.com INSTALLATION & MAINTENANCE OF:CCTV, Intruder Alarms, Access Control Systems, Door Entry Systems, Security Lighting, Fire Alarm Systems. NACOSS Certificated BS4737/ISO0992. MJ SECURITY SYSTEMS LIMITED BANHAM BURGLARY PREVENTION Tel: 020 7622 5151 www.banham.com E-mail: security@banham.com Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston, RG7 8EN . . . . . . . . . . . . . . . . . .0118 981 7300 Banham 36 High Street, Maidenhead, Berkshire SL6 1QL . . . . . . . . . . . . . . . . . . . . .0207 5225151 Dyno Locks Head Office, 143 Maple Road, Surbiton KT6 4BJ . . . . . . . . . . . . . . . . . . . . .0208 4812219 Earley Locks 3 Church Road, Earley, Reading RG6 1EY . . . . . . . . . . . . . . . . . . . . .0118 9666669 BANHAM Telephone: 01582 665022 Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston RG7 8EN . . . . . . . . . . . . . . . . . . 0118 981 7300 Aegis 19 Bennetts Grove, Bennetts End, Hemel Hempstead HP3 8EW . . . . . . . . . . . . . . . 01442 240140 Banham 36 High Street, Maidenhead, Berkshire SL6 1QL . . . 0207 5225151 Coverguard 24 - 28 St Leonards Road, Windsor, Berkshire . . . . . . . . . . . . . . . . . . . . . . . . . 0870 787 1888 CSS Alarms Ltd 4 Hambridge Road, Newbury, Berks RG14 5SA . . . . . . . . . . . . . . . . . . . . . . . 01635 33144 Feel Secure Services 70 Broadway, Didcot, Oxfordshire OX11 8AE . . . . . . . . . . . . . . . . . . . 01235 815920 M J Security Systems Ltd 46 Edward Street, Dunstable, Beds LU6 1HF . . . . . . . . . . . . . . . . . . . . . . 0800 085 6126 Redcare (BT) . . . . . . . . . . . . . . . . . . . . . . 0207 778 5314 Intruder Alarms SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER 0118 981 7300 P H Y S I C A L S E C U R I T Y continued WINDOWS, GLASS & SECURITY GLAZING Advanced Industrial Doors 7 Chiltern Trading Estate, Holmer Green, High Wycombe HP15 6QT . . . . . . . . . . . . . . . . . 01494 715558 Aegis 19 Bennetts Grove, Bennetts End, Hemel Hempstead HP3 8EW . . . . . . . . . . . . . . . 01442 240140 Banham 36 High Street, Maidenhead, Berkshire SL6 1QL . 0207 5225151 SECURITY BARS, GRILLES & SHUTTERS Grilles Shutters Security Cages Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston, RG7 8EN . . . . . . . . . . . . . . . . . .0118 981 7300 ACS Window Treatments 73 Manor Road, Brackley, Northants NN13 6ED . . . . . . . . . . . . . . . . . . .0800 0856726 Copeswood 31 Stoke Road, Aylesbury, Bucks HP21 7TE . . . . . . . . . . . . . . . . . . . . . .01296 381999 Durable Berkley 9-12 South View Park, Marsack Street, Caversham RG4 7BR . . . . . . . . . . . . . . . . . . .0118 948 3500 SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER 0118 981 7300 Window Film SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER We Fit Window Film To • Offices • Factories 0118 981 7300 SECURITY & FIRE DOORS BURGLARY PREVENTION Tel: 020 7622 5151 www.banham.com E-mail: security@banham.com Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston RG7 8EN . . . . . . . . . . . . . . . . . . 0118 981 7300 Aegis 19 Bennetts Grove, Bennetts End, Hemel Hempstead HP3 8EW . . . . . . . . . . . . . . . 01442 240140 All in One Security Products Oakview House, 6 Gaskells End, Tokers Green RG4 9EW . . . . . . . . . . . . . . . . . . 0800 2799911 Banham 36 High Street, Maidenhead, Berkshire SL6 1QL . . . . . . . . . . . . . . . . . . . . . 0207 5225151 BANHAM • Vehicles For Comfort • Safety • Security www.copeswood.com TEL: 01296 381999 31 Stoke Rd, Aylesbury, Bucks HP21 7TE Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston RG7 8EN . . . . . . . . . . . . . . . . . . 0118 981 7300 ADA Door Services Ltd 48 Sandys Road, South Ham, Basingstoke RG22 6AW . . . . . . . . . . . . . . . . . . 01256 474632 INTERNAL SECURITY ACCESS CONTROL Creating a Secure Environment Complete Bespoke Security Systems CCTV & Video Storage Systems Access Control Automatic Gates & Barriers Audio & Video Identification Perimeter Protection Initial Assessment - Design Installation - Maintenance For All Levels Of Protection Creating a Secure Environment Chiltern Technology Brooks Farm Barn, Dorton, N Aylesbury HP18 9NQ . . . . . . . . . . . . . . . . . .01844 238720 Earley Locks 3 Church Road, Earley, Reading RG6 1EY . . . . . . . . . . . . . . . . . . . . .0118 9666669 M J Security Systems Ltd 46 Edward Street, Dunstable, Beds LU6 1HF . . . . . . . . . . . . . . . . . . . . . .0800 085 6126 INSTALLATION & MAINTENANCE OF:CCTV, Intruder Alarms, Access Control Systems, Door Entry Systems, Security Lighting, Fire Alarm Systems. NACOSS Certificated BS4737/ISO0992. MJ SECURITY SYSTEMS LIMITED Telephone: 01582 665022 SAFES Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston, RG7 8EN . . . . . . . . . . . . . . . . . .0118 981 7300 Ace Safe Company 8 Carvers Ind Est, Southampton Road, Ringwood BH24 1JS . . . . . . . . . . . . . . . . . . . .01256 469942 Banham 36 High Street, Maidenhead, Berkshire SL6 1QL . . . . . . . . . . . . . . . . . . . . .0207 5225151 Call 01844 238720 Fax: 01844 238872 1 Brook Farm Barn, Dorton, Nr Aylesbury, Bucks HP18 9NQ www.chiltern-technology.co.uk info@chiltern-technology.co.uk Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston, RG7 8EN . . . . . . . . . . . . . . . . . .0118 981 7300 Aegis 19 Bennetts Grove, Bennetts End, Hemel Hempstead HP3 8EW . . . . . . . . . . . . . . .01442 240140 Access Control SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER 0118 981 7300 MOVEMENT INHIBITORS Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston, RG7 8EN . . . . . . . . . . . . . . . . . .0118 981 7300 Martin Security Smoke Ltd (Smokecloak) Rectory Court, High Street, Kislingbury NN7 4AG . . . . . . . . . . . .01604 839000 Banham 36 High Street, Maidenhead, Berkshire SL6 1QL . . . . . . . . . . . . . . . . . . . . .0207 5225151 Bewator Albany Street, Newport, South Wales NP20 5XW . . . . . . . . . . . . . . . . . .01633 821000 I N T E R N A L S E C U R I T Y continued COMPUTER FRAUD, VIRUS PROTECTION PROPERTY MARKING Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston, RG7 8EN . . . . . . . . . . . . . . . . . .0118 981 7300 Alpha Scientific Ltd 2 Stroudwood Business Centre, Frogmore, St. Albans AL2 TYY . . . . . . . . . . . . . . . . . . . . .01727 875959 Selectamark Security Ltd 1 Locks Court, 429 Crofton Road, Locksbottom, Kent BR6 8NL . . . . . . . . . . . . . . . . .01689 860757 Smart Water Limited PO BOX 115, Wellington, Telford TF1 5WE . . . . . . . . . . . . . . . . . . . . .01952 222 706 Total IT. Security Audits, Complete Systems, Project Management, Implementation and Support. OFFICE & IT EQUIPMENT Keep your computers secure from theft! THE RANGE Flat Screen Security Desktop Cages Laptop Security Tower Cages Approved security solutions for all of your IT equipment! Widest range of LPS 1214 approved computer security devices Accredited by ‘Secured by Design’, BSIA Member Manufactured to ISO 9000 standard Next day delivery for in-stock items Direct supply from the factory Security Cables r majos! y all e ed b ompani ov Appr rance c nsu I iNet Synergy Limited Cryers Hill Road High Wycombe Bucks HP15 6JR Telephone: 0870 881 0242 email: inet@inet-synergy.co.uk www.inet-synergy.co.uk Nationwide fitting service Secure Desks For a FREE copy of our Catalogue please ring 0121-783 3838 Dalen Limited, Valepits Road, Garretts Green, Birmingham B33 0TD Fax: +44-(0)121-784-6348, www.top-tec.co.uk Projector Cages Greymans Ltd Merlin House, Brunel Rd, Theale RG7 4AB . . . . . . . . . . . . . . . . . . . . .0118 945 4895 iNet Synergy Limited Cryers Hill Road, High Wycombe, Bucks HP15 6JR . . . . . . . . . . . . . . . . . . . . .08700 8810242 COVERT SOLUTIONS Global Intelligence Solutions 50 Regents Street, London W1R 6L . . . . . . . . . . . . . . . . . . . . . . 07951 011080 Triggered Covert Security 30 Broughton Grounds, Broughton Grounds Lane, Newport Pagnell MK16 0HZ. . . . . . . . . . . . . 01908 232456 Computer Security Equipment SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER SEE OUR MAIN ADVERTISEMENT INSIDE OF FRONT COVER 0118 981 7300 Access & Security Systems Unit 7 Bacchus House, Calleva Park, Aldermaston, RG7 8EN . . . . . . . . . . . . . . . . . .0118 981 7300 All in One Security Products Oakview House, 6 Gaskells End, Tokers Green RG4 9EW . . . . . . . . . . . . . . . . . .0800 2799911 Banham 36 High Street, Maidenhead, Berkshire SL6 1QL . . . . . . . . . . . . . . . . . . . . .0207 5225151 Dalen Garretts Green Trading Estate, Valepits Rd, Birmingham B33 0TD . . . . . . . . . . . . . . . . . .0121 783 3838 Earley Locks 3 Church Road, Earley, Reading RG6 1EY . . . . . . . . . . . . . . . . . . . . .0118 9666669 Hire, Supply & Installation • Fast • Professional • Reliable • Covert CCTV surveilance system hire • Installation of covert & overt CCTV systems • Bespoke manufacture of equipment • Counter surveilance measures • Live operation via microwave to vehicles • Operation support • Audio & Video over networks Contact: Mark Stratford Tel: +44 (0) 1908 232456 Fax: +44 (0) 1908 673094 email: info@covert.tv www.covert.tv Global Intelligence Solutions Limited Global Intelligence Solutions Limited is a leading international security consultancy. GIS specialise in: ❏ Development, implementation and management of loss prevention strategies and operational security ❏ measures within companies and corporate bodies. ❏ Our ability to react in a prompt and proactive manner to any incident of theft, fraud, other criminal acts ❏ or misconduct We currently work in partnership with clients from government and public authorities, trade bodies and companies from within the music, pension, manufacturing, distribution, and retail industries. Our wide range of specialist services include:- IT Security Solutions and Investigations - Test Purchase and Surveillance - Forensic Computer Analysis to ACPO - Employee Screening - Police Guidelines - Confidential Hot Line Services - Audit and Risk Assessment to current industry - CCTV Data Protection Programs - standards and relevant legislation - Technical Surveillance Countermeasures - Covert Integration GIS Ltd offer a bespoke and confidential service to our clients. To find out more about our services please contact us on: Tel: 020 7470 7228 Fax: 020 7470 7229 www.gis-london.com I N T E R N A L S E C U R I T Y continued TRACKING AND ASSET TAGGING RADIO COMMUNICATIONS Global Intelligence Solutions Limited Global Intelligence Solutions Limited is a leading international security consultancy. GIS specialise in: ❏ Development, implementation and management of loss prevention strategies and operational security ❏ measures within companies and corporate bodies. ❏ Our ability to react in a prompt and proactive manner to any incident of theft, fraud, other criminal acts ❏ or misconduct We currently work in partnership with clients from government and public authorities, trade bodies and companies from within the music, pension, manufacturing, distribution, and retail industries. Our wide range of specialist services include:- IT Security Solutions and Investigations - Test Purchase and Surveillance - Forensic Computer Analysis to ACPO - Employee Screening - Police Guidelines - Confidential Hot Line Services - Audit and Risk Assessment to current industry - CCTV Data Protection Programs - standards and relevant legislation - Technical Surveillance Countermeasures - Covert Integration GIS Ltd offer a bespoke and confidential service to our clients. To find out more about our services please contact us on: Tel: 020 7470 7228 Fax: 020 7470 7229 www.gis-london.com Blue Rock Security St James Road, Brackley, Northants NN13 7XY . . . . . . . . . . . . . . . . . . .01280 700020 Coverguard 24 - 28 St Leonards Road, Windsor, Berkshire . . . . . . . . . . . . . . . . . . . . . . . . .0870 787 1888 Airwave Services 2 Firs Close, Whitchurch, Aylesbury HP22 4LH . . . . . . . . . . . . . . . . . . .08702 404038 SECURITY SERVICES SECURITY GUARDS, PATROLS & DOGS Executive Security Solutions POP Box 3548, Bracknell RG12 0WG . . . . . . . . . . . . . . . . . . .01344 319403 Goldmont Regus House, Fairbourne Drive, Atterbury Lakes, Milton Keynes MK10 9RG . . . . . . . . . . . . . . . . .01908 487587 Omni Security 110 The Parade, High Street, Watford WD17 1GB . . . . . . . . . . . . . . . . . . . .0800 9178971 Reliance Security Uxbridge . . . . . . . . . . . . . . . . . . . . . . . . . .01189 239800 Sherwood Tait Security Services High View House, Charles Square, Bracknell RG12 1DF . . . . . . . . . . . . . . . . . . . .01344 390599 Shield Security Services Ltd Shield House, 27a Kingsmead, Farnborough GU14 7SJ . . . . . . . . . . . . . . . . . .01252 524484 Tailor-Made Professional Security Services BS 7499, BS 7858, ISO 9000 SECURITY SERVICES LTD. Established 1986 24 Hour Control Centre Managed by Highly Trained Professionals • • • • • • • • • Static Guarding Services Mobile Patrol Services Keyholding Emergency Call-out Services Personal for Facilities, Functions & Events VIP Protection & Investigation Services CCTV-alarms Remote Monitoring Risk Assessment Surveys Anti-Burglary & Vandalism Grilles For Free Advice & Quotation Tel: 01252 524484 Fax: 01252 377 505 Email: admin@shieldsecurity.co.uk www.sheildsecurity.co.uk S E C U R I T Y S E R V I C E S continued Head Office PO Box 3548 Bracknell RG12 OWG United Kingdom EXECUTIVE SECURITY SOLUTIONS (UK) LTD Tel: +44 (0)1344 319403 Fax: +44 (0) 1344 319404 Email: mail@essukltd.co.uk KEYHOLDING Omni Security 110 The Parade, High Street, Watford WD17 1GB . . . . . . . . . . . . . . . . . . . Reliance Security Uxbridge . . . . . . . . . . . . . Shield Security Services Ltd Shield House, 27a Farnborough GU14 7SJ . . . . . . . . . . . . . . . . . .0800 9178971 .01189 239800 Kingsmead, .01252 524484 SECURITY CONSULTANTS Global Intelligence Solutions 50 Regents Street, London W1R 6L . . . . . . . . . . . . . . . . . . . . . . . . 07951 011080 Greymans Ltd Merlin House, Brunel Rd, Theale RG7 4AB . . . . . . . . . . . . . . . . . . . . . 0118 945 4895 www.goldmontsecurity.co.uk The appearance of an advertiser in this publication must not be taken to imply approval by Thames Valley Police or Ten West Publishing. Internal environment D Despite comprehensive security measures, determined intruders do sometimes gain access. It is therefore important to restrict their ability to move around the building during office hours. Reception area The reception area should be the first line of defence against intruders during normal business hours. It should be considered as one of the most important parts of company security and it should always be the first point of contact when anyone enters the building. Therefore: ■ the reception area must never be left unattended, ■ every visitor entering the building should be signed in and out and should be issued with identification against a signature. There are many good quality visitor pass products on the market ranging from simple paper-based systems to more advanced computer-produced versions which can include the photograph of the wearer, ■ all visitors should always be picked up from, and escorted back to, the reception by an authorised member of staff and not permitted to find their own way back. They must never be permitted to wander around the building alone, ■ thieves commonly ‘case the joint’ by visiting the reception area and often gain access by tailgating legitimate visitors. It is therefore essential that the receptionist/s are given basic security training so that they can recognise suspicious behaviour and are made aware of such techniques, ■ if reception staff are used to control access from a public reception area into more secure parts of the building, care should be taken to ensure that they couldn’t be threatened or placed Access control To prevent unwanted intruders entering the reception area of a building, or passing beyond that area if someone is in constant attendance, mechanical or electronic access control systems should be fitted. These can range from keypads and swipe cards to proximity readers. Where greater security is required, biometric systems, which read fingerprints or facial characteristics, can be installed. For safety considerations, internal ‘press to exit’ buttons and green ‘break glass’ exit buttons need to be installed. under duress to allow unauthorised entry. The reception area should always be equipped with a personal attack/emergency button. 17 Internal environment (continued) to view any visitor and request identification to be shown prior to being granted access. Integration These cards, tags and fob control systems can be integrated into intruder, fire and CCTV systems, which can be used to activate them. Computer control of these systems potentially offers far wider applications than security. Staff may be located more easily and their times of entering and leaving particular buildings may be recorded. The whole system may be expanded to the control of automatic locks, alarms, smoke and fire detectors, building up a Card access and tags The use of smart cards, tokens or fobs is easier to control than keys. Lost cards or fobs can simply be deleted from the system and a new one issued to a legitimate user. These systems should have an anti pass-back facility to ensure that the same card, token or fob cannot be used twice to enter a building unless it has been used to exit the building first. These cards can be used to control or restrict access t,o and movement around, a building (including gates, barriers, lift controls and doors). Management and security staff are able to access all parts of the building, other personnel only the parts of the building deemed appropriate to their work. Evening cleaning staff can be given an exit-only card which will not allow them back into the building. Visitors or outside contractors can be issued with a card or token valid only for given areas and for limited times. Entry to the building can also be controlled via an audio entry system with door release mechanisms at all access points. For greater security a video entry system can be installed allowing those inside the building Doors Doors still play an important part in any office complex. As a general guideline, although most internal doors should be closed to stop the spread of fire, they should not necessarily be locked. Burglars can cause damage to doors and frames just to find out if a room contains property worth stealing. complete management-reporting package. By tagging all equipment, a computerised inventory of the entire business is simple to set up and manage. 18 For rooms requiring high security - such as strong rooms for computer servers or cash offices - specialist advice should be sought. In certain circumstances a safe may be more appropriate for storing valuable items or documents (see below). Seek the advice of a specialist, such as a member of the Master Locksmiths Association. Locks Although most new large-scale premises will have installed some form of access control system, there are still a significant number of buildings which use keys. The simplest form involves a mechanical lock that uses a key to control one door. The principle of suites of locks, allowing senior staff to access a range of doors throughout the building with a single key, but limiting others to their zones of responsibility only, is a more sophisticated use of key locking. This does have disadvantages in that stringent key management is vital and any lost keys place the security of the whole building at risk. It is important that these keys are closely controlled and accounted for. Only trusted members of staff should have access to master and sub-master sets of keys. In low security areas a good lock with a simple key may be Safes APPRO ED CO V lost or a combination becomes known. Therefore, good housekeeping concerning key issue and combinations should be restricted to those who need access or need to know. Specialist advice should be sought on the purchase and installation of safes and their advice should be requested concerning the best method of locking the safe and the latest recommended procedures to keep security breaches to an absolute minimum. Movement inhibitors If a security breach does occur, it is essential to inhibit, or at least slow down, the criminal activity. Various systems are now available designed to slow down intruders or make it impossible for them to succeed in their aims. There are systems that trigger synthetic smoke that fills the room with a dense cloud within seconds rendering it impossible to see the target. Should you choose to fit this type of product it is essential that the local police be informed. Staff All staff members have to play a role in keeping the company secure. They should be encouraged to question the presence of unknown and unbadged visitors. For more details see the section entitled ‘Staff’ below. MLA adequate. In areas with frequently used doors and several points of access more convenient methods are advisable. Digital code locks, mechanical or electronic may be more appropriate but the locking mechanisms may provide poor security. Care should be taken to change the codes regularly so that they do not become known to potential offenders and to ensure that passers-by cannot see the numbers being keyed in when used externally. Unless of appreciable weight exceeding 0.5 tonnes - safes should be anchored to the floor as recommended by the manufacturers or encased in reinforced concrete and placed on a floor which is designed to carry its weight. It is bad practice to stand a safe on a pedestal within easy reach of a lift, hoist or ramp etc. Despite its weight, a safe can be dragged over a floor on a piece of carpet. The best safe in the world will be rendered useless if a key is PANY M 19 Office equipment and IT moved about the office it is essential to ensure that the security measures are maintained. Particular types or parts of your IT systems may require different forms of security measures. Servers H High value equipment such as computers, printers, copiers, fax machines etc. are all a key target for burglars. When choosing the correct security system for your needs it is advisable to ask your insurance company whether they have a list of approved installers. In some cases, reduced premiums can be obtained. For further information see Selecting your security supplier on page 5. Reducing equipment visibility Wherever possible, try to site computer equipment out of view from passers-by or install blinds or light reflective film to reduce visibility. The opportunist thief (or even those stealing to order) is less likely to risk breaking in if they don’t know the extent and quality of equipment. There is a vast range of IT equipment now on the market and as many types of security solutions available designed to secure your office equipment. Broadly they comprise the following: Chains and cables Hawsers, cables, lock down plates, lockable clamps etc. can be used to secure equipment to a solid surface or structure. They all prevent cases of ‘smash and grab’ especially by the opportunist thief during working hours. These offer the flexibility to temporarily secure equipment if it needs to be moved around on a regular basis. Under-desk mounting reduces visibility and access to the cables. Cages and boxes Enclosure systems are available that deny access to any part of the computer once it is locked. They provide partial or total encasement, which are bolted to the desk or floor and make ideal security for servers. Local alarm systems This is a relatively inexpensive method of further securing equipment. These types of systems are often used to secure items in retail outlets, triggering an alarm if they are removed from a shelf/clothes rail. Use office re-fitting opportunities to build these features into your office furniture and disguise your systems further. When systems are upgraded or These should be kept in a wellventilated, dry cabinet or security cage, preferably in an internal room. This not only reduces the risk of theft, but also the risk of accidental damage or being tampered with during the working day. Laptop computers Today’s office is increasingly using laptop computers; these are often the prime target for the thief both in and out of the office environment. They are also very tempting to members of staff. In the office environment these should be secured in docking units or never left unattended. For longer periods, they should be locked away (adopt a clean desk policy). Like all equipment, they 20 should be clearly marked. As this type of equipment is designed to be used away from the office, consideration must be given to its security in transit and storage outside workplaces. Guidelines on their use and storage should be issued to all staff who use portable equipment to ensure that risk of theft is minimised. Employees should be clearly told not to leave equipment such as laptops, mobile phones, etc. on view in their vehicles at any time, even for short periods. Equipment should be taken with them or secured in the boot there are some excellent boot storage boxes for use in vehicles. Company policy should consider sanctions against staff who leave high-value assets such as phones and laptop computers visible inside parked vehicles on or off company premises. Consideration could be given to a penalty system if a staff member is found to have contributed to equipment loss. Portable equipment can be electronically tagged so that, should it be removed from the site without authority, an alarm or other such alert is activated. A range of sophisticated tagging systems is available where tags concealed within the equipment casing are detected as they pass sensors at exit points. These can be implanted into any piece of equipment however small (including computer memory boards etc.). Each contains a unique identification number, which can be detected by an electronic reader. Mobile telephones and PDAs Mobiles, PDAs (palm tops) etc. are often targeted by robbers particularly where phone users are making calls in vulnerable areas. Criminals will target fleet vehicles used by businesses in order to steal laptops. This occurs regularly at motorway service areas, conference centres or hotel car parks. Drivers should also be wary of their surroundings, especially when in slow moving traffic or stationary at traffic lights when items have been stolen from footwells and seats. Like any electrical goods, they should never be left on display in cars or in the office as criminals can easily pocket them. There is no excuse for not putting these items in your pocket and carrying them with you even while working in an office. Record the details of your phone or palmtop such as its make, model, phone number and IMEI number (where applicable). The IMEI number is a 15 digit number unique to each mobile phone and can be obtained by keying *#06#into the key pad. If your phone should be lost or stolen, contact your service provider as soon as possible so that they can block its use. Some mobile phone companies now offer a service whereby, for a small charge, they will hold all your telephone numbers stored in your phone for easy retrieval should it be stolen. Marking your equipment All equipment should be clearly marked with identity codes both on the main shell itself and internally (further details on page 25). Tracking devices These enable rapid location and retrieval following a break in. A security device is applied within the system that contacts you or a central agency. If the system is used for logging onto the Internet by an unauthorised user it can immediately be traced. A number of such devices are available but they can be relatively expensive. Replacing stolen equipment Remember that you are more likely to suffer theft if you have previously been broken into. Always ensure that the necessary security measures have been taken before you replace equipment. The criminal has found a weakness in your security - do something about it! 21 Business fraud and computer crime Passwords All systems should have an effective and comprehensive password routine to stop unwanted viewing. Staff responsible for creating their own passwords should avoid the use of common names and numbers or base them on any dictionary word in any language as many password hacking tools use dictionary searches. All staff should have password-protected screen savers to stop passers-by seeing confidential information when the screen is left unattended. It is also preferable to install a Firewall. See below for more details. Data back up It is essential that all data is backed up regularly. An efficient procedure should be implemented and strictly adhered to. Data should always be backed up on duplicate disks or tapes on a daily basis, which should be stored in secure areas. It is always advisable to make a duplicate back up set to be held off-site. Wherever possible, secure areas should be created where data of an especially sensitive nature is stored. This can include paper as well as computer records. There are specialist companies who offer these services. A security consultant should be able to provide you with more information. D Data fraud and industrial espionage is a massive growth industry. Thorough and sensible precautions must be taken to guard against it. Whilst equipment itself can be replaced, the loss of data and information stored on computers can be devastating to companies. It is bad enough if it is your information that is lost or made public, but it can be worse if it belongs to one of your customers. Essential information contained in documents, plans, drawings or visual aids, should be protected by: ■ shredding or burning, ■ numbering copies and recording to whom they were issued against signatures, ■ collecting documents, agendas, papers, pads etc., after meetings, ■ not using temporary staff on any sensitive work. Under the Data Protection Act, individuals are liable to prosecution, which can lead to imprisonment or financial penalty for any unauthorised disclosure of information. Access to your systems via the Internet is becoming commonplace, outsourcing and home working is often a vital part of any business strategy or IT system records. Guidance is available from the British Standard for Information Security Management - BS7799. The ease of access offered by the Internet provides a relatively simple point of illegal entry into company computers and their data. This means that control of access to the system must be maintained. Effective password control is absolutely essential at all times. 22 list thus increasing traffic and slowing down the network. More severe are those that carry instructions to ‘delete this file because it is a virus’ when in fact it is required by your system. If the recipient falls for the ploy they locate and delete the supposed offending file only to find that their entire system collapses. Back up tapes are not magic. Recovering from any disaster does take time. If possible find out how long it will take to recover to a new/borrowed system or to recover onto your existing system. Have a recovery plan in mind – if your computers are stolen/damaged or hit by a serious virus or “denial of service” attack, determine which vital areas you must have working again without delay. Viruses A person with a grudge against the company with limited computer knowledge can place viruses or ‘time bombs’ (a programme triggered by a date or an event) into your system. Alternatively these can arrive via disk or the Internet. However the virus is delivered, once in your system it can make changes to the system operations. This may be as devastating as reformatting your server disks or simply irritating by placing a message or screensaver on some workstations. There are thousands of different viruses; some are malicious and some potentially very damaging causing loss of hardware, time and data. Some types of viruses include: Trojans. These open your system up to access from the Internet or transmits information about you and your company to the originator of the virus, Worms. Typically arrive as e-mail attachments and are executed when the attachment is opened. This enables them to automatically generate contacts with users in your e-mail address book and spread themselves to more computers. Hoax viruses. A source of time wasting and irritation are hoax viruses. An important message reporting a new and deadly virus is received, the recipient then circulates the disinformation to their colleagues and perhaps their whole mailing Fighting infection ■ Control access to you file server. ■ Regularly examine all relevant systems for recent, unexplained changes especially if you are aware of anyone on your staff who might wish to cause infection. ■ Treat incoming e-mails with caution. Even if you recognise the sender but the text is irrelevant/meaningless or the attachment unknown, check with the sender before opening it. Be especially wary of blank e-mails, those with strange attachments (never open them) and spurious titles. Some viruses even look at previous e-mails that you have sent and generate a reply (re: ‘xyz project’) so it looks genuine. If in doubt, check it out before opening. Sscams that request the use of your bank account to transfer funds should all be deleted without forwarding. You should immediately advise your systems administrator. 23 Business fraud and computer crime (continued) that you have an opportunity to upgrade as your needs become more sophisticated. E-mail systems A lot of viruses that are spread using e-mail address books only work with the most commonly used e-mail systems. If you are choosing a new e-mail system, include this factor in your final choice. Virus checkers A good virus checker is essential. There are numerous versions on the market and some are available free from the Internet. For a company IT system, it is advisable to buy a market-leading product that offers regular updates via CD or the Internet and has 24-hour telephone support. Your network file server and your workstations both need to be protected. Firewalls A firewall will prevent unauthorised external access to your systems and restrict permitted access to defined areas. Like any security measure, the effectiveness will vary according to your choice of hardware/software and your needs. The cost of firewall systems vary from a few hundred to several thousand pounds, so pay for what you need. Ensure Spamming It is possible for a malicious person to create thousands of e-mails and send them to addresses on your e-mail system. The instigator of the spam typically runs software which trawls the Internet for systems that will allow ‘open relay’. Thousands of messages are streamed into the e-mail server which then sends them off to the e-mail addresses requested. The effect is to cause very heavy traffic in your e-mail system and possibly within your own computer network. This may slow down or stop normal usage of the systems preventing real work being done on the system and impacting on your business. Spamming is made possible if you have ISDN, ADSL or leased line connections to the Internet (spamming through a modem connection is also possible but less likely). Consultants To stay protected from all of the unpredictable threats coming from so many directions, your enterprise requires integrated solutions and overall improved security. The cost of employing a consultant to analyse your security risk, design a security plan and to implement this regime is often more efficient and more cost effective than using a senior manager within the company to look at the same issues. If your system is used for spamming, you risk being blacklisted by certain web service providers who tell their clients to block e-mails from your e-mail server address. A high throughput would lead to your Internet Service Provider (ISP) turning off your e-mail access because of the damage caused to their own service. ■ Set up your network e-mail system to reject e-mails incorrectly addressed before they are accepted by the e-mail server. ■ Ensure your system is not susceptible to open relay. ■ Upgrading your mail server to the latest version will give you specific switches to set to prevent open relay. Some mail servers work better than others. 24 Property y marking E Every year lost or stolen property worth hundreds of thousands of pounds is recovered by the police but cannot be returned to its rightful owner simply because it can’t be properly identified. The thieves are immune from prosecution and instead get to keep the stolen property. Often a thief will not steal well-marked property or break into premises where the property is marked because, not only does it increase the likelihood of getting caught, but also they cannot dispose of it easily. It is strongly recommended that you make your property unique. Compile a full list of make, model and serial number of all equipment. Use your postcode and company initials or logo on each item of property. It should be clearly and indelibly marked. Other than tagging (page 18), a range of covert systems is now available, broadly divided into two types: ■ a code is etched directly onto the equipment or chip, attached with powerful adhesive. Total removal is virtually impossible. The ownership details of each unique reference number are recorded on a register, ■ marking systems - such as ‘Smartwater’ - are available. These provide a chemical solution made unique to that sample which can be applied in a variety of ways providing a permanent mark. The solution glows under ultra-violet light and even the slightest trace of the substance will provide irrefutable proof of ownership. Similarly, a solution Advertise Where intruders have gained access only to find their target has been protected they may vandalise the equipment. This can cause you as much distress as the theft itself. Where covert marking is in operation this fact should be clearly advertised therefore warning stickers should be attached to all equipment and appropriately worded signage mounted on external walls and doors. containing microscopic dots, each printed with individual serial numbers, can be painted onto almost any surface. Marking or tagging of property can also form a very important function in asset control and management. 25 Staff A of them. All staff regardless of their responsibility or position must be educated in all aspects of security to ensure that they are fully aware of what provisions have been made on site and what is expected Procedures to encourage staff to report acts of theft or vandalism immediately and a central recording point must be established, ensuring the date, time, location, nature, and full value of loss is recorded. Guidelines should be established and promoted internally about challenging strangers on company property. They should emphasise that the responsibility for monitoring them lies with each member of staff, but that one should never place themselves in a vulnerable position by challenging a potentially violent stranger. Consideration should be given to setting up mutual assistance schemes to support lone or vulnerable staff in dealing with intruders. All visitors should be greeted at a well signed and logically sited reception area which should be permanently staffed and within sight of other staff. Personal safety Every company should take steps to reduce the risk of assault on members of their staff throughout their work period whether on company premises or off. This obligation extends outside working hours if the injury or assault is caused by a contact that was initially made through work. Employers have a legal obligation imposed by Health and Safety regulations to take reasonable steps to care for their employees and to ensure they are not exposed to unnecessary risk of injury. Risk assessments should be conducted for all staff and appropriate working practices adopted to limit identified risks. Risk assessments should give consideration to changing working practices or introducing anti violence or anticonfrontation measures, where appropriate. In all cases comprehensive guidelines should be available and all staff instructed to follow them. Staff theft and fraud It is an unfortunate fact that much of the loss recorded by companies is through staff theft. Much of this goes unrecorded and not reported to the police, with employees simply being dismissed. All applicants should be thoroughly vetted before being hired. Bear in mind, dishonest potential employees are unlikely to declare undisclosed cases of bankruptcy, County Court Judgements, cases of dismissal for fraudulent activity or theft of property. Everyone should have their references and dates of previous employment carefully checked any gaps in their record should be satisfactorily explained. This is particularly important where the individual is likely to be in the vicinity of cash offices or other important or confidential functions. There are specialist agencies, which will carry out background checks on your behalf, which should be considered in particularly important or trusted positions. Where possible, recruitment departments should grade every position within the organisation with an appropriate security rating so that a standardised procedure is followed in order to hire a new employee and that sufficient background checks are carried out. Internal Internet usage The more control imposed on Internet usage, the less use it will be as an investigative tool. This may adversely affect its reason for being installed in the first place. There is always an element of trust about how the Internet is used within the company. There are legal responsibilities 26 regarding e-mail privacy and use of the Internet and those sites that are acceptable to access. You should draw up and implement a thorough code of usage protocol, informing staff of their responsibilities. This document should also outline the penalties of abusing Internet access. Software exists that can log all sites accessed, for how long and by whom. Overt use of such software will deter antisocial use of the Internet (at least from staff at their own workstation). Cash in transit Movement of cash to and from banks and other premises should be governed by a number of basic rules to keep the risk to an absolute minimum: ■ cash should be banked as often as possible and not allowed to accumulate on the premises, ■ because of their vulnerability, the young, elderly, infirm or new employees should not be used, ■ where the carrier travels by vehicle they should be accompanied by a second employee acting as driver, ■ the vehicles used should be varied as should the route taken and vehicles should be fitted where possible with a tracking device, ■ where the carrier is on foot, they should be accompanied and walk against the flow of traffic to reduce the likelihood of surprise attack by an attacker in a vehicle. Again, the routes taken should be varied. However, unless the distance travelled is less than half a mile, or where access by vehicle is restricted along the route (ie. a pedestrianised shopping centre), this method should not be used where at all possible, sensitive information is kept locked away and protected should a fire break out or water leak occur. Company car drivers should operate a ‘clean car’ policy (ie. leave nothing on view in the car and the glove box empty and open). Strict rules on claims against thefts from vehicles where the employee is ■ don’t carry cash in a canvas moneybag which may draw attention. The money, where possible, should be placed in either a pocket or carried in a specially designed carry case, ■ particularly where larger sums are involved, the use of a professional cash handling company should be sought. Crime reduction policy All staff should be actively encouraged to think ‘security’ at all times. Staff should operate a ‘clean desk’ policy to ensure blameworthy (e.g. stereo fascia left in situ or laptop left on back seat) should be put in place and widely circulated. Where possible, lockers should be provided and individuals encouraged to lock their personal possessions away from opportunist thieves. By linking this awareness into a comprehensive access control system a balance can be struck where crime is kept to a minimum and staff feel safe and secure without feeling they are restricted in going about their work. 27 Crisis management and recovery Recovery procedures Clearly identify in advance, how you will cope with the inevitable disruption to your critical business functions if a disaster does occur. Crisis Management Team You may wish to form a Crisis Management Team to be responsible for ensuring that the recovery process is co-ordinated. A point of contact for outside agencies should be designated. Draw up individual task lists for the recovery of the key elements of your business. For instance, there may be a list of tasks concentrating on premises, computers, communications and public relations. These task lists can be used as checklists for staff to use. Decide who will activate the plan, and when. The circumstances in which the plan will be activated and the call out details for key staff should be clearly stated. Details of keyholders and building owners/facilities managers should be compiled and included, together with any other organisations and individuals who need to be alerted at the early stages of an incident. Communications In an emergency, it is essential that your organisation N Nearly every day many unpublicised disasters, manmade and natural, devastate businesses. Whilst insurance helps to reduce the financial impact, the true cost is usually far greater than that insured. Damage to a company’s reputation for reliability will often result. In some circumstances, the loss incurred is so great that the business collapses. The biggest threats to most organisations, apart from theft, are; vandalism, fire, computer and power failure. Serious storms, floods or water escape from other sources can also have a major impact. Some businesses are at risk from pressure groups or even terrorists. All premises and employees are at risk, albeit very slight, from air crashes, chemical or nuclear pollution, disease or personal attack. To stay in business after disaster strikes requires careful planning. A business continuity plan is essential to minimise the time, effort and cost of keeping your business running after a disaster. The plan should concentrate on critical business functions. Risk assessment Analyse the main potential hazards facing your business. Look at your environment; try to assess where the danger will come from. Is your business particularly susceptible to vandalism, cuts in power or water, or to malicious damage? There are many events that you cannot predict, such as transport accidents or terrorist incidents. However, you can look at your business and judge how it might be affected by such disasters. What are the critical business functions and how vulnerable are they? Having determined the main dangers, you may find that simple measures taken now can lessen the chances of those events occurring. 28 communicates speedily and effectively with many different groups of people including: employees, local authorities, customers or clients, suppliers, shareholders, local media etc. The plan will need to cover both emergency communications for the immediate aftermath of the disaster (e.g. radios and mobile telephones) and longerterm measures such as diverting calls to other locations and diverting mail to other premises. Key points to consider are: ■ internal and external communications, ■ location of existing facilities, ■ sources of supply for additional mobile telephones or two-way radios, ■ telephone procedures and duties of switchboard operators, ■ arrangements for informing all staff if the disaster occurs outside working hours, ■ arrangements for informing the media. Inventory A full inventory of equipment should be kept in the plan. This will be invaluable when dealing with insurance companies and assessing what your priorities are for replacing equipment. This is significantly helped by asset tagging equipment (see page 18). Information Technology It is crucial that a system of back up and retrieval of computer data is devised and full details included in the plan. Essential service information If your premises need to be connected to temporary power Duplication and protection of essential records Duplicates of building plans, wiring diagrams, leases, contracts, legal documents, client and staff records and the business continuity plan itself should be stored off site. Temporary accommodation Possible alternative accommodation should be identified in advance. This may take the form of portable offices, sharing with neighbours or shortterm rental. It is useful to define your criteria for temporary accommodation at the planning stage - will you need car-parking or water supplies, details of any technical requirements should be kept in the plan. 29 Crisis management and recovery (continued) to be inspected to ensure that they are structurally sound. Preventative measures may need to be taken to halt the onset of mould and fungal growth in areas that have been exposed to moisture. It is often possible to salvage and restore documents and books that have been damaged by charring, smoke, mould and water. The cost of restoration should be weighed against the cost of replacement. It may be necessary to let this aspect of the recovery process be dealt facilities? Are there any special security requirements? etc. Furniture and equipment Sources of essential furniture and equipment should be identified in the plan. What tools does your business need to function? Financial, insurance and legal matters Any relevant legal and financial issues should be specified in the plan. There is likely to be an increase in expenditure as a result of the disaster and possible sources of this funding should be identified. It is also best to notify your insurance company as soon as possible. Staff welfare The disruption caused by a major emergency or disaster can be very disturbing for staff. The loss of Salvage Specialist advice should be sought in dealing with the aftereffects of an incident. Remember that it may be some time before access to a damaged building is permitted. Salvage is often a long-term exercise and should not be relied upon or considered effective for recovering critical business equipment and information. Premises may have Testing and updating the plan The plan should be reviewed at least annually. This will allow new contact details to be inserted and any new legislation or changes in the organisation to be reflected. Where possible, the component parts of the plan should be personal possessions, ongoing work, vital notes and records can have a detrimental effect on morale. It is important that staff concerns are acknowledged and that a structured return to normal business is made. Counselling, both short and long-term, may also be needed and should be considered when drawing up your plan. with by experts from specialist document recovery firms. Include their contact details in the plan. Unsupervised salvage can negate any insurance cover. It is therefore best to agree the name of the loss adjuster with your insurance company beforehand to save any disagreements later. Keep the number of the authorised loss adjuster in the plan so that they can lead the salvage effort. 30 tested throughout the year. Many continuity plans fail when tested, often because of incorrect assumptions, oversights or changes in equipment or personnel. Testing should help to identify these issues and will keep the plan fresh in the minds of staff. A test schedule, indicating how and when each element will be tested, should be drawn up and inserted as a section of the plan. A named individual should be responsible for updating it. In addition to the annual review, the plan may need re-assessing in other situations, such as: ■ acquisition of new equipment, or upgrading of operational systems, ■ new problem-detection and control technology e.g. fire detection, ■ new environmental control technology, ■ staff or organisational changes, ■ changes of contractors or suppliers, ■ changes of addresses or telephone numbers, ■ changes to business processes, ■ changes in operating practices, ■ changes in legislation. Media liaison and corporate communications Poor handling of the media can sometimes cause more damage to the company than the actual disaster. This is especially true if the cause of a disaster can be attributed, rightly or wrongly, to an act or omission of the company. ‘No comment’ is often misinterpreted as an attempt to hide something sinister. Skilful handling of the media is essential. Key steps to consider include: ■ nominate an official spokesperson, preferably trained in dealing with the media, ■ co-ordinate information by liaising with emergency services and other affected organisations to ensure that messages given out are not conflicting, ■ place advertisements in local or national newspapers to inform customers (and potential customers!) of the situation, ■ produce regular bulletins for staff, suppliers, regular customers etc., ■ prepare background facts on the organisation, functions,safety record etc. Doing this now will save a great deal of time - but remember to keep them updated, ■ prepare a communications strategy in advance and give media training to key senior staff, with specialist advice. See overleaf for business continuity schematic. 31 Crisis management and recovery (continued) Salvage Staff Welfare Furniture and Equipment Finance, Insurance and Legal Communications Essential Record Duplication Media Liaison and Public Relations A Business Continuity Plan Inventory / Asset Management Information Technology Business Continuity Plan Essential Services Temporary Accommodation Test and Update the Plan The Publishers would like to thank the following companies and individuals for their help in the preparation of this document. Page 9 Page 10 Page 18 Door grilles - All in One (01491 578988) Window grilles - Access & Security Systems (01189 817300) Access control - vsk GROUP (01372 824502) Page 20-24 iNet Synergy Limited for their invaluable input on IT and Fraud (01235 764899) Special thanks go to PC Jerry Woods of Avon & Somerset Constabulary for sourcing the updated copy within this document, his proof reading skills, and for supplying many of the pictures. 32 • The only patented permanent, visual security marking system with the LPS 1225 standard and a Secured By Design licence. • Recommended by all major insurance companies. SELECTAMARK SECURITY SYSTEMS PLC • 1 LOCKS COURT • 429 CROFTON ROAD • LOCKSBOTTOM • KENT BR6 8NL TEL: +44(0)1689 860757 • FAX: +44(0)1689 860693 • E-mail: sales@selectamark.co.uk • Web: www.selectamark.co.uk For a FREE sample just fax your details or log on to our website redcare Now with Police Preferred Specification Secure There isn’t a more secure alarm monitoring service on the market. Let us explain why. Our system is always on. Always monitored. Constantly checked. All day. All night. Police accredited The harshest critics of all alarm monitoring systems have been the Police: years of false alarms have tried their patience. Because redcare has passed rigorous independent testing against the highest European standards, ACPO CPI Ltd have awarded it with ‘Secured by Design’ accreditation. This means that redcare has ‘Police Preferred Specification’. To find a redcare installer in your area Freefone now on 0800 800828 quoting reference: Thames Valley Police, or visit www.redcare.bt.com ...always there