Is our safety being managed well enough?
It’s a fact of life that in the UK we continue to be under threat of terrorist attack. Indeed as of July 2013, the UK government and police assess the threat level as ‘substantial’ in Mainland Britain. This means ‘an attack is a strong possibility.’ Moreover, we are warned that ‘an attack could materialise with little or no notice.’
In this environment counter-terrorism work remains a crucial focus for intelligence and security agencies. But that said, an extraordinary 85 per cent of Critical National Infrastructure (CNI) is actually privately owned. We have to ask, are senior managers in organisations that are part of the critical national infrastructure always able to provide the protection required? Are these managers, or those responsible for high value industrial and commercial facilities, or for locations defined as ‘crowded places’, always able to discharge their duty of care satisfactorily? Is an adequate risk management framework always in place, and can we be confident that their controls and counter measures are effective?
Against this background the Perimeter Security Suppliers Association (PSSA) has been working for the last two years to develop a robust scheme, the ultimate aim of which is to help those responsible for security to put really effective perimeter security provisions in place.
In order to develop its verification scheme the PSSA has consulted widely across the security industry value chain. Our research indicates that in fact those responsible for protecting lives and property may often have a difficult time getting what they need. Seemingly, there are several key areas of weakness.
What needs to be better?
Firstly, our findings are that the supply chain is extremely fragmented. Product suppliers don’t have visibility across the security value chain and consequently can’t know if products have been specified correctly and installed in a way that meets operational security requirements and user requirements.
Secondly, it appears that security, risk and reliance management can be inadequate – especially where CNI is in private hands. All too often, end users and their advisors are unaware of best-practice security and resilience approaches and the associated standards. So for example, there could be a disconnect between an organisation’s resilience management system and the perimeter security supplier’s expertise which means that security considerations may be lost during project procurement and construction.
It follows that any opportunities that there are to get more value from the security system, e.g. for crowd control at football stadia, get lost if security planning and risk management are fragmented or absent.
Likewise a lack of ability to apply security industry know-how can lead to organisations not taking security seriously enough, or delegating responsibility for security to individuals who lack the expertise to develop optimal security solutions.
Thirdly, product installation is very often suboptimal because security and operational requirements are not well understood, or are not implemented by qualified installation companies. Poor specification by clients; inadequate testing of perimeter security; an absence of health and safety procedures; and an absence of usage knowledge can all lead to an ineffective security solution.
Certificates of conformity
Indeed a continual stream of anecdotal evidence suggests that product safety in particular isn’t being tested as a matter of course after installation. The law requires that Certificates of Conformity apply to the whole perimeter security product and not just its component parts, and this apparently isn’t always being properly checked. Bear in mind that in some cases it is the installer of the perimeter security equipment that is regarded in law as the ‘manufacturer’ or party responsible for product safety.
Nor are these the only shortcomings that make a verification scheme really necessary.
Consultants also tell us that clients very often go looking for potential suppliers online. It means they inevitably come across a random selection of manufacturers. Many, it seems, will claim compliance with PAS 68 (the impact test standard for vehicle security barriers) or that they are ‘government approved’. However, all too often when the claims are challenged, they turn out to be inaccurate, not valid or even misleading
Additionally, a PAS 68 impact test rating alone says nothing about the product’s compliance with health and safety and environmental regulations, and it doesn’t address other operational requirements such as longevity, maintainability and serviceability.
Against this background of variable quality, both in the products themselves and in their application, the PSSA Verification Scheme is clearly meeting a need. We see this because since the Scheme’s launch in 2011 an increasing number of vehicle security barriers and fencing system products are being submitted for verification. These products are independently verified by a UKAS accredited certification body.
Moreover, the companies submitting products are among the most prominent in the industry and include ATG, Broughton Controls, Cova Security Gates, Frontier Pitts and Zaun. There is now a steady procession of products going through the Scheme. This means that those buying or specifying products will soon easily be able to find PSSA Verification Scheme certified products that will meet their requirements [see Industry Listing at www.pssaverification.com or www.pssasecurity.org].
Now that the Verification Scheme is in place for key products, the PSSA has turned to developing a module covering product installation. As seen above, installation can be complex, with multiple dimensions and requirements to be borne in mind. It consequently can often go wrong. Therefore we are working with installers, consultants, specifiers and government agencies to develop a specification for perimeter security product installation. This installation module will be a world first.
In common with the innovative approach taken in other parts of the Scheme, the installation module will need to accommodate verification of a range of authoritative standards, including those for installation specification and performance, service design and delivery, and requirements for testing, activation and handover.
In developing the installation module, the PSSA is acutely conscious of several important deficiencies that need to be taken into account. For one thing, a clear issue that we’ve identified is that many organisations with an ISO 9001 certification don’t actually have in place a very robust or credible quality management system, specifically one that ensures the quality of the installation will meet regulatory and customer requirements.
As well, the kind of point solutions that are offered by certification bodies providing certification to one standard at a time aren’t adequate for a buyer or user who has to take into account all the standards to which the product and installation service must comply.
Finally, in many cases the criteria against which the quality of perimeter security installation may be measured have actually not yet been established.
The scope of the new module
The installation module that is now being developed will be comprehensive. The module’s criteria will cover all the important dimensions of installation including security, operational requirements, environmental compliance, and health and safety requirements. It will also make sure that the products being installed are of a defined quality.
The scope will cover the installation of both permanent and temporary product systems intended to operate in high security environments. The criteria will encompass project management; risk assessments and method statements; installation service provision and handovers; and installer competence – both in terms of the installation company and the competence of individuals assigned to projects.
Launching the new module
The new specification will be piloted later in 2013. In this way, we’ll validate the industry-defined criteria and qualify the audit process. The specification will then be fine-tuned taking into account both the supplier end of the value chain and the security risk management needs of end-users. Subsequently it is expected that the new installation specification will be available from early 2014.
The PSSA’s overarching aim in introducing the Verification Scheme is to raise standards across the industry. The idea is that by providing top quality, tangible advice across the entire sector, underpinned by an assurance scheme, standards will be raised.
From its inception, the PSSA has worked closely with the Centre for the Protection of National Infrastructure (CPNI). This has enabled the Scheme to be developed in a way that complements, and where relevant includes CPNI security advice.
The PSSA is also aware of the need to consider the integration of security products, services and practices when developing terror countermeasures. Working across the security ecosystem as a whole we are determined to forge an effective partnership with all stakeholders for everyone’s benefit.
Anyone with an interest in perimeter security is actively encouraged to participate in the PSSA’s work. Contacts can be found on the website below.