Planning and Communication: Physical Security Asset Control
Good physical asset controls do not just happen. The process takes experience, dedication, planning and superior communication. The same is true for designing security systems for an existing or new building.
A building’s design team should be as experienced with such systems as it is dedicated to its task, but planning for security and access control systems involves the systems integrator or designer and the project’s security executive; and there is no substitute for good communication.
Even before the kickoff meeting with the design team, security should educate themselves on the types of physical security asset controls that the building will require and locations where devices and equipment will be needed. By that first meeting, security should be prepared to effectively discuss those required systems and their infrastructure with the designer or systems integrator.
Conversely, the integrator or designer must be sure that by the end of the kickoff meeting, they understand security needs by conducting extensive interviews, listening actively and asking skilled, probing questions.
GETTING THINGS RIGHTAs the process moves into the actual development of plans and specifications, the systems integrator or designers should provide security with feedback on the infrastructure and/or systems that they are including. They will likely provide the security decision-maker with plans for review at various stages of completion, such as at 35, 60, and 90 percent.
The purpose of that feedback is for the chief security officer (CSO) or security director to review the plans to make sure that the integrator or designer is meeting their needs and requirements, and to identify errors during design, while it is still easy to fix them.
This can be a complex and multilayered process, especially if there are several standards with which the designs must comply.
For instance, a facility located on a military base may be required to meet standards unique to that base, such as a requirement that all buildings’ security video, intrusion or electronic access control networks be consistent. In addition to base standards, the buildings’ users may have specific needs that are different from those for other buildings. An armory would have different security and access control requirements than a recreational facility.
For example, a retrofit or new building for the military may also be subject to agency-wide requirements, which could include but not be limited to:
- Unified Facilities Criteria documents, which provide planning, design, construction, sustainability, restoration and modernization criteria for U.S. military departments, Department of Defense agencies, and DoD field activities.
- The Army Physical Security Program.
- Army Regulation 190-13, which concerns requirements for, and use of, physical security equipment; the appointment of physical security officers and inspectors; physical security credentials; identification cards and badges; restricted areas; and security forces.
- Director of Central Intelligence Directive 6/9, which provides guidance and requirements for the physical construction, access control and alarming of sensitive compartmented information facilities.
REVIEW BY QUALIFIED EVALUATORSSecurity’s review of the plans is important and needs to be as thorough as possible. Since no CSO can be expected to have a thorough knowledge of all major building systems, he or she will need to ensure that security and access control systems are reviewed by qualified evaluators. If there are base requirements for the project, a base security staff member should review the plans. Likewise, a building user’s representative will need to ensure that the facility has the required systems. The same is true for ensuring that the finished project will measure up to agency-wide requirements. Simply put, any person with specific security requirements in the building needs to participate actively in the design review process.
Many of those individuals may be local to the project, but some may be at other – and perhaps distant – locations, especially those who will review the plans to give an agency-level approval. It is important to identify those individuals, get plans to them and receive their feedback.
Someone else that should review the construction plans during development is the systems integrator or installation contractor. The installer would likely be able to spot problems in a design that other reviewers may miss. Unfortunately, this review is not possible on many projects, as the installation contract may not be awarded until the drawings are complete - or even late in construction. While there are good reasons for security to manage projects that way, it does cut out a potentially valuable reviewer from the evaluation process.
While all of that preconstruction or remodeling review may sound like a good strategy, any experienced systems integrator or designer knows that it sometimes does not happen. Designers often submit the security/access control system plans for review at the predetermined intervals, but then receive little or no response. Granted, if all parties have done their jobs up to this point – if security knows what he or she needs at the outset and the systems integrator or designer listens to those needs and design systems accordingly – then there should not be many changes, especially at the later reviews.
OPTIMISM AND SATISFACTIONIn any case, lack of feedback will lead the design firm to conclude that either everything is acceptable, or that the design has not been carefully reviewed.
In either case, the firm has no basis on which to make changes, so the plans will go to construction as they are – right or wrong.
The result can be that problems in the design are not discovered until the project is well under construction, or even nearing completion. That will likely leave security with a choice between two bad options. He or she can settle for a system that will work with the infrastructure that has been installed, or make potentially costly field changes in order to accommodate the system requirements that absolutely must be met.
Neither security nor the design firm wins in those circumstances. This can lead to unresolved finger-pointing and potentially significant ill will. That rather unfortunate possibility brings the discussion full circle, affirming that pre-planning and excellent communication throughout the design of a project are vital to its success - and a much better option than solving problems during construction.
Though the security and access control systems are only a small part of a new facility or a retrofit project, they are important systems and must function properly. A lack of planning and poor communication during design can transform what ought to be a positive experience into a stressful and costly one. However, when done right, a new construction or remodeling project can be a rewarding and fulfilling experience, for systems integrators, designers and the security operation.