New PSIM solutions are changing perceptions in the professional security industry as they continue to prove how pragmatic and highly efficient they can be in improving the overall effectiveness and efficiency of security operations. This is true not only for specialized large-scale infrastructure applications – but also for many commercial security applications in verticals such as retail, commercial/industrial and property management applications with multiple locations. As with most complex security solutions, there are a number of best practices that will enable both integrators and users to focus on getting the most value from PSIM.
The checklist below details best practices in four key areas that will help navigate the processes of evaluating, implementing and operating PSIM solutions.
Standard operating procedures (SOPs) are critical to ensuring effective response to most incidents. However, even the most comprehensive and well-designed SOPs will be ignored if they are too complicated, difficult to use or not properly enforced.
To ensure the most consistent and effective response, operators need simple steps to follow with specific actions to take. This is important because, when an actual incident occurs, it can create a chaotic environment in which individuals may not know what their specific responsibilities or capabilities are, and communication may be reduced or nonexistent. The PSIM must provide them with workflows that are very easy to follow.
Simplicity is the key; it is impossible to oversimplify SOPs provided they are effective. While the workflows and processes may be complex, the PSIM solution must present them to operators in a format that is easy to follow, even if an action is brand new to the operator.
For example, compared to a multiple-page document, a single yes/no question is much more powerful and effective in these situations. If you don’t have the knowledge or skills in house, hire a consultant or work with someone who has created simple SOPs before to leverage their experience.
It’s common for security operations centers (SOCs) to be overwhelmed by the sheer number of alarms that are generated from the ever-expanding list of security systems deployed within the modern enterprise. The solution often is to either ignore a large number of these alarms or try to sift through these events in the hope finding the critical event amongst the noise. Obviously the risk is that an important incident will be overlooked or a response is delayed due to the volume of non-critical alarms. Automation provides the key to this common problem. As with the use of SOPs to simplify event management, the PSIM can be tuned to provide an automated response to many non-critical events creating time and space for operators to focus on events that are important and require human intervention and decision making. The events handled automatically are still logged and audited, making them available for management reporting and information purposes but crucially, critical events get the full and timely attention they warrant.
The ability to integrate multiple systems into a single interface is a main draw of PSIM solutions, and to be truly effective, a solution must simplify functionality and interfaces across different classes of systems to deliver a consistent user experience. Leveraging this standardization, regardless of the type of alarm or event the PSIM can be used to categorize the final outcomes. This provides a structured database of event responses, allowing managers to easily track key security metrics such as response times, problem sites, crime statistics, etc.
Further, the PSIM system can be used to automate and standardize the creation and initial completion of Audit, Legal and Compliance reports within an incident management system. This creates a massive savings in personnel time and ensures all appropriate incidents are reported correctly, and that the initial report follows a defined company standard.
The PSIM provides the standardization of this entire process, including connecting and receiving alarms from diverse third-party systems, auditing the action of the event response, creating consistent event outcomes, and automating the delivery of data to incident management systems – ultimately ensuring adherence to proper practices and standards throughout the event.
From an IT perspective, deploying a system that complies with industry standard failover and disaster recovery practices is crucial. As the central repository and point of control for security response, it’s most important that the system be deployed with system redundancy so that in the event of an unplanned hardware or network failure service is unaffected. There are many ways this type of redundancy can be deployed, from SQL and server mirroring to federated servers across regions for both scaling and backup. Further, because each customer has a unique set of requirements and needs, it is extremely important to engage early and often with IT departments to ensure the right approach is chosen for the specific customer environment.
In our industry, Underwriters Laboratories (UL) provides good standards for running a 24/7 monitoring application under their UL1981 standard. Look for platforms that conform to this standard to ensure the application can meet a rigorously tested failover and redundant configuration for security monitoring.
Using these four criteria for evaluating, implementing and operating PSIM solutions allows organizations to improve the effectiveness and efficiency of security operations. As more and more solutions offer the ability to simplify integrations, processes and operating procedures, the value of PSIM for a broad spectrum of applications will continue to change the way we think about integrated security.