Security Asset Effectiveness and Efficiency Analysis (SEE) SEE APPROACH
SEE PROCESS AND METHODOLOGY.
VULNERABILITY ASSESSMENT based on neighborhood and area crime environment.
IDENTIFICATION OF FORESEEABLE THREATS and evaluation for these locations/sites and business
The Security Asset Effectiveness and
1)
provide
a
protective
Efficiency Analysis (SEE) methodology
commensurate with the identified risk
follows a planned approach designed
profile and risk tolerance, 2) ensure
to evaluate the effectiveness and
enterprise
efficiencies
integrated, converged and operating
security
solution
services
are
operations.
ASSESSMENT OF FUNCTIONALITY
of
enterprise
security
and utilization of existing local and global command
operations used in the deployment and
effectively
center operations.
integration
security
identify supporting financial models to
ASSESSMENT OF ELECTRONIC SECURITY
officers and electronic security (i.e.
show return on investment (ROI),
CCTV,
payback and other economic metrics
for effectiveness in addressing business exposure to identified threats/vulnerabilities.
A S S E S S M E N T O F A R C H IT E C T U R AL ELEMENTS fencing, lighting, doors, windows and other access points.
of
access
uniformed
control,
command
and
efficiently
that enable organizations to gain
The goal of the process and the
efficiencies and effectiveness in their
methodologies are to:
use of these assets.
to ensure the state of readiness for security events or emergency situations.
ASSESSMENT OF DEPLOYMENT to further ensure their state of readiness for security or emergency situations.
RESOURCE OPTIMIZATION AND INTEGRATION to converge total security resources more effectively.
Tel 661.775.8400
3)
center operations, etc.).
ASSESSMENT OF POLICIES
27959 Smith Drive, Valencia, CA 91355
and
Fax 661.775.8794
www.ANDREWSINTERNATIONAL.com
Security Asset Effectiveness and Efficiency Analysis (SEE) “An Andrews International Customized Process to Generate Security Return on Investment” I. Current Situation and Concept Corporations and government security managers are increasingly pressured to "protect more with fewer resources." In contrast, security industry vendors are interested in selling products and services to security managers that basically drive increases in the security manager’s budget. This White Paper will outline a process that will bring financial benefits for security operations through the integration and more effective use of security resources. In its simplest form, the process will drive a reduction of operating costs associated with the convergence of security human resources and electronic technologies. Organizations periodically review their uniform security officer costs. You may have done so yourself recently and made several changes that resulted in cost reductions of your operations. We have found that efforts and attempts to reduce costs vary depending upon if the personnel are in-house staff or outsourced. Outsourcing has been a common method in an attempt to reduce typical employee overhead burden costs for many organizations. Once the decision to outsource is made, budget considerations lead to further efforts to determine ways to reduce the costs of the contract itself. These efforts commonly include negotiating with the current supplier, obtaining discounts for term commitments, competitively bidding the contract, aggregating multiple facilities into a corporate agreement for volume discounts, and utilizing a "reverse auction." Security organizations may periodically attempt to improve overall security and reduce the need for uniform security staff through the utilization of electronic security systems such as access control, CCTV, alarms, central monitoring and other technologies. New construction or remodeling also offers an opportunity to evaluate and install new equipment. However, many security organizations, which are staffed lean to begin with, simply do not have the resources to review or assess the need for every uniform security hour and the effectiveness of that cost versus the comparable effectiveness and cost of security technologies over time. In organizations where the uniform security costs are managed by operational management vs. security management, there can be a separation of the relationship between the cost effectiveness of security personnel vs. security technology. As a result, uniform security staffing tends to remain stagnant and each year operations management looks for ways to reduce total volume or the cost per hour for security.
27959 Smith Drive, Valencia, CA 91355
Tel 661.775.8400
Fax 661.775.8794
www.andrewsinternational.com
AI Copyright 2008 Confidential and Not To Be Disclosed Without Approval of Andrews International
In addition, there is a wide variety of business practices relating to the management of the security function. The security function may be part of human resources, operations, finance, a facility staff support function or any number of other organizational elements. The fact that there is a subjective element to providing "good security" makes the challenge of determining what is cost effective even more difficult. Organizations can vary widely in terms of the costs they expend on their security asset base. However, the security industry general practice is to determine the overall security risk by evaluating the value of the asset being protected, the potential threat to the asset, the vulnerability of the asset, and then apply mitigation measures to reduce the overall risk. Other factors such as the replacement cost to the organization of the asset, and the operational cost during the period of time the organization is without the asset, can be incorporated to determine the measures to implement for effective security. Security management or consultants then determine the appropriate staff levels of security personnel locations and types of security equipment required, architectural elements for effective security and the correct security processes and procedures. After an initial assessment for new construction or remodeling, security measures can remain the same for years with no changes in staffing levels, procedures, or equipment. Even if they do change, the changes may occur as unrelated elements where one element is changed without determination of the impact on another element. Of course, organizations vary in their practice of continuous improvement of security measures. Unfortunately, security organizations do not have many ways of knowing where they stand relative to their industry peers; who may be more or less cost effective. In some organizations, a steady state of operations settles in where the same uniform hours are purchased every year under contract and cost reductions are obtained through a reduction in billing rates. Security officer and staff assignments that are put in place to address temporary needs often turn into standing long-term assignments and add to the total hours of security staffing. Security technology and equipment is not immune to waste and unnecessary costs. Budgets dictate the decisions on capital investments and recurring costs. The initial cost of a technology may not have included an analysis of the cost of ownership over the useful life of the technology. A budget limitation may have resulted in a technology implementation taking place with the idea that an upgrade would take place at a later date when funds were potentially available. Those funds tend never to appear, and a less than effective security technology is put in place that does not solve the problem. This tends to lead to redundancy in staffing and technology.
27959 Smith Drive, Valencia, CA 91355
Tel 661.775.8400
Fax 661.775.8794
www.andrewsinternational.com
AI Copyright 2008 Confidential and Not To Be Disclosed Without Approval of Andrews International
Over-implementation is common with technology, as well. Equipment may be purchased with capital funds while the recurring maintenance and support costs were never budgeted. As a result, these maintenance and upgrade costs place increasing burden on security budgets until a replacement for the technology can be implemented. Architectural measures also play a role in evaluating cost structures. New construction may have dealt with security needs at the time of the building design. When an organization can participate in the design of security measures and arrange for security and architects to work together, significant savings can be achieved. Too often, an organization takes over a property built on speculation, acquired as a result of a merger or acquisition, or as a result of a move or consolidation of space. As a result, security management has to deal with existing architectural limitations on access, perimeter, lighting, parking, and other dimensions of the building itself. Remodeling and changes in construction during occupancy force additional challenges on the security of a facility, especially if the security function is not a participant in the changes. Disparate systems add to the dilemma of reducing costs. Each dimension of physical security has a cost element that can be evaluated in a needs assessment to determine if the function of each element is necessary and cost-effective. For example, lobby hours may not be aligned with security officer staffing. As a result, excess hours are paid for when no need for on-site security staff exists or technology can be implemented to off set the recurring cost of the security officer. A night vision camera may not have been installed for perimeter monitoring and detection for low-light situations. The result is a zero detection capability on the location or zone that the camera is monitoring. Enterprise security measures too often deal with technologies (including architectural elements) and staffing (uniform security officers) as independent cost structures. The organizational security planning does not tie together the relationships between staffing and technologies, particularly when it relates to determining the most cost-effective means for solving a security risk. II. The Security Asset Effectiveness and Efficiency Analysis (SEE) Solution Process and Methodology The SEE methodology follows a planned approach designed to evaluate the effectiveness and efficiencies of enterprise security operations used in the deployment and integration of uniformed security officers and electronic security (i.e. CCTV, access control, command center operations, etc.). The goal of the process and the methodologies are to 1) provide a protective solution commensurate with the identified risk profile and risk tolerance, 2) ensure enterprise 27959 Smith Drive, Valencia, CA 91355
Tel 661.775.8400
Fax 661.775.8794
www.andrewsinternational.com
AI Copyright 2008 Confidential and Not To Be Disclosed Without Approval of Andrews International
security services are integrated, converged and operating effectively and efficiently and 3) identify supporting financial models to show return on investment (ROI), payback and other economic metrics that enable organizations to gain efficiencies and effectiveness in their use of these assets. This process lays the groundwork for a roadmap and migration strategy designed to execute the desired benefits. The SEE approach to these objectives involves a comprehensive study of the enterprise security operating model to include a review of global, regional and local asset utilization using the following methodology:
Study and assessment of location/site(s) vulnerability based on neighborhood and area crime environment. Identification and evaluation of reasonably foreseeable internal or external threats for these locations/sites and business operations. Assessment of utilization and functionality of existing local and global command center operations. Assessment of existing electronic security measures (CCTV, access control and monitoring systems) for effectiveness in addressing location/site and business exposure to identified threats/vulnerabilities. Architectural elements: fencing, lighting, doors, windows and other access points. Assessment of uniformed security force policies, procedures, post orders, functional responsibilities and training programs to ensure the state of readiness for security events or emergency situations. Assessment of uniformed security personnel deployment and utilization to further ensure their state of readiness for security or emergency situations. Identification of inadequate or obsolete equipment and systems in need of updating, replacement or re-deployment. Identification of opportunities to converge total security resources more effectively by blending and leveraging the benefits of technology and security personnel. Integration with other business functions (payroll, HR systems, etc.) Presentation of financial models and cost scenarios to reduce security officer operating costs with technology in a more effective and efficient converged model (ROI, payback, etc.)
SEE methodology inherently ties staffing, technology, and costs together with the effectiveness of each security measure, arriving at an optimum model that improves the level of security while controlling cost and projecting resulting outcomes.
27959 Smith Drive, Valencia, CA 91355
Tel 661.775.8400
Fax 661.775.8794
www.andrewsinternational.com
AI Copyright 2008 Confidential and Not To Be Disclosed Without Approval of Andrews International
III. The Tool Box – Security Technologies and Tools That Support the SEE Vision In addition to a process and methodology to determine effectiveness and cost efficiency of a firm’s security measures, several unique programs have been identified as an integral part of managing a security organization’s assets. The tools are applied based on the concept that the security operations center becomes the “security information and intelligence fusion center” for the corporate enterprise; and thus the key to success has several distinct steps that are needed in terms of mission, people, processes and technology. These steps are paramount to the operations center’s success in meeting the goal of driving risk mitigation and resource optimization. In this context, we have partnered with three software firms to use their products as tools that allow us to differentiate ourselves and provide this capability within our security service portfolio. The software platform for the operating model described is an integrated software program that provides various modules to allow the security operations center to proactively monitor all aspects of an enterprise security program and provide information that supports the risk mitigation process. Modules used by our security officers and management personnel include task areas involved in daily operations, incident tracking, data distribution, analysis and resource optimization. The front-end process software in our toolbox is a program designed to screen, test and qualify personnel to work and operate in a complex dispatch and security operations center environment. The software uses customizable testing modules for evaluating personnel on key skill set requirements essential to each unique security operations center. To effectively manage a traditional security operations center and then take the next step to manage processes and systems via software to provide “strategy altering” information and intelligence, the entire team must operate with key communication, analysis and decision-making skill sets. The back-end software in our toolbox is risk-analysis software that integrates all components to allow the information and intelligence to reveal specific threats, vulnerabilities and mitigating solutions. This tool is the basis for the perpetual risk assessment process to continually improve risk mitigation strategy and resource optimization. As a part of our national contract offering these software tools are provided at no cost or reduced cost; and the risk analysis process is offered at every uniformed security account location we manage. As part of a security strategy defined, Andrews International consultants will be called in to assess the security program and report findings on an annualized basis.
27959 Smith Drive, Valencia, CA 91355
Tel 661.775.8400
Fax 661.775.8794
www.andrewsinternational.com
AI Copyright 2008 Confidential and Not To Be Disclosed Without Approval of Andrews International
IV. Summary In recent years enterprise risk management and converged physical and logical security assets and value-driven software tools have provided a significant platform for increased productivity and/or cost reduction opportunities in the security sector. Andrews International is the industry leader in identifying those solutions via a unique and customized SEE methodology and creating a “toolbox” approach that our clients use to identify more effective and efficient asset utilization methodologies of protection. Because of our broader service offering and focus on pure “value service” we do not measure our success by volume of hours, but by the overall effectiveness and value of the security solutions we provide to our clients. As such, our goals are not focused on service volume. Our goal is to integrate resources in a manner that enhances our client’s security environment and allows us to function on a more professional and effective level. As an example, SEE analysis may result in recommendations for fewer hours provided by more qualified personnel combined with technical resources. The outcome is overall cost savings and an improved level of security staff for our client.
27959 Smith Drive, Valencia, CA 91355
Tel 661.775.8400
Fax 661.775.8794
www.andrewsinternational.com
AI Copyright 2008 Confidential and Not To Be Disclosed Without Approval of Andrews International
