Over the years, I have encountered many examples of apparent good security when the reality could not have been further from the truth. These examples range from security systems involving electronic access control, intrusion alarm and video surveillance that simply did not work as designed or specified from the day that they were installed. In some cases, the security installer did not know what they were doing or was totally inexperienced or misread instructions and as a result only part of the system worked at best. No training was given with respect to operating the system and authorized employees were left in the dark as to whether the full system was working or not.
There are many excellent security contractors and integrators, but there are also more than a few that quite frankly should not be allowed near security systems.
Further examples of perceived security include a video surveillance system and outdoor cameras using indoor telephone wiring without being encased in conduit, installed 2-3 inches below the surface. The contractor could not understand why the cameras went dark when there was heavy rain.
One particular situation involved an electronic access control system protecting access into a room holding financial instruments worth tens of $millions where the card reader was hanging by its wiring beneath a hole in the wall adjacent to the supposedly secure door. The card reader had failed to read correctly on so many occasions that employees had made a hole in the wall to allow them to reach inside and unlock the door. The security contractor was never available to replace the reader or fix the problem and management were unaware of the problem.
Other examples of perceived working security have been systems that simply did not work correctly such as door contacts with faulty wiring and unable to provide an alarm signal that was being monitored by a third party call center, card readers that were unable to report an alarm to the electronic access control system controller, video surveillance systems where cameras were unable to record on the system, or where no experienced thought had been given to placement within a facility, and the list of issues is endless.
In many cases of new security system(s), there had been no commissioning of the system(s) following installation to ensure that the system was functioning correctly and according to specification.
Security manufacturers are not immune to issues involving their products and systems. As in many industries, security manufacturers, particularly involving system software are prone to “end of month” syndrome where the goal is to show as many completed items as possible that have been shipped to customers. In one case, security systems were shipped from the factory with the latest software version known to have a “bug” that would cause the system to shut down after a few weeks of operation. It was hoped that the “bug” would be fixed before reaching the shut down period. Unfortunately, that did not happen and at least one customer had to employ security guards on a 24/7 basis until the system was correctly updated.
It is reasonable to believe you have good security if you have carried out up-to-date assessments, have hired security professionals to commission new systems, developed your security system utilizing security design criteria (the reasoning for locating cameras and other security devices in specific spots and areas of a facility). However, if you believe that your company has good security because it appears to be working and there have been no issues that you are aware of, and there has been no professional security assessment, then “buyer beware” as everything may not be as it appears!
It should also be remembered that threats change, especially in today’s security climate, what was perfectly sound a few years ago may no longer be the case. Structures change and often expand, employees and management change or leave, there may be new production processes, have company policies or employee demographics changed, all of which could affect necessary security systems and measures.
The difference between Perceived Security and Actual Security could be significant and costly in the event of an incident. Why take the chance when a straight forward security assessment carried out on a regular basis (every 5-7 years minimum) changes unknown risk to calculated risk and might significantly reduce or prevent Negligent Liability following a serious security incident.