The following is an excerpt of Integrated Security Systems Design written by author Thomas Norman and published by Syngress. This section from chapter four outlines the tools of security system design and more.
The tools of design include drawings, specifications, interdiscipline coordination, product selection, project management, and client management.
Drawings are the heart of the design. Drawings are discussed in detail in Chapter 10, but it is important to understand their strategic role in the process, which is described here. Drawings should show the following:
- The relationship of devices to their physical environment (plans, elevations, and physical details)
- The relationship of devices to the conduit system and to power (plans and risers)
- The relationship of devices to each other (single line diagrams)
- The relationship of devices to the user (programming schedules)
Drawings must serve five distinct types of users:
- The bid estimator: The bid estimator must determine what materials are needed. Helpful drawing tools include device schedules (spreadsheets listing devices and their attributes) and plans showing device locations and conduit lengths, sizes, and wire fills. Other drawings useful to the bid estimator include single line diagrams, riser diagrams, and system interfacing diagrams.
- The installer: The installer needs drawings that show both the big picture and the smallest details. Therefore, it is helpful if the drawings are formatted in a hierarchical fashion. Single lines show the big picture. Plans show device locations and their relationship to the building and conduit system. Physical details and interface details show the smaller details.
- The project manager: The project manager needs to manage the progress of the installation, including coordinating the ordering and arrival of parts and supplies and coordinating manpower to the project at the correct time, in the correct place, and in coordination with other trades to get all devices mounted and all connections made. He or she will primarily rely on schedules for provisioning logistics, plans to measure installation progress, and single-line diagrams to gauge how close the system is to start-up.
- The maintenance technician: After the system is installed, it is the maintenance tech's turf. He or she will need single-line diagrams to determine how the system interconnects, plans to determine where devices are located and how they connect in the physical space, and risers and power schedules to know where to go from floor to floor and the source of power for each device. The integrator should be required to provide maintenance manuals that have all these drawings. I also recommend that the integrator be required to place a pocket on the inside door of each electronics assembly with an envelope containing the system single-line diagram, riser, and plans appropriate to service the equipment in that rack. Also, he or she should be required to install a field intercom station at each service location to communicate with the console to facilitate communications with another technician or console operator.
- The next engineer expanding the system: Many systems undergo expansion on an irregular basis. You may not be the next engineer, but someone will be. He or she will need all of your drawings in order to understand how to expand the system. The client should receive all your drawings in AutoCAD® form and specifications in Adobe PDF form.
Specifications are discussed in detail in Chapter 10, but it is important to understand their strategic role in the process, which is described here.
If drawings are the heart of the design, specifications are the head. Specifications generally take precedent in legal disputes. Drawings are just there to illustrate the standards and practices written into the specifications. If you are very long in your career, you will see some pretty bad specs. We used to joke in our office about someday seeing a set of specifications that simply says "Make it work real good." Some come pretty close to that. We have seen security system specifications that are only five pages long. There is a lot of room there for serious mistakes by a well-meaning contractor. Many security system contracting problems are the result of incomplete or wrong specifications.
With possibly very few exceptions, most integrators I have met sincerely want to do well for their clients. It is the designer's job to provide the integrator with enough information to do well. To the extent that drawings and specifications are incomplete, inaccurate, or misleading, the contractor can make unintended errors that will be costly and aggravating to the installer, the integrator for whom he or she works, and most certainly the system's owner.
Integrated Security Systems Design
Author: Thomas L. Norman
Learn more about Integrated Security Systems Design from publisher Syngress
At checkout, use discount code PBTY25 for 25% off these and other Elsevier titles
Specifications should include a description of what the project entails; descriptions of the whole integrated system and each subsystem; a description of the services the contractor will provide; and a list of acceptable products and acceptable installation, testing, acceptance, training, and warranty practices. Different specification formats prevail in different areas of the world, and occasionally these may change as building code authorities evolve in their preferences. This will all be covered in detail in Chapter 10.
Specifying the correct products for the job can result in a wonderful system that can easily exceed the owner's expectations. The wrong products can leave the owner upset with the installer, the manufacturer, and the designer. Here is where the designer has to have free reign to do what is in the best interest of the client. To the extent that the designer is placed under pressure to specify one brand or another due to market forces, I assure you that the owner will suffer. If the owner suffers, everyone suffers. The operator suffers, the maintenance tech suffers, the integrator who has to listen to an unhappy client suffers, the manufacturer suffers, and the industry suffers. Countless manufacturers and integrators have lost repeat work (and lost client referrals) due to expediencies in product selection. Respect the client's interests in product selections. Have a pure heart on this. You will enjoy a strong reputation among your clients, peers, and competitors. Your professional reputation is one of your most valuable assets, and at all times it is in your own hands. The future is yours to build or to ruin.
This is where enterprise and integrated security systems make it or break it. Some designers are especially adroit at coordinating the interfaces of related systems. Their interfaces work beyond all expectations and their clients are extremely satisfied. Learn this skill and you will master a career. Chapter 14 focuses on this art. Read it thoroughly and you will be well respected by your peers.
These higher skills mark the difference between journeyman and master designers. I was once presented with a challenge to design an alarm/CCTV/voice communications system to protect an unmanned offshore oil platform where there was only a 60-kb satellite up/downlink throughput and only 24 watts of power available to power the security system equipment. A normal system design would have required the client to spend an additional $6,000 per month on satellite throughput and a new capital investment of $100,000 in additional solar panels to power it. Our design incorporated the existing satellite throughput and required no additional power investment. This was done with off-the-shelf equipment simply by using an existing SCADA system and programmable logic controller to do alarm processing instead of adding a separate alarm system and by manipulating the video data packet size and system operation so that only one camera was ever on the satellite at one time to limit video throughput. We also designed custom software that sequenced one frame of video at a time across the satellite link in order to prevent contention between the cameras or trying to stuff too much data across a too small pipe. This sort of design expertise makes very happy clients and can be the difference between impossible and doable designs.
The designer has to manage the design portion of the project. Design project management is all about delivering a design that meets the client's needs, the integrator's needs, and the client's project manager's needs. The designer must do all this while working on other projects; he or she must provide the project deliverables on time and complete, and keep all parties happy. If the designer is very busy, on a normal project this can be a nearly unachievable task, like running a marathon while balancing spinning plates on sticks. On some projects, if the client's project manager does not control the restless troops, it is more like running a marathon while balancing spinning plates with one's hair on fire.
Project management has four main phases:
- Initiating the project
- Planning the project
- Executing the project
- Controlling and closing the project
A number of things in each project need management. The Project Management Institute (PMI) certifies project managers with both the Project Management Professional (PMP) and PMI certifications. The PMP process includes the following:
- Establishing the framework for project management
- Managing the scope of the project
- Managing time
- Managing cost
- Managing quality
- Managing people
- Managing communications
- Managing risk
- Managing procurement
- Managing the project's integration aspects
- Maintaining a high level of professionalism throughout the project
There are three main aspects to each project:
- Project scope of work
- Project schedule
- Project cost
Although it is beyond the scope of this book to teach project management, I will state that it is an essential skill for any engineer. Unless the reader is already professionally trained in project management, I strongly encourage the reader to invest in several books on project management and spend several weeks getting familiar with the principles. Project management is all about providing structure and planning to what seems to many to be an intuitive process. However, without the necessary structure, project management quickly descends into crisis management and then frequently damage control. Millions of dollars are lost each year by firms that entrust large projects to unqualified project managers. Your career will flourish if you have the requisite project management skills.
One of the most important aspects of project management is design management. One of the secrets to good design management is to keep the process simple and batched. That is, do the work in batches, not strung out over weeks. Accumulate tasks, accumulate coordination information, and then design. Do not spend many hours on a project until the design task is ready. Take endless notes and organize them into design, product selection, coordination with other parties, interdiscipline coordination, and client interfaces. Then, when all is ready, close the doors, don't take calls, and concentrate on the drawings.
Designers who allow the project to pass over them like a wave spend their careers lying sideways in the public trough like there is no tomorrow. It is a fact. There are time bandits on each project. They will ask for endless nuances of revisions and endless questions; they will want information before it can possibly be ready, certainly before their work is ready. Here is the priority:
- Get project requirements.
- Get environmental information.
- Get and give coordination requirements information.
- Design the system.
- Check for accuracy.
- Receive review comments.
- Revise the design.
- Deliver the final design.
Tips on Schedule Management
Throughout the project, keep everyone else on your schedule. Get the client's project manager to agree on a schedule for your work. Deliver a copy of the schedule to the project manager. Stick to the schedule. Remind others of your schedule when they want it now. There will be those who push you unreasonably for a schedule because they waited too long in the project to hire you. However, you must be thorough in your design and not make rash decisions that are not adequately researched. Remember, if they want it bad, they'll likely get it bad. Everyone will suffer, especially your reputation.
All the previous discussion is purely technical. When the client arrives, the spotlight is on you. Successful project management is the intersection of schedule control, scope control, and cost control. Experience helps more than a little. Project management is a science, but it is also an art. I recommend two fine books to help with this:
- PMP® Exam Prep -- A Course in a Book (RMC Publications, ISBN 0-9711647-3-8): This book is associated with the PMI, which certifies project managers with the PMP certification. It is a wonderful book to help prepare students for the rigorous PMP certification. I highly recommend pursuing the PMP certification. It is a tough one, but it will help you succeed in every project and certainly distinguishes its holders among their peers.
- Project Rescue by Sanjiv Purba and Joseph J. Zucchero (McGraw-Hill/Osborne): This book deals with how to recognize projects that may be headed for disaster and how to recover them. This is one of the best books I have read on project management.
Tips on Relationship Management
Someday, you will find yourself sitting in a conference room full of people. They will include the owner's representative, the project manager (these two might be the same person), perhaps several architects (building shell and core, structural, interiors, and landscape), consultants (electrical, mechanical, plumbing, etc.), contractors (general contractor, electrical contractor, security contractor, etc.), and stakeholders (security director, information technology director, etc.). At some point in the meeting, they will all turn to you, the security designer, and ask for your presentation or opinion. It is important to understand that each of these people has at least three agendas:
- The first agenda is their role in the project. The interiors architect has a different agenda than the shell and core architect; the general contractor has a different agenda than the electrical contractor. The information technology director does not care about the agenda of the landscape contractor.
- The second agenda is that of their employer. The employer may have a technology bias or a business culture that is aggressive or conservative.
- The third agenda is that of the individual. He or she may be humble or pompous, technically competent or covering up a feeling of inadequacy.
One difference between good designers and great designers is how well they understand and implement the way they relate to each of these parties and each of their agendas in a project. Early in the project, one must learn the participants and their agendas. Then, it is important to talk to the person, asking the questions that speak to his or her professional agenda, his or her employers' agenda, and in a muted way to his or her personal agenda. This must be done while speaking in a broad way to the audience at large and, most important, it must be done in the context of advancing the security project scope on schedule and within budget.
The Place of Electronics in the Overall Security Process
Security design most of all is a process. Electronic security systems are only one of many tools in the process. Important though they are, they are also most often depended on to deliver results beyond their ability, and most often they are not coupled with the other countermeasures that can make them the effective tool they can be. The most important element of a world-class security system is to design it in its proper context so that it can deliver the best results. When a security system is properly designed and applied as part of a comprehensive security program, it can properly serve its client.
The Security Program
I am fascinated that so many organizations that pay so much attention to best business practices, are diligent in their accounting, and manage their productive assets efficiently in the context of producing revenues or fulfilling the organization's mission nonetheless give very little regard to the same level of professionalism in their security organization. Security is not a commodity. It is a value.Much like accounting, it shares two attributes in support of the organization's mission. Security and accounting both serve to support the organization's ability to comply with codes and regulations, and they both minimize losses in the organization. However, accounting departments are historicallymuch better equipped to account for their successes. Security managers and directors historically come from a law enforcement background where the emphasis is on crime reaction, not crime prevention, and where there is little focus on cost/benefit calculations.1 This has not served security management well in its ability to obtain required resources, and it has not served the organizations well in that required resources are seldom forthcoming until after a serious event that could easily have been prevented. Security, like any other business program, should be built on a sound and documentable financial basis.
Establish Electronic Security Program Objectives
Security Policy: The Foundation of All Countermeasures
There should be a good foundational reason for any security countermeasure, and that reason should be founded in security policy. If a contractor, consultant, or owner cannot point to a specific security policy as a reason for a specific countermeasure, then either there is not a good reason for the countermeasure or there is a flaw or gap in the policy. This is one of the most important principles of good security system design, and I cannot emphasize it enough. Countermeasures without policy give skillful litigation attorneys room to criticize the lack of uniform application of security policy, which is a major focus of security litigation.
Read an excerpt
Download the PDF of chapter four to learn more!
Designs that are created without a basis in a comprehensive security policy will leave vulnerabilities in the protection of the organization and its assets. These are vulnerability holes in the security program that are created by the system designer's lack of awareness of some critical asset needing protection, some unanalyzed threat, or some vulnerability that is unknown without a comprehensive security risk assessment, security master plan, and security policies and procedures. If you are asked to design a security system without these prerequisites, you should first recommend these steps. If you are still asked to proceed, be sure to indicate in your contract that the system may not provide adequate protection against any unknown vulnerabilities.
The following is the order of battle for protecting any asset:
- Perform a security risk assessment.
- Understand what assets there are to protect.
- Understand what threats exist that could be interested in destroying, damaging, or misusing the assets. What are their motivation, history, and capabilities? What entry methods do they use? What tools do they use? What attack scenarios do they use? How do they plan attacks? Is the threat one of terrorism or simply ordinary decent crime (ODC)?
- Understand what vulnerabilities exist that these threats could exploit and what existing countermeasures are in place to protect the assets. What is the overall likelihood of attack, and how attractive are these assets to potential attackers?
- Create a security plan.
- Evaluate what additional countermeasures are required in order to fully protect the assets. Budget and prioritize the countermeasures based on cost, ease of implementation, and effectiveness.
- Create a schedule of implementation.
- Immediate action items (this will include the establishment of security policies and procedures).
- Phased implementation:
- High-risk conditions
- Low-risk conditions
- As budget becomes available
- Understand that any unimplemented countermeasure is a remaining vulnerability.
- Be prepared to accept or transfer that risk.
- Establish security policies and procedures.
- Define what risks are to be protected.
- Define how they will be protected and by what type of countermeasures.
- High-tech: electronic security systems, information technology security, telephone system security
- Low-tech: locks, barriers, landscaping, lighting, signage
- No tech: policies and procedures, security programs, security awareness training, guard programs, bomb and drug dogs
- Define how employees, visitors, and contractors are to be handled and their responsibilities relative to the organization's security.
- Define how the organization will detect, assess, and manage threats and which behaviors will be tolerated and which will not.
- Design a security program to address the security management objectives, including employee awareness training and rules for management, employees, guards, and visitors and contractors.
- Design an environment that facilitates appropriate behavior, including area segregation for employees and visitors and trespass identification signage.
- Design an electronic security system to help management detect, assess, and manage inappropriate behavior.
- Understand and implement the project in accordance with pertinent regulations and codes, which could be from any of the following sources or regulatory agencies:
- Department of Defense
- Coast Guard
- International and Uniform Building Codes and municipal building codes and authorities having jurisdiction (local agencies)
- National Fire Protection Association and municipal fire safety codes
- Occupational Safety and Health Act
- Office of Statewide Health Planning and Development, the California
- Earthquake Code
- International Ship and Port Security and Maritime
- Security requirements
- Codes of Federal Regulations
- Specific industry standards
- Special compliances -- e.g., Secret Service
Types of Design Efforts
New construction projects are typically driven by the architect, and all consulting disciplines follow the architect's lead with regard to design standards, project management, and schedule. New construction projects typically are predictable. There is clear direction on what disciplines need coordination and each person in those trades understands that coordination is part of the effort. All are working under one leader toward a common goal -- a successful project on a specific completion date. The architect will closely guard access to the owner, so all direction comes from the architect alone unless he or she arranges a meeting with the owner for input and review.
Renovation or Retrofit
Renovation projects vary in size and scope. Generally, the security system upgrade is part of a larger upgrade effort, and in many ways these projects are similar to new construction projects, except that there are usually fewer trades and the construction cycle is not as long. Again, the architect will take the lead on the project, unless the owner has designated a specific project manager to represent his or her interests.
Government projects are often regulation driven. They may also be driven by new construction or renovation requirements, but the common thread is that there will be an agency or multiple agencies involved whose specific security needs are defined in an international, federal, state, or local regulation to which they must comply.
The government entity will usually have a set of standards for the system specification; for how the system is designed, approved, and built; and for how it operates. The designer must follow these guidelines or regulations exactly; his or her success will be judged by someone whose job it is to find fault with every system. If there is any fault, it will be found, so it pays to get it right the first time. There should be no shortcuts, no adaptations to personal preference, and no designing the system to suit one's own point of view. No point of view matters except that of the reviewer who will be judging the outcome against the code or regulation. Know your codes.
Even when the project is privately owned, codes and regulations may rule. For example, the security for any seaport, airport, or river terminal is guided by a set of specific codes, regulations, and rules. In many cases, the project may have to respond to multiple standards from multiple agencies. The very acceptance of the project by public agencies may hinge on how well the security designer understands these rules. It is not uncommon, for example, for liquefied natural gas (LNG) projects to rest entirely on the fulfillment of security regulations. The owner may risk hundreds of millions or even a billion dollars on the quality of the security consulting effort.
It is very dangerous indeed for security designers who are unfamiliar with the regulations to attempt to design facility security for such a project. This can be a path to bankruptcy for both the designer and the owner who hired him or her. In one case, the owner of a functioning and prestigious high-rise commercial building in San Francisco faced a forced closure of his building by the fire department because the building manager had hired a security contractor to equip all stair tower doors with electric locks. The security contractor won the contract because his price was by far the lowest. However, the building manager did not know that what made the price so low, the use of electric strikes instead of approved stair tower door locks, also put the building out of compliance with building fire codes. The installation of strikes corrupted the fire-rated door frames, voiding their fire rating, and ultimately the owner was required to replace all the affected stair tower doors and new frames with approved assemblies at a cost that was significantly higher than the highest of the original bids. The owner was out a lot of money and the security contractor went bankrupt. This was an expensive way for both the owner and the security contractor to learn the fire code. Know your codes.
Commercial projects are often a delight to work on. Unlike government projects, where regulations and process rules, a commercial enterprise is always interested in getting to the finish as fast as possible and with as little cost and process as necessary. The commercial entity is usually not interested in the best system but, rather, a system that is good enough. Uniform building codes and fire/life safety codes will always apply. In many commercial projects, the designer is working directly for the project owner, so lines of communication are short, and it is easier for the designer to understand the owner's needs and accommodate them efficiently. That personal relationship can also make the project more personally rewarding because the owner often expresses his or her satisfaction directly to the designer after the project is complete.
Major and minor renovations alike are often placed under the jurisdiction of the facilities department of an organization. Facilities managers have a set of project processes that they follow and that the designer must understand. In these projects, the facilities manager will be the main point of contact, and the architect, consultants, and contractors will all work directly for the facilities manager. The facilities manager is often a contractor rather than an employee of the company he or she serves, so there is often not a direct path to the owner for decisions, and decisions are often driven more by cost than functions.
In rare cases, the designer may have the opportunity to work directly for the user. These projects are generally smaller, and the user usually wants the project to cost as little as possible and be done to a high standard. It is easy to understand the requirements because there is direct access to the user. Often, however, there can be severe time and budget constraints on the work. Another type of user-driven project is that in which the designer is called in to solve problems that were created by another design. These projects are unique opportunities to be creative and achieve high success.