Documente Academic
Documente Profesional
Documente Cultură
Site Security
This document is intended to explain the different steps To be sure, personnel access points are well-screened and
that must be taken in order for a client to attain “integra- troublesome visitors kept out, intruder alarms sound
ted and supervised security” as we define it. Providing this where security personnel can hear them and 360° color
level of security for people and material objects requires surveillance systems allow the security staff to monitor all
the use of many technical elements, including software that is going on in a given area. But, in very large areas
and hardware. The operators of the system will not aware where large numbers of people are present, security per-
of or be concerned with the complexity of these compo- sonnel are quickly bombarded with information from mul-
nents: they should fully focus on their job: security. The tiple sources as they carry out their daily duties. The mul-
approach used is one of “layering” solutions, thereby offer- tiplicity of monitoring screens serves to scatter their atten-
ing a choice in the modules selected as part of a definitive, tion. Despite years of experience, it can also prove difficult
complete and efficient system architecture. for them to instantly make the connection between the
Key words: Electronic security, access control, video area in which an alarm has gone off and the correspond-
surveillance, intruder control, supervision, integration, ing video surveillance screens. By the same token, when a
operator desk, synthesis, layered architecture, analysis, serious event such as a theft or intrusion takes place, it
Intranet. may prove impossible to integrate information coming
from systems that have been installed at different times in
the past and that are not synchronised and indeed incom-
1. INTRODUCTION patible. Analysis of events becomes a highly inefficient
The problem. Providing physical security – defined as process.
the protection of persons, goods and intellectual property Possible Solutions. One way of tackling these prob-
– at one or several sites is a vast and complex task for the lems is to find a single supplier capable of installing the
company assuming the responsibility. Major capital expen- full range of security equipment, configuration and opera-
ditures are required in electronic systems covering the fol- tional software needed to meet the security objectives
lowing areas: chosen. That of course creates a dependency on that sup-
■ Access control (persons), including card systems, plier, and hence a proprietary technology approach that
biometrics, turnstiles, trap doors, management of often fails to evolve with trends.
parking areas, visitors management, etc.) The alternative is to choose the right specialist in each
■ Detection of intruders, including area surveillance of the major categories of security equipment, taking care
sensors, volumetric sensors, high security perimeter that the company’s products are open to other non-pro-
protection, infra-red barriers, etc., prietary software in order to permit real-time interaction
■ Video surveillance, including cameras, 360-degree with the environment. The requirements in this area are a
surveillance domes, switching matrixes, IP video, function of the kind of service the component provides,
digital recording, image analysis, privacy zone
protection, etc.
There is a serious risk that such systems can be super-
posed without any interaction or consistency among them.
May 2003
SUPERVISED & INTEGRATED PHYSICAL SECURITY
e.g., the type of communications protocol employed by a Integration of levels 1 and 2 is possible thanks to a “ser-
card reader. Assembly of such components in a single, vice” layer placed between them. This includes informa-
coherent system makes it possible to supply security ope- tion transfer from field level and dispatch of action messa-
rators with a relevant and fully synthesised system. This ges top down. This link between levels 1 and 2 utilises
approach also makes it possible to provide security servi- industrial protocols, either proprietary or standardised.
ces with a decision-aid mechanism based on comprehen- One example of a standardised protocol is TEDI/LCR, used
sive control panels, thereby permitting the security mana- in France to communicate with highway security equip-
gers to fully use the equipment they have chosen. ment; another is ModBus, often used to send intrusion
In this approach, computers and software play a major alarms. One of the most widely used in networks at pre-
role in the electronic security system. sent is TCP/ IP.
2• • May 2003
SUPERVISED & INTEGRATED PHYSICAL SECURITY
May 2003 • •3
SUPERVISED & INTEGRATED PHYSICAL SECURITY
closing an access door or a set of access points, multi- periods (during service periods for instance) without
criteria search in the access cards database with the having to modify the wired connections. This function
possibility of viewing employees’ photos and printing makes it possible to set-up simple controls (commands to
out identity forms; field equipment to inhibit an access or to select a camera)
■ Control of user profiles, making it possible to limit that are triggered by events such as an access denied,
fully or partially the functions that can be accessed by intrusion detection, etc. These controls can also be pro-
each operator; grammed to be operative only for certain periods during a
■ Breaking down the site into distinct surveillance areas day or a week.
if there are several security control rooms, as in the Integration between the supervision system at Level 3
case of very large sites. In this case, operators are and the security sub-systems at level 2 is done on Ethernet
assigned to a specific area depending on their user network using TCP/IP. This means that the sub-systems at
profile; level 2 need to have the necessary interface capabilities.
■ Synthesis panel to provide real-time data such as the The chart shows the service levels specific to each sub-sys-
number of alarms per sub-system broken down by tem at level 2.
area, the number of personnel on site, etc.
It is important to note that each sub-system can be
The server of the supervision system compiles a data- operated independently, particularly when used in a
base including all events in the last several months, divi- layered context. For example, if control keyboards are
ded into three categories: available at level 2, they remain in active mode and can
■ Alarm events on all sub-systems; even be used by some operators at the same time as
■ Access control data (enabling tracing of all valid and supervisor at level 3.
refused entries); The configuration of each security sub-system is still
■ Operators’ actions (connection, disconnection, managed at level 2. The parameters of each sub-system
commands to field equipment, etc.) are imported to the supervisor’s database at level 3, in
This data remains accessible on line for several months order to avoid double entry of data and assure that all
and can thereafter be stored. It can also generate reports parameters are consistent with each other. The set-up at
with simple filtering criteria selected by using simple gra- level 3 is therefore limited to the configuration of the fol-
phic symbols and without requiring the knowledge of the lowing specific elements:
SQL language. ■ Declaration of the operators and definition of their
Archives of video records can be consulted from a dedi- rights,
cated workstation. ■ Definition of the priorities among all alarm in order to
The server of the supervision system should enable have a single scale of priorities for all,
combined actions between sub-systems. This is generally ■ Definition of the instructions for each type of alarm,
carried out directly (wired) between the intrusion and ■ Positioning the graphic icons for equipment on the
video surveillance sub-systems, for example to trigger graphic maps of the site.
automatic operation of a camera when an intrusion alarm The server of the supervision system has to be highly
is activated. Alternatively, it is also helpful to use software available and allow an automatic and transparent shift to a
to set up simple master-slave arrangements for temporary backup system in case of failure (cluster-type machine).
4• • May 2003
SUPERVISED & INTEGRATED PHYSICAL SECURITY
May 2003 • •5
SUPERVISED & INTEGRATED PHYSICAL SECURITY
5. INTEGRATING THE COMPANY manage such procedures from beginning to end through a
REFERENCE DATABASE computerised workflow, with the appropriate direct acti-
Access control systems are specific to the type of data vation of access control.
they handle. Besides the field level (level 1 – secure
access) elements, these sub-systems also have to include a
personnel database. In a large company, there is a clear 6. THE DECISION MAKING LEVEL
need to unify personnel data in a single database. This in Beyond daily management of the system, site security
turn means that access control sub-systems have to inter- managers need very sophisticated tools to determine whe-
face with the company’s human resources management. ther and how the systems and organisations set-up meet
Software for automatic update of card databases can then their intended goals. Two distinct issues are involved:
be provided. Connections between the databases are then ■ Analysis of the performance of the electronic systems,
possible through the import of data files or, more directly, ■ Dissemination of security information and strategies to
by direct access to the personnel registries of the compa- all persons concerned
ny if maintained on LDAP standard. Data on new
employees is spread with ease and multiple entries of The computer equipment/software for addressing these
identity data are avoided. issues make up level 4 of the integrated and supervised
Visitor management is a sensitive issue as it affects both security system.
site security (and protection of industrial information) and A posteriori analysis of electronic systems is based
the corporate image. This fact underlines the importance essentially on all the history data compiled and synthesi-
of an integrated visitor management system, which can sed by supervision at level 4. While research of the “tracks”
provide “active” visitor cards for access control. These of a past event, such as an intrusion or theft, is also large-
cards give visitors access to limited and controlled areas ly based on such data, security managers are above all
within the site (whether alone or accompanied). Access interested in searching the data for “abnormal” situations
control history files permit tracing a specific card. The sys- that can easily be overlooked without a very detailed exa-
tem also makes it possible to compile visitor statistics, such mination of data, since some situations do not necessarily
as number of visitors per day, average visitor time on site, set off alarms at the Supervision level. One such would be
etc., and is an indispensable tool for efficient assignment repeated use of a lost card for entry attempts during suc-
of access personnel such as guards and hostesses. cessive nights.
One way of facilitating reception of visitors is a pre- In effect, a multidimensional analysis is required — one
registration system making it possible to prepare visitor that permits cross-comparison of different types of data
cards the day before the visit. This limits the reception pro- displayed on different axis, e.g. cards, access points data
cess to declare the time of arrival and activating the card. and time data. This type of analysis can provide more per-
To be efficient, the pre-registration system has to be sim- tinent results while allowing user-friendly presentations
ple and available to all company personnel. Pre-registra- adapted to people who are not computer experts. Many
tion systems can also automate more sensitive visits to pro- kinds of research can be carried out spontaneously,
tected sites (defence sectors, etc.) in permitting an appro- without pre-requests.
val step, controlled by the chief site security officer. As concerns the dissemination of information, security
Intranet-type technologies make such a paper-free system is an important part in the drafting and implementation of
possible. In addition, management of the resources nee- in-house rules and procedures. Security procedures have a
ded for meetings, such as reserving conference rooms, substantial effect on personnel organisation and daily acti-
video projectors, teleconferencing, meal service, etc. can vities. Examples would be receiving foreign visitors or
also be fully integrated into the same Intranet capacity. taking delivery of packages, receiving telephone calls or
Intranet methods are also useful for managing person- bomb alerts. The key point in security is often “Show who
nel access rights. On large sites, there are usually proce- you are, and you’ll be recognised as such”. The Intranet is
dures and forms (often paper forms) for treating requests the best way to make security procedures a living reality
to modify the site access rights of an individual employee, and to keep employees aware as they evolve. The full
as for example in the case of a new job assignment. These body of information on the subject can be available in a
procedures are based on a hierarchical circuit of approvals standard office data system (Word files, PowerPoint pre-
that terminates on the desk of the person in charge of sentations, video, sound, etc.). Access to the documenta-
access control, who executes the approved change. tion server is managed on the basis of user profiles, break-
Systems based on a company Intranet make it possible to ing down accessible data by personnel category. The
6• • May 2003
SUPERVISED & INTEGRATED PHYSICAL SECURITY
May 2003 • •7