We believe one of the key pillars of any risk, resilience and security program is critical communications. However, it barely registers for many security solutions integrators.
If an integrator evolves into the Security Risk Management Services (SRMS) market, they must develop a methodology that ensures they are subject matter experts in how people perform roles in a process using technology. In regards to critical communications, they must be keenly aware of how security, safety and operations are impacted by their technology decisions.
For example, a port that handles both cargo and cruise lines may have similar IP intercom, public address and messaging systems for handling operations, crowd control and parking as they do for notifying people where to muster in an emergency.
It is critical that the SRMS provider look at both. After all, our main goal is to align the business of security with the business, helping us avoid unnecessary redundancies in our clients' commerce, IT and security deployments.
We have found the following methodology to be successful in helping our clients determine their critical communication approach:
-
Risk. What is the current risk profile of the organization? When was the last time the organization performed a risk, threat and vulnerability assessment?
-
Operational. Assess the core operational and security workflows: How do people perform their roles today using technology or some other tool?
-
Technology. What is the current technology infrastructure and how does it perform today? Where are the gaps that can cost effectively be bridged today?
-
Evaluate (benchmark) critical communication vendors for intelligibility, interoperability, and the back end IT demand for high availability, scalability, reliability and maintainability.
-
Pilot. Create a pilot that conforms to and, ultimately, confirms the use cases you have discovered using your evaluation scorecard.
-
Collaborate. Work closely with the chosen technology vendor to ensure their roadmap aligns with how the solution might be scaled in the future.
-
Deployment plan. This must include a communications plan for all stakeholders.
-
Document measures of performance and do an annual business review for continuous quality improvement (CQI).
The capability and resources to identify a scorecard for a technology segment of a market and benchmark technology for clients is a key attribute of an SRMS provider.
One of the challenges in critical communications is the inability of consultants, integrators and end users to stay current with emerging technologies. There is a tendency for products to be quoted off data sheets or from an experience they had from a number of years ago with the assumption that the components should work together. Without a proper assessment of risk, threats and vulnerabilities of the organization which also includes operational workflows where communication is critical, your starting point for evaluating communication technology is deficient.
We just completed a client engagement where we evaluated an advertised integration between Zenitel’s IP Intercom, Motorola Radios and Lenel Access Control. We first did this in the ASG Testing Center to determine how the different components worked together and then migrated the testing to a proof of concept. This allowed the client to not only understand the nuances of the integration confirming true interoperability but also confirming the IT department's concern over high availability, reliability and scalability. But most important for IP intercom and audio is intelligibility, or the ability to hear, be heard and be understood. This is a challenge for most of the technology vendors in this market. Without SRMS vendors objectively evaluating, benchmarking and then deploying a proof of concept, the client may compromise their ability to respond in an emergency, endangering assets and people.