printer friendly version

Secure your business, not only your premises

For many a year now, physical security systems have been exactly that, a way to secure the perimeter and access to the business premises. Developments in technology have improved along the way with higher resolution cameras, faster processing capabilities, encrypted data and biometrics, but the end-user requirements have to a large extent remained the same.

With a general worldwide trend towards improving security and risk management practices, physical security systems are being combined with a range of information technology systems to deliver new business benefits. When taking a more holistic view of security, business leaders are now looking for ways to better leverage their investment and protect the business from a number of risks across a range of disciplines that may include occupational health and safety (OH&S), business continuity, theft or compliance. Hence, the profile of the physical security system has risen to new heights as it enters the realms of workflow automation.

Workflow at its simplest is the movement of documents and/or tasks through a work process. More specifically, workflow is the operational aspect of a work procedure: how tasks are structured, who performs them, what their relative order is, how they are synchronised, how information flows to support the tasks and how tasks are being tracked.

A workflow application is where various applications, components and people must be involved in the processing of data to complete an instance of a process, in a similar fashion to the way a purchase order moves through various departments for authorisation and eventual purchase. The orders may be treated as messages, which are put into various queues for processing. A workflow process involves constant change and update.

A business critical application

So, for our industrial organisation that previously needed to control a few boom-gates, access to the admin building and monitor the more remote areas of the site via CCTV, the physical security system has become a critical business application that has interfaces to HR systems, web-based contractor management systems, and is used for storing information relating to police and ASIO background checks. Its use is no longer simply security but protection of business operations. A practical example illustrates this point in more detail:

A mining company operating in today’s resource boom employs a large amount of contract labour through organisations that in turn use a large number of sub-contractors. The mining company has a responsibility to ensure that each of those sub-contractors complies with the company policies around background identity checks, site inductions etc, prior to being allowed to work on site.

To ease the burden somewhat, the mining company provides a contractor management system for the contract companies to register new sub-contractors for the commencement of work on site. To avoid lengthy waiting times, and a paper trail large enough to consume a small forest, the contractor management system is integrated into the mining company’s induction management system and the access control system that manages site access privileges. This integration allows for electronic approval of the requested levels of site access based on the work function to be performed; automatic booking of inductions; and the commencement of identity background checks.

Once the required inductions have been completed and background checks approved, the access control system is notified and an alert provided to the site manager, who will then meet the new sub-contractor on site, confirm identity and finally activate the site access. This process also meets regulatory requirements around separation of duty, in that access to restricted areas of a site can not be approved and activated by the same person.

It can therefore be seen that any industry in which contractor management, safe working environments, and strict auditing and reporting requirements are paramount to business operations, there is potential to better leverage the investment they make on securing the business premises to automate workflow. These industries may include mining, power generation, healthcare, manufacturing, and so on. The potential for improved workflow management is clearly evident once one begins to consider the operational aspects of any given organisation, but how does one go about achieving the desired outcomes?

Unfortunately, there is no single answer to this question although it is fair, and somewhat obvious to state, that a solid understanding of the business processes is required prior to stampeding down the path of technology integration. These projects are no longer the sole responsibility of IT or security, and as such require input from all areas of the business. There is a plethora of business process re-engineering consultants who will be more than happy to embark upon the exercise of understanding and documenting your ‘as-is’ and ‘to-be’ processes. This can be a time consuming effort but is the key ingredient to automating workflow, needless to say ignore it at your peril.

System integration

Once you have gained the buy-in of the various stakeholders and workflow processes are clearly documented, you can begin to look at ways to integrate technology. Integration means different things to different people. Many vendors provide the ability to interface data between different subsystems of their supervisory systems. However, true integration is systems that are designed to seamlessly share, rather than duplicate, system resources, providing the economies of scale and efficiencies of operation which ultimately save cost in the long term. Achieving levels of integration that deliver tangible business outcomes can carry significant risk. This risk can manifest in many different areas including:

* Integrator experience.

* Integration platform.

* Knowledge of technologies.

* Development resources.

There are multiple software applications available on the open market that offer workflow management or business process management, but it is not the intent of this author to cover the merits of such packages. However, as previously mentioned, it is possible to integrate the physical security system to assist in workflow automation.

This requires a security system with a software platform that supports an integrated approach; that is, the ability to interface to the other business applications that may be used in automating the workflow such as HR, payroll, IT, etc. It is also important that the supplier of the security system has proven integration experience with the ability to customise their offering to suit the specific needs of your business, as well as proven domain expertise in your specific industry.

It is important to be involved in selecting the technology solutions to ensure that organisational requirements are met. It is wise to pilot selected technology to validate the solution. Once validated, the solution should be implemented in phases, allowing for the highest priority areas to be dealt with first, with ongoing testing of performance and functionality. By developing a roll-out strategy that allows for the solution to be deployed in phases, all of the stakeholders can be adequately trained to ensure their continued buy-in. Once rolled out, ownership should be transferred to the appropriate business units or functions.

Total cost counts

One of the other key elements of successful workflow automation is by not taking a ‘set and forget’ approach to the project. Ongoing maintenance of workflow management requires adherence to the initial business policies and procedures. Regular audits should be performed to confirm that policies and rules are being abided by, and the solutions modified in line with changes to the business.

The potential benefits of taking a more holistic view towards technology integration (or convergence as the vendors will tout) are now being considered across a wide range of industries.

There is a growing trend towards considering the total lifecycle cost of technology implementation as opposed to the initial project costs; this is an important shift as the true benefits of workflow automation are not necessarily recognised from day one. Organisations seeking to embark on such a strategy need to be clear on the outcomes expected, and ensure that buy-in is gained at all levels; these strategies need to be closely aligned with business objectives, and not be viewed as simply an IT or security project. It is important to work with organisations capable of delivering comprehensive and best-of-breed solutions, providing the benefits of accountability, risk mitigation and knowledge transfer not typically available from a multi-vendor approach.

Workflow automation and integrated security solutions are not new topics but have been viewed by many, up until recently, as being mutually exclusive. This is changing as the vendors begin to look more closely at the needs of their customers and think more laterally about the application of their technology. This is good for those who control the purse strings as they will no doubt get more bang for their buck, something that has been a long time coming. There are now real, demonstrable savings to be achieved as whole layers of administration are removed and new staff are able to start work on site much sooner due to the automation of the processes. This means that companies are able to react much quicker to changes in workforce demand and take advantage of new business opportunities when they arise.

Share this article:

Further reading: