BMW SA develops intelligent Risk Control Centre

June 2015 Security Services & Risk Management, Editor's Choice

The BMW plant in Rosslyn is responsible for building the luxurious BMW 3-Series sedans for sale in South Africa and abroad. As can be expected, the plant and surrounding property holds a significant amount of goods that are extremely valuable, costly and which must be protected 24/7/365. Similarly, the location sees hundreds of people arriving and leaving every day, many for work and others for deliveries (general, or Just-in-Time (JIT) and Just-in-Sequence (JIS) deliveries according to the current production requirements), collections and even tours of the manufacturing facility. All these people need to be protected and monitored to ensure the safety and security of people, assets and property.

Lyon Pretoruis
Lyon Pretoruis

The security division of BMW SA is responsible for ensuring the internal security of the property as well as its associates, not to mention handling external security threats and risks, but it must do so without hindering the daily productivity of the plant. Hi-Tech Security Solutions spoke to Lyon Pretorius, head of the security operation, and Albert Davis, technical specialist at BMW Security, about the company’s new integrated control room, which the previous MD, Mr Bodo Donauer, aptly named the Risk Control Centre (RCC).

In a business environment where security and risk managers often find themselves at odds with the board, Pretorius states that the success of the RCC is very much because the BMW SA management board understands and supports matters relating to security.

Davis has been the point man in the development of the RCC and the integrated management platform that manages it, as well as much of BMW’s daily security operations. With years of experience in the security industry, Pretorius and Davis did not want a standard management platform and a control room with operators staring at screens all day, their strategy is to let integrated technology do the drudgework and make use of guards and operators only when they could add value to supply chain security requirements.

And, just as BMW is a leader in the manufacturing of premium vehicles, its security department follows the company’s example and is setting the trend for security in the manufacturing industry.

Since 2010, the BMW security department has tested various vendors’ product claims of being able to produce the type of dashboard and/or management platform the security team wanted in the RCC. They all failed to deliver on their promises.

However, since 2014, in collaboration with On Line Intelligence and its bespoke software solutions and expertise, the BMW security department has built a customised and workable management platform for all integrated systems, current and future. This platform creates a centralised security infrastructure that not only manages the security operations, but the operators as well. And it can be extended to other areas of the business.

Running on an effective, intelligent PSIM (physical security information management) platform should provide any at-risk environment with a consistent level of measurable and auditable security across all potential vulnerabilities identified. It can even lead to cost reductions by leading to the redesign of traditional physical security solutions. Such a well-managed PSIM system must generate status reports ‘in-time for real-time’ decisions to mitigate any threat and risk pro-actively, the ultimate goal for security, according to Pretorius.

PSIM requirements

Although some vendors may disagree, Davis says the key elements of a PSIM required for the RCC was that it had to be an open platform to allow BMW to use the best hardware and software products for its needs. There are also many other must-haves if the system is to perform to BMW SA’s standards.

Davis says it must be able to connect and manage multiple disparate security systems, such as surveillance, access control, intrusion, fire and life safety, perimeter protection, mass ratification and building automation. It must also be able to integrate with other business systems within the corporate IT infrastructure, such as SAP’s ERP systems, data warehouses and provisioning systems.

It must also be able to collect and aggregate data from various sources, visualise it and graphically display situational information in a manner that provides responders with a clear and simple picture of the nature of the event, the location, and the scope of the threat it presents. A PSIM platform also needs an incident resolution engine and customisable reporting functionality.

A rules-based workflow system is also crucial. It must be able to immediately provide a systematic action plan, based on pre-determined rules and policies that assist operators in responding, managing and countering any threats, while managing and recording the entire response operation. The rules-based workflow should be sufficiently complex to allow it to adapt to escalating situations easily, without making the lives of operators and other security staff more complicated.

According Pretorius and Davis, the basic application criterion for such an intelligent system are:

1. Capacity: Qualified human and material capabilities for surveying crime threats and risks.

2. Sourcing: Scientific research and collecting of valid data for proper problem statements.

3. Data analysis: Interpreting and assimilating data to inform on trends and patterns.

4. Risk acceptance: Probability and impact measured against appetite for risk.

5. In-Time-Real-Time: Pro-active and reactive readiness, physical and system application.

Pretorius adds that a security solution is more than a collection of technology and guards; it must add value to the business as a whole. Moreover, its reporting and management functionality must be customisable to various levels within the organisation, including board level, where it must use the data it collects from various functions to provide insight in the form of patterns and trends for strategic guidance in terms of the required security operation.

The security application must understand and support all the supply chain requirements of the manufacturing processes. In this sense, Pretorius reiterates that BMW SA is a JIT and JIS manufacturer, which means it needs parts and equipment continuously and within very short timeframes. BMW SA is also the only manufacturer in Rosslyn that received full Customs Trade Partners Against Terrorism (C-TPAT) accreditation from the USA. This is a direct result of the BMW security strategy, as physically experienced by the US Border Police during an audit of the Rosslyn plant. C-TPAT compliance means that Plant Rosslyn can export to the USA without the risk of vehicles being held in time-consuming quarantines and other very costly customs restrictions.

SARS also supports such accreditation. In this way, once again, the security strategy and capacity at BMW SA demonstrated its value add to business, directly and indirectly.

Pretorius would like to see the whole of Rosslyn becoming C-TPAT compliant to ease the export process for everybody. Not only will compliance simplify the process of exporting, but it will secure the whole supply chain in Rosslyn for all role players, which is a win-win for everyone concerned in an area with high-value goods that are tempting to the criminally inclined.

Simplified security, but constant awareness

As noted, the system works on a black-screen approach and only raises an alarm when something goes wrong. To keep the operators on their toes, however, the system presents them with regular alertness tests to ensure they are paying attention. These can also be used for educational purposes, to identify areas where they need more training.

The PSIM platform must also work as a task manager, keeping track of all the jobs or incidents in progress for the security team and alerting the relevant people if not completed on time. The jobs tracked in the RCC are not limited to security incidents alone, but also to issues such as equipment maintenance, training and so forth.

To manage such a 'simple' security application it is clear that qualified and accredited security professionals are a must. Pretorius insists that his senior staff and service providers earn the Certified Security Management Professional (SCMP) accreditation and qualification from ISMI (International Security Management Institute), as he believes it provides the best integrated and applied training in the security industry, worldwide.

Further highlighting the importance of professionalism and working to the highest global standards, Pretorius recently submitted his PhD on Crime Prevention Through Environment Design (CPTED) for the Industrial Environment, demonstrating the level of credentials expected within senior corporate security echelons today.

More than technology

While Davis and Pretorius are determined to make the optimal use of technology, they stress that this only becomes possible when the security team has its standard operating processes (SOPs) for all security applications in place. This means the processes must be tried and tested, and applied to every situation so that any incident can be dealt with in a consistent and effective manner. Nothing can be left to chance.

Moreover, not only do the SOPs have to be developed and documented, Davis has as a goal, a paperless RCC to facilitate recording everything that happens. To achieve this he has programmed the company’s SOPs into the intelligent management platform. When an incident occurs, the control room operators are immediately guided through the appropriate steps to resolve the situation.

They can’t take it upon themselves to invent new ways to deal with incidents, but have to go through the approved processes. If they don’t, the system will escalate the incidents to management. This applies equally to security breaches as well as maintenance issues. All the third-party suppliers BMW outsources various security functions to, such as guarding and equipment maintenance etc., are subject to strict service-level agreements (SLAs) in terms of which penalties are payable if they do not adhere to the terms of their contracts.

Pretorius and Davis acknowledge that the development of BMW’s intelligent security management platform is a continuous work in progress, but this integrated security strategy has already yielded quick benefits. In its earliest phase as a ROI project, physical security staffing was notably reduced, and the technical compensators implemented served as significant force multipliers, reducing the then crime threat appreciably.

As the project progresses, each new development strengthens the whole. The ultimate goal is to have realistic and relevant automated security control on all levels, even if this requires the possible re-design of the work environment to enable such controls. Says Pretorius, “There is still a long way to go, but we’re on track and we will get there.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Ransomware predictions
Issue 1 2020 , Security Services & Risk Management
As we enter a new decade, Simon Jelley, VP of product management at Veritas, explores how ransomware is likely to continue evolving in the year ahead.

The HR environment in 2020
Issue 1 2020, iFacts , Security Services & Risk Management
As 2020 grabs hold of every one of us with great intent, we need to know what to be aware of when employing people or appointing vendors for our business.

The instruments for investigation
Issue 1 2020, Technews Publishing , Security Services & Risk Management
Regardless of the reason for investigation, the investigation is only as good as the investigators.

Nothing holds Eudricht back
Issue 1 2020, Sensor Security Systems , Security Services & Risk Management
In this personality profile, Eudricht Kotze talks of his journey overcoming adversity in the security industry.

Leaders in risk and security: You have to know it to manage it
Issue 1 2020, Technews Publishing , Security Services & Risk Management
Hi-Tech Security Solutions profiles Nash Lutchman, Senior Vice President and Head of Protection Services at Sibanye-Stillwater.

Drilling deeper into essential building management systems
Issue 1 2020 , Security Services & Risk Management
As the demand for the automation of security and other systems in buildings and large construction sites around the world grows, we are seeing an increase in the demand for building management systems.

From physical security to cybersecurity
Access & Identity Management Handbook 2020, Genetec , Cyber Security, Security Services & Risk Management
Genetec discusses the security-of-security concept as a means to protect cameras, door controllers and other physical security devices and systems against cybercriminal activity.

Biometrics in identity
Access & Identity Management Handbook 2020 , Access Control & Identity Management, Security Services & Risk Management
With multiple identity providers offering to manage digital identities for the general public, the root identity – the single sovereign trusted identity upon which all others are based – must start with government.

Success lies in planning
November 2019, Vox Telecom , Security Services & Risk Management
A safe and smart city will only be successful if it is planned properly, if there is buy-in from all the stakeholders and if it is managed efficiently.

Matching governance to context
November 2019, ContinuitySA , Security Services & Risk Management
When building resilience and planning for business continuity, take proportionality to heart, advises Michael Davies, CEO of ContinuitySA.