BMW SA develops intelligent Risk Control Centre

June 2015 Security Services & Risk Management, Editor's Choice

The BMW plant in Rosslyn is responsible for building the luxurious BMW 3-Series sedans for sale in South Africa and abroad. As can be expected, the plant and surrounding property holds a significant amount of goods that are extremely valuable, costly and which must be protected 24/7/365. Similarly, the location sees hundreds of people arriving and leaving every day, many for work and others for deliveries (general, or Just-in-Time (JIT) and Just-in-Sequence (JIS) deliveries according to the current production requirements), collections and even tours of the manufacturing facility. All these people need to be protected and monitored to ensure the safety and security of people, assets and property.

Lyon Pretoruis
Lyon Pretoruis

The security division of BMW SA is responsible for ensuring the internal security of the property as well as its associates, not to mention handling external security threats and risks, but it must do so without hindering the daily productivity of the plant. Hi-Tech Security Solutions spoke to Lyon Pretorius, head of the security operation, and Albert Davis, technical specialist at BMW Security, about the company’s new integrated control room, which the previous MD, Mr Bodo Donauer, aptly named the Risk Control Centre (RCC).

In a business environment where security and risk managers often find themselves at odds with the board, Pretorius states that the success of the RCC is very much because the BMW SA management board understands and supports matters relating to security.

Davis has been the point man in the development of the RCC and the integrated management platform that manages it, as well as much of BMW’s daily security operations. With years of experience in the security industry, Pretorius and Davis did not want a standard management platform and a control room with operators staring at screens all day, their strategy is to let integrated technology do the drudgework and make use of guards and operators only when they could add value to supply chain security requirements.

And, just as BMW is a leader in the manufacturing of premium vehicles, its security department follows the company’s example and is setting the trend for security in the manufacturing industry.

Since 2010, the BMW security department has tested various vendors’ product claims of being able to produce the type of dashboard and/or management platform the security team wanted in the RCC. They all failed to deliver on their promises.

However, since 2014, in collaboration with On Line Intelligence and its bespoke software solutions and expertise, the BMW security department has built a customised and workable management platform for all integrated systems, current and future. This platform creates a centralised security infrastructure that not only manages the security operations, but the operators as well. And it can be extended to other areas of the business.

Running on an effective, intelligent PSIM (physical security information management) platform should provide any at-risk environment with a consistent level of measurable and auditable security across all potential vulnerabilities identified. It can even lead to cost reductions by leading to the redesign of traditional physical security solutions. Such a well-managed PSIM system must generate status reports ‘in-time for real-time’ decisions to mitigate any threat and risk pro-actively, the ultimate goal for security, according to Pretorius.

PSIM requirements

Although some vendors may disagree, Davis says the key elements of a PSIM required for the RCC was that it had to be an open platform to allow BMW to use the best hardware and software products for its needs. There are also many other must-haves if the system is to perform to BMW SA’s standards.

Davis says it must be able to connect and manage multiple disparate security systems, such as surveillance, access control, intrusion, fire and life safety, perimeter protection, mass ratification and building automation. It must also be able to integrate with other business systems within the corporate IT infrastructure, such as SAP’s ERP systems, data warehouses and provisioning systems.

It must also be able to collect and aggregate data from various sources, visualise it and graphically display situational information in a manner that provides responders with a clear and simple picture of the nature of the event, the location, and the scope of the threat it presents. A PSIM platform also needs an incident resolution engine and customisable reporting functionality.

A rules-based workflow system is also crucial. It must be able to immediately provide a systematic action plan, based on pre-determined rules and policies that assist operators in responding, managing and countering any threats, while managing and recording the entire response operation. The rules-based workflow should be sufficiently complex to allow it to adapt to escalating situations easily, without making the lives of operators and other security staff more complicated.

According Pretorius and Davis, the basic application criterion for such an intelligent system are:

1. Capacity: Qualified human and material capabilities for surveying crime threats and risks.

2. Sourcing: Scientific research and collecting of valid data for proper problem statements.

3. Data analysis: Interpreting and assimilating data to inform on trends and patterns.

4. Risk acceptance: Probability and impact measured against appetite for risk.

5. In-Time-Real-Time: Pro-active and reactive readiness, physical and system application.

Pretorius adds that a security solution is more than a collection of technology and guards; it must add value to the business as a whole. Moreover, its reporting and management functionality must be customisable to various levels within the organisation, including board level, where it must use the data it collects from various functions to provide insight in the form of patterns and trends for strategic guidance in terms of the required security operation.

The security application must understand and support all the supply chain requirements of the manufacturing processes. In this sense, Pretorius reiterates that BMW SA is a JIT and JIS manufacturer, which means it needs parts and equipment continuously and within very short timeframes. BMW SA is also the only manufacturer in Rosslyn that received full Customs Trade Partners Against Terrorism (C-TPAT) accreditation from the USA. This is a direct result of the BMW security strategy, as physically experienced by the US Border Police during an audit of the Rosslyn plant. C-TPAT compliance means that Plant Rosslyn can export to the USA without the risk of vehicles being held in time-consuming quarantines and other very costly customs restrictions.

SARS also supports such accreditation. In this way, once again, the security strategy and capacity at BMW SA demonstrated its value add to business, directly and indirectly.

Pretorius would like to see the whole of Rosslyn becoming C-TPAT compliant to ease the export process for everybody. Not only will compliance simplify the process of exporting, but it will secure the whole supply chain in Rosslyn for all role players, which is a win-win for everyone concerned in an area with high-value goods that are tempting to the criminally inclined.

Simplified security, but constant awareness

As noted, the system works on a black-screen approach and only raises an alarm when something goes wrong. To keep the operators on their toes, however, the system presents them with regular alertness tests to ensure they are paying attention. These can also be used for educational purposes, to identify areas where they need more training.

The PSIM platform must also work as a task manager, keeping track of all the jobs or incidents in progress for the security team and alerting the relevant people if not completed on time. The jobs tracked in the RCC are not limited to security incidents alone, but also to issues such as equipment maintenance, training and so forth.

To manage such a 'simple' security application it is clear that qualified and accredited security professionals are a must. Pretorius insists that his senior staff and service providers earn the Certified Security Management Professional (SCMP) accreditation and qualification from ISMI (International Security Management Institute), as he believes it provides the best integrated and applied training in the security industry, worldwide.

Further highlighting the importance of professionalism and working to the highest global standards, Pretorius recently submitted his PhD on Crime Prevention Through Environment Design (CPTED) for the Industrial Environment, demonstrating the level of credentials expected within senior corporate security echelons today.

More than technology

While Davis and Pretorius are determined to make the optimal use of technology, they stress that this only becomes possible when the security team has its standard operating processes (SOPs) for all security applications in place. This means the processes must be tried and tested, and applied to every situation so that any incident can be dealt with in a consistent and effective manner. Nothing can be left to chance.

Moreover, not only do the SOPs have to be developed and documented, Davis has as a goal, a paperless RCC to facilitate recording everything that happens. To achieve this he has programmed the company’s SOPs into the intelligent management platform. When an incident occurs, the control room operators are immediately guided through the appropriate steps to resolve the situation.

They can’t take it upon themselves to invent new ways to deal with incidents, but have to go through the approved processes. If they don’t, the system will escalate the incidents to management. This applies equally to security breaches as well as maintenance issues. All the third-party suppliers BMW outsources various security functions to, such as guarding and equipment maintenance etc., are subject to strict service-level agreements (SLAs) in terms of which penalties are payable if they do not adhere to the terms of their contracts.

Pretorius and Davis acknowledge that the development of BMW’s intelligent security management platform is a continuous work in progress, but this integrated security strategy has already yielded quick benefits. In its earliest phase as a ROI project, physical security staffing was notably reduced, and the technical compensators implemented served as significant force multipliers, reducing the then crime threat appreciably.

As the project progresses, each new development strengthens the whole. The ultimate goal is to have realistic and relevant automated security control on all levels, even if this requires the possible re-design of the work environment to enable such controls. Says Pretorius, “There is still a long way to go, but we’re on track and we will get there.”

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Social media and intelligence-led surveillance
July 2019, Leaderware , Editor's Choice, Integrated Solutions, Security Services & Risk Management
Social media has become a major feature of most people’s lives in the last few years and they can be invaluable as a source of information for companies and security organisations.

The 4th Industrial Revolution
July 2019, Wolfpack Information Risk , Editor's Choice, Cyber Security, Security Services & Risk Management, Industrial (Industry)
Most major industries have turned to and are reliant on technology to run their operations. This is a time of great promise, but also one of frightening peril.

Data protection more challenging
July 2019 , Editor's Choice, IT infrastructure
The number of businesses unable to recover data after an incident nearly doubled from 2016, according to the Global Data Protection Index surveying 2 200 IT decision makers from 18 countries.

Fake videos not threat to courtroom evidence
July 2019 , Security Services & Risk Management
The Washington Post recently reported top AI researchers are “racing to defuse an extraordinary political weapon: computer-generated fake videos that could undermine candidates and mislead voters".

Fear of the unknown
July 2019, Kaspersky Lab , Cyber Security, Security Services & Risk Management
Fear of the unknown: while there’s still interest in cryptocurrencies, just 19% locally understand how they work.

Leveraging on Africa
July 2019, Managed Integrity Evaluation , Security Services & Risk Management
The purpose of cross-border expansion is to not only ensure sustainable growth and business viability, but also the ability to mitigate growing market risk and uncertainties across the globe.

Assess business resilience in terms of value
July 2019, ContinuitySA , Security Services & Risk Management
Looking at the total value of the investment (VOI) is a far better way of assessing the worth of an in-vestment with many intangible benefits.

Social media and background checks
July 2019, Managed Integrity Evaluation , Security Services & Risk Management
Social media screening and online checks can provide many benefits to a hiring employer; however, such screening should not be carried out in isolation.

Johnson Controls launches Technology Contracting in Africa
July 2019, Johnson Controls , Editor's Choice, News, Security Services & Risk Management
To address the growing challenge of planning, integrating and maintaining a multitude of different, highly connected systems, Johnson Controls is launching Technology Contracting in Africa.

A new method for data destruction
July 2019 , News, Security Services & Risk Management
Xperien is now able to professionally erase data on retired IT assets in compliance with the Protection of Personal Information Act (PoPIA).