BMW SA develops intelligent Risk Control Centre

June 2015 Security Services & Risk Management, Editor's Choice

The BMW plant in Rosslyn is responsible for building the luxurious BMW 3-Series sedans for sale in South Africa and abroad. As can be expected, the plant and surrounding property holds a significant amount of goods that are extremely valuable, costly and which must be protected 24/7/365. Similarly, the location sees hundreds of people arriving and leaving every day, many for work and others for deliveries (general, or Just-in-Time (JIT) and Just-in-Sequence (JIS) deliveries according to the current production requirements), collections and even tours of the manufacturing facility. All these people need to be protected and monitored to ensure the safety and security of people, assets and property.

Lyon Pretoruis
Lyon Pretoruis

The security division of BMW SA is responsible for ensuring the internal security of the property as well as its associates, not to mention handling external security threats and risks, but it must do so without hindering the daily productivity of the plant. Hi-Tech Security Solutions spoke to Lyon Pretorius, head of the security operation, and Albert Davis, technical specialist at BMW Security, about the company’s new integrated control room, which the previous MD, Mr Bodo Donauer, aptly named the Risk Control Centre (RCC).

In a business environment where security and risk managers often find themselves at odds with the board, Pretorius states that the success of the RCC is very much because the BMW SA management board understands and supports matters relating to security.

Davis has been the point man in the development of the RCC and the integrated management platform that manages it, as well as much of BMW’s daily security operations. With years of experience in the security industry, Pretorius and Davis did not want a standard management platform and a control room with operators staring at screens all day, their strategy is to let integrated technology do the drudgework and make use of guards and operators only when they could add value to supply chain security requirements.

And, just as BMW is a leader in the manufacturing of premium vehicles, its security department follows the company’s example and is setting the trend for security in the manufacturing industry.

Since 2010, the BMW security department has tested various vendors’ product claims of being able to produce the type of dashboard and/or management platform the security team wanted in the RCC. They all failed to deliver on their promises.

However, since 2014, in collaboration with On Line Intelligence and its bespoke software solutions and expertise, the BMW security department has built a customised and workable management platform for all integrated systems, current and future. This platform creates a centralised security infrastructure that not only manages the security operations, but the operators as well. And it can be extended to other areas of the business.

Running on an effective, intelligent PSIM (physical security information management) platform should provide any at-risk environment with a consistent level of measurable and auditable security across all potential vulnerabilities identified. It can even lead to cost reductions by leading to the redesign of traditional physical security solutions. Such a well-managed PSIM system must generate status reports ‘in-time for real-time’ decisions to mitigate any threat and risk pro-actively, the ultimate goal for security, according to Pretorius.

PSIM requirements

Although some vendors may disagree, Davis says the key elements of a PSIM required for the RCC was that it had to be an open platform to allow BMW to use the best hardware and software products for its needs. There are also many other must-haves if the system is to perform to BMW SA’s standards.

Davis says it must be able to connect and manage multiple disparate security systems, such as surveillance, access control, intrusion, fire and life safety, perimeter protection, mass ratification and building automation. It must also be able to integrate with other business systems within the corporate IT infrastructure, such as SAP’s ERP systems, data warehouses and provisioning systems.

It must also be able to collect and aggregate data from various sources, visualise it and graphically display situational information in a manner that provides responders with a clear and simple picture of the nature of the event, the location, and the scope of the threat it presents. A PSIM platform also needs an incident resolution engine and customisable reporting functionality.

A rules-based workflow system is also crucial. It must be able to immediately provide a systematic action plan, based on pre-determined rules and policies that assist operators in responding, managing and countering any threats, while managing and recording the entire response operation. The rules-based workflow should be sufficiently complex to allow it to adapt to escalating situations easily, without making the lives of operators and other security staff more complicated.

According Pretorius and Davis, the basic application criterion for such an intelligent system are:

1. Capacity: Qualified human and material capabilities for surveying crime threats and risks.

2. Sourcing: Scientific research and collecting of valid data for proper problem statements.

3. Data analysis: Interpreting and assimilating data to inform on trends and patterns.

4. Risk acceptance: Probability and impact measured against appetite for risk.

5. In-Time-Real-Time: Pro-active and reactive readiness, physical and system application.

Pretorius adds that a security solution is more than a collection of technology and guards; it must add value to the business as a whole. Moreover, its reporting and management functionality must be customisable to various levels within the organisation, including board level, where it must use the data it collects from various functions to provide insight in the form of patterns and trends for strategic guidance in terms of the required security operation.

The security application must understand and support all the supply chain requirements of the manufacturing processes. In this sense, Pretorius reiterates that BMW SA is a JIT and JIS manufacturer, which means it needs parts and equipment continuously and within very short timeframes. BMW SA is also the only manufacturer in Rosslyn that received full Customs Trade Partners Against Terrorism (C-TPAT) accreditation from the USA. This is a direct result of the BMW security strategy, as physically experienced by the US Border Police during an audit of the Rosslyn plant. C-TPAT compliance means that Plant Rosslyn can export to the USA without the risk of vehicles being held in time-consuming quarantines and other very costly customs restrictions.

SARS also supports such accreditation. In this way, once again, the security strategy and capacity at BMW SA demonstrated its value add to business, directly and indirectly.

Pretorius would like to see the whole of Rosslyn becoming C-TPAT compliant to ease the export process for everybody. Not only will compliance simplify the process of exporting, but it will secure the whole supply chain in Rosslyn for all role players, which is a win-win for everyone concerned in an area with high-value goods that are tempting to the criminally inclined.

Simplified security, but constant awareness

As noted, the system works on a black-screen approach and only raises an alarm when something goes wrong. To keep the operators on their toes, however, the system presents them with regular alertness tests to ensure they are paying attention. These can also be used for educational purposes, to identify areas where they need more training.

The PSIM platform must also work as a task manager, keeping track of all the jobs or incidents in progress for the security team and alerting the relevant people if not completed on time. The jobs tracked in the RCC are not limited to security incidents alone, but also to issues such as equipment maintenance, training and so forth.

To manage such a 'simple' security application it is clear that qualified and accredited security professionals are a must. Pretorius insists that his senior staff and service providers earn the Certified Security Management Professional (SCMP) accreditation and qualification from ISMI (International Security Management Institute), as he believes it provides the best integrated and applied training in the security industry, worldwide.

Further highlighting the importance of professionalism and working to the highest global standards, Pretorius recently submitted his PhD on Crime Prevention Through Environment Design (CPTED) for the Industrial Environment, demonstrating the level of credentials expected within senior corporate security echelons today.

More than technology

While Davis and Pretorius are determined to make the optimal use of technology, they stress that this only becomes possible when the security team has its standard operating processes (SOPs) for all security applications in place. This means the processes must be tried and tested, and applied to every situation so that any incident can be dealt with in a consistent and effective manner. Nothing can be left to chance.

Moreover, not only do the SOPs have to be developed and documented, Davis has as a goal, a paperless RCC to facilitate recording everything that happens. To achieve this he has programmed the company’s SOPs into the intelligent management platform. When an incident occurs, the control room operators are immediately guided through the appropriate steps to resolve the situation.

They can’t take it upon themselves to invent new ways to deal with incidents, but have to go through the approved processes. If they don’t, the system will escalate the incidents to management. This applies equally to security breaches as well as maintenance issues. All the third-party suppliers BMW outsources various security functions to, such as guarding and equipment maintenance etc., are subject to strict service-level agreements (SLAs) in terms of which penalties are payable if they do not adhere to the terms of their contracts.

Pretorius and Davis acknowledge that the development of BMW’s intelligent security management platform is a continuous work in progress, but this integrated security strategy has already yielded quick benefits. In its earliest phase as a ROI project, physical security staffing was notably reduced, and the technical compensators implemented served as significant force multipliers, reducing the then crime threat appreciably.

As the project progresses, each new development strengthens the whole. The ultimate goal is to have realistic and relevant automated security control on all levels, even if this requires the possible re-design of the work environment to enable such controls. Says Pretorius, “There is still a long way to go, but we’re on track and we will get there.”





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

AI augmentation in security software and the resistance to IT
Security Services & Risk Management Information Security
The integration of AI technology into security software has been met with resistance. In this, the first in a series of two articles, Paul Meyer explores the challenges and obstacles that must be overcome to empower AI-enabled, human-centric decision-making.

Read more...
Understanding the power of digital identity
Access Control & Identity Management Security Services & Risk Management Financial (Industry)
The way we perceive business flourishing is undergoing a paradigm shift, as digital identity and consumer consent redefine the dynamics of transactions, says Shanaaz Trethewey.

Read more...
What you can expect from digital identity in 2024
Access Control & Identity Management Security Services & Risk Management
As biometric identity becomes a central tenet in secure access to finance, government, telecommunications, healthcare services and more, 2024 is expected to be a year where biometrics evolve and important regulatory conversations occur.

Read more...
More than just a criminal record check
iFacts Security Services & Risk Management
When it comes to human-related risks, organisations and their most senior leaders focus on a narrow set of workforce risks, the potential risks that human workers pose to the business.

Read more...
Tech developments lead hologram growth in 2024
News & Events Security Services & Risk Management
Micro-lenses, micro-mirrors and plasmonics are among the rapidly-emerging optical devices that have evolved on the back of holographic and diffractive technologies, and are seen as part of the natural evolution of optical science by R&D teams.

Read more...
Are you leaving money on the table?
Editor's Choice Security Services & Risk Management
How many customers have you helped since starting your business? Where does most of your new business come from? If the answer is not from your database’s existing customers, you might have a problem.

Read more...
The business value of ChatGPT
Security Services & Risk Management Risk Management & Resilience
Transparency, policy and integrity. It is critical for organisations to have a line of sight into processes and procedures that clearly define employee use cases when it comes to ChatGPT, says Lizaan Lewis, Head of the Legal Department at Altron Systems Integration.

Read more...
BMS for smaller businesses
Security Services & Risk Management Products & Solutions Risk Management & Resilience
Small businesses can also benefit from tailored energy management solutions just like large corporations. Effective energy management is essential for more sustainable and efficient operations.

Read more...
Kidnapping for ransom
News & Events Security Services & Risk Management Risk Management & Resilience
There has been an 8,6% increase in reported kidnapping cases in South Africa compared to last year, with 3 854 cases reported between April and June this year, leaving ordinary South Africans increasingly vulnerable.

Read more...
The difference between a SOP and a SOP
Residential Estate (Industry) Integrated Solutions Security Services & Risk Management Risk Management & Resilience
SOPs are a touchy issue that need careful attention and automation to ensure they deliver the desired security results. Beyond design and automation, implementation is the ultimate road to success.

Read more...