printer friendly version

The end user perspective

The CCTV Handbook 2015 is filled with tons of relevant, useful information on the state of the surveillance market, trends and issues, and case studies that people in the industry face on a daily basis. Apart from case studies, however, we don’t get too much input from the end users, the operations, security and risk managers who have to deal with the real world of African security every day.

This year, Hi-Tech Security Solutions decided to invite a group of these users to join us in a round-table discussion on what issues they faced when it came to security surveillance for their companies. At the end of the event, however, we found the discussion wasn’t focused on surveillance. These risk managers deal with a whole gamut of risks every day and surveillance is only part of the security arsenal, naturally the issues they deal with on a daily basis cover more than CCTV.

Despite the discussion meandering off topic here and there, we decided to write a review of the round-table anyway as it provides some keen insights into the real issues companies face. With security being such an important issue in South Africa, our end users were not asked to reveal any sensitive information or company-specific processes – not that they would have – but rather to talk about the generic problems they face.

As mentioned, the issues they raised provide some interesting insights into the real security world they work in every day, which will be of interest to the surveillance community (and the broader security community) looking for ways to solve their problems.

The end users who joined the round-table were:

* Massimo Carelle, risk manager at Ingram Micro,

* Albert Davis, technical specialist at BMW Security, and

* Henry Pieters who is responsible for security throughout Africa for Bosch (not Bosch Security).

* We also had two additional retail attendees who chose to remain anonymous because of security concerns from their legal eagles. For the sake of continuity, we refer to them as Jack and John.</i>

What they do?

To start the round-table, we asked our attendees to briefly describe their roles, and their use of surveillance technologies.

Jack says he is seeing more use of technology for investigations these days, especially covert cameras. The use of cameras is also of interest in trucks and transportation to try to manage the hijacking issues all companies face.

Albert Davis.

BMW’s Davis manages the Risk Control Centre at BMW SA and has designed an integrated control centre for the company (which we will cover in a later issue). He also oversees investigations and says the biggest problem BMW faces at the moment is organised crime and the demand for parts for the black market.

John is responsible for what happens in the stores in terms of security or risk trends. He agrees with Davis that the biggest battle at the moment is organised crime.

He is also in the position of finding a balance between using expensive technology versus the benefit or the reduced losses that you get from it. A company has to find a balance to ensure the systems in place actually deliver value and are not just there for show. And while CCTV is part of the solution, there is much more to it than cameras.

Henry Pieters.

From Bosch’s perspective, Pieters also sees organised crime syndicates as the issue to deal with, although with Africa as his territory, he also focuses on employee safety across the continent. He says it is important to note that many people see criminals as the dangerous-looking crooks on the street, but that is not the case, companies are dealing with smart criminals with the resources and time to plan and execute their operations.

Pieters also agrees with the idea of balance. He sees companies spending loads of money on systems that were advised by specialists, without necessarily getting the returns they desire.

Finally, he also mentions data security as a significant challenge. Data theft is a huge market and only some companies in the region are equipped to deal with it effectively. How many companies out there keep sensitive information on laptops encrypted?

Massimo Carelle.

Carelle has had experience on both sides of the field, as an installer and now as the risk manager for Ingram Micro – he actually installed the company’s security system before joining them. He says moving to the user side of the game was a revelation with installers selling solutions that promise the world and then recommending you upgrade when it becomes redundant. Many installers do not actually know what goes on every day in the real world.

He says it is important for installers and integrators to actually have a view on what the users need every day, and CCTV is not the only solution. As an example he relates a case where an employee was caught stealing on camera, but the footage was not enough to obtain a conviction because the court doesn’t know what the company’s procedures are.

The company knows he is stealing, but the court doesn’t. Carelle says this is an issue the industry needs to focus on: integrating operational processes and procedures with security processes and technology. Put simply, when your procedures determine what is a legitimate action, it is easier to see when someone on camera is crossing the line and involved in illegitimate activities.

This goes back to the old cliché of standard operating procedures (SOPs), things often talked about but not always implemented effectively.

Remember the old days

Davis brings up a legitimate point when he asks, “Before we had cameras, how did we investigate? I think we should not forget what we did in the old days. A proper investigator has rules and he has to prove beyond any doubt that somebody was involved.”

The basic groundwork of investigations still holds true, even if the investigator can add camera footage to the evidence he collects, he will still need more. The biggest mistake people make is thinking that they can put a few cameras in a warehouse, for example, and then they will have footage of everything that happens. It doesn’t really work like that.

Jack adds that all too often the people deciding on budgets and what equipment should be bought have no investigative experience. This hampers the solution because before you decide what to install where, you have to decide what you want to achieve with that installation. A camera for the sake of having a camera is useless.

Do you want camera footage that will stand up in court, or will it be used for internal hearings, for example? If you want to go the criminal route, footwork and investigations must be carried out. These days you cannot just open a case with the police, you have to first convince them that they should open a case, and once you have convinced them, then you have to go and convince a prosecutor that he’s actually got enough evidence to prosecute. Proper investigations are therefore critical.

Carelle goes as far as to say, in general, CCTV footage is about 1% of the evidence collected in his investigations. “The investigation itself is what gives us our concrete court case.”

John adds that CCTV also leads to staff being complacent. When installing surveillance or an EAS system, for example, they believe that the systems are taking care of all the shrinkage and they focus on the day-to-day running of the store or sales. They forget that they are still the number one deterrent the company has by their being aware of what is happening in the stores.

Pieters affirms that all security measures one puts in place are only an aid. “Your investigation should be platform number one and your footage is an aid.”

Additionally, the human factor is the biggest problem businesses face. Your security processes need to be simple and easy for them to understand and follow. Not only does that help them comply with corporate procedures, but also understand why the processes and procedures exist – for example, clocking in via access control instead of tailgating has a reason.

Usable technology

The attendees are not against technology per se, but in favour of using technology in a way that adds value to the company and assists the risk management team. Davis provides the example of BMW’s Risk Control Room where the processes and procedures to follow are programmed into the security software and provide operators assistance and guidance on how to do their work. When something happens, the system tells the operator what needs to be done and what the desired outcome is. In this respect, technology is critical to a successful operation. But it needs the right technology and the right users.

John adds that his company has faced the problem of the various types of surveillance on offer and how to best use them. He says the retail environment has the choice of covert or overt surveillance. Overt surveillance requires that someone watches the footage because if you find an incident a few days later, the customer is gone so what will you achieve. However, it works well when used to monitor SOPs and staff behaviour in order to provide accurate training. You’re moving away from the security aspect there, but adding value to the business.

“Covert works the best for us when we need to deal with staff issues. We find that letting a covert camera run for a while and then removing it in plain sight of everybody often results in the culprits resigning because they know they’ve been caught.”

Standard processes and procedures

One problem the group mentioned regarding surveillance in South Africa is that there are no standards. It is not uncommon for a company to take a grade A guard (or sometimes, any guard) and turn him into a camera operator. What business needs is advanced training qualifications and standards for surveillance operators, not in technical terms, but in terms of operations and proper processes to follow and in how to determine who is qualified to take a surveillance job.

Davis says PSIRA registration is the only certification around, and the group agrees these standards are pretty useless. He says there needs to be some form of guideline that assists companies in ascertaining what qualifications and type of person is best for a specific position. Business needs people who understand the technology and how it works, along with the operational processes and can even go so far as to function as an expert witness in court.

However, even if one ignores the prosecution aspect, what business needs are people with the skills to monitor, react and report in a manner that can be followed up to resolve issues and deliver value. However, there are no guidelines or standards on how to find these people and what training or qualifications they should have. Every company seems to implement a home-grown approach and hope for the best.

Even remote monitoring operations miss the boat on many occasions. Operators, whether outsourced or in-house, should not simply be looking for someone committing a crime or some type of offence, they need the skills to understand people’s behaviour, their faces, and make decisions based on that. Like an investigator, who notices what your eyes and hands are doing while they’re talking to you.

This brings up the processes companies adopt for their control rooms. When it comes to these procedures, Pieters says these are often a stumbling block. Companies that do have procedures for their control rooms often end up with a thick document that nobody can learn and understand. He says most of these documents contain nonsense that isn’t necessary, with perhaps 10% of the content really applicable and useful.

And this doesn’t apply only to control room personnel. The South African security industry is enormous and most companies outsource their guarding function to one of the many businesses out there. The problem the group around the table has – every one of them – is that one expects the security guards you hire to know the basics, such as communications, basic search regulations etc. However, all too often, guards with a PSIRA certificate arrive on site and don’t know even the simplest things.

Training guards in company specific processes is one thing, but being forced to train them in something they should already know is unacceptable. The PSIRA certifications need to be improved and given some teeth.

Guarding concerns

The poor performance and sometimes even syndicate-employed guards in the market today are also a problem. There is no industry-wide control and it is not uncommon that a guard is fired from one company and then goes with his PSIRA certificate and joins another. The problem simply shifts from one company to another, from one location to another and from one customer to another.

As to the honesty of guards, or their perceived dishonesty, as well as the poor training, this can often be blamed on the customers themselves. When faced with the option of hiring guards who are paid a paltry R2500 per month versus more highly skilled guards that are paid R6000 per month, they go for the cheaper option. Of course, they don’t lower their expectations, they still somehow expect a skilled operative and the best service.

In situations like this, one can understand why the guard making R2500 will be extremely tempted to accept a bribe to turn a blind eye or be somewhere else at a certain time.

Jack says the solution may be to start making use of smaller guarding companies that will work harder to gain and retain your business. Davis adds that using smaller companies allows the risk manager to develop a personal relationship with the owners or MD, which makes for a better service and faster response to complaints.

The larger companies have layers of people who deal with issues, and some of them hardly touch their customers and almost everything is outsourced to sub-contractors. Personal relationships are the exception.

The IT monster

An issue Hi-Tech Security Solutions has mentioned many times in the past is that of cooperation between the security and IT departments. Traditionally, IT doesn’t want security on its networks, or tries to limit its access; or security installs its own network which annoys IT – among other conflicts.

The cooperation between these two departments is very important and security needs to get IT on board. Neither threatens the other, while working together will build on the strengths of both and add value to the company. For example, physical security people will often not understand how to optimally configure a network, never mind securing it.

The two weakest points on a network are the firewall, which protects the network and everything attached to it from the myriad attacks companies are faced with today, and the switch. IT is experienced at measuring and monitoring its network, which makes them a great partner to security – after all, security wants images, alarm and other information, it should not be worrying about the network.

When dealing with video surveillance in particular, managing your network is crucial to the success of the overall solution. IT has the tools and experience in setting up the network to deliver the optimal performance without causing bottlenecks etc., while security has the tools and experience to deal with breaches in physical security.

You get installers and installers

Another outsourcing problem experienced by the group is that of installers cutting corners and not doing a good job. Carelle says there are two types of installers: ethical installer and unethical installers. The most successful are the unethical ones because they make more money by cheating.

For companies that do not ensure their installations are checked and conform to the specifications set up beforehand by the risk manager or a consultant, one often finds installations that seem to work initially, quickly develop problems. Then the problem is, whom do you blame?

The installer claims they did what was required and what the salesperson promised was not on the specifications, and so forth. When doing maintenance, some technicians will find problems that are easy to solve in order to sell you more equipment that does not need replacing – and that they make commission on.

Advice from the table is to use a consultant (or is the risk manager that consultant?) that is able to specify the project down to the finest details, and make sure the work is done as required before signing it off. Of course, in these situations there is a cost implication, but the cost is more than covered in the expenses and downtime avoided later on when there’s a rush to fix or improve the installation.

This relates to the idea of a comprehensive design of your security solution. The mantra of giving every camera a job description holds as it is the only way to ensure each camera does something worthwhile and is not simply installed because someone thinks that is a good spot for a camera. It also forces the designers to think through the whole project and develop a specific set of requirements for the installers or integrators to adhere to.

Naturally, this applies to installations for complete security projects, including all aspects of security.

Ending with a wish

To end the round-table, we asked the attendees to think of one thing they would like to see happening in the security industry that would make their jobs easier. The answers can be summed up as follows:

* Regulation: Most would like to see improved regulation in the industry in terms of technology, staff, cameras, alarms systems, consultants, risk management and so forth.

Of course, simply having regulations is useless if they are not enforced and the group would like to see effective enforcement. What is the point of new rules if the relevant authorities can’t even enforce the ones already in place?

* Standards: Standards and best practices are on everyone’s wish list, whether it is for guarding, surveillance or control room operators. Having a best practice document one can refer to and adapt for your specific situation would be of great benefit to risk and security managers.

* Ethical service: Everyone wants to make money, but there needs to be an ethical standard people adhere to. People who do not adhere to it must be left out in the cold.

* Respect: Another desire is to see the security industry respected for what it is actually worth. Many people have the perception that if someone is in security it is because he did not finish school and can’t do anything else. Security is a profession and the people in it are qualified professionals, it’s time they were respected as such.

This is important since often security managers report to people who understand nothing about security and can override good security decisions with good financial decisions, with the expected poor results which are blamed on security.

Condensing 90 minutes of conversation into a short article is almost impossible, especially when the people around the table all had so much to contribute. We have anonymised some comments so as to avoid creating perceptions about the companies involved, but the ideas expressed show clearly that the world of risk and security management is a complex environment with many variables that all play a role in the final security solution implemented at each company. Additionally, while companies may differ in the core business, they all face similar threats and need to adapt processes and technologies to their requirements while finding the skills to make it work optimally – all this subject to a budget mostly dictated by others. Additionally, these companies want to see some research and standards out in the market that provides them with guidelines as to best practices in all the aspects of their environments.

Hi-Tech Security Solutions would like to thank all the participants for their contributions.

Share this article:

Further reading: