Matching security equipment with system requirements

Access & Identity Management Handbook 2005 News & Events

Time spent planning up front will be repaid many times over in later phases, in implementation costs and system satisfaction. In the immortal words of Sherlock Holmes, "It is a capital mistake to theorise before you have all the evidence. It biases the judgment." Capital can be interpreted in the financial sense when we discuss the application and implementation of security technology.


Planning may seem like a chore when you want to dive head-first into system design, or it may seem like a time-consuming obstacle when a security project is on a tight deadline. Resist the temptation to bypass this, the most important phase of the project. Time spent up front in analysing needs will be repaid many times over in later phases, in implementation costs and system satisfaction.

During the planning phase you need to discover all factors that will have an effect on later phases - design, procurement and implementation. By the time you have completed the planning process, you should be able to answer these questions:

What are you protecting against?

Know your adversary. You need to analyse the threat to determine who might steal or harm your assets (people, processes, operations, information, equipment, negotiables, image) and what the chances or risk are of it happening.

Risk is difficult to quantify. Crime statistics are available and networking within your industry will give you a handle on such threats as workplace violence and industrial espionage. Remember when talking to your colleagues that their statistics will show fewer incidents if they have implemented a good security programme. The most meaningful way to look at risk is just as you would look at natural disasters: How often is the event likely to occur?

The other major factor in the risk equation is the cost to the company if an event does occur. Consider more than just replacement cost. How long will the business, or department, be out of action, and how will this affect other business units or market share? The negative image caused by an event also can affect your standing in the marketplace. A reduction in employee morale will reduce productivity, and ensuing litigation defense and settlement costs can be very high.

What implementation constraints will you face?

To be effective, the impact of a security programme on regular, productive operations must be minimal. Although greatly affected by corporate culture, cooperation by both employees and management is essential to smooth running operation. If the project also involves an architect or interior designer, the aesthetics of visible security measures will be an issue in the design phase.

One major constraint will be cost. Since the purse strings tend to be controlled by financial managers, selling the quantitative side of the risk equation is very important. Security programme costs must be compared with the cost to the company of a security event. The security director must be able to face and overcome the 'it cannot happen here' and 'it has never happened here' barriers. Of course, at this point in the budget you do not know how much you will need, but an estimated budget will help. Consider recurring costs (maintenance, manpower and supplies) that will be part of the operational budget, as well as capital costs.

What elements of the security programme exist or will be available?

A comprehensive security programme consists of manpower, barriers and procedures in addition to systems, and these four elements need to work together. What is the quality and availability of security manpower to monitor a system, respond to alarms or augment entry control?

If there is an existing security system, it may have to be discarded or upgraded. Either way, you need to know what you have, its condition and identify any compatibility issues that may arise. A review of existing security policies and procedures is useful to identify planning needs relating to amending/deleting existing or preparing new texts.

If new barriers are likely to be required, or old ones demolished, this should be noted during the planning process. It will affect design documents, methods of procurement and implementation.

How is the project going to be implemented?

A large retrofit project may need to be phased in and coordinated with day-to-day business operations. A new construction project requires dovetailing with many other design disciplines and construction trades, and security often is low priority. A professional approach to planning helps the security team be heard and given the consideration it requires.

Now is also the time to think about construction security. If you want your new, state-of-the-art security equipment to be around long enough to serve its designed purpose, include this topic in your implementation plan.

Many of the system-related planning questions, and those they subsequently spawn, cannot be answered in detail until some of the design work has been done. It is the planning process that is important. It makes you ask the difficult questions up front and provides you with a road map for the rest of the project. Do not let planning become your objective instead of a tool. Your goal is to develop and implement security solutions, not to produce an epic report. Companies, their operations, security needs and projects are all dynamic and change constantly.

Similarly, plans must be flexible enough to accommodate change.

You have analysed the need for a new or upgraded security programme and have determined that control of access is one of the elements that will protect your facility from identified threats. An access control system with alarm monitoring, and CCTV and intercom as support subsystems, is the most effective approach; and you are ready to start design. First, list the design criteria for your system.

How big?

The capacity and future expansion capability are important criteria. Estimate the number of portals where the system will control access, and determine the user population plus the percentage of adds/deletes/changes each year. You also will need an estimate of the number of cameras and intercom slave stations that will be monitored.

What features are needed?

Decide if a single workstation doubling as an alarm terminal can perform all necessary functions, or if additional workstations are required for enrolment, system management or secondary alarm stations. Integrated digital video imaging for the production of ID badges is becoming increasingly popular. Instant comparisons between a CCTV view and a stored image allow better control of access to employees who have lost or forgotten their credentials.

A review of keyboard/computer literacy for those who will perform the monitoring and support functions will point to the need for mouse pointing, touchscreen or plain keyboard interfaces. List the types of reports that you will want from the system and any special features, such as autodialling to a central alarm station or remote alarm annunciation to a patrolling security officer. Think about what information you want to store for each employee. Alarm screen formats are important as is the ability to display alarm response instructions.

How reliable does the system need to be?

100% availability comes with high price tags for redundant hardware and alternate cable paths. Most needs can be achieved with looped communication trunks, multiplexers with distributed intelligence, and intelligently distributing critical field hardware between different multiplexers. Power back-up (battery or UPS) is important for most access control components, but may not be as critical for CCTV and intercom elements. The level of risk will determine the level of fault tolerance to be designed for the system; and a maintenance programme is required to keep it at its design level.

What type of credential reading technology?

There are a number of factors that affect this decision: cost, user acceptance, accuracy, reliability, processing time and aesthetics. Cost includes credentials and the credential reader. Accuracy is measured by Type I errors (rejection of a valid credential) and Type II errors (acceptance of an invalid credential). Reducing Type II tends to increase Type I and impacts user acceptance. Reliability is enhanced where there are no moving parts or slots to attract ice, chewing gum, coins, etc. Most access control systems will process a badge/card read in about one-half second; some, especially those designed for other applications such as building control systems, may take up to three seconds. The throughput is an important cost factor if high traffic is anticipated, since multiple units may be required to keep lines short and user acceptance high.

Proximity readers usually win on aesthetics since they are small and thin and can be hidden behind most nonmetallic materials. If hidden, a marker is needed to show the area where a card is to be presented and, preferably, the status LEDs should be flush-mounted to provide visual feedback to the user.

What code issues will affect the design?

Unless the application is for the banking industry or the military, there are very few security-related codes. You may, however, have some corporate standards to follow. Where you interface with fire alarm systems and fire egress doors, different rules apply. Check NFPA and local fire and building codes to ensure that you comply and to see if any design documentation needs to be filed/approved. ADA requirements for device heights, alarm/warning annunciation and access dimensions must be followed for most new installations.

Having prepared the design criteria list, it is time for a sanity check. If you select features that are not available off-the-shelf from system manufacturers, you may go crazy trying to implement custom features.

If custom software is required, get the manufacturer's estimate of how long it will take to write, double it because it will not be delivered on time, then quadruple that figure for a conservative estimate of when it will be debugged and usable. You then will own a one-off special that will be expensive, or impossible, to maintain. And remember to add to your project costs the security manpower required to protect the facility and placate the users while you are tearing your hair out.

Check with several potential suppliers that your design criteria can be met, and ask to see them working in the field - not on a demo system. It also is valuable at this stage to refer back to the needs analysis to check that the design will mitigate the identified threats.

Construction documents

The objective here is to complete the design and document it to the level of detail necessary for your chosen method of procurement. If this is a small project and you will be sole sourcing it to a contractor who you know, trust and have worked with before, a set of plans showing device locations and a description of intended system operation may be all that you need. If you are planning to issue documents for competitive bid, you need to be more precise. Incomplete documents will be bid low, but expect high add-on costs before you get a fully working system. Unclear documents will be bid high because contractors will add a percentage to cover the unknown.

The greater the clarity and completeness, the more easily you will be able to evaluate bids, the smoother the implementation phase will be, the better the cost value that will be obtained and the closer the system will be to what you intended. Time spent on construction documents is repaid ten-fold during implementation. Various documents to be prepared include:


Starting from scratch is laborious and tedious. If the project is for new construction, have the architect make a set of reproducible background plans for you; or, if you are working with a CAD program, get the drawings on a diskette. If you have to start with an old set of prints, perform a quick survey to see if any major features, eg, doors, have been added, changed or deleted.

Use symbols to show, in plan view, where security devices are to be located and add a key on each page to the symbols used. The quantity of detail that you add to the plans will depend on how 'busy' the backgrounds are, but, as a rule, contractors read plans better than they read specifications.

Riser diagram

This usually is a single sheet showing the interconnection between devices in a stylised elevation view of the building. Clarity is increased by keeping similar features, eg, stair door alarms, in a straight vertical line as you progress up the building.

Device schedules

Where it is not practical to include all the necessary information about devices on the plans or riser, device schedules provide the best method of tabulating the data. They can be used for door hardware, intercoms, cameras and monitors - any type of device that is repeated many times. Remember to include device numbers on plans and risers for cross reference.

Detail drawings

They need to be provided to show typical and special installation features, eg, mounting heights of door control devices and console layouts. If something can be installed incorrectly, it will be. And it will be reinstalled correctly at the contractor's cost if your drawing is clear.


This is the most important document since it defines as precisely as possible what you want implemented and how it should be done. It becomes the contract 'bible' used to settle any disputes and is usually divided into several sections:


Terms and conditions, insurance and bonding requirements, payment details, etc. If the security system is part of a new construction project, this portion of the specification may be 'boiler plate' added by the construction manager. Do not forget the date and location of bid conferences and due dates.

System description

A general overview of the project and major system components, their intended use and operation. Clearly describe the demarcation of what is included in the project, what is not and what is being provided by the owner or other contractors. Detail all coordination issues.

Bidder submittals

A description of the information to be submitted by each bidder. The better you describe the format, the easier it is to evaluate bids received. Technical proposals should be required when evaluation is based on factors other than cost and should include bidder qualifications (as related to this project), a description of the bidder's understanding of the project, implementation schedule and methodology, special requirements and a statement of conformance that refers to each and every specification item. For ease of comparison, include blank cost proposal forms to the level of detail required.

Contractor submittals

Once the project is awarded, the contractor will need to submit shop drawings, test results, training curricula, system documentation and as-built drawings. These items, including the quantity and format, need to be described in detail.

Support provisions

Let the contractor know what site meetings are to be held and detail all support functions to be provided: testing (who provides the methodology and who witnesses it), training (how many operators and to what level), commissioning (input of the initial system and employee databases), warranty (when does it start, duration, maintenance support during warranty, response level) and maintenance following the warranty period.


Detailed descriptions of each major system component and their interaction with other components. This is where performance criteria and features are included to protect yourself from substitution of inferior materials. Wherever possible, specify industry standards to allow you to multiple source replacement equipment in the future. Beware manufacturers' OEM specials that tie you to a single provider.


You do not want a wall-mounted camera to fall on an employee's head because plastic wall plugs were used. This section allows you to describe the quality of workmanship required as well as installation methods.

You will know when you have issued a good specification if it can withstand all requests by the contractor for add-ons to achieve the intended purpose and it is implemented on time. It is recommended to start with a successful specification that was used on another project of similar size and complexity. A high degree of detail and much built-in experience from many prior projects are required to make the specification 'contractor-proof.'


The longer you can give bidders to prepare their proposals, the better the price; a hurried bid will be high to cover the unknowns. Remember that bidders may need to get prices from electrical subcontractors and hardware suppliers.

A pre-bid conference and project walk-through should be arranged for about one week after the bidders receive the bid documents. It is a good idea to keep careful notes of questions asked and answers given at the meeting and issue a formal addendum or clarification. Request all bidders to acknowledge in their proposals receipt of all such transmittals that become part of the contract document. Make the conference mandatory; this will exclude from bidding those who cannot be bothered or do not have the time.

A four-week bidding period usually is adequate. Do not be tempted by requests for extensions - these are usually from bidders who leave things to the last minute - unless your addenda have radically changed the project.

Before bids are submitted, you should have decided what your award criteria will be, including the weight or importance assigned to cost, presentation, technical proposal, etc. You may want to share this information with bidders, but, if you do, do not be too specific or you could back yourself into a corner. Once you start analysing bids, you will see why, if your procurement procedures allow, you should restrict the number of bidders to between three and six prequalified contractors, and where your construction documents were not quite crystal clear.

A matrix with bidder names heading the columns and specified features and cost elements labelling the rows probably is the best format for visual analysis and comparison. Do not spend too much time on a bid that is a lot higher than the others, unless it adds some very attractive features. Similarly, beware of a low bid that is considerably lower than the others, unless you are required to select the low bidder. A very low bid may indicate that the contractor does not understand the complexity of the job, or is 'buying' the job. Selecting a contractor who buys a job could mean that you are buying a big headache with low-quality workmanship, substituted equipment and endless arguments regarding add-ons.

If necessary, call in the final contenders for tie-breaking presentations, but try to reach your decision quickly. Get the contract preparation and approval process moving so the selected contractor can start the implementation. By all means, negotiate price with the selected contractor; but, if you are too successful, quality may suffer.


You have just breathed a sign of relief that a contractor finally is on board, but do not relax too much. This phase is critical to the reliability and usefulness of the security system. Start with a kick-off meeting to show the contractor who is boss, literally, since the contractor needs to know where to report contractual/administrative and technical problems. The administrative function includes such tasks as:

* Checking bonding and insurance.

* Processing interim payments, project bookkeeping.

* Maintaining project documentation.

* Processing change orders.

* Final payment.

* Issuing a certificate of acceptance.

The technical project management function is far more intensive:

Review of shop drawing submittals

Equipment cut sheets, samples of cable and exposed equipment, fabrication and mounting details and termination schedules. Although it is easier to require the complete set of shop drawings to be submitted at one time, you may wish to accept and approve a preliminary submission of any equipment with a long lead time that is on the critical path. Careful review of shop drawings against specifications and the contractor's technical proposal is important, since this is the equipment that will be installed. If you discover later that the shop drawings were in error, or that lower quality equipment was substituted, you may not have the time or resources to correct the problem.

Project meetings

Decide how often they should be held and who should attend (only those with a need and who will contribute). Issue an agenda before the meeting and follow it. To ensure a minimum of wheel spinning and that all parties can get back to work, the chairperson must be focused and retain control. Issue the minutes as quickly as possible, especially if there are action items. These should be highlighted, state who is responsible and when the action is to be completed.

Training programme

Necessary attendees should be identified early, schedules made and kept. The contractor should provide a curriculum for review and approval prior to the start of training. This is your chance to ensure that operators, supervisors or maintainers will be taught what they need to know. Attendees should be tested at the end of the course and management informed if they need additional training.


The specification should include the initial database input by the contractor because you and your staff will never make time to do it. The database includes: employee information, alarm zone descriptors and response text, time zones, standard reports, graphic maps, video system programming, output control and watchtour programmes. Obviously, much of this data needs to be provided by the owner, but the contractor should prepare data sheets showing the information and format required.

Acceptance testing

Do not even think about witnessing testing until the contractor is prepared to certify that all components, cable, subsystems and systems have been fully checked. Testing is tedious, but must be performed methodically and should cover every component and every eventuality. If testing is by random sample, the resolution of the punch list will never be complete. However, if you find many problems at the beginning of testing, stop and tell the contractor you will return when he or she has completed their own testing. You are not responsible for debugging the system for the contractor.

Tests that are often forgotten include: line supervision, tags on all cables, fire alarm interface, power failure model back-up operations, communication trunk failure, forced entry, invalid credentials and off-hours operation.

As-built documentation

The job is not complete until the paperwork is done. Insist in your specification and after acceptance testing that you get a set of reproducible drawings documenting the as-installed condition: device locations, cable plans, terminations (check against cable tags), test results, manuals and certifications, if applicable. As-builts are only valuable if they are kept up-to-date. Amend them whenever there are any adds, deletes or changes.

Post-acceptance audit

About three months after the project has been signed off, conduct a hill system audit, which should include a survey of users - both general employees and system operators. Find out if there are features, or lack of features, which cause excessive irritation or work against user acceptance. Now is the time to identify and fix the problems to ensure a long and happy system life. Check back to your original needs analysis. Is the system mitigating the threats as intended?

Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Pentagon appointed as Milestone distributor
Elvey Security Technologies News & Events Surveillance
Milestone Systems appointed Pentagon Distribution (an Elvey Group company within the Hudaco Group of Companies) as a distributor. XProtect’s open architecture means no lock-in and the ability to customise the connected video solution that will accomplish the job.

SMART Estate Security returns to KZN
Nemtek Electric Fencing Products Technews Publishing Axis Communications SA OneSpace Editor's Choice News & Events Integrated Solutions IoT & Automation
The second SMART Estate Security Conference of 2024 was held in May in KwaZulu-Natal at the Mount Edgecombe Estate Conference Centre, which is located on the Estate’s pristine golf course.

From the editor's desk: Just gooi a cable
Technews Publishing News & Events
      Welcome to the 2024 edition of the SMART Estate Security Handbook. We focus on a host of topics, and this year’s issue also has a larger-than-normal Product Showcase section. Perhaps the vendors are ...

Secutel wins OSPA Award for Outstanding New Security Product
Secutel Technologies News & Events Access Control & Identity Management
[Sponsored] Secutel Technologies’ NoKey Access Control solution won the Outstanding New Security Product category at the 2024 OSPAs in South Africa. The awards were presented at Securex 2024 where all category finalists were recognised for their contribution to the security industry.

ONVIF launches new working groups for cloud, metadata and audio
News & Events Surveillance
ONVIF, the global standardisation initiative for IP-based physical security products, is announcing the formation of three new working groups to tackle standardisation work in cloud connectivity, audio, and advanced metadata.

Inaugural Gallagher Security Johannesburg networking roadshow
Gallagher News & Events
Held at Johannesburg’s Foghound Coffee Company in Midrand from 11 to 12 June, security industry professionals gather at the inaugural Gallagher Security Johannesburg Networking Roadshow.

Trend Micro launches first security solutions for consumer AI PCs
Information Security News & Events
Trend Micro unveiled its first consumer security solutions tailored to safeguard against emerging threats in the era of AI PCs. Trend will bring these advanced capabilities to consumers in late 2024.

Dallmeier receives ISO 27001 certification
Dallmeier Electronic Southern Africa Surveillance News & Events
Dallmeier has received ISO 27001 certification for its Information Security Management System (ISMS). The international standard for information security management ensures that companies meet the highest standards of data protection and data security.

Local manufacturing is still on the rise
Hissco Editor's Choice News & Events Security Services & Risk Management
HISSCO International, Africa's largest manufacturer of security X-ray products, has recently secured a multi-continental contract to supply over 55 baggage X-ray screening systems in 10 countries.

SAIDSA achieves ISO 9001 certification
SAIDSA(SA Intruder Detection Services Association) Associations News & Events Training & Education
The South African Intruder Detection Services Association (SAIDSA) has announced that it has achieved ISO 9001:2015 certification. This milestone reflects its commitment to quality management and excellence in the security services industry.